In what was supposed to be a point – counter point really comes off a useless drivel. Yet why would I expect more? The question recently posed in Information Security magazine was:
Does risk management make sense?
Schneier tries to intimate that risk management is what we do when we react to fear or try to make ourselves feel secure. What? He says that risk management is a fight or flight reflex evolved from primitive fish that remains in all vertebrates (must come from seafood critiques). Eh?
Methinks that Bruce has been up in the ivory tower much too long and has completely lost his way. Why would I want to even listen to such noise with respect to risk management when his experience in it is about as extensive as his ability to critique food in Minneapolis? Just because you eat food doesn’t make you an expert in how it is made or tastes.
Many of the stories Schneier believes we react to are propagated by the likes of Schneier. It would be nice if he even understood what a risk cockpit looks like considering he has not been in one for so many years his risk thermostat is obviously operating out of the wrong end.
It really sounds to me that Schneier is in his usual form when he is about to release a new book as he steps up his rhetoric about things he lost touch with years ago. Must be he is worried about the risk that no one will buy his book!? I really think he needs to actually work as a CISO (at least for one year which I doubt he would last) before he can actually know what security professionals face.
It’s great that he is a mathematician and cryptographer but that hardly makes him an expert in a field that we slog through every day. Nice cryptography; yeah that takes care of my security issues.
Please stop saying ‘we’ when you refer to the real security professionals who work for a living in the realities of corporate America. I really don’t want the association but then again, I guess I’m getting carried away and reacting based upon emotions, hunches and anecdotes.