Create Wardley Maps for Multiple Security Scenarios

View the original Working Session content


Two scenarios were mapped by participants following an explanation/overview by Tony Richards. First, we mapped how to make a cup of tea Second, we mapped an AWS attack

Synopsis and Takeaways

  • As the session progressed, subtleties of visibility and invisibility of aspects of each map became clearer
  • Tony also shared a map of the music industry - a lot of work (engineering, sound quality, etc.) - this work is very expensive yet listeners are not aware, and if they listen using MP3, the possibly don’t care for the quality of sound
  • Music released on Spotify or other streaming services is cheaper than the cost of production

Identified Questions

The aim of this heading is to record the questions that might trigger follow-up discussions and initiate additional development of the topic covered by the session.

Important Conclusions

  • An understanding of the lifecycle of a process is essential - from genesis (e.g., a prototype) to a product that is customised or tailored to suit different customers or situations which in turn is refined into a product, which is then industrialised into a commodity.
    • Each of these phases has greater or lesser visbility on the value chain
    • Knowing where a component falls on the value chain can be subjective, and there was some lively debate over whether the tea planter/picker was visible or invisible to the process

Working Materials

The accompanying slides give a sample of how different groups mapped “Making Tea” and “AWS Attack” Slides posted to Slack Wardley Maps Outcome


Additional/External References

  • Links to presentations on Wardley maps Here, and here

Session organiser(s)


Attached materials: