Book Review - Little Brother by Cory Doctorow

A while back, I posted a review of Moneyball, by Michael Lewis. I listed it as a "book review for people who hate business books." I like that concept, and I read a lot of books, so I'm going to try to make this a semi-regular feature of this blog.

My latest book review for people who hate business books is a ringing endorsement of:

I found out about Cory Doctorow through the blog Boing Boing. If you don’t read that blog, it’s worth checking out. The staffers there do a great job of finding interesting tidbits in the giant haystack of information that is today’s Internet. I learn something new there every day.

Anyway, I picked this book up for a vacation read, and finished it in maybe four sittings. It is written for young adults. That's great, because young adults will become adults soon, and they should read this book before they do. But it's also unfortunate, because it will make a lot of people dismiss the book as beneath their concern. That would be tragic, because this book is a young adult book the way The Catcher in the Rye is a young adult book.

Without revealing too much about the plot (which is relevant, compelling and exciting), this book talks about technology and security. It aptly describes reactive security measures as "Security Theater" developed to provide only the semblance of security. It also raises important and unsettling questions about the end goal of security – is it to mitigate and minimize risk, or is it to capitalize on fear and doubt in order to self-perpetuate. (Put differently: You shouldn't take your security advice from the guy whose day job is selling you surveillance cameras, firewalls, or intrusion detection software.)

The premise of the book plays into my notion of how best to approach security – start with trust, verify frequently. Analyze threats, prioritize risks, and then adopt a level of mitigation that lets you get on with your work at a reasonable risk trade off. Obvious caveats apply around the definition of “reasonable” for any given business or company, but that trust but verify script seems a lot more effective than the shut it all down script that gets played out in this book, and to a significant extent in our real lives.

Oh, and if for no other reason, you should read this because it has the best description of asymmetric cryptography I've ever read!

No comments: