#ISC2Congress: Modern Security Pros Are Much More than Technologists, Says Bruce Schneier

Written by

Speaking in the opening keynote of the virtual (ISC)2 Security Congress, renowned security technologist and best-selling author Bruce Schneier discussed the public-interest aspects of technology.

In particular, he explored the ethics of data privacy and security, whilst also outlining how today’s cybersecurity professionals are more than technologists; the work they do affects society as a whole.

“In cybersecurity, government access to encrypted communications has been the subject of a 25-year long debate. On the one side, there are police claiming they are going dark and need access to encrypted data in order to solve crimes. On the other side, security experts say it is impossible to provide that access without making systems insecure.”

Schneier explained that both sides of the argument are relevant, with various ongoing discussions held globally as to which angle of the issue is more important.

“However, here’s the problem,” he added. “Almost no policy-makers are discussing this issue from a technologically-informed perspective.

“Technology is deeply intertwined with society [today] – it is literally creating our world. It is no longer sustainable for technology and policy to be in different worlds.”

Therefore, modern information security professionals must become “public-interest technologists,” Schneier argued, adding that they must align technologically focused thought processes with issues of societal policy.

“Today, technology has become de facto policy. Companies have effective control over free speech, censorship and freedoms, regardless of what national laws are.”

This has led to the creation of terms such as algorithmic discrimination, digital divide and surveillance capitalism, Schneier added, and “this means that internet policy is no longer a separate thing.

“Technology is remaking the world, and we will never get the policy right if policy-makers get the tech wrong.”

Addressing the issue requires two key things, he explained. Firstly, policy-makers must understand technology. “What we want is for policy-making discussions to be informed by the relevant technologists.”

Secondly, more technologists (security pros) need to get involved with policy. “The world needs more public-interest technologists,” Schneier said.

What’s hot on Infosecurity Magazine?