Book Review: Secrets and Lies - Digital Security in a Networked World
Author: Bruce Schneier
Amazon Link: PaperBack Book Link
Target Audience:
I feel this one is a masterpiece from Schneier, and a must read for anyone interested in getting a fantastic and incisive insight into the world of computer and network security without getting caught up in the technicalities. Bruce Schneier is a name to be reckoned with in the info-sec world, and this book comes after his widely acclaimed piece “Applied Cryptography”. If you are human being using the internet, this book is still a must read and is well structured and organized to fascinate readers who are CISOS or to those who discovered the Internet yesterday.
Review:
The TL;DR version is - Worth every dollar, and anyone looking to make a career in info sec or already in info sec should not miss this one. Even though this released more than 10 years ago, it is still a compelling read and holds true to the landscape of digital world even today as much of the problems , broadly speaking threating the cyber world are still around today.
This was one of the first books I read when I started out to learn more about information security few months back, and hands down it played a great role in piquing my interest in information security. I had read Bruce’s earlier work , and read his blogs which is updated regularly on issues around information security. Bruce writes this book not only as a sequel , but also to correct the original book’s interpretation by many as proclaiming “Cryptography as a panacea”.
Bruce is an incredibly gifted writer, and this book is as informative as it is funny even circling around subjects which are widely perceived as dry by those not involved with info-sec. Bruce is able to convey his perspective of looking at things simply and draws parellelisms between the threats and adversaries in the cyber and the real world. He goes on to describe the ways these landscapes are similar and also what sets them apart. A complex concept like information security is explained incredibly in depth and well, without delving into technicalities that can keep the untrained confused.
This book is a great read insight to history of security, and how the computer in a network changed every concept of system security. It describes aspects related to security such as cyber crime, prosecution, nation states and governments role and investment in security. It cements complex concepts related to computer networks, operating systems, cryptography, hashing, biometrics while being incredibly simple and easy to understand and explaining their place in real-world and their shortcomings. Another positive aspect of this book is that it is well organized into topics and categories and at the same time linear when read from beginning to end, introducing concepts sequentially requiring little external lookup.
This book is meant to be read much like a novel, and it goes a long way in contributing to building a security analysts’ mindset or how to think about problems in security. It makes a reader realize why indeed solving security problems is so complex. It uncovers aspects of security problems often forgotten in technical discussions and why security takes a back-seat when products or services are designed- It is these non-technical aspects and factors which make security hard, and not something that can be simply solved by mathematicians and cryptographers. The two of my favorite parts amongst several others is the part where he describes and explains Authentication and Trust in the digital world and compares it to the real world, and the chapter titled “The Human Factor”.
I have read this book over and over again, and there are parts of this book that I read to remind why working in cybersecurity is as exciting as it is challenging!