Schneier on Security

“ I wish I knew who my writing reached. I know people read and think about what I write. But I don’t know much about the type of people who read me. ��?

My name is Floor. I am 19 years old and live in Holland. I study physics and write software as a hobby and a job.

I hope this gives a little insight in the demographics of your blog readers.

Floor

> "I don’t know much about the type of people who read me.��?

I suppose I will contribute to this as well:

My name is Jennifer. I am a medical professional, enjoy working with computer systems, and am also a dancer for a professional sports team.

I'm janantha from Sri lanka.Doing Beng. Internet Engineering in UK. I'm a major addict on internet security.

It manager, CISSP, Denmark

I worked for a couple of years as a software engineer. Now I am finishing up law school and will be working in IP and tech related fields.

I'm 24 years old, also from The Netherlands. I've almost got an MSc. in computer science; in databases/information systems, not security.

Tom from the US. Software developer who really enjoys the perspectives you have on security.

27 years old, military officer, Canadian Forces, Ontario, BsC Computer Science, MBA and Master in Engineering and management. A fan since my undergrad Cryptography course.

Camilo from Colombia, 30 years old, electronic engineer. Cryptogram suscriber since 2000. Nice to remeber the shift from cryptogram to your blog.

39 yr old unemployed cocaine/internet addict from NYC

even though you didn't officially ask for a survey, i'm a 27 y/o male from North Carolina. Work as DRAM engineer now with degrees in EE, CpE and MBA.

I'm Ben, 23 years old, first year PhD student at the University of Birmingham. Although I have yet to nail down my thesis title it will be in the Computer Security domain. I've got an MEng in Computer Science and spend my spare time Marathon training.

(Of course these comments do not represent a sample population of your readership....)

I read Applied Cryptography a while ago, back when I was into cyberpunk (and had time).

I'm now a software engineer with over 10 years experience and I mostly read your blog (via RSS) to keep up on the latest goings on. I check the headlines and if it seems interesting I read it.

If I read the article, I usually read at least the first few comments as well.

Don't care about squids myself, but it isn't so much that it bothers me :-)

28 year old software engineer/IT person with an eye on how technology & society interact

I'm a professional video game developer. I've read Cryptogram for many years.

I'm a 33yr Canadian male doing website development. I don't have a background in security per se, but I find it quite interesting.
I've been reading you since I came to America in early 2001.

Is there really any value to all this?
After all, on the internet no ones that you are a dog.

23 year old male, Computer Science student in Canada. I've worked as a quality assurance specialist, IT consultant, and web-based software developer during my degree and will soon be going to work as a developer for a network security company. Once I graduate, I'll hopefully be working for that company again. I've been reading Cryptogram since my first cryptology course two years ago, and it helped me decide to get into network security.

47 year old male, 20+ years of experience in software engineering. Long time Cryptogram reader, with an interest in cryptography since 6th grade (started out with "Codbreakers" by Khan) - but no significant professional use or application of cryptography, except the occasional use of PGP and the like.

I'm Carole from Chicago. I'm 37 years old,I majored in Political Science and now work in infosec in the financial world. Loved Secrets and Lies which was assigned as a textbook in an infosec course.

34 year old Security Engineer here in SD, California. Just found your blog a little bit ago, and I'm enjoying it. Read Applied Cryptography, and listened to you @ Defcon. I would also like to meet Jennifer (Dancer? yes, please.) I enjoy long walks on the beach and listening to girls talk about cryptography. ;)

34 year old male, Unix sysadmin, programmer, infrastructure and application architect, security consultant, etc currently working with a large bank. Professional and personal interests cover the spectrum of security topics from cryptoanalysis to locksmithing.

I am a 29 year old, High School computer science teacher and software engineer in Greece, and have been reading Cryptogram since 2001. I have also read Secrets And Lies and Beyond Fear.

Wow it seems like an AA session!!!

Network Analyst, Arizona, US

I've long been interested in infosec in general, and I'm moving towards specializing in the field.

Nathan, a 23 year old IT Consultant. I am a MCSA and I work mostly with small businesses. I enjoy the brevity of the blog. From discussing encryption to looking at the beauracracy and human side of security.

