Most of the vulnerability management programs I’ve encountered suffered from analysis paralysis—the infosec team had reams of data (or multiple spreadsheets) on their vulnerabilities but couldn’t make progress because they couldn’t decide where to start.

Questions I frequently hear include:

• What’s the biggest vulnerability (AKA high-risk)?
• What vulnerability hits the most systems?
• What vulnerabilities are most easily exploited?
• What vulnerabilities impact the highest critical business system(s) the most?

Those are all excellent questions and they assume a level of maturity that an analysis paralysis-level organization hasn’t reached yet. Maybe you haven’t completed (or started) a BIA project to determine your critical business systems. Maybe you’re still working on your device inventory. Maybe you don’t know how to define “biggest” yet.

(aside)

A simple vulnerability management process could look like this:

1. Identify the vulnerabilities—presumably you’ve got a scanner or an advisor that gives you a list.
2. Prioritize the vulnerabilities—determine which vulnerabilities pose the largest risk.
3. Remediate the vulnerabilities—change configuration, patch, replace or otherwise address to eliminate or reduce the risk.
4. Repeat on some interval.

Pick something

You’ll be doing vulnerability management for a good long while (forever), so in the early stages of your program, skip prioritizing, pick something and do it. Do use your knowledge of yourself and your organization to inform your decision, but pick something to work on and then go do it.

Here’s how this works:

1. Pick a vulnerability to work on
2. Work on it (remediate)
3. Celebrate your success
4. Repeat

Closing thoughts

This is not that different from how you eat an elephant. One simply cannot eat the elephant in one bite, so do it incrementally. Or, if you’re using the “stuck in the weeds” analogy, choose the weed that’s in front of you and pull it, then choose another weed.

Two things will happen: 1) You’ll be making incremental progress, and 2) at some point you’ll start seeing the forest instead of all the trees and can start prioritizing more wisely.

Attending the ALA event at Loganberry in January to hear the Newbery awards reminded me of my goal to read all the Newbery Medals and to sample the more interesting Newbery Honors, so I loaded up February with Newberys. Many of the older ones are no longer in print and I dipped into LibriVox to listen to them.

How can I highlight notable books when everything I read this month (with two exceptions) was an award winner of some sort?

A free and fast dog

The uniquely-crafted tone of Dave Eggers’ The eyes and the impossible [2024 Newbery Medal] was what made this one super-special. Johannes is a dog (??) who lives free in an urban park. On an island. With Bison. And communicates with seagulls and raccoons and all the other free animals in the park. (But not the ducks.) This is story of self-discovery is masterfully crafted. I have no idea how I jumped to the top of the “holds” list to check out this library book so early, but I am grateful. I’ll be purchasing a copy for my personal library—it’s that good.

My Father’s Dragon

Written from the perspective of a young boy, this LibriVox recording by a young boy is the perfect way to experience this short, classic book by Ruth Stiles Gannett. [1949 Newbery Honor]

Dear Mr. Henshaw

A coming-of-age story (Newberys tend that way) of a boy, Leigh Botts, who reluctantly takes up pencil to write his favorite author, Mr. Henshaw, as a class assignment. Through his letters, we journey with Leigh, navigating his several difficulties. [1984 Newbery Medal]

Heart of a Samurai

I didn’t research Preus’ Heart of a Samurai before starting it. It’s about a young Japanese fisherboy who is shipwrecked and then rescued by an American whaling vessel in 1841. It reads like something Patrick O’Brian or Richard Henry Dana would write. The subtitle should have given it away: Based on the true story of Manjiro Nakahama. It’s a researched, biographical story of the first documented Japanese person to reach mainland North America. Fantastic. Read it. [2011 Newbery Honor]

The Voyagers

I was surprised at how many of the legends and histories of exploring the Atlantic show up in Lewis’ Voyage of the Dawn Treader. But I shouldn’t have been. [1926 Newbery Honor]

Picture books

Both Fox has a problem and Worm and Caterpillar are friends were too young for me, but I could see their appeal. [2024 Theodore Seuss Geisel Award and 2024 Theodore Seuss Geisel Honor, respectively]

I read Jumper: a day in the life of a backyard jumping spider simply to relate more to the little critters that inhabit my house and yard. The book of turtles is research for a project about Blanding’s turtles that I’m working on. [both 2024 Sibert Honor]

Both Papá’s magical water-jug clock and El Barrilito mágico de papá were fun books to help me practice my Spanish. [2024 Pura Belpré Honor]

Others

Starter Villain [2024 Alex Award] was a quick and fun read by John Scalzi (get his Red Shirts).

