Who We Are xxiIntroduction 1Who Is This Book For?What the Book CoversWriting ConventionsRoad Map1 First Principles 9OverviewWhat Are First Principles?What Is the Atomic Cybersecurity First Principle?Conclusion2 Strategies 41OverviewStrategies vs. TacticsWhat Are the Essential Strategies Required for a FirstPrinciple Infosec Program?Zero Trust Strategy Overview-Intrusion Kill Chain Prevention Strategy OverviewResilience Strategy OverviewRisk Forecasting Strategy OverviewAutomation Strategy OverviewConclusion3 Zero Trust 57OverviewThe Use Case for Zero Trust: Edward SnowdenZero Trust: Overhyped in the Market but.Cyber Hygiene, Defense in Depth, and Perimeter Defense:Zero Trust Before We Had Zero TrustZero Trust Is BornZero Trust Is a Philosophy, Not a ProductMeat- and- Potatoes Zero TrustLogical and Micro SegmentationVulnerability Management: A Zero Trust TacticSoftware Bill of Materials: A Zero Trust TacticIdentity Management: A Tactic for Zero TrustSingle Sign- On: A Zero Trust TacticTwo- Factor Authentication: A Tactic for Zero TrustSoftware- Defined Perimeter: A Tactic for Zero TrustWhy Zero Trust Projects FailConclusion4 Intrusion Kill Chain Prevention 121OverviewThe Beginnings of a New IdeaThe Lockheed Martin Kill Chain PaperKill Chain ModelsCyber Threat Intelligence Operations as a JourneyRed/Blue/Purple Team Operations: A Tactic for IntrusionKill Chain PreventionIntelligence Sharing: A Tactic for Intrusion Kill ChainPreventionConclusion5 Resilience 203OverviewWhat Is Resilience?Crisis Handling: A Tactic for ResilienceBackups: A Tactic for ResilienceEncryption: A Tactic for ResilienceIncident Response: A Tactic for ResilienceConclusion6 Risk Forecasting 255OverviewSuperforecasting, Fermi Estimates, and Black SwansBayes Rule: A Different Way to Think AboutCybersecurity RiskRisk Forecasting with the Bayes Rule: A PracticalExampleConclusion7 Automation 307OverviewWhy Security Automation Is EssentialEarly History of Software Development PhilosophiesDevSecOps: An Essential Tactic for AutomationCompliance: A First Principle Tactic That Cuts AcrossAll StrategiesChaos Engineering for Automation and ResilienceConclusion8 Summation 341OverviewZero TrustConclusionIndex 351

RICK HOWARD is the Chief Analyst and Senior Fellow at The CyberWire, the world's largest cybersecurity podcast network, and the CSO of N2K (The CyberWire's parent company). He's been a CSO for Palo Alto Networks, TASC, and a former Commander for the U.S. Army's Computer Emergency Response Team. He helped found the Cyber Threat Alliance (an ISAO for security vendors) and the Cybersecurity Canon Project (a Rock & Roll Hall of Fame for cybersecurity books).