Matt – Page 2 – Matt Shannon, Security Pro

The Art of CyberWar | Part XII | Attack by Fire

The Principle: When you use fire to attack, you must be prepared for the wind.
— Sun Tzu

The Nature of Fire

Fire is decisive. It consumes, clears, and purifies, but it also spreads beyond intention. Sun Tzu treats fire as both a weapon and a warning. It can destroy an enemy’s stores, flush troops from cover, and sow panic, but he cautions that those who ignite must control the wind, or the flame will turn back.

In today’s language: escalation is easy, judicious control is hard.

Fire is unbridled energy without patience. It is force unbound. And every era finds its own version of it.

The Five Fires

Sun Tzu names five types of fire attack, each with a direct modern analogue:

Burning soldiers in their camp → Disrupting people directly.
- In cyber: targeting individual accounts, identity systems, or human processes.
- In policy: attacking morale or legitimacy through propaganda or sanctions that hit civilians.
Burning stores → Destroying logistics.
- In cyber: supply-chain attacks, ransomware on infrastructure.
- In statecraft: economic blockades or precision strikes on fuel, transport, or data centers.
Burning baggage trains → Breaking the flow of resources.
- In the cloud: DDoS, bandwidth throttling, or disrupting APIs that feed dependent systems.
- In foreign policy: disrupting trade routes or financial systems to strangle supply.
Burning arsenals and magazines → Targeting capability itself. A modern example: the 2014 Sony Pictures hack, in which wiper malware destroyed not only data but also the ability to operate, crippling the company’s digital arsenal and serving as a stark warning about escalation risk. Another hallmark example: Stuxnet (2010), which physically crippled Iranian centrifuges, showing that digital “fire” can leap into the physical world.
- In digital: destroying code repositories, zero-day leaks, and wiper malware.
- In war: targeting industrial bases, weapons stockpiles, or satellite networks.
Burning the enemy’s army → Direct annihilation.
- The catastrophic option, physical or digital scorched earth.

Each carries the same risk Sun Tzu warned of: heat spreads.

America’s Century of Fire
Throughout the 20th century, U.S. foreign policy repeatedly learned and forgot this lesson.

WWII: strategic firebombing of Tokyo and Dresden, the atomic bombings of Hiroshima and Nagasaki, tactically decisive, highly questionable morally.
Vietnam: napalm, Agent Orange – the war’s imagery consumed America’s moral capital as surely as the jungle burned. Devastating to the local population and our own troops.
Desert Storm & Shock and Awe: firepower became performance, televised precision, hiding the longer political firestorm and over-commitment of our resources to highly specious ends.
Sanctions & Cyber: modern equivalents – economic or informational fire meant to distract, mislead, or coerce without bullets, still spreading collateral damage.

Each use of fire achieved an objective, yet each left embers that smoldered for decades.

Sun Tzu would call that victory without wisdom.

Digital Flame

In cyberspace, fire is code that destroys. The world learned this with Stuxnet, NotPetya, WannaCry, and countless destructive campaigns. They burned quietly, jumped borders, and torched billions in collateral damage. WannaCry (2017) swept the globe in hours, crippling hospitals, shipping, and businesses—making clear that digital fires can cause humanitarian consequences.

Cloud fire spreads faster than any fuel; a single misconfigured credential can ignite an entire ecosystem. Because dependencies are invisible, contagion is immediate. A wiper designed for one network cripples dozens more; an exploit posted online becomes a global inferno in hours.

Fire is the easiest attack to ignite and the hardest to contain.