Miracles on Maple Hill [1957 Newbery Honor] helped me understand maple sugaring a bit more.

Number the stars [1990 Newbery Medal] made me reconsider my dislike of Lois Lowry. The hero and the crown [1985 Newbery Medal] is an adventure story written from a fresh perspective.

And try to find a copy of Smoky the cow horse [1927 Newbery Medal], it’s that good.

Skip Nicholls’ The silent stars go by but do read Yours from the tower. It’s an epistolatory coming-of-age novel (as was Dear Mr. Henshaw) about three girls in 1896. It has a chance to be a 2025 Newbery.

Read or finished in February:

Blos, J. W. (1979). A gathering of days: A New England girl’s journal. Scribner. [1980 Newbery Medal]
Clark, A. (1952). Secret of the Andes. Viking. [1953 Newbery Medal]
Cleary, B., & Zelinsky, P. O. (2000). Dear Mr. Henshaw. HarperTrophy. [1984 Newbery Medal]
Colum, P. (2023, July 2). The Voyagers: Being Legends and Romances of Atlantic Discovery. https://librivox.org/the-voyagers-being-legends-and-romances-of-atlantic-discovery-by-padraic-colum/ [1926 Newbery Honor]
DuBois, W. P. (2005). The twenty-one balloons. Puffin Books. [1948 Newbery Honor]
Eggers, D., & Harris, S. (2023). The Eyes and the Impossible. Alfred A. Knopf. [2024 Newbery Medal]
Freedman, R. (1989). Lincoln: a photobiography. Clarion Books. [1988 Newbery Medal]
Gannett, R. S. (2009, September 14). My Father’s Dragon. https://librivox.org/my-fathers-dragon-by-ruth-stiles-gannett/ [1949 Newbery Honor]
Holm, J. L. (2007). Penny from heaven. Yearling. [2007 Newbery Honor]
Hopson, N. R. (2023). Eagle Drums. Roaring Brook Press. [2024 Newbery Honor]
James, W. (2023, January 27). Smoky the Cowhorse. https://librivox.org/smoky-the-cowhorse-by-will-james/ [1927 Newbery Medal]
Lanan, J. (2023). Jumper: A day in the life of a backyard jumping spider. Roaring Brook Press. [2024 Sibert Honor]
Lowry, L. (2022). Number the stars. HarperCollins Children’s Books. [1990 Newbery Medal]
McKinley, R. (1985). The hero and the Crown. Greenwillow Books. [1985 Newbery Medal]
Montgomery, S., & Patterson, M. (2023). The Book of Turtles. Clarion Books. [2024 Sibert Honor]
Moore, A. C. (2023, December 2). Nicholas: A Manhattan Christmas Story. https://librivox.org/nicholas-a-manhattan-christmas-story-by-anne-carroll-moore/ [1925 Newbery Honor]
Murdock, C. G. (2020). The book of boy. Greenwillow Books. [2019 Newbery Honor]
Nayeri, D. (2023). The many assassinations of Samir, the seller of dreams. Levine Querido. [2024 Newbery Honor]
Nicholls, S. (2022). The silent stars go by. Walker Books.
Nicholls, S. (2024). Yours from the tower. Walker Books.
Parrish, A. (2019, October 30). The Dream Coach. https://librivox.org/the-dream-coach-by-anne-parrish/ [1925 Newbery Honor]
Preus, M. (2012). Heart of a Samurai: Based on the true story of Manjiro Nakahama. Amulet Books. [2011 Newbery Honor]
Rhodes, E. (2006). Criss Cross. Dafina Books/Kensington Pub. Corp. [2006 Newbery Honor]
Scalzi, J. (2023). Starter Villain. Tor/Forge. [2024 Alex Award]
Sorensen, V. (2003). Miracles on Maple Hill. Harcourt. [1957 Newbery Honor]
Tabor, C. R. (2023). Fox has a problem. Balzer & Bray/Harperteen. [2024 Theodore Seuss Geisel Award]
Taylor, M. (2023). Roll of thunder, hear my cry. Penguin. [1977 Newbery Medal]
Trejo, J., & Kinkz, E. (2023a). El Barrilito mágico de papá. Minerva. [2024 Pura Belpré Honor]
Trejo, J., & Kinkz, E. (2023b). Papá’s magical water-jug clock. Minerva. [2024 Pura Belpré Honor]
Windness, K. (2023). Worm and Caterpillar are friends. Simon Spotlight. [2024 Theodore Seuss Geisel Honor]