A bit of an anomalous plot point for your demographics, I'm a 22 year old pre-op M2F TS self-taught professional geek doing systems administration, web application development, and technical support. I have been working with computers for 10 years, programming for 9.

I was originally introduced to the Cryptogram monthly newsletter by a friend many, many years ago. I've dabbled with cipher creation, secure communication using freely available components limited by satellite bandwidth, and have very broad interests in a great number of other subjects including pro-sumer photography, psychology, and more.

I played with Lego as a child. (A suprising number of high-technology workers like programmers, physists, and engineers, have played with Lego. QED, Lego creates high-technology workers. ;)

25, Ames Iowa. Computer Engineering dropout (repeatedly), now doing hard labor for an industry here. Huge space geek; hoping to find a job in new space when my lease here expires later this year. Urban explorer (practiced social engineer), jet propulsion hobbyist, and one of those dorky DIY/Make kinds of people.

I come up to the Twin Cities a few times a year to explore; it's the world capital. Let me know if you ever want to see the forgotten parts of town. We had our yearly get-together earlier this month, and had about forty people show up from six states and Canada.

Unrelated, I finished Cryptonomicon earlier this week. I'd long meant to read it, and finally had cause to buy it after xmas. Nice contribution.

39 years old IT Security Analyst in Quebec City, Canada. PC for work, Mac for fun. I love jazz, Mozart and Mahler. First heard of you in Neal Stephenson's Cryptonomicon and been a huge fan since. My mornings wouldn't be complete without your blog and my 2 cups of espresso!

Forgot to mention I live in British Columbia, Canada.

You should have a poll or something. XD

Apart from snickering at Sh@ft (is this a personals column now?)

I am a Unix SA with an interest in security, an MSc (in Software Technology) a BSc (in Applied Physics), over 11 years of experience in IT, I'm Scottish but living in Oregon (I currently work in the Healthcare industry).

I played with Lego as a child, and also read Dr Seuss. (All the cool/strange/fun people I knew at college read Dr Seuss, therefore Dr Seuss creates cool/strange/fun people).

I enjoy cooking, dogs, parrots and working on older cars (1964 1/2 Mustang).

Z.

Oh no, did I start something with that Lego note?

Yes... See, it's all your fault...

I didn't do it, Alice did. :-P

Z.

35, znyr, Fbsgjner Ratvarre, Bm

Project Manager. Kenmore, Washington. Neither a software nor security junkie, but I do like to keep up with what's going on, and it's nice to have an expert that doesn't feel the need to prove his superior intellect by limiting himself to speaking Jargonese.

I'm a Software Engineer (several positions, several fields). I got interested in Crypto-Gram when I realized that some of the information would have been useful in a prior job. On occasion, it's been useful since.

EBG-13 vf rnfl, ohg pna lbh ernq gur sbyybjvat:

MNpLwmtpGO PDGyembA!rtyMN.mp KnvJyPuAsREoCKx

XD

36, from CA, married with two young kids and all the attendant duties that implies :)

I'm a systems administrator, mostly Windows and some Linux and FreeBSD. I've been doing some version of this job for the last 13 years, with a smattering of telecommunications, non-technical administration (budgeting, etc) and training. I do a lot of interoperability work.

Educationally, I got my bachelor's degree in Mathematics (my set theory/algebraic structures background shows up sometimes in my posts), and am currently pursuing an MS degree in IS&T.

I subscribed to Crypto-gram on 1 Oct 2001 at 22:12:32 and have been reading it ever since.

Oh, and I'm more or less a daily visitor, but I'm a duplicate between C-G (I still subscribe) and the blog.

25, Des Moines, IA. Embedded systems engineer. Been reading Schneier material for years (cryptogram, etc.).

I echo the sentiment of the fellow Nathan above who enjoys the brevity of the blog. Bite-sized pieces of security goodness.

Also, that the guy above from Ames may be interested in the Central Iowa Linux User's Group (http://cialug.org). We have about 20 or so people who show up to the monthly meetings in Des Moines, and a lot more who just post on the mailing list. The meetings consist of general geek discussion and beer.

