Staff psychologist
I was going over a few old escape reports I wrote and concluded that I needed a good psychologist more than I need another security architect or engineer. I can’t, for the life of me, figure out what most end-users are thinking when they click-through warning dialogs, answer sensitive questions to complete strangers, put sensitive documents on unsecured media, and get involved with Swallows. Even in my daily life I sometimes pause just ~after~ clicking something or answering a question. We’re all prone to it........
I decided to search some job sites and see if anybody was recruiting psychologists for security related positions. I didn’t find much of anything but I’m sure defense and intelligence shops must have people on-staff. Determined not to be empty-handed I decided to search for evidence that IT security penetration testing services and firms used psychologists for more enhanced customer recommendations. What I mean is not just the social engineering norms but finding out what particularly unique aspects of a given organization may be leading users to insecure behavior not normally noticed. See what I mean?
In the process of my searching I thought about “Security and Usability” (which I highly recommend) and then came across some good old posts by Tom Vogt (one, two). If you take his security aspect mindset and combine it with the technical goals of the Jericho Forum you have a pretty complete picture of what’s to come in IT security.
Along with a few good psychologists. -Ali
UPDATE 02012007: Looks like Schneier is on the case too.
Comments