A recent post in the Journal titled “Is It Ever OK to Have an 8 a.m. Meeting?”¹ got me thinking. Now, I’m not going to quote from any study or point you to some paper that backs up my habits. I’m simply going to tell you that even as an early bird and as someone who generally stays after 5pm, I won’t schedule 8am meetings. Or 4pm meetings. Or Friday meetings. And I’d rather we didn’t meet on Tuesdays, either.

Some of this comes from working a few jobs that offered flextime and thrived on Teams and Zoom. Your “first-thing Monday” might flexibly mean 9am or even 10am. And likewise, your “end of day” might well mean after I’m done washing the dinner dishes.

If you’re working during these these two hours, gauge your energy and attention levels and use that time appropriately. One person I know uses the 8am hour to plan out their day and tackle the shorter “just do it” tasks that can accumulate if not planned. Another colleague takes the 4pm hour to review the day, collect unfinished work and prepare for the morrow.

At one gig, we quietly circulated the notion in our department that, barring an emergency, none of us would ever schedule a Friday meeting. It was an unwritten rule,² but we generally kept it without comment, so much so, that new people sometimes had to have this workplace habit explained.

It’s a delight to say “I’m sorry, I don’t take Friday meetings” during a vendor call and tell them that we used meeting-free Fridays to get work done. I’ve never experienced any pushback and most vendors merely seemed jealous.

And why Tuesdays? Many times it seems that Monday meetings are unavoidably necessary. And Thursday is too close to meeting-free-Friday, so Tuesday or Wednesday might work. Block if off. Plan it out. Schedule your week’s work so that the kind of projects that require a solid block of time can be done on these days.

Whatever works for you and your workplace, be intentional. And flexible. If something you’ve tried doesn’t work, figure out why and try something different—there are as many ways of working a week as there are people. You’ll find something.

1. Alcántara, A.-M. (2024, February 25). Is it ever OK to have an 8 a.m. Meeting?. Wall Street Journal. https://www.wsj.com/lifestyle/workplace/is-it-ever-ok-to-have-an-8-a-m-meeting-fb04fe2d?st=pg6wb7ljwiewvjd&reflink=desktopwebshare_permalink ︎
2. Actually, it was written down, along with a number of other tongue-in-cheek “rules” to work by. ︎

During an interview last week I was asked to define the difference between a Threat and a Risk using language that a non-technical CEO would understand. I gave a good answer and made it to the next round. And then I got to thinking—in my answer, I also talked about a third factor that should have been called out: Vulnerabilities.

Let’s start with some definitions:

A vulnerability is a weakness in a system that exposes the system to a threat.
A threat is anything that could exploit a vulnerability.
A risk is the likelihood of a negative event and the likely impact.

Risks are found at the intersection between vulnerabilities and threats.

The CEO’s password example

A CEO’s password is vulnerable when it’s short and simple. The threat is that someone (a threat actor) will figure out the password and use it against the CEO. There is a risk that¹ the threat actor will exploit the vulnerability (the short and simple password), coupled with the subsequent business impact (loss of data confidentiality, loss of data integrity).