24, software engineer. I work on fancy shmancy "enterprise" firewalls

41 y/o Enterprise Architect, in NY. 15 years in the computer field.

Started reading the blog when I was researching security practices, and have been a daily reader (all the comments too!) ever since.

male, 33, BEE, MSEE, midwest Ohio, computer security researcher, CISSP

I didn't have time ($?) for Legos on the farm, but I enjoy playing with them "with" my kids

- |)

I am a 59 year old geek in New Hampshire who has been involved with a recording studio, publishing, database design and other computer foolishness. Currently helping a startup construction company get their data processing stuff in order.

25. Working as a Tax Prep while finishing a Degree in Finance and A+ Comp. Cert.

28, National Guardsman just returned from Afghanistan. In the real world, I do corporate computer and network support and some writing on the side. Obviously, I have a vested interest in security at all levels.

Shush, you people. If many more of you post the results are going to be unbelievably painful to collate, in which case if he wants to know he'll have to post a poll and you'll have to fill it all in again anyway. So you might as well wait for that.

33 year old systems engineer (US Aviation) and software developer (Health Care)

29 year old male in Wisconsin, USA. I work as a programmer analyst at a large label and packaging printer, mostly working on accounting and ERP systems, reporting, etc. Lots of gluing software together.

Fascinating.

Thank you, all.

And welcome.

Middle-aged career criminal researching security flaws to exploit for profit.

@ Alice McGregor

A poll would be premature. Any poll is only a test, and no test should be constructed until the phenomenon is fairly well known already. The poll is to get a fix on the fine points, not the broad strokes.

I used to be interested in people who buy a steel door and the best locks available then toss the key in the flowerpot.

Now I'm interested in what they do when you tell them about it.

Live in San Francisco, 51 year-old software developer, 30 years experience, working on database replication and other distributed systems. Discovered you through password-safe, I think. Read a couple of your books.

Computer security especially fascinates me because no matter how well you think you've gotten all the bugs out, eventually someone comes along and finds the next "hole".

50, male, MSEE/PhD-CS, working in upstate New York. (My job title says "computer scientist," but I've spent a lot of time lately at the electronics lab bench.) First heard about you when the reviews of Applied Cryptography hit the trade press. I think we met at Usenix once.

38, male, MASc in Computer Engineering from U of Waterloo, where I had Applied Cryptography as one of the texts for a Network Security course taught by Dr. Gord Agnew. (Actually, BASc Comp. Eng., MASc Elec. Eng., as Waterloo didn't have an accredited Masters Comp. Eng. program when I was there, and the Bachelors Comp. Eng. program didn't get accredited until I was starting third year.) Currently working in embedded systems programming in Toronto.

... and I wish I knew why you blog about squid every Friday :)

34, male, B.S. Computer Science. Currently a Senior Network/VoIP engineer (mostly Cisco) for a systems integration company. I've also been a CTO, Director of IT, and even a lowly Systems Analyst at one point. Got interested in IT security after I read your book Secrets and Lies.
It is fascinating to see, and I do get to see often, how well and how poor companies implement IT security. Most of that knowledge comes from your published works plus a little on-the-job experience of my own. For that, I thank you. Keep blogging!

17 male USA. I've read some of your books and I run OpenBSD - I have a passing knowledge of security and some practical experience in chemistry. I'm interested in biochemistry and genetics - this will probably open up a whole new aspect of security engineering. I also know of nbk2000

Executive summary of the above posts:
Bruce, thanks for your blog. Much appreciated insights into security and various deceptions.

27 male microelectronics design engineer and sysadmin. Lego + Dr Seuss in childhood. Came to this blog after perusing Applied Cryptography. I enjoy the wider social and economic security commentary as well as the other stuff. Thankful that you are providing a sane and credible opposing voice to all the nonsense being done in the name of fighting terrorism.

"PC. Windows. I catch a lot of hell over this from readers, but it's just easier for me. I would very much like to be a Linux user, if for no other reason than the political statement. But I don't do my own tech support, and I don't want to learn, so I use what my company uses."

I'm sure many of your readers (I for one) are Linux users and would gladly help and support you make the switch. (You could start a request for Linux help blog, and post your questions/issues there.)

