Who We Are xxi Introduction 1 Who Is This Book For? What the Book Covers Writing Conventions Road Map 1 First Principles 9 Overview What Are First Principles? What Is the Atomic Cybersecurity First Principle? Conclusion 2 Strategies 41 Overview Strategies vs. Tactics What Are the Essential Strategies Required for a First Principle Infosec Program? Zero Trust Strategy Overview- Intrusion Kill Chain Prevention Strategy Overview Resilience Strategy Overview Risk Forecasting Strategy Overview Automation Strategy Overview Conclusion 3 Zero Trust 57 Overview The Use Case for Zero Trust: Edward Snowden Zero Trust: Overhyped in the Market but. Cyber Hygiene, Defense in Depth, and Perimeter Defense: Zero Trust Before We Had Zero Trust Zero Trust Is Born Zero Trust Is a Philosophy, Not a Product Meat- and- Potatoes Zero Trust Logical and Micro Segmentation Vulnerability Management: A Zero Trust Tactic Software Bill of Materials: A Zero Trust Tactic Identity Management: A Tactic for Zero Trust Single Sign- On: A Zero Trust Tactic Two- Factor Authentication: A Tactic for Zero Trust Software- Defined Perimeter: A Tactic for Zero Trust Why Zero Trust Projects Fail Conclusion 4 Intrusion Kill Chain Prevention 121 Overview The Beginnings of a New Idea The Lockheed Martin Kill Chain Paper Kill Chain Models Cyber Threat Intelligence Operations as a Journey Red/Blue/Purple Team Operations: A Tactic for Intrusion Kill Chain Prevention Intelligence Sharing: A Tactic for Intrusion Kill Chain Prevention Conclusion 5 Resilience 203 Overview What Is Resilience? Crisis Handling: A Tactic for Resilience Backups: A Tactic for Resilience Encryption: A Tactic for Resilience Incident Response: A Tactic for Resilience Conclusion 6 Risk Forecasting 255 Overview Superforecasting, Fermi Estimates, and Black Swans Bayes Rule: A Different Way to Think About Cybersecurity Risk Risk Forecasting with the Bayes Rule: A Practical Example Conclusion 7 Automation 307 Overview Why Security Automation Is Essential Early History of Software Development Philosophies DevSecOps: An Essential Tactic for Automation Compliance: A First Principle Tactic That Cuts Across All Strategies Chaos Engineering for Automation and Resilience Conclusion 8 Summation 341 Overview Zero Trust Conclusion Index 351.