Rules for Using Fire

Sun Tzu’s cautions translate cleanly:

Control the wind. Understand the environment – network topology, public opinion, and global law. Fire turns on those who don’t map their dependencies. NotPetya (2017) began as a targeted disruption but, due to dependencies and lack of containment, rapidly spread worldwide, demonstrating why “controlling the wind” remains critical in cyber conflict.
Use the right conditions. Don’t ignite in drought. If tension is already high, socially and economically, the situation will escalate.
Prepare relief efforts. Have recovery plans before striking. Burn only what you can rebuild. After World War II, the Marshall Plan rebuilt war-torn Europe, demonstrating that post-conflict relief shapes both legitimacy and future stability. In 2021, the Colonial Pipeline ransomware attack forced the rapid restoration of critical infrastructure; companies with effective recovery plans minimized chaos and reputational fallout.
Know the cost of smoke. Collateral damage is visibility: reputational, legal, and diplomatic.
Do not rely on fire to win the war. Fire wins battles but breeds resistance.

In short: destruction without reconstruction is self-immolation.

Morale, Leadership, and Control

A general’s job isn’t only to unleash power; it’s to sustain the will that wields it.
Fire exhausts armies. Soldiers fighting amid smoke need clear purpose, rations, and rest.

Sun Tzu demands that the commander ensure his troops are fed, disciplined, and respected so that they fight even in dire moments.

In modern organizations, the same holds: leaders who push teams through endless “incident fire drills” without rest destroy readiness. Respect sustains endurance.

Discipline without compassion breeds burnout; compassion without standards breeds chaos. Balance is command.

Deception, Propaganda, and Manufactured Heat

Every effective campaign uses perception. Propaganda creates the illusion of fire where there is none, or conceals weakness behind the smoke of strength. The ancient principle survives in every medium: shape belief, shape behavior.

States convince citizens of a constant threat: “War is peace. Freedom is slavery. Ignorance is strength,” and the historical manipulation line, “Who controls the past controls the future: who controls the present controls the past.”
Companies market vulnerability to sell security.
Attackers simulate breaches to force reactions.

Fire doesn’t only burn, it solidifies and blinds. The wise strategist uses deception to conserve energy, not to irreparably manipulate trust.

Never lose sight of this: truth is a finite resource. Burn it, and nothing grows afterward.

Fight Only When Necessary

War, Sun Tzu reminds us, is terrible. Mr. Lee added, “It is well that war is so terrible, or we should grow too fond of it.” That’s the heart of this chapter: the seduction of power. Fire feels decisive, satisfying, purgative. That’s why restraint is the highest discipline.

In cybersecurity, it means choosing containment over retaliation. In policy, it means diplomacy before bombing. In leadership, it implies correction before firing squads of blame.

Every unnecessary blaze consumes future strength.

Calculation Before Ignition

Fire is the last stage of calculation, not the first. The general who wins has already counted everything: fuel, wind, timing, morale, and escape.

In modern form:

Map dependencies before deploying destructive countermeasures.
Assess public and legal consequences.
Coordinate allies and containment plans.
Pre-position humanitarian or restoration resources.

Fire launched without calculation simply becomes arson.

Cybersecurity Playbooks for Fire Scenarios

1. Contain Destructive Malware (Wiper Fire)

Disconnect affected systems immediately.
Activate offline backups; rebuild from clean images.
Communicate fast, silence breeds rumor.
Forensics after containment, not before.

2. Respond to Supply-Chain Fire

Freeze code releases; verify signatures.
Segregate affected components; rotate secrets.
Coordinate public disclosure and patch windows.

3. Counter Disinformation Blaze

Pre-draft communications for false narratives.
Verify sources, issue simple factual statements.
Avoid panic amplification, don’t fuel the fire.

4. Plan for Strategic Retaliation

Establish legal oversight for counter-operations.
Define thresholds: attribution confidence, proportionality, and reversibility.
Keep diplomatic channels open even during the heat.

Fire is part of war, but the goal is to end fires faster than they spread.

Ethics and Aftermath

Fire makes headlines; rebuilding never does. Yet the moral credit of a nation, or a company, depends on what follows destruction, relief, restitution, and transparency, turning survival into legitimacy. The Marshall Plan after WWII showed that true victory is measured by the ability to restore and build anew, not just destroy. Sun Tzu closes this chapter by warning that a commander who burns recklessly endangers his own state.

