The great author Vladimir Nabokov said in an interview, "I think like a genius, I write like a distinguished author, I speak like a child." I remembered that line as I began using, just now, speech recognition software (Dragon Naturally Speaking) to contribute to this blog.
Like just about everybody in my profession, I love technology, even when it's allowing me to write like a child. But immediately upon using this software I also began to think, "what are the security implications?" I have never heard of any voice-recognition specific exploits or vulnerabilities, but my mind naturally tends to think that there must be some, and that I should consider them. I wish this were not so. But technology has become so complex, that to NOT think about security is, nowadays, near suicidal. Even something as innocuous as voice recognition software appears as a storm cloud to us now.
In the security profession, we see flaws and bogeyman everywhere. We look for them. It's ingrained. Someone has to take this attitude. History has shown us where the rosy colored glasses get you. But one of the less-advertised benefits of working with a security company, is to offload this constant worry. Constantly obsessing about security takes most technologists off their game, it poisons some of their optimism. Especially since it feels too overwhelming to almost anyone to try and keep up in security. Essentially, it's impossible if you also have a day job (running or securing a company).
Security professionals are a doom and gloom crowd, and most organizations cannot afford to be saturated with that attitude. We are like those guys who lived for years and years in silos underground always thinking about nuclear war, so that you didn't have to. Of course, we have massive resources at our disposal: exposure to tons of data, dedicated tools, manpower, and we still obsess.
Maybe that should be our motto? "Helping you to keep your joie de vivre about IT."
Today's Security Strategy Must be Future-Proof
CTU Research Incident Response and Management Information Security Intelligence Risk Management