Cybersecurity by the Book
The article applies principles from classic military strategy texts like Sun Tzu's "The Art of War" and Clausewitz's "On War" to modern cybersecurity, arguing that concepts such as knowing one's enemy, deception, and strategic positioning translate directly to defending digital systems.
Background
This article critiques "security by the book"—treating cybersecurity as a compliance checklist (e.g., NIST, ISO 27001, SOC 2) rather than a dynamic, adversarial discipline. The author argues that rigid frameworks create a false sense of safety, as real attackers don't follow rulebooks. The piece draws on ideas from "security theater" (actions that look secure but aren't) and the tension between bureaucratic risk management and actual engineering practice. It may reference themes from security figures like Bruce Schneier or Dan Geer, who have long warned that certification-driven security can lag behind real threats. The core audience is technical professionals skeptical of enterprise compliance culture.