Each month I choose an industry leader, security executive or manager, or other noteworthy security name to answer ten questions on Twitter. This month, database security expert David Litchfield, currently a researcher working for Accuvant, gives us his responses to ten questions in 140 characters or less.
CSO @msjoanieg: Let's start with your origins in the industry. How did you get started in security?
@msjoanieg: So a Sandra Bullock movie inspired your career??
@dlitchfield: It did... Rewatching the film these days I cringe at the technical errors :)
@msjoanieg: Yes, that's definitely a movie that gets panned quite a bit by security folks! OK, what lead to the interest in database sec?
@dlitchfield: My area was buffer overflows. In 2003 I wrote a paper on defeating GS and SafeSEH. After that, I needed a new challenge.
@msjoanieg: Interesting. What would you point to as one of the most major changes in security since you first started in the profession?
@dlitchfield: Hmm. Probably Microsoft's improvement in security led by Trustworthy Computing and the Security Development Lifecycle.
@msjoanieg: And what excites you these days about being a security professional?
@dlitchfield: Database forensics. It's an area receiving very little attention but it's so important after a breach.
@msjoanieg: What’s your security philosophy? And how do you apply it to your daily work?
@dlitchfield: Minimize risk as best you can but be vigilant and prepared for when your defenses are breached.
@dlitchfield I realised in 2007 100% software security is not going to happen anytime soon so I switched from bug hunting to forensics.
@msjoanieg: A bit of internet research reveals you are also a photographer, and you like to photograph sharks. Why? Tell us more!
@dlitchfield: I love nature especially the sea and it’s my escape. It’s very humbling to confront a great white and look into its eyes.
@msjoanieg: Wow. Humbling, indeed! I also read you were once a UK track & field star. Compare that experience with working in security :)
@dlitchfield: Hmm. Both require hard work and dedication. A posterior cruciate ligament injury ended my T&F career; security is sedentary :)
@msjoanieg: Ha! Sedentary? Depends on the day, right? OK, complete this sentence: If I were't working in security, I would ______________
@dlitchfield: If I were't working in security, I would be working as a stunt double for Steve Backshall :)
@msjoanieg: Cool! I do see a resemblance. OK, thanks, David. We’ve gone through ten tweets. Pass the buck. Who should CSO tweeterview next?