AFF Level 1
Organizational
risk management is much of information assurance (cyber, if you must) is about.
We can spend money to help diminish the likelihood that something bad happens.
But, we can’t assure that the bad thing won’t happen. We spend time thinking
about what might go wrong, practicing for things going poorly, and dealing with
things actually going awry. I’m probably not telling you anything you don’t
know. But, bear with me because I want to share a story about my recent
experience with personal risk management in the form of skydiving.
Years ago I
thought it would be exciting to try sky diving. I’ve heard of the risk
associated with it. But, I want to try. The main reason is the prospect of
eventually getting to fly in a squirrel suit. I’m definitely interested in
speed and thrills. There’s about 1,999 more jumps between me and the
opportunity to don a squirrel suit. Not sure that I’ll get there. But, that’s
not the point. That was the objective initiating this drive.
From a practical
standpoint, my poise and awareness during emergency situations is a self-rated
moderate. I’ve dealt with medical emergencies, both of a group member and
myself in isolated (by myself mountain biking, for example) situations. I’ve
dealt with about 1,000 computer security incidents. That’s a round number
because I don’t really know the number. In retrospect I wish I had an incident
case log. I would be more effective today with exactly the same level of
response action if I had been tracking my response actions. (TODO: personal
system for logging and tracking response activity). I have recorded this data
all over the place. Most of those tracking systems I no longer have access to.
But I digress. My
poise and awareness during stressful situations are moderate on a scale of low,
moderate, high. I have a good deal of experience, but I would rate better
emergency room doctors, people with substantial combat experience, practiced
airplane pilots, race car drivers, professional athletes as high on that scale.
Most normal people I’d put in the low category. Unknown and stressful
situations cause them to perform worse that they would otherwise. So moderate,
is performance about equal to normal capability within stressful situations,
but some experiences could still dislodge that person from poise. High level
performance then is a person who has poise and grace in all situations: even
unknown and unexpected situations well outside of their normal zone of comfort
and practice. People with high degree of poise within their area of expertise
not only meet level of performance, but exceed the expected level of
performance.
Given this
self-assessment level of moderate, I should be able to operate within a
stressful situation without substantial prior knowledge of the tasks to perform,
given adequate training.
The training. Accelerated
Free Fall (AFF) is the program for becoming certified to sky dive. Level one ( http://www.affschool.com/8-levels/#1
) included about 4 hours of classroom and physical practice, culminating in a
practice jump with two instructors holding on to you while freefalling. The
student learns to: orient his body to the relative wind; hold the appropriate
position throughout the freefall; monitor the altitude; understand the
altitudes at which specific actions must be performed; use non-verbal communication
signals to coordinate with and receive direction from instructors; how to check
to assure the chute is safely landable; how to deploy backup chute by cutting
the inadequate chute loose and deploying the backup; how to navigate the
landing path; and how to alight on the earth again after your freefall.
Those items are
crammed into roughly 4 hours of instruction and practice, then you get in a
plane and jump out of it. I went through the AFF Level 1 with a single other
student and one instructor for the classroom portion. During the actual jump I
had two instructors each with both hands in firm contact with my chute
harnesses.
There was so much
information. It was repeated multiple times, and there were multiple quizzes
throughout the instruction. But during course of the jump, I had difficulty
retaining it all and keeping it straight. Fortunately, I retained enough of it
to get back without any major damage.
I had an hour
delay between the instruction and the jump. I sat with my classmate, we talked about
the sequence. We watched the other divers landing.
Finally, it came
to be my time for the jump. I got suited up, got my chute, and went through one
cycle of the exit from the aircraft with my backup (non-release side)
instructor. It was more important to do this with him because he would be
hanging onto the outside of the plane while I was doing my sequence
(up-down-step out) within the plane.
We flew up to
altitude. A couple who were clearly experienced jumped first. I got up, took my
position at the door. “Check In!” Brian gave me the go signal. “Check out!”
Craig gave me the go ahead. Up. Down. Step out.
I was falling out
of the plane. I didn’t think about the relative wind, but I did try to keep my
arms and legs back. I felt my body turning toward the direction of the fall,
and I arched my back further.
Altitude 12, 000
feet. Circle of Awareness. Check and report. Look left - Craig gave me signals
to adjust my position. Two fingers – legs out more. I stretched my legs,
pointed my toes. Report right. Lazy W signal. My arms needed to go back more.
Release check.
Left arm out in front of me. Reach back, put my hand on the hackey sack to be
able to release my chute. Return to lazy W. Again. Left hand out straight.
Right hand back to the hackey sack. Again. Left hand out. Right hand back.
Circle of
Awareness. Check altitude. Report. Craig has me adjust my position. Lazy W. Fix
my arms. Report. Fix my legs.
10,000 feet.
Adjust position through hand signals.
9,000 feet. More
bad position. Legs extended. Arms in a better W.
8,000 feet. Lazy
W. Better arm position
7,000 feet.
