I’ve been tossing around ideas for the nature and purpose of this reincarnation of my blog. I’d noticed in the past that writing causes me to think of the sorts of things I write about, and vice versa. And yet it never occured to me to hack this consciousness feedback loop for higher purposes. (Stupid!) This article helped me to see a little more clearly how this could be done.
Security requires a particular mindset. Security professionals — at least the good ones — see the world differently. They can’t walk into a store without noticing how they might shoplift. They can’t use a computer without wondering about the security vulnerabilities. They can’t vote without trying to figure out how to vote twice. They just can’t help it.
SmartWater is a liquid with a unique identifier linked to a particular owner. “The idea is for me to paint this stuff on my valuables as proof of ownership,” I wrote when I first learned about the idea. “I think a better idea would be for me to paint it on your valuables, and then call the police.”
Really, we can’t help it.
This kind of thinking is not natural for most people. It’s not natural for engineers. Good engineering involves thinking about how things can be made to work; the security mindset involves thinking about how things can be made to fail. It involves thinking like an attacker, an adversary or a criminal. You don’t have to exploit the vulnerabilities you find, but if you don’t see the world that way, you’ll never notice most security problems.
I’ve often speculated about how much of this is innate, and how much is teachable. In general, I think it’s a particular way of looking at the world, and that it’s far easier to teach someone domain expertise — cryptography or software security or safecracking or document forgery — than it is to teach someone a security mindset.
Which is why CSE 484, an undergraduate computer-security course taught this quarter at the University of Washington, is so interesting to watch. Professor Tadayoshi Kohno is trying to teach a security mindset.
You can see the results in the blog the students are keeping. They’re encouraged to post security reviews about random things: smart pill boxes, Quiet Care Elder Care monitors, Apple’s Time Capsule, GM’s OnStar, traffic lights, safe deposit boxes, and dorm room security.
The Security Mindset
Combined with this article (H/T Heartiste), we may have a potent tool in our hands for self-improvement (or whatever the pros are calling it this week…self-directed improvamentations for non-negligible change paradigm modifications in praxis…heh).
People do transform their lives, every day. But for the most part they don’t do it by relying on willpower. The key, it turns out, is to simply start behaving like the person you want to become. Instead of wondering, What should I do?, imagine your future, better self and ask: What would they do?This approach works because of the rather surprising way that our brains form self-judgments. Numerous experiments have demonstrated that when it comes to forming beliefs about our own character and proclivities, we don’t peer inward, as you might expect; instead, we observe our own external behavior. If we see ourselves carrying out a particular action—whatever the actual motivation—our self-conception molds itself to explain that reality.
How Real Life Change Happens
Now I have an assignment for myself. And you should consider investing a little thought into this as well.
- Figure out my purpose (top-down design, baby)
- Envision ideal version of myself, subject to this constraint
- Consider strengths and weaknesses objectively
- Envision the most economical trade between the two
- Set blogging habits that induce the mindset of this quintissential self
- Kill the Buddha and start over
The economizing step is part of my philosophy to pick low-hanging fruits first, and kinda fix things as you go.