Tenet #0 – Security is rooted in Behavior, not Technology. Technology is not as important as Awareness or Self-Discipline.
Tenet #1 – There is no such thing as perfect security, either in the digital world or the physical, operational world.
Tenet #2 – Something is better than nothing, as long as you don’t forget Tenet #3.
Tenet #3 – Do not get lulled into a false sense of security in either behavior or technology. You are not bulletproof and neither is Tech.
Tenet #4 – Don’t worry about the big things if you are not doing the little things right and with consistent, freakish discipline.
Tenet #5 – Compartmentalize whenever possible. Separate your business and personal activity.
Tenet #6 – Sam Culper’s Intel SPACE analysis is a useful tool to evaluate your own security posture and weaknesses.
Tenet #7 – Do not divulge any more than is necessary for the role you are playing. When not playing that role, increase your security posture.
Tenet #8 – Most hackers get caught by poor OPSEC, good HUMINT, arrogance or hubris, not broken technology.
Tenet #9 – Digital Security is necessary for true Operations Security.
Tenet #10 – There is no single “best” technology. You need concentric rings of defense and layered security, just like in the physical world.
Tenet #11 – There is always a tradeoff between Speed / Effect and Security, just like the operational world.
Tenet #12 – STFU. – The Grugq, Hacker, Security Consultant