For about twelve years I worked information security for a few different software companies. We sold our software to companies and government agencies concerned with making sure those accessing their sensitive systems were (a) who they said they were, and (b) only accessing information they should have access to. The first concern is called authentication (“are you who you say you are?”), and the second one is called access control (“do you have access to the information that you need and are you denied access to the information you shouldn’t have?”). Solving these two problems have always been a challenge. And though their implementation has changed throughout time, the solutions are basically the same.
It was only a few days after I’d completed a computer security certification when I went through an endowment session again. It occurred to me that you could look at the endowment though an information security lens and gain some valuable insights. I’ll explore some of them in this post. Some of my discussion will necessarily be oblique, and may only make sense to those who have been through themselves. I take seriously the desire to keep these things sacred, and I hope my post here will be in harmony with that.