What are some controls that we could put into place to reduce the risk? We can manage² the vulnerability by requiring complex, long passwords and MFA, reducing the probability of the CEO’s account being compromised (the negative event) by the threat actor. We can reduce the impact by ensuring that the CEO the correct access to systems and data needed to perform the job.

A non-cyber example

As I look out my window today, it’s snowing, as it should in mid-February.³ In this example, a threat might be a massive lake-effect snowstorm. Some vulnerabilities might be a refrigerator with no bread or milk, an inadequate heating system and an aging electrical connection. There is a risk that a massive lake-effect storm could bury us under three feet of snow (negative event) causing us to suffer harm (negative impact) by starving, getting very cold or losing power.

As an experienced midwesterner living in my particular zip code, I have implemented some controls to remove some of my vulnerabilities (and reduce my risk) by stocking up on flour, yeast and milk, having alternate heating (and cooking sources) and keeping a supply of flashlights, batteries and candles. That’s an example of how I’ve chosen to manage this risk.

Wrapping up

Threats operate against one or more vulnerabilities. Vulnerabilities are weaknesses that expose us to threats. But a vulnerability itself isn’t a risk. Risk is the probability of something negative happening, coupled with its impact. Some low probability and low impact risks may not be worth the trouble to reduce or eliminate. And some risks that are low probability but insanely high impact may warrant a completely different response.

But that’s a different post for another day.

1. This is a useful phrase to employ and helps me think about such things: “There is a risk that . . . (some negative outcome may take place).” ︎
2. I feel uncomfortable claiming that this vulnerability can be eliminated or removed. ︎
3. Since we live on the edge of Lake Erie’s snowbelt. ︎

References:
Maymi, F., & Harris, S. (2019). CISSP all-in-one exam guide (8th ed., Ser. All-in-one). McGraw-Hill Education.

Simon Sort of Says

I went to Mac’s Backs one Saturday in late 2023 and stumbled upon local author Megan Whalen Turner posing as a bookseller. I mentioned that I try to read all of the Newbery Medal books and many of the Honor books (one of hers, The Thief, is a 1997 Newbery Honor) and so she recommended her friend Erin Bow’s Simon Sort of Says as a possible 2024 contender. Megan did a great job as a bookseller — I bought three more books than I had intended that day. And until 2024, I’d never read a Newbery before it won the award. Started in December and finished before the 15th, I can now check that goal off my list.

Simon Sort of Says is about a kid who is (for horrific reasons) internet-famous, so he and his family hide out in a fictitious National Radio Quiet Zone so he can restart his life (offline) as an ordinary seventh grader. It’s a great book and a worthy Newbery Honor.

John Graves

Graves is another of Texas’ great persons of letters. Inspired by Goodby to a River, this month I read Hard Scrabble: observations on a patch of land. I grew up on the coastal plains of south Texas, down the contour lines from where Graves homesteaded, but I’ve traveled Texas enough to recognize his patch of land. His characters are trees and soil and grass, rain and drought, baking sun and blue-cold winds. He tells of the patch’s critters, the denizens and their predators and sometimes of the people passing through, and pretty soon the reader sees that Graves belongs to his patch of land more completely than even the water or the wind that shapes it.

The Wednesday Wars

While waiting for the library to find my long list of ALA medal and honor book hold requests, I picked up a 2008 Newbery Honor, Wednesday Wars. It tells the story of Holling, a seventh grader who makes an unlikely friend of his teacher when he is required to remain at school every Wednesday afternoon when his Catholic and Jewish classmates leave for religious classes. (Holling is the school’s sole Presbyterian.) Through Shakespeare, the two gradually come to understand each other. It’s a coming-of-age story (many Newberys are) and Holling’s growth is interspersed with going out for cross country, developing a crush, relating more to his sister, friction with his father and the shootings of Robert F. Kennedy and Martin Luther King Jr.

This was an easy-to-read book and a worthy Newbery Honor.

