THE SECURITY BRUTALIST

The Laws of Security

Let's break security down to its core principles: the fundamental laws that apply regardless of tools, team size, or budget. These laws are practical enough for junior team members to apply, yet grounded in principles that resonate with senior professionals. Each law reinforces the others, forming a self-reinforcing feedback loop.

The Laws

  1. Know what you have.
  2. Make it hard to break.
  3. See trouble fast.
  4. Limit and recover.

Why

1. Know What You Have
You can’t protect what you don’t know exists. Inventory and visibility are the foundation.

2. Make It Hard to Break
Strong defaults, least privilege, and simple defenses raise the attacker’s cost.

3. See Trouble Fast
Detection matters more than perfection. Spot what slips through before it spreads.

4. Limit and Recover
Contain damage quickly, then restore. Every recovery is a chance to come back stronger.

Supporting Each Other

These four laws form a closed loop:

You can’t defend or detect without knowing what you have; you can’t reliably detect if the baseline isn’t hardened; you can’t contain if you don’t detect; you can’t sustain if you don’t recover, and recovery feeds back into knowing and strengthening what you have.

Remember

"Know. Harden. See. Recover."