That warning scales perfectly to global networks: a destructive exploit today may torch tomorrow’s allies.

Bridge to Chapter XIII | The Use of Spies

Once the fire burns out, what remains is smoke, which conceals movement. Which leads us back to our opening principle: “When you use fire to attack, you must be prepared for the wind.” Next: how to “see without burning” or, the art of intelligence, deception, and misdirection on the modern battlefield. (Think Operation Fortitude, the WWII deception that enabled D-Day by fooling the enemy without a shot being fired.) Sun Tzu ends his book not with force but with intelligence. He knew that knowledge prevents the need for fire in the first place.

“After the flames, gather information from the ashes.” The next and final lesson, The Use of Spies, is about seeing without burning, learning through observation, infiltration, and trust. Fire wins battles; intelligence prevents wars.

Food Is Not a Feeling: Rethinking Nutrition as a Tool for Consistency and Performance

Most people don’t have a nutrition problem; they have a perspective problem.

They’re not making poor food choices because they don’t know better. They’re making them because food has become emotional, reactive, and inconsistent. It’s comfort. It’s control or lack of it. It’s a celebration. It’s punishment. Worse still, it may be a genetic issue. And that is often the one that is least talked about. Often, almost every fitness “influencer” or goofy “guru” just tells everyone who will listen that they just need more or less of (fill in the blank). Given the particular and foundational nature of thetopic, 99% of influencers and “online fitness coaches” do their best to cram everyone into the same box.

And that’s the first thing we need to dismantle.

The Problem: Food Has Been Taught as Reward, Not Resource

We’re told from a young age that food is earned. Or to “earn your calories.” That it’s something you deserve when you’ve worked really hard, “been good,” or achieved something meaningful. Now, in some ways, that can be true, but it makes much more sense that, after all this time, we shouldn’t treat it like some sort of mood regulator.

Stress = snacks
Sadness = sugar
Boredom = bites
Hard workout = “reward meal”

But if you’re trying to feel, think, move, and live better—whether in training or just day-to-day—then food should support those goals. Emotions fluctuate, but your system for eating can remain steady.

A More Useful Lens: Food as a Support System

This isn’t about becoming robotic or clinical. It’s simply about building stability.

If you train, work, and live with intention, then food is one of your daily support tools. It’s not a treat. It’s not a cheat. It’s structure.

That means:

You eat when your body needs fuel.
You eat with an understanding of what’s coming next.
You repeat meals that work.
You build rituals around consistency, not emotion.

It’s how professionals eat. Not rigid. Not joyless. Just consistent, and you can do it, too.

What This Looks Like in Practice

We’ve covered this info a few times, but it bears repeating:

A consistent breakfast with protein, fiber, and hydration (not just a dose of caffeine and chaos and you’re out the door).
A post-workout meal that supports recovery, not emotional relief.
Default/backup meals when you’re too tired to think.
Less “what am I in the mood for?” and more “what supports what I’m doing today?”

For example, my go-to breakfast is eggs, oats, and berries. I repeat it most mornings because it works for me. Again, not robotic, just straightforward, easy to maintain, offers lots of flavor combinations, and is a simple, logical way to handle your food for the day.

You’ll find plenty of room for flexibility later. But not if you’re always reactively eating.

ACTION CHALLENGE:

Track what you eat for 3 days, but not just what, also why. Each time you eat, note what prompted it.

Was it hunger?
Boredom?
Social pressure?
Stress?
Fatigue?

You’ll be shocked by how often it has nothing to do with performance or physical need.

Coach’s Corner:

Start small. You don’t need the perfect meal plan; you need a few solid defaults.
Emotion is part of eating, and sometimes, comfort eating is okay. But it can’t be the foundation.
If your day feels chaotic, your nutrition shouldn’t add to that chaos. It should bring structure.

Suggested reading: “The Hungry Brain” by Stephan Guyenet
One of the best deep dives into the biology of eating behavior, hunger, and food decision-making.

Key takeaway: The more you can separate food from mood, and link it to your daily needs, the more empowered and consistent you’ll become, no guilt, no perfection required.

A great life = persistence > perfection.

Zen and the Art of AWS Security Domain 2 | Incident Response | Moving Decisively Without Panic

There’s another saying in martial arts that belongs here:

“Precision is the byproduct of preparation.”

Most people imagine incident response as chaos, alarms blaring, dashboards lighting up, people scrambling to “do something.”
AWS sees it differently.

In AWS, incident response is not about reacting fast. It’s about responding correctly because the thinking has already been done.

This is why Incident Response is Domain 2 on the AWS Security Specialty exam.
Detection tells you something happened. Incident response determines whether that moment becomes a lesson…or a catastrophe.

If Detection is awareness, Incident Response is discipline.

1. AWS’s Philosophy of Incident Response

AWS assumes something most organizations don’t like to admit:

You will be breached.

Not because you failed, but because distributed systems, human behavior, and adversaries guarantee it eventually.

So AWS builds incident response around four principles:

Prepare before you need to respond
Automate wherever possible
Contain first, investigate second
Preserve evidence at all times

Case in Point: In 2020, an AWS customer discovered malware on an EC2 instance. Rather than terminating the instance immediately, they isolated it and used AWS Systems Manager to collect forensic data and take a snapshot for later analysis. This preserved critical evidence, helped identify the attack vector, and enabled a safe recovery. This demonstrates why AWS incident response stresses containment and evidence preservation over knee-jerk actions.

The exam does not reward heroics. It rewards process.

If an answer involves “quickly log in and manually fix things,” it’s usually wrong.

AWS prefers:

playbooks
isolation
snapshots
automation
reversible actions

Calm beats clever. Repeatable beats reactive.

2. The Incident Response Lifecycle (AWS’s Mental Model)

Every AWS incident response scenario maps to this flow:

Detect
Contain
Investigate
Eradicate
Recover
Improve

The exam often hides this structure inside long scenarios. Your job is to recognize which phase you’re in.

Most trick questions exist because candidates skip straight to step 4.

AWS almost never does.

3. High-Value AWS Services for Incident Response

This is not a list of tools, it’s a map of intent.

AWS Systems Manager | The Hands

Used for:

isolating EC2 instances
running commands safely
patching during response
gathering forensic data

Exam model:
If you need controlled access without SSH → Systems Manager.

Exam pattern callout: If the question asks about controlled access to EC2 without SSH or managing instances at scale, think Systems Manager.

One-line summary: Systems Manager gives you safe, auditable access, even when credentials are compromised.

AWS Lambda | The Reflex

Used for:

automated containment
GuardDuty-triggered responses
account-level actions

Exam model:
If the response must be immediate and automated → Lambda.

Exam pattern callout: If the scenario mentions automated containment or event-driven response, Lambda is your go-to.

One-line summary: Lambda lets you respond at machine speed, eliminating delays that attackers exploit.

Amazon S3 (with versioning & immutability) The Evidence Locker

Used for:

forensic artifacts
logs
snapshots

Exam model:
If evidence integrity matters → S3 + versioning + encryption.

Exam pattern callout: If evidence integrity or chain of custody is a concern, S3 with versioning and encryption is the answer.

One-line summary: S3 is your evidence locker, versioned, encrypted, and built for forensic preservation.

EC2 Snapshots & AMIs | The Time Machine

Used for:

forensic analysis
rollback
investigation without touching live systems

Exam model:
If the instance is compromised → snapshot first, analyze later.

AWS IAM | The Circuit Breaker

Used for:

disabling credentials
rotating keys
applying SCPs during containment

Exam model:
If credentials may be compromised → reduce blast radius immediately.

Security Hub | The Command Table

Used for:

tracking response status
correlating findings
documenting remediation

Exam model:
Security Hub doesn’t respond; it coordinates.

Exam pattern callout: If the question asks about centralizing findings, orchestrating response, or tracking incident status, Security Hub is the answer.

