Information Age: News, analysis & insight for IT & business leaders

There are numerous reasons why Ira Winkler’s Zen and the Art of Information Security is a compelling read – unfortunately, none of them good.

If there is one obvious lesson to be learnt from this curious and ramshackle effort by the renowned security expert, US government advisor and author of books on corporate espionage and information warfare, it is that business presentations, no matter how “well received” by their audience, do not translate onto the printed page.

In this case, Winkler’s well-travelled and well-practised PowerPoints on information security, when rendered into text are, in many instances, rarely engaging and often cringe-worthy.

To his credit though, Winkler does give fair warning, disabusing the reader of any major expectations with an opening chapter entitled ‘Why You Shouldn’t Buy this Book’. He goes on to inform those readers who may have taken a wrong turning on their way to the bookshop’s spirituality section: “If you are looking for a book on Zen philosophy or Eastern religions, don’t buy this book. The title is supposed to imply security philosophy, not religious philosophy.” Buddhists everywhere will be grateful for the tip.

For those who persevere, what follows is not so much a philosophical foray into the general principles of information security but a rambling, anecdotal stream of consciousness, punctuated only by further self-indulgent asides on a range of subjects. Winkler’s somewhat reductive take on international politics, in particular, is worth highlighting: “To portray themselves as heroes [people] create a dragon to go out to fight…Clearly Osama bin Laden was a clear [sic] dragon. When it became apparent that bin Laden was not going to be captured, Saddam Hussein became the dragon,” he informs.

More worryingly, Winkler’s overly-simplistic view on fear and the process of ‘othering’, as it is dubbed by sociologists, leads him to the odd conclusion that cyber-terrorism is to be dismissed out of hand because “it is easier to blow things up” – a view that the government of Estonia might take issue with after their institutions were subjected to a wave of cyber-attacks in May, allegedly emanating from Russia.

Evidently, Winkler prides himself on a ‘common-sensical’ approach to information security, and throughout he delivers a series of other pithy maxims. Perhaps the most striking of these is the matter-of-fact declaration that no IT system can ever be foolproof, for the simple reason that “some people are just stupid”. This observation would arguably be more compelling however, if the reader could be certain that Winkler is not, indeed, one of them.

Regrettably, this remains a moot point. For the entire book is not only grammatically disastrous (“they could have went to prison”), it is littered with typos, irritatingly repetitive (a sub-chapter on ‘Script Kiddies’ for example, features twice) and is generally breathtakingly sloppy. It is also, ironically, overwhelmingly self-appreciative. “I have studied several forms of martial arts,” he impresses upon the reader early on, “achieving varying levels of expertise in each.” Scuba diving, the reader also learns, is another Winkler forte.

Devoid of genuine purpose throughout, this book’s one redeeming feature is that it only takes a few hours to read, which, by even the most generous calculation, is probably how long it took to write.