Extend legs.
6,000 feet. Lock
on.
5,500 feet. I
wave off. Single finger from Brian. I reach back for my hackey sack. It’s gone.
Brian pulled it.
Then, I have my
first moment of “Ok. What now?” I am paused. I don’t really know what to do for
a moment. I’ve decelerated substantially. The chute seems to be working. I look
up. I check the shape. It’s a rectangle. I check stability. I’m not really sure
what I’m looking for, but I don’t see any substantial luffing or flapping of
the chute. So, ok, I guess.
Steerability. I
reach my hands up into the yellow steering handles. I’m supposed to pull them
down a bit to release the brake, then locate the holding area (where I’m going
to wait until I reach 1,000 ft.) I’m supposed to orient to the holding area
with the steering handles then do a steerability check. Instead, I go right
into the steerability check. Left turn? I looked down over my left shoulder to
be sure I won’t collide with anyone by the maneuver, and pull the left handle
all the way down. I start to turn left. I let the handle go back up. Right
turn. I look to my right and down, then pull the right handle all the way down.
I can make a right hand turn. Flare. I’m supposed to pull the handles all the
way down, to be sure I can flare. I pull them down. I think that it seems I can
slow down, so I think I’m good to go. I look around, and locate the trees I’m
supposed to head toward. They’re behind me and slightly to the right, so I head
that direction by turning about 220 degrees to the right. I check altitude. I
can’t remember exactly where I was at beginning this maneuver to the right.
About 4,500 feet, I think. I’m a bit concerned that I can’t really get to the
holding area. I navigate with the handles to adjust my direction. I’m relieved
that the steering mechanism seems pretty easy. The steering and landing were
the areas of greatest concern. In retrospect, I should have practiced a flare
and brake in this traverse toward the holding area. But, I didn’t.
3,500 feet. I’m
approaching the holding area. Tracking the location of the other chutes in the
sky. There were a bunch of tandem divers who were much higher. Several of them
were doing interesting maneuvers. Some other time, I thought. I just want to
get to the holding area.
3,000 feet. Still
working my way toward the holding area.
2,500 feet. Not
quite to holding area, but getting pretty close. I am a little concerned about
getting there. Three or four other divers are beneath me. Presumably these are
my two instructors and the couple who jumped first.
2,000 feet. The
backup radio comes on. I can’t really understand anything Craig is saying. He
tells me something, I maneuver a bit, because I’m actually heading the wrong direction
(still traveling toward the holding area). I presume he is concerned that I am
not oriented for the landing pattern properly. I adjust my position by making a
270 degree turn, so I’m generally heading back toward the landing path.
1.500 feet. I’m
still in the holding area, but starting to leave it. I’m too high to leave it,
but heading into the pattern. I turn a bit to the right and back to the right
to try to stay in that area but slow down my exit from the holding area.
1,200 feet. I’m
leaving the holding area, too high.
1,000 feet. Out
of the holding area. Following the stream bed above the trees.
600 feet. I’m at
the taxiway, where I should make a left turn. Instead of making a hard left, I
make more of a 45 degree turn with the intention of travelling some more out of
my way to extend my path a bit longer to try to lose more altitude.
300 feet
(estimated). As I get to the center of the taxiway I make a 90 degree left turn
to head down the taxi way. I tried to check my altitude at this height, but
couldn’t really read it, so decided to focus on going straight.
There were
several other people in the center of the field. I was too high. I knew that.
Not terribly, though. The wind was stronger here since I was heading into it,
and it noticeably required more steering. There were people in the center of
the field, in line with where I was heading. I steered slightly to the left,
making a bit of a lane change. I adjusted back to the right and continued
straight. Craig was on the radio talking to me, but I really didn’t understand
much of what he was saying. I think he said I was too high. But, I didn’t think
there was much I could do about it at this point, except go straight and land.
25 feet
(estimated) I was preparing to land. Well short of the trees at the end of the
landing area. Which was a relief to me.
15 feet
(estimated) I was supposed to flare at 10 feet. I estimate that somewhere
between 20-15 feet is where I actually executed the flare.
Touchdown. I held
the flare like I was supposed to, but I was too high. The training covered PFL
– Parachute Fall Landing. Or something like that. The training had us jump from
incrementally higher steps. We kept our feet together, pogo’d like a pogo
stick, bent like a banana to one side, rolled onto our leg, hip, side. We kept
our arms tucked in and let our body absorb the fall through transfer of
momentum.
I didn’t do any
of that. I had my legs apart. I didn’t transfer the momentum via a roll. I
absorbed it like I was doing a squat, and fell backwards, like I was rolling
out of a fall from bouldering. I boulder a lot and fall with some frequency
during bouldering. I do a lot of squats and deadlifts. So, I’m not at all
surprised that’s how my body reacted. It did the maneuver it is trained to do. It’s
just that this maneuver wasn’t the appropriate maneuver in this case. I’m
definitely sore as a result of that landing. A lingering ankle injury aches
more today than normal. My right hamstring is sore. My left hip is sore. My
gate walking feels a bit abnormal, like the position of my hips and legs is a
little off from where each part expects the other to be. I don’t feel like I
can hustle, and I don’t feel as spry as I normally do. Very fast walking
through the airport during a transfer to make today’s flight wasn’t a welcome
circumstance.
