I was fortunate enough to be given an iLiad for the past six months. At first I couldn't believe my luck and loaded many books and PDFs onto it, in some cases giving away the hard-copy versions I had to save shelf space. Woe is me... wwwoooooeeeeee is me... *groan*
Before you get the wrong impression let me say the iLiad was a great recreational book reader while on travel. The screen was good, features adequate, battery life sufficient, and a great space saver.
I tend to start a lot of books in parallel and then misplace them for a few months before remembering to go back and finish them. Not many books can keep my full attention from cover-to-cover. “Shame” by Sam Cohen is among the rare exceptions where I simply can’t set a book down until completed. Cohen was part of the Manhattan Project and the first proponent of the neutron bomb. His work with and for such luminaries as Oppenheimer, Teller, von Neumann, and the notorious Jess Marcum gave him a front-row seat to military science and policy in the 20th century. While the view of the theater was good the script was almost tragic; his dealings with the US Congress, black comedy.
What if nuclear weapons development and military policy was in the hands of naive and unqualified men? What if RAND didn’t give good advice? What if the scientists bickered and argued like teenagers? What if the math behind nuclear weapons was half wrong? What if leading Congressional officials didn’t know what a neutron was? And what if all your allies go into early retirement at the hands of politicians?
I was going over a few old escape reports I wrote and concluded that I needed a good psychologist more than I need another security architect or engineer. I can’t, for the life of me, figure out what most end-users are thinking when they click-through warning dialogs, answer sensitive questions to complete strangers, put sensitive documents on unsecured media, and get involved with Swallows. Even in my daily life I sometimes pause just ~after~ clicking something or answering a question. We’re all prone to it........
I decided to search some job sites and see if anybody was recruiting psychologists for security related positions. I didn’t find much of anything but I’m sure defense and intelligence shops must have people on-staff. Determined not to be empty-handed I decided to search for evidence that IT security penetration testing services and firms used psychologists for more enhanced customer recommendations. What I mean is not just the social engineering norms but finding out what particularly unique aspects of a given organization may be leading users to insecure behavior not normally noticed. See what I mean?
In the process of my searching I thought about “Security and Usability” (which I highly recommend) and then came across some good old posts by Tom Vogt (one, two). If you take his security aspect mindset and combine it with the technical goals of the Jericho Forum you have a pretty complete picture of what’s to come in IT security.
Along with a few good psychologists. -Ali
UPDATE 02012007: Looks like Schneier is on the case too.
