Thornsec is a piece of software developed by Privacy International’s Tech Team which is an automated way to deploy, test, and audit internal and external services for an organisation, saving a lot of time and creating a sustainable security model. We are using this software to run all of Privacy International’s services – website, calendar, project management tools, Tor hidden services, VPNs. The whole system runs on two servers and the whole cost is around US$1000 to set up.
Thornsec is changing the culture of the organisation by making us all pay more attention to the technology we take for granted every day. It places responsibility for security where it belongs: the executive leadership of the organisation. It also engages with every individual on organisational security. Through tearing apart our services and rebuilding our organisational network we have learned much. The most important lesson, learned through a combination of frustration and wonder, is that it is both necessary and possible to increase security understanding across an organisation. And that is a strong basis for good cyber security policy more broadly. Our aim in this briefing is to share how developing and implementing Thornsec is influencing our policy work, and how it could help you too.