Student of Computer Science, 28, Germany. Your writings are very insightful. Thank you. :)

I'm Ted, CS Student at RIT, 18, and I read Applied Cryptography when I was 10. Didn't understand it then, though I do now. I'm primarily a unix user, with a Mac being my main desktop, Slackware and Solaris servers I use regularly, and windows only for gaming.

23 years old, study "Information Technology and Security" ^^ in Germany. Ran into one of your books in one of my courses... been with the blog since.

30, working in China as foreign sales, interested in my own security on the net and how not to be too stupid with my data. Your site helps a lot. Thanks.

I read several of your books, then started following your blog. My opinion is that while your Op Eds may reach a broader base of policy makers by default, the value of the blog is as much from the discussions as the blog itself. The direct impact your work has on what I do is in helping me find ways to improve how my clients think about and approach security. I am 34, a CISSP, member of Infragard and currently work with a mid-size financial services company. I've also consulted for local law enforcement, educators and retail.

35 yo male software systems engineer in US telecom industry. Fascinated by the insight into the non-computer security topics you've been covering lately. Still buy Legos all the time - for the kids, of course.

You were recommended by some contributors on the . I thank them - I have forgotten who the relevant individuals were - for doing so, as well as much else, and I thank you for your consistently worthwhile posts.

The recommendation was from the Irish e-voting list (http://evoting.cs.may.ie/) - something strange happened with the html.

33 yo male security professional, I've read all of your books and follow your every blog post.

I'm a 17 yr old teen who's been interested in computers, programming, and as a result, cryptography and security. I now have a job as a penetration tester and do use information found here and in your books to recommend changes in my clients' systems.

Well I'm not keen even on vage details like age. (yea even name ;) ).

But I was into "hacking" back in the early 80's. It was fun but i wasn't that good at it really. I also hacked quite a bit of harware. (My mum was rather unhappy about the VCR, untill I got it all back together again) I have always tried to keep up with the academic side of crypto but now my academic job keeps me busy enough to fall behind. I was a comercal programer for over 10 years, but didn't like the lifestyle. So now I am going full time University (Physics and now Biology/Maths). Where i often end up looking after servers than need a bit of protection.

I really like Helix/phelix due to there ease of implemetation and there lack of sbox's.

I'm looking forward to cracking any hardware based DRM in the future if it becomes nessisary. (and moving to a country where its ligit to do so--well at least when i tell folk about it)

I'm very bad at spelling.

I'm a 23y old german it student near Berlin. I enjoy literature and discussions about near anything. And this blog provides excellent reading for these matters ...

Btw, why does Bruce help the government in collecting personal data? ;)

denis bider, co-founder and developer at Bitvise, a small software company developing an SSH server and client for Windows (Tunnelier and WinSSHD). Have been following Bruce's writings since 1998, 99 or so, when I started being involved with cryptography professionally.

I am a 30 years old male. BSc in Comm Eng, MSc in Datacomms, Dipl. in Infosec, hopefully a PhD in some years' time. Interested in several nooks and crannies where maths and networks meet. Right now in academia, before I was in industry. I read Applied Cryptography in 1999, and since then I have more or less regularly read cryptogram or the blog.

I work in the information security department of a large pharmaceutical firm. I spend most of my free time researching new programming and security technologies. I am a heavy Linux user but recently have found myself spending a lot of my time on OS X.

50 years old male, working in a major hardware and software company (not IBM). Have been reading your stuff since I was architect for early Norwegian internet bank solutions in the late nineties.

Forgot to mention that I attended your SET tutorial at the USENIX Electronic Commerce Conference at Berkley in ninetysomething ;-)

47, male, Kansas City, Missouri. Web application architect dealing with rule and optimization engine software. BS in civil engineering. MS computer information systems.

Found your site over a month ago, and also enjoy the brevity and to-the-point security thoughts and links.

Legos, tinker toys, erector sets.

"Btw, why does Bruce help the government in collecting personal data?"

Yeah, like the government doesn't already know more about my readers than I do.

I'm 23 years old, also from The Netherlands. I design embedded systems, hard and software and implement crypto in many units.

