On Deception and Security Unconventional Warfare
Feb 2026
Dan Wood just dropped an article that needs to be required reading for anyone who thinks they understand modern security and red teaming. In "Deception as a System", he argues that most cyber deception discussions are stuck at the tool level (honeypots, decoys, fake credentials) while missing the actual power play: deception as structured decision engineering. Drawing from military doctrine across Western, Russian, and Chinese traditions, he frames real deception not as trickery but as deliberately shaping what adversaries believe, controlling the evidence they observe, and measuring whether their behavior changes. The punchline that should make every security leader uncomfortable: if your red team plan doesn't explicitly state the belief you're trying to create or test, you're not doing deception, you're doing a technical exercise with vibes.
Here's the thing about security, we're so deep in our control-testing bullshit that we've forgotten adversaries aren't trying to beat our tools, they're trying to beat our minds. We've got frameworks for everything, dashboards for everything, and yet mature threats still walk right through because they understand something we don't: belief is a vulnerability.
Deception isn't some niche technology or control you bolt on when you're feeling fancy. It's how real adversaries operate. They shape what you see, what you believe, and what you decide. They make you think it's ransomware when it's espionage. They make you focus on the wrong timeline, the wrong actor, the wrong containment action. And while you're busy congratulating yourself for "getting domain admin" in a red team, nobody's asking whether the SOC would actually recognize the strategic objective or if they'd just burn hours chasing the wrong story.
It's looking at the whole picture. It's thinking in graphs. It's applying common sense. It's all that and more.
This is why I created Security Unconventional Warfare (SUW), and why Dan's article makes sense to me. SUW is all about a focus on small, elite cells that actively hunt threats, disrupt reconnaissance, and make your environment hostile to adversaries before they even get started. It's deception, in big picture mode. It's feeding attackers false information, forcing them to waste resources, and turning every lateral movement attempt into a noisy, expensive gamble. Traditional security waits for alerts. SUW makes attackers regret ever looking at you.
But here's what ties it together, I think, SUW only works if you understand deception as a system, not a trick. You need to think like Dan describes, defining what belief you want to create in an adversary's mind, controlling the evidence they observe, and measuring whether their behavior changes. You need to treat red teaming as adversarial decision warfare, testing whether your organization can recognize intent under misdirection, not just whether your EDR blocks a known binary. You need small teams that can operate like adversaries think, not like compliance officers do.
We need to stop pretending security is about defending everything equally and start treating it like what it actually is: asymmetric warfare where the side that controls the narrative wins. That means thinking systematically about deception as doctrine, not decoration. Make your threat emulation actually emulate intent. Build exercises around decision failure modes. Train teams to disrupt reconnaissance by shaping what attackers believe is possible.
Why? Because right now we're testing our controls while adversaries are testing our capacity to think clearly under pressure. And we're losing that fight badly.