Spend enough years in security and you notice that the people whose judgment you actually trust are rarely the ones with the cleanest credentials. They are the ones who have been wrong in public often enough to develop taste. Their authority is earned backward, from scars rather than definitions. When they look at a scheme and say, no, that is wrong, and here is the deeper reason, they are not deriving the answer from first principles. They are recognizing a shape they have been cut by before. That is worth taking seriously as a claim about the discipline. In security, you do not get much standing to philosophize until you have shipped something, broken something, defended something, or watched something fail. Unearned abstraction gets little traction. The person who begins with what is identity, or what is trust, or what is assurance, but has never had to live with the consequences of an answer, barely exists as a respected practitioner type. That mode lives mostly in papers,…
No comments yet. Log in to reply on the Fediverse. Comments will appear here.