A simple guide to system security survival#
Polished by ChatGPT
System security is the practice of defending computer systems from threats like vulnerabilities and attacks through safeguard technologies. It sounds noble—and it is—but let’s be honest: system security is notoriously hard to start, exhausting to progress, and often too fragile to survive.
So why do we still do it?
I believe it's because we're genuinely drawn to it. But seriously—why are we still doing system security, when so many forces seem against it?
The harsh reality#
The truth is, system security faces serious challenges:
- Venture capital rarely favors us.
- AI science departments don’t really need us.
- Our research is fundamentally tough and slow.
Every day, I have to persuade myself to stay in this field—knowing it’s unlikely to lead to a high salary at a leading company or an easy path to a faculty job at a top university.
Yet, here we are.
Restoring confidence#
As JFK once asked: "Why choose this as our goal? And they may well ask why climb the highest mountain? Why, 35 years ago, fly the Atlantic? Why does Rice play Texas?"
We choose system security not because it is easy, but precisely because it is hard. Because when the next wave of new technologies crashes—when their promises of "trust" fall apart—system security will still be there.
Storytelling, neoliberalism, and survival#
We also have to recognize the world we live in. Under neoliberalism, universities, faculties, and students are all driven by capital. Cybersecurity, too, must align—at least partially—with the interests of capital if it wants to survive. In fact, cybersecurity has always helped ensure the profitability of capital by protecting the underlying systems.
System security, in particular, is deeply tied to these ecosystems. Our mission is to build chains of trust that span the entire technology stack—from low-level software to AI applications. At its core, system security is powered by a few fundamental technologies (TBC):
- Isolation — separating critical components
- Attestation — proving the integrity of systems
System security isn't about pure cryptography, mathematical proofs for their own sake, or the latest AI/ML breakthrough. It’s about trust—like putting capital into a safebox, securing value through an unbreakable chain of trust.
Storytelling, national security, and survival#
Another form of storytelling is to become part of national security itself. Cyberspace is now recognized as the "fifth domain" of conflict, alongside land, sea, air, and space. National security policies in cyberspace are a natural extension of political will. I believe in the principle of maintaining advanced attack capabilities while holding a defensive posture. In this sense, system security research must consider both offense and defense. Our defenses must be strong and resilient, but our understanding of attacks must be even more advanced—to maintain readiness, credibility, and capability.
Novelty and moving forward#
System security survives beyond capital and national security concerns, yet it progresses through continuous technological innovation. Here are the top five research problems that are shaping the future of secure computing:
- Statefulness
- Large-scale system understanding
- AI infrastructure security
- Full-chain exploit
- Hardware-agnostic software/communication protocols
System security must evolve to address the increasing concerns of capital and national security, as technology becomes ever more integral to economic and geopolitical stability. At the same time, meaningful progress in system security depends on solving fundamental problems—such as statefulness, large-scale system understanding, and full-chain exploits. By addressing these core challenges, system security can become more adaptable and resilient, better equipped to thrive in an increasingly competitive landscape. Long live system security!