Schneier on Security review
Each article stands alone, and most can be digested in under five minutes, so it’s an easy read. Unfortunately, this format doesn’t give Schneier the space to really dig into complex issues, so his arguments can seem rather trivial.
On the subject of airport security, for example, he concludes that ‘we need to spend our resources on things that actually make us safer’. Well duh.
There’s also a certain degree of repetition between essays – understandable in a collection of this nature but wearing nevertheless.
Phrases such as ‘join the dots’, ‘police state’ and ‘control of our data’ echo through the text, creating an uneasy sense of déjà-vu. The effect is reinforced by the half-decade span of articles: Schneier’s repeated references to the September 2001 terrorist attacks may have been timely when first written, but today they make him seem stuck in the past.
It’s a shame, because at its best Schneier on Security is genuinely thought-provoking. Several essays show, with clear logic and concrete example, how instinct can lead us to make nonsensical choices in the name of security.
Others give excellent warnings about the open-ended nature of our relationships with online services. And Schneier isn’t afraid to point fingers, rightly excoriating the likes of McAfee and Symantec for their pusillanimity when Sony started distributing malware in 2005.
For a non-expert, Schneier on Security could make a highly accessible introduction to ‘security thinking’. Its tone is invitingly informal, and though its discussions are biased toward US-centric issues, the underlying principles have universal application.
Schneier’s high-level, populist approach, however, means little in this book will be of practical use to professionals.