Without a goal [maneuvering is] aimless. You might be a master tactician, but you'll have no sense of strategy.

—Garry Kasparov, former World Chess Champion

However beautiful the strategy, you should occasionally look at the results.

—Sir Winston Churchill, Prime Minister of Britain during WWII

Overview

This chapter is an executive summary for the rest of the book, Chapters 3–8. In Chapter 1, I explained what first principles are and made the case for the ultimate cybersecurity first principle: reduce the probability of material impact due to a cyber event over a finite set of time. In this chapter, I outline the five follow‐on strategies that logically flow from this idea. Consider it a primer to get you warmed up for the concepts, the tactics, and the implementation strategies that you will read about in subsequent chapters. Here I want to give you a flavor for what is to come before I bury you in the details. These strategies and tactics are complicated. If you're not careful as you read through the book, you could easily lose your sense of direction. Use this chapter and Chapter 1 to remember where you are and why we are taking this journey.

One final thing as you read through the strategies: I'm not advocating that network defenders from all organizations (government, commercial, and academia) have to implement every single one of them to implement a cybersecurity first principle infosec program. What I'm arguing is that these strategies logically flow ...