Thursday, March 20, 2008

Security experts and twisted minds

You've met Bruce Schneier before in these pages. He has a new and very interesting article in Wired: Inside The Twisted Mind Of The Security Professional. A brief extract:

Security requires a particular mindset. Security professionals -- at least the good ones -- see the world differently. They can't walk into a store without noticing how they might shoplift. They can't use a computer without wondering about the security vulnerabilities. They can't vote without trying to figure out how to vote twice. They just can't help it.

. . .

This kind of thinking is not natural for most people. It's not natural for engineers. Good engineering involves thinking about how things can be made to work; the security mindset involves thinking about how things can be made to fail. It involves thinking like an attacker, an adversary or a criminal. You don't have to exploit the vulnerabilities you find, but if you don't see the world that way, you'll never notice most security problems.

The whole thing is well worth reading - particularly if you take seriously the need to defend yourself, your loved ones and your possessions against criminals. Highly recommended.


No comments: