Modern Adversary

The Laws Of Security V2

Sept 2025

The Laws of Security work but it's time for an update. So, let’s strip this down to the real fundamentals of security, the laws that hold no matter the tools, size of team, or budget. These laws are both practical for junior team members, and principled enough for seniors, while showing how each law relies on the others to create a feedback loop.

1. KNOW WHAT YOU HAVE

You can’t protect what you don’t know exists. Inventory and visibility are the foundation.

2. MAKE IT HARD TO BREAK

Strong defaults, least privilege, and simple defenses raise the attacker’s cost.

3. SEE TROUBLE FAST

Detection matters more than perfection. Spot what slips through before it spreads.

4. LIMIT AND RECOVER

Contain damage quickly, then restore. Every recovery is a chance to come back stronger.

These four laws form a closed loop:

You can’t defend or detect without knowing what you have. You can’t reliably detect if the baseline isn’t hardened. You can’t contain if you don’t detect. You can’t sustain if you don’t recover, and recovery feeds back into knowing and strengthening what you have.

Remember: "Know. Harden. See. Recover."

Note: This is part of The Laws Of Security website.