“Security & Human Behavior 2012”: just click “Ignore”…

So, Bruce Schneier, the self-proclaimed security guru, is organizing another “Security and Human Behavior” thingy again this year, and we’ve written about this rather peculiar initiative before. Back then, we were rather hard on the whole thing, even throwing in an expletive to replace the “B” for “Behavior” with something else. Yes, yes… harsh. We thought that maybe it was a fluke, an oversight, a little mishap that resulted in the fact that there were no security experts at the security conference, but rather economists, psychologists and whatnot filling the participants lists. At the very least, we thought that a few real world security specialists would be added to the mix in later…uh…gatherings.

Boy, were we ever wrong.

What is it, and who’s there?

“SHB 2012” is supposed to be a 2-day conference on the interaction between human behavior and security – or as BS himself writes:

SHB is an invitational gathering of psychologists, computer security researchers, behavioral economists, sociologists, law professors, business school professors, political scientists, anthropologists, philosophers, and others — all of whom are studying the human side of security — organized by Alessandro Acquisti, Ross Anderson, and me. It’s not just an interdisciplinary event; most of the people here are individually interdisciplinary.

So, just like last time, we can see the upside of having a couple of psychologists there. After all, they’re the certified experts in human behavior, and experts talking about things they’ve been trained in is always a good thing. Anthropologists… well, we suppose they know a few things about society, group dynamics and such. That’s good stuff, since security often has to deal with those dynamics, not just the lone wolf problem when dealing with humans.

But wait… business school professors? Philosophers…? That’s a little weird. But there has got to be some physical security experts on the list, right? Maybe an FBI agent or other senior law enforcement? A representative from a renowned security company? Nope. Not a one. As far as we’ve been able to see, there’s not a one. No one who has worked in security or law enforcement, no ASIS members, nothing of the sort. They’ve got a behavioral economist, whatever that is, but what about a profiler, a behavioral analyst for example? None of those either.

Just like last time, Bruce Schneier, the self proclaimed security guru who has never worked in security, nor been a member of ASIS, nor been certified as anything in security (or behavior…) such as CPP, PSP, etc. has invited the guys and gals he wants to listen to, and this has little or nothing to do with practical, useful security analysis or progress. It’s simply a bunch of people Schneier wants to meet and have an elaborate cocktail party with. Oh, and he’s going to talk about his own latest book. So it’s a promotional thing, then.

Did we mention that Google is sponsoring this invitational, promotional event? Seems strange to us, at least, and possibly against their own regulations on such things…

At the end of the day, this “conference” has nothing to do with real security, and Google should probably look a little closer at what they actually sponsor. If Schneier and the others had come out and said that they wanted a get-together with a few other IT guys and girls, so they could chat and catch up, and maybe could they borrow Google’s place, that would be better. Misleading people to think that this is a legitimate effort to further security understanding and progress is just plain wrong.