There is no security on this earth; there is only opportunity.
The Principle: Take advantage of the actor relationships, material resources, and strategic opportunities available in the environment.
Key Question: Am I taking advantage of my environment?
Related Concepts: Information Sharing, White Hat Testing, Deception, Common Tools
Opportunity is where we look at the plethora of actors, resources, and strategic opportunities that surround us as tools to be wielded for our benefit. Rather than “go it alone,” practitioners can make huge leaps in security by embracing the opportunities presented in their environment.
The outside world isn’t just a source of threats, it is also a source of opportunities. The Opportunity principle is about capitalizing on these opportunities to benefit security. It’s all too easy to try to “go it alone” in security, operating in an information silo, isolated from the developments of the outside world. Although driven by a desire to improve security, this approach sacrifices the benefits of engaging with the environment, making us less informed, less well-equipped, and less efficient. Opportunity is about using the world outside of your office, team, workplace, or organization to your own advantage by building partnerships, embracing community-driven tools and standards, and capitalizing on strategic opportunities (like attackers’ incentives and assumptions). Attackers reap huge rewards from embracing positive ...