One-line summary: Security Hub coordinates your response—ensuring nothing slips through the cracks.

4. Exam Patterns That Matter (This Is Where Points Are Won)

Pattern #1 | Containment Always Comes First

If the question asks:

“What should you do first?”

The answer is almost never “analyze.”

It’s:

isolate the resource
revoke credentials
stop data exfiltration

Pattern #2 | Do Not Destroy Evidence

Deleting instances, logs, or resources is almost always wrong.

AWS prefers:

snapshots
copies
forensic isolation

Pattern #3 | Automation > Manual Actions

If you see:

repeated incidents
time-sensitive threats
scale mentioned

Choose:
Event-driven automation

Pattern #4 | Least Privilege During Chaos

AWS exams love scenarios where responders accidentally make things worse.

Correct answers:

temporary roles
scoped permissions
reversible actions

5. The Human Factor: Panic Is the Real Vulnerability

Incident response fails more often due to psychology than tooling.

Attackers rely on:

urgency
fear
confusion
authority pressure

This is social engineering at scale.

Historically, the same dynamics show up in crisis response:

rushed decisions
overcorrections
irreversible actions taken “just in case”

AWS incident response philosophy actively resists this.

Preparedness replaces adrenaline.
Playbooks replace improvisation.

In martial terms:
You don’t speed up , you slow down.

And paradoxically, that’s what makes you faster.

6. The Martial Parallel: Calm Is a Weapon

In training, you learn this early:

If your breath is shallow, your vision narrows.
If your vision narrows, you miss openings.
If you miss openings, you cannot be counter-offensive, and you get hit.

Incident response is the same.

Detection creates awareness.
Response tests composure.

Your tools don’t save you.
Your preparation does.

7. Closing: Responding Without Becoming the Incident

AWS does not reward panic. The exam doesn’t either.

Domain 2 is about proving you can:

think in sequences
protect evidence
contain damage
recover deliberately
and learn without blame

Security without pessimism continues here.

Not with fear.
Not with force.

But with prepared calm.

Detection lets you see the punch coming. Incident response determines whether you step aside…or swing wildly, only making it worse.

AWS incident response is about calm, not heroics. Playbooks, automation, and containment turn chaos into clarity. That’s how you turn a breach into a lesson, not a catastrophe. Preparation and composure, not improvisation, win the day in the cloud.

The Art of Cyberwar | Part XI | The Nine Situations

The principles: Begin by seizing something which your opponent holds dear; then he will be amenable to your will.

…Concentrate your energy and hoard your strength.

The principle on which to manage an army is to set up one standard of courage which all must reach.

Whoever is first in the field and awaits the coming of the enemy will be fresh for the fight. – Sun Tzu

Context and Purpose
Sun Tzu’s Nine Situations maps the kinds of ground and circumstance a commander can face – from favorable positions to trap-laden ground. Each situation demands a different posture: sometimes you press; sometimes you withdraw; sometimes you wait. The lesson is tactical discrimination: don’t treat every fight the same.

In the modern world, those “situations” are organizational states: besieged systems, fleeting windows of access, deep entrenchment, overextended operations. Knowing which box you’re in changes everything you do next.

Leadership and Morale: The Human Center
Before tactics, a note about people. Sun Tzu insists that a general must know his soldiers. That’s not a platitude; it’s an operational fact.

Morale is intelligence: exhausted teams miss indicators, fail to follow playbooks, and make desperate mistakes.
Leadership is maintenance: rotating shifts, realistic on-call expectations, paid recovery time after incidents, and clear chains of command preserve discipline.
Respect plus standards: treat your people with dignity and hold them to standards. Leniency breeds sloppiness; cruelty breeds silence. Both are fatal.

A leader who ignores morale loses the fight long before the enemy arrives. That’s as true for an infantry company as for an incident response roster.

Deception and Perception Management
Sun Tzu: All war is based on deception. In practice, that means shaping what the opponent and the population believe.

