Bruce Schneier is one of those people with so much experience and expertise that many introductions refer to him using the words “industry luminary.” Starting out as what many people called the “father of modern day computer cryptography,” Schneier transcended his early cipher‐focus to ask the bigger questions about why computer security is not significantly better after all these decades. He speaks with authority and clarity on a wide range of computer security topics. He is frequently invited as an expert on national television shows and has testified several times in front of the United States Congress. Schneier writes and blogs, and I have always considered his teachings to be my informal master’s degree in computer security. I would not be half the computer security practitioner I am today without his public education. He is my unofficial mentor.

Schneier is famous for saying disarmingly simple things that get to the heart, and sometimes gut, of a previously held belief or dogma. For example, “If you are focused on SSL attacks, then you’re doing better in computer security than the rest of the world.” He meant that there are so many other, more often successfully exploited things to be worried about, that if you were truly worried about a rarely used SSL exploit, you must have solved all the other more likely, more important, things first. In other words, we need to prioritize our computer security efforts instead of reacting to every newly announced ...