"It was immediately clear to me that security was a cross-cutting issue, so rather than dividing the space up in parallel with each of the other areas, I wanted security cut across the areas in addition to having its own content"
About this Quote
There is a quiet kind of radicalism in calling security a "cross-cutting issue". Crocker isn’t selling paranoia; he’s arguing for architecture. The phrasing signals an engineer’s mindset: security can’t be treated like one more department with a neat boundary and a slide deck. If you "divide the space up" so security sits politely beside networking, operations, and product, you’ve already lost. You’ve created a box that attackers can route around.
The intent is organizational as much as technical. Crocker is describing governance: how you structure knowledge, documentation, and ownership so security becomes a property of everything you build, not a late-stage review. "Cut across the areas" is the key verb choice. It implies friction, intrusion, a willingness to disrupt tidy silos. It also contains a concession to reality: security still needs "its own content" because someone must hold the expertise, set standards, and track threats. The balancing act is mature: embed security everywhere without dissolving accountability into vague "shared responsibility."
Context matters. Crocker belongs to the cohort that helped define the early internet’s norms and protocols, an ecosystem built on openness and trust that later had to metabolize abuse at scale. His language reflects that historical pivot: from "build it and connect it" to "design it so it survives contact with the world". The subtext is an indictment of checkbox security. Real security is not a lane; it’s a constraint that reshapes every lane.
The intent is organizational as much as technical. Crocker is describing governance: how you structure knowledge, documentation, and ownership so security becomes a property of everything you build, not a late-stage review. "Cut across the areas" is the key verb choice. It implies friction, intrusion, a willingness to disrupt tidy silos. It also contains a concession to reality: security still needs "its own content" because someone must hold the expertise, set standards, and track threats. The balancing act is mature: embed security everywhere without dissolving accountability into vague "shared responsibility."
Context matters. Crocker belongs to the cohort that helped define the early internet’s norms and protocols, an ecosystem built on openness and trust that later had to metabolize abuse at scale. His language reflects that historical pivot: from "build it and connect it" to "design it so it survives contact with the world". The subtext is an indictment of checkbox security. Real security is not a lane; it’s a constraint that reshapes every lane.
Quote Details
| Topic | Privacy & Cybersecurity |
|---|
More Quotes by Steve
Add to List