Petrone

From the first page, “The Musical Mozinskis” was a delight. Susan Petrone has conjured up a fun book full of believable characters who become a uniquely musical family — the Mozinskis, in the air around them, see the notes of the music they play. Well, almost all the Mozinskis. Their gift is so assumed that while no one ever talks about it, it soon becomes clear that little Viola doesn’t quite fit in.

But it’s in exploring the family relationships — growing up together, performing together (and separately), real squabbles, nationally-televised success, their time on and off-stage, one near-death experience, lots of love, more squabbles, some hope and reconciliation — that I found it hard to put the book down. While there is certainly a well-written plot, the novel seems more driven by its characters’ growth than by the adventures contained. Each Mozinski has a story that comes out and a challenge of one sort or another that shapes their lives. As a father and as a son, the ending was particularly satisfying to me (“Pretend”). And I love that some of the story takes place in and around Cleveland, Ohio.

I received an Advanced Reader Copy from the author because after The Heebie-Jeebie Girl, The Super Ladies and Throw Like a Woman, I had a hard time waiting for more Petrone. I plan on reading it a couple more times, and soon.

Others

My father suggested I pick up Eastbound and I’m glad I did. It’s nice short story. Whalefall won an Alex, so it’s targeted toward adults, but many youth will find it interesting, too.

The Lost Year could have been a Newbery. Set in two countries in two time periods, it covers the Holodomor, the soviet-induced famine that killed millions of Ukranians in the 1930s. This is also a covid-era story, but more importantly, it follows a boy¹ who finds out about some cousins and learns some first-person history from his great-grandmother. Both Gareth Jones and Walter Duranty are covered.

For a Continuing Church was a fascinating read for me, partly because I grew up in the times when the PCA was splitting off and when the PCUSA was forming. There were times when I felt as though I had had a back-seat view of some of the events described. When this book was given to me, I was told to read it to cure insomnia — don’t believe it.

Books read/finished in January:

While meaningful to me, I don’t know that my December readings would make sense to many people. In no particular order:

Adventures with a Texas Naturalist

Bedichek is one of Texas’ great persons of letters, in the style of Thoreau. I plan on reading his Karánkaway soon and am attempting to get an affordable copy of The Sense of Smell.

Themes I took away: pay attention to what’s around you and beware of unintended consequences.

Anne . . .

Montgomery’s Anne series is simply so uplifting that I thought I’d try to read them all (and I’m making good progress).

Themes I took away: resiliency and cheerful spirit.

Space station seventh grade

Spinelli is a Newbery winner, so when I found this in one of our neighborhood’s Little Libraries, I snagged it. It’s “ok”, but not as good as Maniac Magee.

Themes I took away: resiliency and accepting change.

Beowulf

Having grown up on my dad’s 1963 edition of Raffel’s Beowulf, I was initially skeptical of Heaney’s translation when I first saw it in 1999. Having purchased three copies since then, I am no longer loaning it out. Go buy your own (and if you have one of my copies, please give it back).

Themes I took away: duty and honor (and resiliency).

Cleveland Noir

I’ll read anything by Susan Petrone. You should, too.

On Trails

I’m a long-distance backpacker and this was recommended to me as something to think about. Paths, trails, things we follow, the tracks we make, the tracks we discover—not simply in the natural world but also in our cities and professions. Hmm.

Marshmallow Cafe

I still can’t make a marshmallow keep its shape using only marshmallow root powder, egg whites, heat and various sugars. This is the second time I’ve read this book. It’s a “feel-good” sort of book, but there are lessons of resiliency in it as well.

Books read in December:

Make it Harder

Make the attacker’s job harder, starting with passwords.

Strengthen your passwords

The goal here is “easy to remember but hard to guess”, so length becomes more important than complexity. Consider passphrases rather than passwords. Pick a memorable phrase and use it (or some variation on it) or some random words as your password. (There’s even a web comic about this: https://xkcd.com/936/)

WARNING: DO NOT USE THESE EXAMPLES AS YOUR PASSPHRASE.

