|
8 More Security Stars
Paul Sarbanes and Michael Oxley may lead the way, but they're not alone. Here are eight more important figures from the past decade.
BRUCE SCHNEIER Bruce Schneier wants to change the way you think about security. During the past 10 years, he's explored every avenue of influence available to him--blogging, books, keynotes--to great degrees of success. Secrets and Lies: Digital Security in a Networked World, Beyond Fear: Thinking Sensibly About Security in an Uncertain World, and Applied Cryptography are mainstays on the bookshelves of most security professionals, and the Cryptogram newsletter graces inboxes once a month, much to the glee of its thousands of readers. Schneier has his opinions, and for a decade he hasn't been shy about sharing them.
But he hasn't always been about overtly influencing thought. Schneier made his bones in cryptography, having written or co-written the Blowfish and Twofish algorithms, among many others, helping to make the practice mainstream after some shaky years battling the government over export controls.
"Electronic commerce was the killer app for cryptography, and that's what forced it out of the shadows and into the mainstream," Schneier says. "But really, we won the crypto war because cryptography doesn't matter nearly as much as we thought. Back in the mid-1990s, we thought cryptography would protect our data from outsi...
To continue reading for free, register below or login
To read more you must become a member of SearchSecurity.com
ders. But the real problems are in computer and network security. It doesn't matter how good your encryption is if the bad guys installed a Trojan on your computer, or a keylogger. I think the FBI realized, a couple of years before we all did, that cryptography wasn't all that important."
What is important these days to Schneier? Well, besides blogging about airport security, terrorism and other trends beyond information security, Schneier is tackling the subject of psychology and security. He stresses that today's CISOs must get the psychology of security correct, else security systems will fail regardless of the strength of the technology.
"If there's one thing I've learned in all my research into human psychology and how we deal with security, risk, trade-offs, costs and decision making, it's that people are not rational," Schneier says. "People make decisions in completely irrational ways, breaking all sorts of rules of logic while doing so. Our brains are weirdly engineered, with overlapping systems, fail-safe overrides, memory glitches and systemic bugs. And while we are superbly engineered for the cognitive problems that arise while living in small family groups in the East African highlands in 100,000 BC, we're much less suited to 2007 New York."
Read the complete interview with Bruce Schneier at searchsecurity.com/10thanniversary.
|
 |
|