Will I go for
level 2? I don’t know. I have 30 days to jump before I have to retake Level 1.
My difficult schedule will probably prevent me from completing the level 2
within 30 days. Or maybe next Saturday I’ll do it, I have a time window of
about 5 hours, which would be enough time to do it on the North Shore!
I hope you take
something away from this. If you do, please let me know what it is. Let me
share my take away lessons.
First, with
regard to training. I think that this reinforces my commitment to training,
simulation, and exercises more so than ever before. There are a few things that
I like about training. One is the trainer assuring me that he is thoroughly
competent in the area. When I am literally putting my life, safety, and
well-being in the trainier’s hands I want to have the sense that the program
he’s providing is solid. While I got that, I also got the sense that I was
going to be on my own. Which, I was. There were several things that could have
gone poorly which didn’t. I think these were the direct result of the training.
I suspect thousands of people go through this training program on an annual
basis across the USA. I didn’t research these numbers to write this article.
But, it would be interesting to know what those numbers are, as well as the
number of pass/ fails as well as the frequency of incidents with jumpers
related to AFF level 1.
This leads me to
the correlating questions for your information assurance program. How many of
the tasks that you expect for your analysts can be broken down into a clear,
repeatable, articulated sequence that can be drilled over, and over, and over
and over? Where there’s no ambiguity for the actions to be taken?
** Question
number one. Is there a plan?
If you can’t
provide a clear sequence of actions to perform, can you provide a decision
making matrix? Where a proscriptive plan cannot be created, can you provide
unambiguous decision making criteria? In this experience the criteria for
assessment is SSS: Shape; Stability; Steerability. The sky diver necessitated a
framework for analysis to determine if the current state was adequate to safely
land the parachute, or if a replacement parachute was in order.
This critical
period (5,500 feet until 2,500 feet) had a defined entry, a clear period of
assessment, and criteria for escalation. If at 2,500 feet there wasn’t a
parachute that met the SSS criteria, there was a defined procedure to engage.
For skydiving, this is the one escalation procedure. Cut away the main chute,
and engage the reserve chute. You probably won’t be able to manually engage the
reserve chute because the automated system to engage the reserve chute will be
activated. We drilled this action no less than 10 times. This included decision
making associated with the physical performance of the motions associated with
cutting away and engaging the reserve chute.
** Question
number two: What to do when the plan failed?
Throughout the
training, there was only one other person who was a student. I sincerely
couldn’t imagine going through a class of 20-30 other people who were
attempting AFF level 1. As with most other training courses, there was a sense
of comradery established. I’m a fairly solitary person. But, when I was
finished with my jump, I waited a while until I confirmed that my classmate had
successfully completed his jump. He probably jumped another time that day. I
probably could have completed another jump, but my schedule and my plan precluded
it. I suspect that another day I will jump again. I know that Jordan will
remember that first jump and our class. I also knew that while we were both
trying to develop an understanding of what was required of us we had a sense of
mutual support and a drive to assure that each of us understood what needed to
be done. As you guide people in the enterprise to complete a task, do they
think that you are looking for a reason to fire them? Or are they sure that
you’re there to help them complete all the details and achieve excellence?
** Question
number three: Who’s there to help me if I need it?
This is my
“lessons learned” report for my first sky dive. I’m sure that I could have
performed better. I’m glad that I didn’t get hurt. I’m glad that I followed
through on completing a challenging and ambitious plan.
I will say that
on the climb up from the airport, we discussed, double checked, reviewed, and
reviewed again the steps for what we were going to do. The next time that
someone tells you that we don’t need training for incident response, network
security monitoring, or forensic analysis, ask them if they would be willing to
jump out of an airplane without having gone through training.
This experience
suggests to me that incident response is more complicated than skydiving. I’m
not good at skydiving yet. But, from the sequence of sky diving that was taught
to me I have a very specific sequence of actions that must be performed and a
single clear objective. That’s substantially easier to perform and practice
than security operations.
Afterword.
One item that I
won’t belabor, but would ask for feedback from anyone who ever has an
opportunity to listen to me speak. Please tell me whatever phrase I use to the
degree that it becomes cloying. That thing that I fall back on to express a
sentiment of importance when I become lazy and don’t use a more interesting
word. I used to use the word “actually” a lot. Now I use the word “generally”
too frequently. Help me to thwart my linguistic laziness. Thanks for following
along with me on my first solo jump!
=-=-=-=-=-=
TODO: personal
system for logging and tracking response event and incident actions
