“The security mindset is a peculiar mix of curiosity and paranoia that turns life into a perpetual game of asking “what if” questions”
Has anyone ever told you that you have the mind of a criminal because sometimes you come up with ideas on how to game the system, or creative ways to bypass any type of security?
Or when someone tells you their plan of action you raise your hand multiple times in a Hermione Granger style with “what if’s” questions to see if there is any flaw or exception?
That’s the security mindset, that can be incorporated in your planning session, it’s been known to be applied in the software development field but it is such a useful tool that can help you think more broadly and encounter new solutions if you are building a bridge, planning a city, scheduling your week or many other important activities. The good news is that as any skill, it can be developed. I think Steve Jobs might have showed this kind of mindset when designing products, because he always wanted to create great experiences and he put himself in the shoes of users, like what if they get lost pressing too many buttons? the home button appeared, what if it falls? Gorilla glass was installed, he also adopted the pentalobe screw in his products, not to make impossible opening the iphone ( we know that Steve was a hacker by nature) but he wanted to prevent people messing up uninententionally, Jobs was surely intolerant to that.
Putting yourself in the “attacker’s” shoes gives you a new perspective and an advantage. Curiosity gets you to discover what’s new, and paranoia to keep checking in case something goes wrong.
But the truth of the matter is, we’re an open society, we want to remain an open society, and there will continue to be vulnerability. That’s why we have to meet the threats when they are not yet taking place on our territory and on our soil. Condoleezza Rice
Recognizing threats in my opinion has to take place even before you verbalize your goal, something you can visualize and seeing it happen. The right ammount of humility acts as those rotating beacons in emergency vehicles to be aware of your weakneses. Everyone has weaknesses some are better concealed than others but we all have plenty of room for improvement. Remember this, “One cannot be humble and aware of oneself at the same time.” Madeleine L’Engle, A Circle of Quiet. Entrepreneurs when running a throrough business analysis, especially if they think they have a perfect business idea , they take into account some threats that might be a liability for their business, overlooking them can be a costly mistake. And so can you, to avoid undesired consequences with a healthy dose of humility.
While looking for an open and practical resource for you, I found this awesome pdf deck of 42 cards from Tadayoshi Kohno, Professor of Computer Science & Engineering at the University of Washington for free (AVAILABLE UNDER THE TERMS OF THE CREATIVE COMMONS ATTRIBUTION-NONCOMMERCIAL-NODERIVS 3.0 LICENSE). “The Security Cards encourage you to think broadly and creatively about computer security threats”. My first impression was “yeah, this might be useful” in a not- impressed -at- all tone of voice, but here is when comes the magic…I actually put it to work.
It includes interesting questions that make you think about possible adversary methods, motivations and their resources along with the human impact. There are some example goals, example targets, example actions and example assets. You can of course change some words like “system” or “adversary” for whatever applies in your case ( I was surprised it mentions ex-boyfriends). It also has blank cards in each category, so you take the time to think about unusual ways that your project is vulnerable.
The main goal is to reduce the risks
Chances are, my friend, that your project is not going to be flawless, but you will increase dramatically your chances of success. Now it sounds more enticing to practice and adopt this new mindset, right ? It implies control of possible future events, reducing anxiety. It personally helped me to increase my decision making capacity and to be aware of when and where to focus.
This new mindset becomes second nature with continued practice, and avoid sometimes costly mistakes at work, home or, I hate to say it, love and friendship.
Here’s a recomended article where I got the idea for this blog post.