On my desk are books as "Handbook of Applied Cryptography", "Applied Cryptography" yep from Bruce.. and also "Practical Cryptography"

In my spare time I try to break some algorithms, more or less successful :S

Hiya! I'm a 30 years old software developer, living in Jerusalem, Israel. I remember staying up late reading the first edition of Applied Cryptography, back in college. Read the cryptograms on and off over the years, and found your blog about a year ago.

Thanks for your blog, Bruce!

I am 32, a security architect from Russia. Desigining proxy firewalls and content inspection systems, spam protection etc etc. I was a hacker back in my teen days, well, i still am into interesting things, just not breaking the law ;-) Sure i did read "AC", "PC" and "Beyond Fear", excellent books!

..i wrote you about snake oil company, Stratign, but you did not respond ;-)

Senior Accountant in Bank of Holy Flaying Spaghetti Monster of Nigeria. Have $4M that once belong to you distant dead relative killed in tragic mealy-meal accident. Wondering why I never can find people who do all the right modalities.

;-)

45, telecommunication + software engineer, Belgium. I am not directly active in the security field, but the company for which I work sells hardware and software security products and I need to understand what they are doing. Your books and your blogs are often sources of "aha!" reactions for me, as I am rather ignorant in these matters.

[a-hem, clears throat, drops voice...]
Freelance tech architect / business strategist. Ex-engineer, 25 yrs IT in finance, banking, capital markets, and now carbon trading. Also media & govt projects. Lived in several countries, now UK.

37 year old IT generalist, amateur journalist and opensource / digital rights evangelist (I realize that's 3 -ists) from Thessaloniki, Greece. I've been following up on your work and sage advice since the late 90's, although my theoretical crypto background leaves a lot to be desired.

28yr old from India. System Administrator. Read your blog to get a better understanding of what works and what does not, in security. :)

60 yo male infosec pro. Been a fan since, well, long before you decided to write for public consumption.

Keep up the great work,

Your fan,

Gray one

34 years, from Denmark, Software Engineer.

35 year old accountant in Texas, technology retarded, trying to learn and hopeful as I was a fan of Legos & Dr Suess as well

28 years old, Romanian, Sr. programmer in an offshore company.

I no longer have a direct link to security, but I read half of your book a few years ago, while designing and implementing a small secured communication protocol.

26 yr, from Germany, business informatics student, interested in crypto since stumbling upon Caesar cipher in a book at the age of 12/13

My name is Luka.
I live on the second floor.
I live upstairs from you.
Yes I think you've seen me before.

27yr old male, studying IT-Security (crypto/electronics/network security) at a german university (Dr. Dobbertin worked here 'till he died almost exactly one year ago)

Perhaps this is the Web 2.0 version of a guestbook...

I'm from Glasgow, Scotland. I read your Applied Crypto text during a security and cryptography module as part of my honours year for my CS degree. Since then, I have bought Beyond Fear and Secrets and Lies; I'm currently part way through Beyond Fear.

I'm not quite sure when I stumbled on the blog, but I keep the RSS feed in my bloglines.

33 y. old IT security professional from Lithuania holding master degree in CS. Teaching other kids in university about IT security.

I am a 45 year old aging punk rocker. I work in INFOSEC for an International Organisation. Normally based in The Hague, The Netherlands but at the moment in Cambodia. I use Linux, read Dr Seus, and played with Lego. Favourite movie Gillo Pontecorvo’s "Battle for Algiers". Watch it and learn why the US and the Coalition of the billing will be running from Iraq clinging to their helicopters in a few years time.

30 years old, software developer from Germany, and more interested in security related things than I need to be for my day-to-day job.

24, manage IT security for a large worldwide company in New Zealand. (And by large I mean NZ large...) BSc comp sci, almost MSc. Kind of stumbled into the field after comp sci. Had no idea what I wanted to do in life, did one infosec paper at uni for a hell of it, never looked back. Absolutely love it. Read Secrets and Lies and Beyond Fear twice then bought them, would love to read Applied Crypto once my backlog of books clears... Bit of a liberal at heart :)

I am a terrorist looking for new ideas

(hey, someone has to fill the stereotype, since the internet is the new terrorist training camp)

IS expert in Europe. Mainly management trainer and consultant, not dealing much with the techie stuff anymore. http://www.roer.com
Focusing on privacy issues, regulations and creating a general understanding of how technology impacts our (lack of) privacy.

