Intersectional Security

What do I do?

Sit around and pet cats all day? Yep.

When we’re talking about work though, I’ve started calling what I do intersectional security. It makes me feel fancy, but more importantly, it represents my opinion that the most interesting problems in security happen at the intersections with other domains.

What is it?

Currently, I’m interested in the intersections between Mixed Reality and security/privacy. What do I mean by this? Well, it turns out that there are unique considerations in MR that have an impact on how we approach even basic security problems. For example, what does traversing a link immersively look like? On the 2D web, browsers have indicators to show you where the link is going and if you can trust it. These indicators are rendered by the browser itself, not the page, so you know that the content isn’t being spoofed. However, we don’t have a browser chrome in an immersive web browsing experience, so what is a 3D analog to this? (If you have ideas, let me know)

It’s important for us to embrace the idea that security is an interdisciplinary domain. If you have great crypto, but a terrible UX that leads to users skipping security features, then you aren’t providing a very secure experience. This also implies that everyone is responsible for security (and privacy), versus delegating that responsibility solely to specific engineers.

Previously, I’ve explored applying machine learning to problems in cryptography. And who knows what I’ll end up doing next—that’s the best part of working in unique domains. Every day brings interesting challenges.