The first expert discussion of the foundations of cybersecurity

In Cybersecurity First Principles, Rick Howard, the Chief Security Officer, Chief Analyst, and Senior fellow at The Cyberwire, challenges the conventional wisdom of current cybersecurity best practices, strategy, and tactics and makes the case that the profession needs to get back to first principles. The author convincingly lays out the arguments for the absolute cybersecurity first principle and then discusses the strategies and tactics required to achieve it.

In the book, you'll explore:

• Infosec history from the 1960s until the early 2020s and why it has largely failed
• What the infosec community should be trying to achieve instead
• The arguments for the absolute and atomic cybersecurity first principle
• The strategies and tactics to adopt that will have the greatest impact in pursuing the ultimate first principle
• Case studies through a first principle lens of the 2015 OPM hack, the 2016 DNC Hack, the 2019 Colonial Pipeline hack, and the Netflix Chaos Monkey resilience program
• A top to bottom explanation of how to calculate cyber risk for two different kinds of companies

This book is perfect for cybersecurity professionals at all levels: business executives and senior security professionals, mid-level practitioner veterans, newbies coming out of school as well as career-changers seeking better career opportunities, teachers, and students.

Table of Contents

Chapter 1 First Principles

Chapter 2 Strategies

Chpater 3 Zero Trust

Chapter 4 Intrusion Kill Chain Prevention

Chapter 5 Resilience

Chapter 6 Risk Forecasting

Chapter 7 Automation

Chapter 8 Summation

“I often tell individuals just starting in cyber that if they want to understand what is going on, go listen to Rick.”

― Mark McLaughlin, Former President, CEO and Chairman of the Board, Palo Alto Networks

“Rick Howard has been at the forefront of cybersecurity since it existed as a profession. In Cybersecurity First Principles, he not only educates but also entertains; something only the truly accomplished can achieve.”

― Jack Freund, Co-Author of “Measuring and Managing Information Risk: A Fair Approach”

“Strategic thinking is critical to our success in securing our organizations. This book is an invaluable roadmap for how to approach cybersecurity strategically by an absolute legend in our industry.”

― George Finney, author of “Project Zero Trust: A Story about a Strategy for Aligning Security and the Business”

Since the 1970s, infosec practitioners have been incrementally improving the overall security landscape without ever taking a moment to consider if they were going in the right strategic direction in the first place. The author makes the case that they weren’t. The general direction wasn’t wrong per se, but the thought leaders in the space never got to the root of the problem. Retracing the footsteps of scientific thought leaders like Descartes and Elon Musk, this book makes the case for the ultimate cybersecurity first principle and outlines the strategies and tactics necessary to pursue it.

A reboot of infosec strategy and tactics, this book explains:

• Why a first principle approach is necessary
• Five strategies that emerge because of it: Zero Trust, Intrusion Kill Chain Prevention, Resilience, Automation and Risk Forecasting
• Hands-on tactics to achieve each strategy

About the Author

RICK HOWARD is the Chief Analyst and Senior Fellow at The CyberWire, the world’s largest cybersecurity podcast network, and the CSO of N2K (The CyberWire’s parent company). He’s been a CSO for Palo Alto Networks, TASC, and a former Commander for the U.S. Army’s Computer Emergency Response Team. He helped found the Cyber Threat Alliance (an ISAO for security vendors) and the Cybersecurity Canon Project (a Rock & Roll Hall of Fame for cybersecurity books).