Security Mindset

I have often thought about the mindset required to be good at the security game. I hang out with Duane Laflotte alot and he has the whole hacker mindset which lends itself nicely to security even when you aren’t trolling on the dark side.
But it was an article that got picked up on Slashdot today about Bruce Schneier’s thoughts on this subject that revived the thread for me.
I have what I think is an interesting twist on this perspective in that I believe that the only way to teach what Bruce is holding out as unteachable is what I believe taught me to think this way. When I grew up I didn’t think the way Bruce Schneier thinks. But I do now. The reason I believe is the military. When the Army trains infantry leaders it teaches them how to defend while looking always for ways to attack. The mild mannered programmer is taught to build, but if part of that training put in their mind that to be successful they had to tear down the abilities and infrastructure of the hackers then we might get a different result.
There is nothing to make you think like a hacker than to stand on a hill and realize that you are defending it at dawn and if you fail you and all your soldiers die. It also makes you want to get that unfair advantage and lay traps for the enemy. During a major training exercise in Germany I put soldiers in foxholes with signal mirrors and had them flash the enemy armor to draw fire while our vehicles flanked and destroyed them.
So I think if you want to be a hacker and you don’t think like one I think the Army recruiter would be happy to help get you trained…

EDC Session Topics

As I said a couple of days ago, I am speaking again in Cairo in a few weeks at the EDC. I have arrived on the topics that I am presenting. While these are still subject to change it looks like:

  • A session on AJAX
  • A session on Commercial Software Dev (vs. Business development)
  • A session on Indexing Optimization in SQL Server

I am really looking forward to seeing all my friends and again want to thank Waleed Abdelwahab for pushing me to revive this blog.

See you all soon!

Technology Reinvented (or Recycled)…

Every few years I find that there are pieces (sometimes big ones) that I have not played with or encounted on a customer project and it tends to freak me out a bit. We have now arrived at that point in the cycle yet again! Expression, SilverLight, WPF and the like are all technologies that you will likely never see me present upon, but in the aftermath of MIX 08 and whole WideOpen Web movement I just have to dive in deeper and see what the implications are for the parts of the technology that I do use daily.
I think this is a key survival trait for me and I encourage everyone to reach down into that free time (you are still sleeping right?) and get a grip. The good news is that great blogs and podcasts are making this much easier then ten years ago. I promise to report what I find here and might even ask a non-rhetorical question or two ;)

Egypt Developers Conference (EDC)

I have finally confirmed the final dates for the Egypt Developers Conference which is held every year in Cairo. This year it is in Mid April and again I will be speaking. I really look forward to this event and for a short time I was afraid that the dates would move to a week where I couldn’t attend, but I now know that this is not the case.
This week I have to solidify which sessions I will present and am thinking about doing a session on commercial software development (as opposed to business software development) on the new Software Architects track.
Last year I made the mistake of re-presenting session from previous years at the request of some very well intentioned people who were running the show, but I will not make that same mistake again.

See you in Cairo!

Back to blogging

A very good friend of mine reminded me that I have this blog that I have been neglecting and I must say that he is right. It is easy to fall out of a habit even one so important and I think in my case it has been that I always want to write really interesting things. The problem is that really interesting things is a really high bar and is almost always a matter of perspective.

Consider this the warning shot that I plan to come back to this blog and write about all aspects of technology and software development. Security when I have something to say, but overall there is alot left unsaid in the name of keeping the blog on topic.