The Quality Assurance Mindset
Posted by Stan Taylor on March 21, 2008
Bruce Schneier has a new commentary at Wired, Inside the Twisted Mind of the Security Professional, in which he notes that "Security requires a particluar mindset":
Security professionals -- at least the good ones -- see the world differently. They can't walk into a store without noticing how they might shoplift. They can't use a computer without wondering about the security vulnerabilities. They can't vote without trying to figure out how to vote twice. They just can't help it.
I would argue that the security mindset is a specialization of the QA mindset.
Bruce Schneier comments further:
I've often speculated about how much of this is innate, and how much is teachable. In general, I think it's a particular way of looking at the world, and that it's far easier to teach someone domain expertise -- cryptography or software security or safecracking or document forgery -- than it is to teach someone a security mindset.
My wife often calls me a natural-born QA engineer. In general, I take that as a compliment, which isn't usually the way my wife intends it.