A handful of things I believe about my resposibility as a security professional in tech:
- We should develop new technologies that solve real problems and improve people’s lives.
- New technologies present new risks, and the companies that deploy the former have a responsibility to account for the latter.
- Some problems cannot be solved by technology. Some products are inherently harmful and should not be made.
- Respect users’ trust by treating their personal data with appropriate care.
- Do not trust users’ intent or understanding. Consider the ways your product could be misused either accidentally or maliciously to harm others.
- There is no such thing as perfect security. Having the appropriate controls, policies and tooling can mitigate incidents and leave you better prepared to respond, but won’t prevent them entirely.
And few points about how I conduct my work and engage with clients:
- I want to work with clients who generally align with my own values. The more of those items you found yourself agreeing with, the better chances we’d be a good fit.
- Information security is a very large domain and the services I offer are the ones that I have relevant experience in. I won’t claim knowledge or expertise I don’t have.
- My words are my own. I don’t use AI/LLMs for research or to produce work product for clients.