Example:

My dog has fleas

• Seventeen characters, one uppercase and two special characters
• Easy to remember, but would take a very long time to crack, unless the attacker knows something about how your mind works and that you’d be likely to pick this passphrase.

My dog has 18 fleas.

• Twenty characters, one uppercase, two numbers and two special characters
• This one would be even harder to guess because the numeric portion isn’t easily predictable.

Places to assess your passphrase ideas:

• https://www.security.org/
• https://www.useapassphrase.com/

The team at Hive Systems (https://www.hivesystems.io/password) has a fantastic article showing (graphically) some of the reasons why long, complex passwords are the way to go.

Add Multi-Factor Authentication (where available)

Expand beyond a username and password and add a second factor (or more). Authentication “factors” are usually collected into three groups:

• something you know (a password or or passphrase)
• something you have (a physical object or token)
• something you are (a fingerprint, face or some other biometric trait)

Banks have been requiring something like this for years, frequently by requiring an authentication code of sorts sent to you via email or SMS. While requiring a PIN via SMS is generally recognized as more secure than nothing (SMS messages aren’t encrypted and it’s possible to intercept them), there are more secure methods:

Authenticator Apps like Google’s Auth, Cisco’s Duo Mobile, 2FAS, Microsoft’s Authenticator or LastPass’ Authenticator. In this case, your mobile phone becomes the second factor (something you have).

Physical Keys like Yubico’s YubiKey (my favorite is the YubiKey 5C NFC) or Google’s Titan Security Key. In this case, the physical key becomes the second factor (something you have).

Use a password manager

Password managers allow you to maintain long and complex passwords and not remember them, by keeping them in a vault only accessible to you. In this scenario, all your passwords are different and they’re all long and complex. You’ll still need a single really-good password to protect your vault of passwords, but that’s easier than remembering two hundred. These services store an encrypted vault that only you can decrypt with your master password. There are a number of really good ones out there: search for “competitors to lastpass”.

Some features to consider:

• how many devices (phone, tablet, laptop) will you need to support?
• do you want to share passwords with someone on your team or in your family?
• what’s your budget?

Don’t use a password at all

Some day we may even move past using passwords and rely on biometrics, physical keys, smart cards, or a combination of factors like geolocation, behavioral patterns, network addresses and the like.

This entry is part of a larger Cybersecurity for Small Business series. You can find the Introduction (and links to the others) here.

The news around Cybersecurity can be quite frightening. The odds vary depending on what you read, but most of the news seems to agree that it’s not if you’ll be compromised but when. And for many companies, the attacker is already in our network, on our devices, reading our emails, reading our files and looking for the right time to spring the trap.

I used to think that attackers favored large companies for the same reason that thieves target banks: because that’s where the money is.¹ But that’s not the case with cyberattacks. Certainly bigger companies receive more attacks that are longer sustained and more sophisticated, but smaller companies are at risk, too. So don’t think you’ll be ignored because of your size. In fact, there may be evidence that attackers target smaller companies because they frequently have less cybersecurity awareness and less cybersecurity budget than larger companies, possibly making it easier for the attackers to succeed.

The costs of a cybersecurity attack can be large and may be different than expected. There may be a ransom demand, and if you choose to pay it, there’s no guarantee that you’ll get all your data back. There may be reputational impact. You may not be able to process orders for an extended period of time. You may experience staff burnout as they fight off the attackers and restore operations. You may lose funds from bank accounts. Some companies struggle to recover and close shop.

I want to cover six solid steps that will make it harder for attackers to get in and will make it easier for you to recover when they do. Because it’s likely not a matter of if you’ll be compromised, but when you’ll be compromised.

The series:

0. Introduction (this post)
1. Make it Harder
2. Make Friends
3. Find a Leader (Champion)
4. Develop a Plan
5. Practice the Plan
6. Keep Current

Southern Upland Way

In late August 2022, my youngest son and I hiked across England (west to east) following Hadrian’s Wall. We had built in a day to take the train into Scotland simply so we could say we’d been there. (Merely looking at Scotland across the salt-flats at Solway Firth wasn’t enough.) The night before we were to walk into Carlisle and scoot across to Gretna Green, my son schemed up a trip to Sanquhar, then Wanlockhead (Scotland’s highest village) so we could hike up to Lowther Hill and then Green Lowther.