Information operations: propaganda, curated narratives, and coordinated messaging have always been instruments of power. Orwell’s line, “We have always been at war with Eastasia,” is a cautionary parable about manufactured consensus.
Modern analogue: in cyber, deception shows up as honeypots, false telemetry, and misinformation campaigns; in statecraft, as narratives that create vulnerability or strength where none objectively exists.
Ethical frame: defenders use deception for detection and deception to raise the cost for attackers (e.g., canary tokens). Democracies must guard against the weaponization of truth at home; businesses must avoid misleading stakeholders.

Deception works because humans fill gaps with a story. Control the story; you alter the field.

Fight Only When Necessary
Sun Tzu and Mr. Lee agree: war is terrible; fight sparingly. The principle is simple: act only when the expected gain exceeds the cost.

Cost-calculation is non-negotiable: time, attention, capital, reputational risk.
In cyber: a public takedown, a disclosure, or active defense escalation must be measured against downtime, legal exposure, and adversary escalation risk.
In policy: interventions must have clear exit conditions and sustained domestic support. If you cannot sustain it, don’t start it.

Discipline supersedes impulse.

“If the Enemy Leaves a Door Open, Rush In” to Follow the Energy
Sun Tzu’s pragmatic injunction to exploit openings is simple: when an opponent’s guard falls, capitalize immediately. In fighting, it’s like watching for your opponent to drop their hands or go for a spinning attack; in security, it’s a window of opportunity for decisive action.

Cyber example (defense): detect a lateral movement attempt and immediately isolate the segment, block the credential, and pivot forensic capture. The quicker the isolation, the smaller the blast radius.
Cyber example (offense/emulation): when a red-team discovers a misconfiguration, follow the chain-of-trust to map further exposures before the window closes.
Business/policy: when a competitor shows strategic weakness (supply disruption, PR crisis), acting quickly with a measured offer can consolidate position. But always have your logistics in place; quick gains that can’t be held are hollow.

Following the energy multiplies the effect, but only if you’ve done the work beforehand to sustain the ground you’ve gained.

The Nine Situations, Condensed & Modernized:

Dispersive ground – you’re among your people; maintain cohesion.
Cyber: internal incidents; prioritize comms and transparent leadership. (e.g., during the 2021 Log4Shell crisis, organizations that communicated quickly and openly with their teams contained risk more effectively.)
Facile ground – easy ground, many exits; avoid traps of complacency.
Cyber: dev/test environments misused as production; lock and audit.
Contentious ground – disputed control.
Cyber: contested supply chains; prioritize integrity of build pipelines.
Open ground – mobility advantage.
Cyber: cloud-native agility, move quickly, but instrument heavily. (Example: When a vulnerability like Heartbleed emerges, organizations that can rapidly update and redeploy cloud resources while monitoring all endpoints gain a decisive edge.)
Intersecting ground – convergence of routes/partners.
Cyber: shared services; segregate trust boundaries and enforce SLAs.
Serious ground – stakes are high; commit only with full readiness.
Cyber: critical infrastructure; assume regulation and public scrutiny.
Difficult ground – constrained movement.
Cyber: legacy stacks; carve compensating controls and minimize exposure.
Hemmed-in ground (trapped) – the enemy can encircle.
Cyber: breached islands due to vendor lock-in; prepare out-of-band recovery. (e.g., during the NotPetya outbreak, companies with alternate vendors or recovery paths minimized downtime, while others suffered prolonged outages.)
Desperate ground – fight with everything; no other option.
Cyber: blind-fire incident with full emergency playbook; declare crisis, invoke war-room, use all hands.

Each situation requires a plan in advance, not improvisation in the heat of chaos. For those new to Sun Tzu: dispersive ground means your own territory, open ground is the public cloud, and hemmed-in ground is where your options are tightly constrained.

Prescriptive Playbooks (Operational Guide)
Below are short playbooks, or practical checklists, you can paste into an incident binder.

