Tenets

Tenet #0 – Security is rooted in Behavior, not Technology.  Technology is not as important as Awareness or Self-Discipline.

Tenet #1 – There is no such thing as perfect security, either in the digital world or the physical, operational world.

Tenet #2 – Something is better than nothing, as long as you don’t forget Tenet #3.

Tenet #3 – Do not get lulled into a false sense of security in either behavior or technology.  You are not bulletproof and neither is Tech.

Tenet #4 – Don’t worry about the big things if you are not doing the little things right and with consistent, freakish discipline.

Tenet #5 – Compartmentalize whenever possible.  Separate your business and personal activity.

Tenet #6 – Sam Culper’s Intel SPACE analysis is a useful tool to evaluate your own security posture and weaknesses.

Tenet #7 – Do not divulge any more than is necessary for the role you are playing.  When not playing that role, increase your security posture.

Tenet #8 – Most hackers get caught by poor OPSEC, good HUMINT, arrogance or hubris, not broken technology.

Tenet #9 – Digital Security is necessary for true Operations Security.

Tenet #10 – There is no single “best” technology.  You need concentric rings of defense and layered security, just like in the physical world.

Tenet #11 – There is always a tradeoff between Speed / Effect and Security, just like the operational world.

Tenet #12 – STFU.  – The Grugq, Hacker, Security Consultant

Advertisements