Around fifteen years ago, my primary attention shifted from Unix and system management to working exclusively within the field of information security. While it is hard to claim that the overall security standing haven't improved in the past decade, it is fair to say that we still have a long way to go in this area.
I believe that the field of security can benefit from looking at recent developments in surrounding areas, for example:
- software development has shifted from a traditional waterfall approach to more agile ways in order to produce better quality while costs are under control.
- systems thinking and complexity theory to better understand the forces and counter-forces with regard to security
- true requirements engineering instead of just picking security requirements out of the hat (or a plausible security standard)
Many years ago, I read William Zinnser's inspiring Writing to Learn. In the book, Zinsser promotes the process of writing in order to better understand a topic by forcing oneself to deeper thinking. Expressed in a nutshell by Toby Fulwiler and Art Young:
Writing to learn is different. We write to ourselves as well as talk with others to objectify our perceptions of reality; the primary function of this 'expressive' language is not to communicate, but to order and represent experience to our own understanding. In this sense language provides us with a unique way of knowing and becomes a tool for discovering, for shaping meaning, and for reaching understanding.
This blog is my attempt to use this philosophy to 'connect the dots'. I will try to keep the postings within the realm of information security in its widest sense, it may occasionally delve into wholly unrelated topics.
Only time will tell if I also remember anything from one of Zinsser's other books -- On Writing Well.. :-)