Beyond Fear by Bruce Schneier
I have been reading a lot more lately thanks mostly to an hour commute each way each day. The first book I finally got around to reading on the train was Beyond Fear, by Bruce Schneier. First a bit of background. I religiously read Schneier’s newsletter. (Pre-blog, though I believe that he has converted it into blog form.) It is a really entertaining and education monthly email. While I touch on computer security issues regularly, I am by no means a security expert, so seeing how an expert thinks can really help. Because I found the blog so useful, and because he has converted me over to many of his ways of thinking about things, I had high hopes for the book. It is billed as security for the common man, post 9/11. The idea being that you don’t have to be an expert to think about security, and in fact, you shouldn’t just take things at face value.
Unfortunately I found the book to be much more of a disjointed collection of his posts than a good, hand holding explanation of the real security tradeoffs that are currently going on around us. In fact, it I weren’t already a true believer, I might come away from this not “Beyond Fear” but “Quaking in Fear”. Don’t get me wrong, the book is well written, and clearly explains the different points about security that he is trying to make, it simply fails to pull it together into a coherent story. Which is too bad, because all the pieces are there that you need. And since I am a regular follower of his, I was easily able to piece together the “Beyond Fear” story. I just wonder if my mother would be able to.
But if you are already into the security scene, or if you just think that a lot of what passes for security in this country doesn’t make sense, this book is the book for you. On the other hand, if you don’t really have much of an opinion on security this is an interesting breakdown of the basic precepts of security and how it works and fails. Just remember: the job of a good security analyst is to find the weaknesses. He believes in security or he wouldn’t be doing in this field. Good security is achievable and does work, it is just harder to make happen than you probably think.