Hacker and physicist – a tale of "common sense"
2 days ago
- #Information Security
- #Functional Programming
- #Compliance
- The author describes themselves as a 'Stone Age' programmer, favoring functional programming languages like LISP and OCaml.
- They compare their experience in functional programming to being a minimalist artist in a world of reality TV, appreciating the elegance of software craftsmanship.
- Currently working in InfoSec since 2007, the author is a security architect at a multinational company, dealing with compliance and security architecture.
- They highlight the lack of investment in proper security compliance in the China market, comparing their job to being a food critic in a town with only fast food.
- The author shares a story about a TPM who didn't understand certificates, leading to an hour-long explanation of PKI, ECC, and encryption.
- They discuss common security misconceptions, such as developers thinking HTTPS solves all encryption needs or not understanding mTLS and OAuth flows.
- The author draws parallels between fundamental security principles and Newton's Laws, emphasizing the importance of understanding basics.
- They advocate for security professionals to be enablers rather than gatekeepers, encouraging education and curiosity among developers and TPMs.
- The author concludes by stressing the importance of understanding fundamental principles in both physics and information security for building safer applications.