Cybersecurity First Principles: A Reboot of Strategy and Tactics

RICK HOWARD is the Chief Analyst and Senior Fellow at The CyberWire, the world’s largest cybersecurity podcast network, and the CSO of N2K (The CyberWire’s parent company). He’s been a CSO for Palo Alto Networks, TASC, and a former Commander for the U.S. Army’s Computer Emergency Response Team. He helped found the Cyber Threat Alliance (an ISAO for security vendors) and the Cybersecurity Canon Project (a Rock & Roll Hall of Fame for cybersecurity books).

Who We Are xxi

Introduction 1

Who Is This Book For?

What the Book Covers

Writing Conventions

Road Map

1 First Principles 9

Overview

What Are First Principles?

What Is the Atomic Cybersecurity First Principle?

Conclusion

2 Strategies 41

Overview

Strategies vs. Tactics

What Are the Essential Strategies Required for a First

Principle Infosec Program?

Zero Trust Strategy Overview-

Intrusion Kill Chain Prevention Strategy Overview

Resilience Strategy Overview

Risk Forecasting Strategy Overview

Automation Strategy Overview

Conclusion

3 Zero Trust 57

Overview

The Use Case for Zero Trust: Edward Snowden

Zero Trust: Overhyped in the Market but.

Cyber Hygiene, Defense in Depth, and Perimeter Defense:

Zero Trust Before We Had Zero Trust

Zero Trust Is Born

Zero Trust Is a Philosophy, Not a Product

Meat- and- Potatoes Zero Trust

Logical and Micro Segmentation

Vulnerability Management: A Zero Trust Tactic

Software Bill of Materials: A Zero Trust Tactic

Identity Management: A Tactic for Zero Trust

Single Sign- On: A Zero Trust Tactic

Two- Factor Authentication: A Tactic for Zero Trust

Software- Defined Perimeter: A Tactic for Zero Trust

Why Zero Trust Projects Fail

Conclusion

4 Intrusion Kill Chain Prevention 121

Overview

The Beginnings of a New Idea

The Lockheed Martin Kill Chain Paper

Kill Chain Models

Cyber Threat Intelligence Operations as a Journey

Red/Blue/Purple Team Operations: A Tactic for Intrusion

Kill Chain Prevention

Intelligence Sharing: A Tactic for Intrusion Kill Chain

Prevention

Conclusion

5 Resilience 203

Overview

What Is Resilience?

Crisis Handling: A Tactic for Resilience

Backups: A Tactic for Resilience

Encryption: A Tactic for Resilience

Incident Response: A Tactic for Resilience

Conclusion

6 Risk Forecasting 255

Overview

Superforecasting, Fermi Estimates, and Black Swans

Bayes Rule: A Different Way to Think About

Cybersecurity Risk

Risk Forecasting with the Bayes Rule: A Practical

Example

Conclusion

7 Automation 307

Overview

Why Security Automation Is Essential

Early History of Software Development Philosophies

DevSecOps: An Essential Tactic for Automation

Compliance: A First Principle Tactic That Cuts Across

All Strategies

Chaos Engineering for Automation and Resilience

Conclusion

8 Summation 341

Overview

Zero Trust

Conclusion

Index 351