I greatly respect Geer. He has done much good. He has been a stalwart guide. The advice he offers is hard-won and mostly solid.
I am also a security professional. Geer's expertise dwarfs mine. But, I take exception with a couple of his views.
First, and foremost, we differ on the fundamental definition of Security. Geer says:
.. that is to say that one is in a state of security, if and only if there can be no unmitigatable surprises.
Thus Geer would say that somebody on Death Row has attained security. He knows exactly what will happen to him. There will be no surprises. While this may be a form of security, it is not a desirable one. Another consequence of this world-view is you are driven to seek knowledge of your environment. And if your environment is unknowable, then you can not be secure.
The view of Security that we practice is fundamentally different. We teach:
Security is a MEANINGFUL Assurance that YOUR goals are being Accomplished
We feel that this view is superior because it guides you to effective action.
It saddens me to see that Geer seems to be giving up. Perhaps he has been forced into so many untenable positions that he needs a rest. But giving up is not good advice.
Geer concludes with:
There are no people sadder but wiser about the scale and scope of the attack surface you get when you connect everything to everything and give up your prior ability to do without. Until such people are available, I will busy myself with reducing my dependence on, and thus my risk exposure to, the digital world even though that will be mistaken for curmudgeonly nostalgia. Call that misrepresentation, if you like.
So long Geer. Thanks for all the good advice. Forgive me if I continue to think we can make a difference.
I designed a Cyber Crime prevention Video to educate people so that there are no cyber security lapses.
His RSA talk was also worthwhile, covering much of the same ground and I would say slightly less pessimistic.
Although I must say, combined with recently watching Schneier and Ranum and seeing CGP Grey's video Humans Need Not Apply, I'm feeling a little technopanicky.
... and I rarely feel this way. Usually only an exceptional novel brings that out of me.
It's icky. It's more a recognition that the near future seems inevitably-dystopian than it is technopanic, I guess...
... but yeah, this was one of those great experiences in which an insightful intellect articulates things in such a way as to hit me right square in the feels.
This topic was automatically closed after 5 days. New replies are no longer allowed.