High Five: Meet Bruce Schneier, CTO Of BT Counterpane

By Kelly Jackson Higgins
InformationWeek
February 10, 2007

Security guru--and part-time restaurant critic--Bruce Schneier is best known as the developer of the Blowfish and Twofish encryption algorithms and author of books that examine security and society. He's also a renowned speaker, blogger, and columnist.

  1. TASTE OF SECURITY
    Schneier writes restaurant reviews as an escape, but he sees ties to his security work: "Food is more about how a culture uses what it has to make an interesting meal. That's the same thinking as security. I look at it from a systemic point of view--what is going on here in the bigger picture that creates this traditional dish."
  2. ETHICAL DILEMMA
    Hackers and researchers are doing some good work poking holes in software, but there can be "ethical sloppiness" from "people who don't pay attention to the ramifications of what they're doing." Vulnerability disclosure is OK, he says, as long as it's not "self-aggrandizing."
  3. GET REAL
    His latest work is on brain heuristics and perceptions of security. "I'm looking at the differences between the feeling and reality of security. ... Our perceptions of risk don't match reality, and there's a lot of brain science that can help explain this."
  4. NO 'RAH, RAH, RAH'
    Schneier currently is CTO at BT Counterpane, but he's getting an updated title. Don't expect it to have "evangelist" in it: "I hate the word 'evangelist.' It's not a bad term, but I don't like the implications. ... It's almost like a cheerleader."
  5. QUIET SIDE
    He's not shy about speaking out on hot-potato security topics, but Schneier refuses to write bad reviews on indie or mom-and-pop restaurants. "If a restaurant is bad, I'd prefer to simply ignore them. A bad review only hurts them."

earlier story: RSA '07: Bruce Schneier Casts Light on Psychology of Security
later story: Global Cyber Cop Hits Town, Says Hacking Is Passe
back to News and Interviews

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..