This article can also be found in the Premium Editorial Download "Information Security magazine: Reflections on the impact of Sarbanes-Oxley."
Download it now to read this article plus other related content.
|8 More Security Stars|
Paul Sarbanes and Michael Oxley may lead the way, but they're not alone. Here are eight more important figures from the past decade.
But he hasn't always been about overtly influencing thought. Schneier made his bones in cryptography, having written or co-written the Blowfish and Twofish algorithms, among many others, helping to make the practice mainstream after some shaky years battling the government over export controls.
"Electronic commerce was the killer app for cryptography, and that's what forced it out of the shadows and into the mainstream," Schneier says. "But really, we won the crypto war because cryptography
| doesn't matter nearly as much as we thought. Back in the mid-1990s, we thought
cryptography would protect our data from outsiders. But the real problems are in computer and
network security. It doesn't matter how good your encryption is if the bad guys installed a Trojan
on your computer, or a keylogger. I think the FBI realized, a couple of years before we all did,
that cryptography wasn't all that important."
What is important these days to Schneier? Well, besides blogging about airport security, terrorism and other trends beyond information security, Schneier is tackling the subject of psychology and security. He stresses that today's CISOs must get the psychology of security correct, else security systems will fail regardless of the strength of the technology.
"If there's one thing I've learned in all my research into human psychology and how we deal with security, risk, trade-offs, costs and decision making, it's that people are not rational," Schneier says. "People make decisions in completely irrational ways, breaking all sorts of rules of logic while doing so. Our brains are weirdly engineered, with overlapping systems, fail-safe overrides, memory glitches and systemic bugs. And while we are superbly engineered for the cognitive problems that arise while living in small family groups in the East African highlands in 100,000 BC, we're much less suited to 2007 New York."
Read the complete interview with Bruce Schneier at searchsecurity.com/10thanniversary.
This was first published in January 2008