1. Know What You Have

You can’t protect what you don’t know exists. Inventory and visibility are the foundation.

2. Make It Hard To Break

Strong defaults, least privilege, and simple defenses raise the attacker’s cost.

3. See Trouble Fast

Detection matters more than perfection. Spot what slips through before it spreads.

4. Limit And Recover

Contain damage quickly, then restore. Every recovery is a chance to come back stronger.

These four laws form a closed loop: You can’t defend or detect without knowing what you have. You can’t reliably detect if the baseline isn’t hardened. You can’t contain if you don’t detect. You can’t sustain if you don’t recover, and recovery feeds back into knowing and strengthening what you have.

Remember: "Know. Harden. See. Recover."

For historical purposes, here's Version 1 of the Laws.

All information on this website is provided "as is" without warranty of any kind. You assume all risks associated with using or applying anything found here. I am not responsible for any failures, damage, or security issues that may result. You are solely responsible for your actions. If you do not agree, do not use this website or apply any information from it.