First principle thinking is the idea that everything you do is underpinned by a foundational belief, or first principles.

—Reed Hastings, Netflix CEO

…in order to study the acquisition of [knowledge], we must commence with the investigation of those first causes which are called Principles.

—Rene Descartes, philosopher

I think it's important to reason from first principles rather than by analogy… . [With first principles] you boil things down to the most fundamental truths…and then reason up from there.

—Elon Musk, SpaceX founder

Overview

This chapter is for you if you are not familiar with the idea of first principles as a general scientific best practice. It's not just a meme that you heard about on Twitter. Scientists have been using the idea since the world was young to discover the hidden secrets of nature and society. This entire book is my exploration of that concept applied to cybersecurity. There have been discussions of basic cybersecurity fundamentals, sure, but, as you'll see, researchers believed early on (1970s–1980s) that the absolute cybersecurity first principle was to build a completely secure computer. By the early 2020s, practitioners had largely abandoned that idea as impractical. That said, the security community hasn't replaced it with anything substantial except for maybe the concept of the CIA triad (confidentiality, integrity, and availability). Even advocates of the triad don't elevate it to the level of a first principle. ...