Map out your future—but do it in pencil. The road ahead is as long as you make it. Make it worth the trip.

—Jon Bon Jovi, American singer, songwriter,guitarist, and actor

Who Is This Book For?

This is about rethinking cybersecurity from the ground up using the idea of first principles. I will explain what I mean by that in Chapter 3, “Zero Trust,” but at a high level it's a list of fundamental truths that serves as the foundation for building your cybersecurity program. That said, my intention for writing the book was to target a broad swath of security practitioners in three groups.

The first group consists of security executives. These are my peers, colleagues, and the people who work for them in the cybersecurity industry supporting the commercial sector, government circles (both policy and technical), and academia. With this first principles notion, my intent is to challenge how these network defender veterans think about cybersecurity. I am going to suggest that for the past 25 years, we've all been doing it wrong and that a reexamination of first principles will guide us back to the right path and will help us disrupt our current thinking to pursue defensive postures that have a higher probability of success.

The second group consists of the newbies coming into the field. These would be young and fresh‐faced college graduates, government civil servants transitioning into the commercial sector, and career changers who are tired of what they have been doing ...