Bruce Schneier: The Security Mindset

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
you know I think computer security is the most exciting part of computing right now because it has something that nothing else has it has an adversary relationship might even do graphics or operating systems or or anything there's no one trying to thwart you at every turn unless you have insecurity that's what makes it exciting and interesting and that's what makes it something that's forever changing and involves psychology and economics and computing and law and policy and so many things so I think it's a great area to be in to work in I think it's not going away right as long as we have adversaries as long as you have human beings and and ne'er-do-wells and evil doers we're gonna need security so it's always gonna be like that you know preparing is interesting in a lot of ways security is a mindset it's a way of thinking about the world and if you think about the original definition of a hacker as someone who's sort of Kabul stuff together you hack of this tool and it works and you put this piece together and this here and that and and it all works and right and it's a great hack but I'm a security guy I'm gonna say well turn this like that doesn't work anymore and you'll say well don't do that and I'll say no no I'm the attacker I get to do that I get to do that whatever I want I get you at the most inopportune time get to do that in a way that makes your system fail as badly as possible and you have to think that way not about how to build something how to make it work but how to make it fail and how to make it fail and precisely the right way to do precisely the right sort of damage and that's a way of thinking I mean there are some people who go through their lives look at its systems and figure out oh I can break that oh here's how to break that are you walking to a store you see the purchasing system oh I can steal something here's how you walk into a voting booth oh I can sort of defeat this here's how may not do it because of course that would be illegal but you think that way and that mindset I think is essential for security once you have that mindset then it's a matter of just learning the domain learning the systems and whether it's a self-driving car or a voting system or a medical device it's going to be embedded code interacting with the real world and in a way that involves people and society and I can teach all that you can learn all that so I remember a class in security I forget who did this one of the assignments was come in tomorrow and write down the first thousand digits of pi okay so two things about this test one you can't memorize thousand edges two pi you have to cheat and actually the students were expected to cheat but if they were caught cheating they would fail okay that's interesting right that teaches that mindset allows you to think outside the box but how am I gonna do this am I going and there are lots of ways people cheated and and I serve urge people watching to go google this and to look at some of the stuff written it's a great way of trying to stimulate the mindset can you teach it formally I don't know it's kind of like it's a way of thinking and I think the more security classes you take the more you exercise that mindset a lot of the hacker conferences will have capture-the-flag contests I remember an early one where they had to build their own private network to cut down on both network license latency and federal violations I mean that's why you do it but you're gonna learn a lot by breaking other people's systems and yeah that's probably gonna involve illegal activity and agreed you know this isn't the best way right maybe it is the best way it's not the most socially acceptable way you know but here we have this clash between the tech imperative and what society wants so many of our systems are black boxes I mean you can go and try to hack this your your smartphone or your computer and there's a lot of stuff you can learn but really it's gonna be more fun if you can hack somebody else's cell phone or somebody else's computer I want it to be open-ended I want it to be you know follow whatever it is you're interested in the neat thing about security you can go wherever you want there are so many different sub disciplines I'm often asked should I study forensics or cryptography or network security or protocols and or embedded devices or SCADA systems study what you want and whatever interests you follow that because really what you're learning is how to think like a security expert and honestly if you get a job they make you do VPNs you can pick up VPNs that's easy and it's the way to think so do what you want and you know what we're learning right now is that demand is greatly outstripping supply right that people who have expertise in security have a guaranteed career because there is such a demand for it and there's such a lack of supply have you written any of your books kind of been aimed at those kind of you know pre computer science students or early computer science students that would sort of be a good read I tend to write my books for general audience so I think of my parents my friends so computer experts yes but really for a more general audience so going back to something like secrets and lies wrote in 2000 it's about how network security works right 15 years out-of-date but it's still a good introduction and the basic concepts of how to think about security you know later cryptography engineering how to engineer crypto systems my book liars and outliers how to think about security as a way to enable trust very non-technical but very much here's how security is embedded in society my latest book is about surveillance and data and Goliath talks about what's going on in the world of surveillance and how we can regain security so to me all of these books are for someone who might be interested in this field because what they're gonna do is spark interest in different directions are they gonna give people ideas they're gonna go and research further and that's how you get your passion that's how you get your calling you know it's not that someone gives it to you that you notice it going by and saying hey that's kind of neat I want to do more there
Info
Channel: ieeeComputerSociety
Views: 16,339
Rating: 4.927536 out of 5
Keywords: bruce schneier, computing conversations, security, computer science
Id: eZNzMKS7zjo
Channel Id: undefined
Length: 7min 32sec (452 seconds)
Published: Wed Feb 03 2016
Related Videos
Click Here to Kill Everybody | Bruce Schneier | Talks at Google
Talks at Google
36K
Data and Goliath: The Hidden Battles to Collect Your Data | Bruce Schneier | Talks at Google
Talks at Google
42K
Bruce Schneier and Edward Snowden @ Harvard Data Privacy Symposium 1/23/15
Harvard Institute for Applied Computational Science
55K
TEDxPSU - Bruce Schneier - Reconceptualizing Security
TEDx Talks
54K
Don't Talk to the Police
Regent University School of Law
14M
DEFCON 20: Bruce Schneier Answers Your Questions
Christiaan008
15K
NSA Surveillance and What To Do About It - Bruce Schneier
Stanford Center for Internet & Society
32K
Liars and Outliers | Bruce Schneier | Talks at Google
Talks at Google
45K
Steve Jobs Insult Response - Highest Quality
Jonathan Field
10M
The State of Incident Response by Bruce Schneier
Black Hat
34K
Billionaire Mathematician - Numberphile
Numberphile
3.2M
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.