My name is Mbotingo Entwonivosich. I am the cousin of the former Minister of Oil for the Republic of Bahrain. I have recently become aware of cash clearing account used by the Bahrain government to process transactions in the United Nations OIL FOR FOOD program. I need your help to move 50 million USD out of this account into the US...

Just kidding.

33, software designer, currently residing in southern US, picked up my first copy fo Applied Cryptography 10 years ago for hobby research. Been a fan ever since.

I wonder how many people have seen Jennifer the nurse & part-time cheerleader and are starting to use your blog to fuel lonely night of pornographic fantasy?

I also wonder how many people read Zwack's reply as "I enjoy cooking dogs."

Then I wonder about the intersection of these two groups, and decide to stop letting my imagination run rampant.

35-year old Software Engineer in Minnesota, USA, since everyone's chiming in.

20-year old Software Engineer at a Dedicated Hosting company located in Grand Rapids, MI. Currently finishing my Bachelor of Science in Computer Science and Discrete Mathematics at Michigan Technological University in Houghton, MI (I work remotely if you are curious). Will be moving to Tucson, AZ in August to work for Raytheon Missile System in Anti-Tamper and Information Assurance.

So that is another demographic you can add.

666, female, Hell. I work in collections.

53, male, governance specialist covering information protection / privacy, systems protection, risk management, IT audit. Been in IT since '75, started as a graphics programmer for a team that designed nuclear reactors. Hold CISSP and CISA. Employed by major international pipeline company based in Calgary, AB. Responsible for IS and SCADA security and also involved in IT governance, emergency planning.
Hobbies include ham radio, astronomy, photography. Volunteer as part of nearby search & rescue organization and Lions Club Intl.

Computer Science Student in my last year; 25 years; Germany.

26 yr old Perl Programmer from Baltimore, MD. I'm currently wearing many hats at the National Institute of Health, one of which is Security Administrator . I play with the verbiage of FISMA Guidelines to attempt to make security more usable for my wild west scientists.

26yr old Software Programmer. Omaha, Nebraska. Continuing enducation to move into the security field. Was always the one, to take the stickers off of the rubics cube to get it done.

41, Rob D., New York City. I've been working in information security for the past 10 years. I've seen enough to realize that our infrastructures will never be entirely secure but we can certainly be proactive enough to be better off than 95% of our peers.

Male, 23 years old, lives in Texas, a few months away from my undergraduate Computer Science degree.

Over time I've noticed the number of comments on this blog skyrocket, while the signal to noise ratio got a lot lower, and I don't like it. I don't mind reading 50+ comments if they are insightful, but frankly _most_ of the comments to articles here are not worth reading anymore.

Bruce, as a reader I wish someone would take a more active hand in deleting, redundant, off topic, self-serving, and otherwise pointless comments.

Apple sw/hw Support Engineer. 31, female, married to a cryptogram subscriber.

33, Male, Portsmouthm, UK. BSc Computer Science from Brighton Polytechnic, now working in the field of networking.
Spent a couple of years sitting next to the security guys who had all of your books on the shelf, and started reading your OpEd pieces, and now read your blog every day for the latest interesting security information.

I used to play with Lego, Meccano and Sticklebricks and read Dr Seuss, so I should be a frickin' genius. But I'm not.

31-year old UNIX (mostly Linux) sysadmin in the healthcare industry, Orlando Florida. Hold CISSP and RHCE, prior background in computer forensics tool research and development. I'm also a member of InfraGard

I've been friends with crackers since high school; one of them went on to found a few security startups and was a presenter at Black Hat. Me, I just keep 'em running and figure out what went wrong when they break.

Perhaps what draws me to Bruce's writings isn't just in the job; in my spare time, I also have interest in psychology, sociology, economics, political philosophy, and physical security.

I'm also a hardcore Libertarian. Basically I believe in openness and small functional pieces with a well-defined interface. This applies to code, governments, societies, markets, AND security measures.