Carry On: Sound Advice from Schneier on Security

Posted on by Ben Rothke

Bruce Schenier has been called an information security rock star.  If that’s the case, then Carry On: Sound Advice from Schneier on Security  is his greatest hits collection 2008-2013.

The roughly 175 essays in the book represent a collection of articles Schneier wrote for this Crypto-Gram newsletter, his blog and other blogs, magazines, newspapers and other periodicals.

Some of the articles, such as the 2008 piece Chinese Cyberattacks: Myth of Menace are clearly dated.  A number of the other articles are somewhat redundant in that they were written on the same topic for different audiences.


But the vast majority of the essays reveal Schneier’s insight and pragmatic approach, which makes this a most important book to read.  You may not agree with Schenier on every point, but every point of his is well researched and defended.  Personally, I think his approach to CCTV’s and public cameras as a method for crime reduction needs to be reviewed against current data on the topic.

Many of the essays show his deep frustration with Washington and the politics of security; which has resulted in creating a security theatre dealing with movie-plot threats.  Billions of dollars have been spent in this area, with almost nothing to show for it.

Another premise of the book is that most people don’t understand how to deal with risk and end up worrying about things that pose very little risk to them; of which a large number of essays are dedicated to this topic.  Schenier notes the fears people have of school shootings, child abduction, mass food poisonings and the like, all of which are extremely rare.  They worry about these while being  oblivious do automobile deaths, DUI deaths and similar, which pose real and daily risks.

When it comes to post-9/11 security, Schneier feels most of the time, money and effort has gone to waste, protecting against imaginary threats.  He notes that two things have made airplane travel safe post 9/11, namely: reinforcing the cockpit door, and convincing passengers that they need to fight back.  But having tens of thousands of clueless and incompetent TSA agents seizing water bottles and patting down wheelchair-bound grannies have done absolutely nothing to increase air safety.

The book is  both fascinating and frustrating.  Fascinating in that the book will open your eyes to how to deal with risk and security, and ultimately how to carry on.  But frustrating in that those in Washington who have been trusted to do this, have rarely done it right. 

In Carry On: Sound Advice from Schneier on Security, Schneier writes the playbook that Washington should have been following all along.

Ben Rothke

Senior Information Security Manager, Tapad

Business Perspectives

security awareness threat intelligence

Blogs posted to the website are intended for educational purposes only and do not replace independent professional judgment.  Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA® Conference, RSA Security LLC or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.

Share With Your Community