This book is a collection of essays on security: on security technology, on security policy, on how security works in the real world. Some are about specific technologies, like voting machines or national ID cards. Some are about specific targets, like airplanes or the Olympics. And some are about general trends, like increasing complexity or human behavior.

All have been published before—between June 2002 and June 2008—in newspapers, magazines, websites, and my own monthly e-mail-newsletter Crypto-Gram.

Although I have grouped them by topic and have arranged them within those topics, they all stand alone and can be read in any order. (There is some overlap of material because it appeared in different locations for different audiences.) You don't even have to read this introduction first. Actually, it might be better if you read a few essays first, then returned once you started wondering who in the world I am and what authority I have to write this broadly about security.

I'm a security technologist. I've worked for many companies, small and large, both as an employee and as a consultant. Over the years, my career has been a series of generalizations: from cryptography and mathematical security to computer and network security, and from there to more general security technology. More recently, I've been researching and writing about the interaction between security technology and people: the economics of security and, most recently, the psychology of security.

It turns ...