For years I have been a student and practitioner of security
– both cyber and physical. My initial
years focused on the “Security 101” elements with a “castle and moat”
approach for both physical assets and cyber (i.e., the “walls” were “firewalls”). Over time, however, I’ve
realized that there is more to security than wondering about the bits and bytes
or the sizes of chain link fence mesh.
Instead, I’ve begun to recognize more and more that the human element –
that is the attacker and defender – needs to be studied and recognized as a key
element.
 |
| (Artwork from Microsoft Open Source) |
I’ve realized – with some considerable influence from Bruce
Schneier in his seminal essay “The
Psychology of Security,” and from other thought leaders in the security
space such as Kirk Bailey at the University of Washington or Robert Coles at
GlaxoSmithKlein -- that you need to understand what motivates the attacker and
what helps the defender recognize new ways and means of defending against the
wiley aggressor.
In other words, I came to realize that neuroscience should
play a key role in helping security professionals understand the attacker’s
“brain” so to speak and thus their motivations.
 |
| Samad Aidane PMP |
Last night I had a fascinating discussion on this very subject
with my friend and colleague Mr. Samad
Aidane. Samad and I first met in
2004 or so when I was the information security manager/CISO at the Port of
Seattle. Samad was a newly hired project
manager. Since then we have both
expanded our horizons and Samad has evolved his expertise in the realm of
neuroscience and project management as well as risk.
Anyway, our conversation tonight revolved around Samad’s new
research and focus on the neuroscience behind effective project management and
risk. In fact, Samad has even begun a
blog at Neurofrontier.com to
expand his and his reader’s awareness of neuroscience and leadership. I’d like to suggest you take a look at his
blog and get a sense of his perspectives on this new science.
A key take-away from my conversation with Samad was that how
the brain functions when analyzing risk may be excellent knowledge for security
and risk professionals to leverage when dealing with risk analysis
decisions. Similarly, understanding how
the brain functions when establishing attack and defense concepts may be very
useful to the cyber and physical security defender. And, of course, if you lean on the concept of
“Assumption
of Breach”[1]
for your enterprise cyber and physical defense, perhaps knowing how the brain
functions and reacts could be very useful.
I am excited about the new ideas raised by Samad last evening and I look forward to our next meeting and discussions. In the meantime, take a moment to look at
Samad’s website and review some of his ideas.
You may see a sliver of some new concepts for the security profession to
lean on as we try to stop the bad guys!
[1]
For my past articles on this subject please go to my article in Asian Power at http://asian-power.com/node/11144
or my article in SearchSecurity at http://searchsecurity.techtarget.com/tip/Assumption-of-breach-How-a-new-mindset-can-help-protect-critical-data
