It’s been 100 days since russia has started full-on military invasion on my homeland, Ukraine, after years of slow boiling conflict. Life has changed drastically for millions of people, including me. I am lucky to be prepared, safe (for now), and can spend my time doing something useful. Big part of my life at work and outside work right now is about using my skills and knowledge to help Ukrainain defenders in various ways.

Doing technological and infosec work during war time is a unique experience. Having to re-assess many of default assumptions about risks, loss event types, realistic vs theoretical threats, adversary capabitilites is an interesting exercise: everything relative and you get to see how much everything is relative. Having to co-operate with people from different layers of defensive organisations and civil infrastructure, I got to see how people with very different backgrounds learn, thrive and achieve results together. This is humbling: best infosec learnings I’ve got through last 3 months - I got from people who do not operate computer beyond “advanced user”.

Because memory is shorter under constant stress, I’m writing a bunch of posts on lessons learnt. Reflecting on what’s going on from professional perspective is my way to stay sane in these insance times.

However in 3 months of war I’ve realised a few things:

• Due to poor sleep and excessive mental load I’m exhausted, thus quality of my writing is way below what I would like it to be.
• Being uncertain about sensitivity of some of the subjects, I can’t really decide whether some things should be said now. I’m opting to err on the side of paranoia until the war is over, and then think again.

Some day this blog with resume with a sequence of blog posts about information security, risk management and extreme engineering during war time.