Security Engineers Approach Things Differently

Wednesday, March 26, 2008 by Mistlee

Can't see any images? -!

Click to Play

Matt Van Wagner and Dana Todd
If you're familiar with Search Engine Strategies conferences, then Dana Todd's cherry bomb hair is no surprise to you. Unfortunately for her, it appears that...

Recent Articles

Get Your Developers On A Platform
This past Friday we shut down flyte for an all-day planning session with the entire staff. It wasn't nearly as painful as it sounds, in big part because we've got a great crew here that likes and respects one other.

IT Visibility - Achieving Comprehensive Network...
Stateful Network Detection Technology Enables Successful NAC Deployments Covering the Entire IT Infrastructure... The various approaches to network access control (NAC) have created a significant...

Microsoft Has an Open Source Strategy
Shaun Connolly from JBoss/Red Hat has a nice summary of Microsoft's Open Source Strategy. In the post, Shaun states: "As much as I hate to say it, Microsoft could learn something from IBM's strategy. They make no bones about it: they work in the open source...

Decision Management And Key 2008 Technologies
John McCormick had a nice piece over on CIO insight - The 10 Most Important Technology Areas for 2008, a Garnter View. Four of these struck me as particularly important when it comes to consider decision...

Halloween IT Horror Stories: Hosting Providers
Sometimes you just want to sit down and scream, there you are with your web site gathering an audience like you have never seen, you have arrived, you have a page rank, decent connections via all the social media...


Security Engineers Approach Things

By Dan Morrill

While in general I disagree with Bruce Schneier more often than I do agree with him, on his "Inside the Twisted Mind of the Security Professional" I have to agree with him. He has hit on one of the more fundamental differences in approach that security engineers have when it comes to solving a problem.

We do think differently, not only do we think differently our approaches are also different because we automatically think of how to abuse a system. This can be generally unpopular, but if it is deep seated in our personality, the "think evil, act good" aspect of being a security engineer, then maybe this explains a lot of what we do, and how we do it.

This does not mean that the obligation to be creative, innovative, and supportive of our compatriots in the business and IT units. This does not meant that the culture of "no" can continue, but that if we know why we do something, we can explain it much better.

In the argument that Bruce makes he says that Security Professionals don't think about how to take care of the customer, no we think about what happens when the customer can do something on the web site, or with the program that makes it work differently than it was supposed to work.

Some of the best in the world security engineers think this way.

Security requires a particular mindset. Security professionals -- at least the good ones -- see the world differently. They can't walk into a store without noticing how they might shoplift. They can't use a computer without wondering about the security vulnerabilities. They can't vote without trying to figure out how to vote twice. They just can't help it. Source: Wired

Call Today For a Free Domain Consult

This is where I agree with him, I know when I walk into the mall I can point out ever security camera, every physical security measure in the store, what dangers are with those handy key pads next to the cash register. When I look at a chunk of code, I am trying to figure out where I can break it so that I can get into some executable space in memory. Same goes for web sites; everything is fair game when a good security engineer is deep in their game.

Developers and business managers should be worried when you evil chuckling coming from the security department, that means they just found a way to take over your web site, program, or computer. You want people like this; they will save companies a lot of pain down the road with internally developed software.


About the Author:
Dan Morrill has been in the information security field for 18 years, both civilian and military, and is currently working on his Doctor of Management. Dan shares his insights on the important security issues of today through his blog, Managing Intellectual Property & IT Security, and is an active participant in the ITtoolbox blogging community.
CTOupdate is brought to you by:

About CTOupdate
A collection of Articles an news designed to keep professionals in the tech industry informed about the latest developments in an ever changing landscape Tech News and Updates for Tech Professionals


-- CTOUpdate is an iEntry, Inc. publication --
iEntry, Inc. 2549 Richmond Rd. Lexington KY, 40509
© 2008 iEntry, Inc. All Rights Reserved Privacy Policy  Legal

archives | advertising info | news headlines | free newsletters | comments/feedback | submit article

Unsubscribe from CTOUpdate.
To unsubscribe from CTOUpdate or any other iEntry publication, simply send an email request to:
Tech News and Updates for Tech Professionals CTOUpdate News Archives About Us Feedback CTOUpdate Home Page About Article Archive News Downloads WebProWorld Forums Jayde iEntry Advertise Contact