One the hardest things we have to do is to build trust. It’s not hard for everyone, just us specifically. It’s not in our nature. Security people tend not to trust anyone. Everything we do is based on not trusting anyone, it’s literally our job. Trust is a two way street. If you expect someone to trust you, you have to trust them to a certain degree. This is our first problem. We don’t trust anybody, for good reason often, but it’s a problem. We have to learn how to trust others so we can get them to trust us. This is of course easier said than done. Would you trust someone with your password? I wouldn’t, but a lot of people do. This is a place where they won’t understand why we don’t trust them. Of course sharing a password isn’t a great idea, but that’s not the point. ...

We can’t. You think you can, but you can’t. This reminds of the Feynman video where he’s asked how magnets work and he doesn’t explain it, he explains why he can’t explain it. Our problem is we’re generally too clever to know when to stop. There are limits to our cleverness unfortunately. I’m picking on buffer overflows in this case because they’re something that’s pretty universal throughout the security universe. Most everyone knows what they are, how they work, and we all think we could explain it to our grandma. ...

Sometimes it’s really hard to be nice to someone. This is especially true if you think they’re not very smart. Respect is a two way street though. If you think someone’s an idiot, they probably think you’re an idiot. You’re both going to end up right once it’s all over though. As an industry we overestimate how much people know about security, which I think is the root of our problem. ...

How many times have you been afraid to say something about security because you knew if you’re wrong, you’re going to be destroyed in public about it by your peers? How many times did you try really hard to completely discredit someone who said something wrong about security? How many times have you been wrong but still argued because you didn’t want to admit it? How many good ideas never saw the light of day because of this? ...

You’re probably bad at talking to people. I don’t mean your friends you play D&D or Halo or whatever hip game people play now, I mean humans, like the guy who serves you coffee in the morning. We’ve all had more than once instance where we said something and ended up with a room full of people staring at us because it wasn’t terribly nice or thoughtful. At the time you had no idea anything was wrong, you still might not. ...