Doug Bedell — March 31, 2008, 7:31 am

Stuck With a ‘Security Mindset’

Bruce Schneier has written an engaging essay on the “security mindset” – the attitude of mind that enables some people to detect security weaknesses sooner and better than others.

It’ s nearly the opposite of the engineering mindset, Schneier feels. “Good engineering involves thinking about how things can be made to work; the security mindset involves thinking about how things can be made to fail. It involves thinking like an attacker, an adversary or a criminal. You don’t have to exploit the vulnerabilities you find, but if you don’t see the world that way, you’ll never notice most security problems.”

Of course, at PRO Barrier Engineering, we use an engineering mindset to detect and plug weaknesses in perimeter security. But we’re purposefully aware of what we’re doing. Schneier’s point is well-taken when you think of the hosts of folks who have trouble recognizing that someone might be hostile to them.

“Security professionals – at least the good ones – see the world differently,” Schneier writes. “They can’t walk into a store without noticing how they might shoplift. They can’t use a computer without wondering about the security vulnerabilities. They can’t vote without trying to figure out how to vote twice. They just can’t help it.”

No Comments »

RSS feed for Comments on this post. TrackBack URI.

No comments yet.

Leave a comment

Plain text comments only.