From Bruce Schneier’s “Inside the Twisted Mind of the Security Professional” (Wired: 20 March 2008):
This kind of thinking is not natural for most people. It’s not natural for engineers. Good engineering involves thinking about how things can be made to work; the security mindset involves thinking about how things can be made to fail. It involves thinking like an attacker, an adversary or a criminal. You don’t have to exploit the vulnerabilities you find, but if you don’t see the world that way, you’ll never notice most security problems.
Posted on October 11th, 2008 by Scott Granneman
Filed under: security