In doing so, we unintentionally found ourselves on a segment of Scotland’s Southern Upland Way, another coast-to-coast footpath. The eighteen hours we spent in the heather above Wanlockhead among the red grouse and the silence of the hills gave me a new experience for “remote” and “wilderness”. When we returned home, I began researching what it would take to walk and complete the Southern Upland Way.

Bowden’s Secret Coast to Coast consists of journal entries from his SUW hike, providing some flavor for the trail. Coupled with a good map and a guidebook (and a couple of weeks of time off), I think I’ll give this trek a try someday.

Maple Syrup Chapter

One of my sisters suggested I read Kimmerer’s Braiding Sweetgrass, so I borrowed it as an audiobook for my 90-minute (round-trip) commute. The chapter that stuck out to me the most was the one on maple syrup. The introduction of the legend followed by her own experience tapping trees and boiling the sap convinced me to find a used copy and add it to my collection. She invites the reader to explore their own relationship of their daily experiences to the plants, animals and land we encounter every day.

Station Eleven

My future fascination with Heinlein brought me into contact with Emily St. John Mandel in early 2022 when reviews for her Sea of Tranquility came out. I couldn’t get the book, so I turned to The Glass Hotel first and followed up with SOT when it became available. While talking about these two books with others, I was frequently asked what I thought about Station Eleven, which I had not read, so I decided to fix that.

Originally published in 2014, significantly before the 2020 pandemic, it feels that Station Eleven negatively influenced our own pandemic response in two ways: extreme isolationism and commodities hoarding. What’s ironic is that her pandemic isn’t even fully relevant to the story—Mandel needed a societal collapse that would leave a remnant and this is what she picked.

Mandel blends multiple timelines and characters into this story of exploration as her Shakespearian troupe travels the upper midwest inquiring into the interwoven ideas of family, culture, technology and society.

Watterson Returns

I suspect that Watterson’s first book since retiring from Calvin & Hobbes, The Mysteries, disappointed many. Both the art and the story are a radical departure from what we came to expect from him and that’s probably the point. I look forward to reading more of this new Watterson, however.

Others

I picked up Colette’s Chéri for some December/May novel outline research but didn’t finish. I picked up Newman’s Julia: A novel, but didn’t finish, in spite of believing that Orwell’s 1984 is a defining text in helping to understand our world today. Miluch’s Deadlands I did finish, but probably shouldn’t have.

Montgomery’s Emily series tells the story of a young woman exploring what it means to become a writer in the Canada of the early twentieth century.

Is there ever a month when it’s not appropriate to re-read Tolkien’s The Hobbit? I doubt it.

Books read/finished in November:

Bowden, A. P. (2011). Secret Coast to Coast: Walking Scotland’s Southern Upland Way. Createspace.
Colette. (1955). 7 by Colette. Farrar, Straus and Cudahy.
Kimmerer, R. W. (2013). Braiding Sweetgrass. Milkweed Editions.
Mandel, E. St. J. (2022). Station Eleven. Alfred A. Knopf.
Miluch, V. (2023). Deadlands: A novel. Lake Union Publishing.
Montgomery, L. M. (2014a). Emily Climbs. Tundra Books.
Montgomery, L. M. (2014b). Emily’s Quest. Tundra Books.
Newman, S., & Orwell, G. (2023). Julia: A novel. HarperCollins.
Tolkien, J. R. R. (1997). The Hobbit. Houghton Mifflin Co.
Watterson, B., & Kascht, J. (2023). The Mysteries. Andrews McMeel Publishing.

compasses only tell the directions,
not which one to follow

Maclean, N. (1992). Young men and fire. Univ. of Chicago Press.

Leaders choose which direction to follow. They can make that decision any number of different ways, but the leader makes the choice.