It's a good article and I think what you are trying to establish is "security is a state of consciousness" not a product or process like all the "security consultants" are trying to sell to the people who control the purse strings.

Most people fear the unknown but people who fear the known and take precaution against the unknown are quite a rare breed. Not too long ago, some researcher did a psychoanalysis of security professionals using the Myers-Briggs Type Indicator and found this groups has a large proportion of INTJ type compared to the rest of the population. "INTJs are perfectionists who value personal competence and their own original ideas" among others qualities.

So is there a distinction between being paranoid vs being security conscious and practicing it ? I like to think this can be established through cost/benefit analysis.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/320/31616#31616