A. Besieged System (Hemmed-in/Trapped Ground)

Isolate affected segments (network ACLs, VLANs).
Enable out-of-band admin (jump boxes, console access).
Invoke containment RTO/RPO playbook.
Engage legal & communications.
Stand up a dedicated recovery team; rotate shifts.
After action: root cause, patch, and inventory third parties.

B. Fleeting Access (Open/Facile Ground)

Capture forensic snapshot immediately (memory, session tokens).
Harvest IOC, block indicators at perimeter.
Perform rapid threat hunting to see lateral movements.
Patch/vault credentials, revoke tokens.
Debrief and harden the vector.

C. Retreat & Reconstitute (Dispersive/Retreat Scenario)

Execute planned fallback to secondary infrastructure.
Verify backups and boot from immutable images.
Communicate to stakeholders with controlled cadence.
Rebuild in clean environment; stage verification before full restore.

D. Stronghold Defense (Steep/High Ground/Serious Ground)

Minimize human access; require jump hosts & MFA.
Immutable logging to secure audit trails.
Periodic red-team tests; continuous monitoring.
Harden supply lines: vendor SLAs, redundancy, and a tested DR plan.

E. Rapid Exploitation (If a Door Opens)

Pre-authorize small rapid-response teams for exploitation windows.
Legal/ethics checklist signed off on in advance.
Capture intelligence, seal pivot paths, and convert to defense artifacts (detections, blocks).

Each playbook starts with people: assign roles, cap on-duty hours, and rehearse quarterly.

Final Thought: Calculation, Culture, and the Necessity of Restraint
Sun Tzu’s closing insistence, calculate before battle, remains the core discipline. The leader who wins has already counted costs, supply, morale, and terrain. The one who loses discovers those facts mid-fight.

That brings us back to the principles that opened this chapter:

Seize what the opponent holds dear: not for theater, but to create leverage and force predictable reactions.
Concentrate energy and hoard strength: preserve focus, avoid waste, and don’t spend force just to feel decisive.
Set one standard of courage: culture must hold under pressure, or your best playbooks become paper.
Be first in the field and wait: preparedness buys calm, and calm buys time – it’s the rarest advantage in crisis.

In cyber and statecraft, the rule remains unchanged: prepare, preserve people, exploit opportunities, deceive judiciously, and fight only when victory is likely and sustainable. As Robert E. Lee warned, “It is well that war is so terrible, otherwise we should grow too fond of it.” So only fight when you have no other option. When you do fight, move decisively, use the force necessary to end the threat, and leave no doubt in your opponent’s mind so they will never make that mistake again.

New Year’s Day: The Moment Between Who You Were and Who You’re Becoming

There’s a quiet, almost sacred moment in the days around the New Year, a pause between what’s behind you and what’s ahead.

A moment when the noise drops, the pace slows, and you can finally hear yourself think.

This is the place where growth actually happens. Not in the fireworks, not in resolutions shouted into the void, but in the stillness where you decide, honestly and without ego, who you want to be in the year ahead.

Before we talk about goals, habits, or protocols, take one breath and look back at the year you lived.

Not with judgment. With gratitude.

You made it through things you didn’t plan for and didn’t ask for.
You showed up on days when the last thing you wanted was responsibility.
You trained when you were tired, worked when you were stretched thin, and grew in ways you didn’t see happening in real time.

You earned wisdom this year, through effort, mistakes, repetition, and resilience.

Before stepping forward, be sure to honor what got you here.

What the Old Year Teaches Us (If We Let It)

Every year leaves you with lessons, most of which don’t announce themselves loudly:

You learned what drains you and what restores you.
You learned who adds to your life and who subtracts from it.
You learned which habits pull you closer to the person you want to be, and which ones drag you away.
You learned exactly how strong you can be when you don’t have a choice.

And if the year felt heavy? Good. Heaviness can teach, build, and help you reveal what’s real.

Gratitude doesn’t erase difficulty, but it can help you reframe it.

The Catalyst: Where Reflection Meets Action

Reflection is where wisdom is found. Action is where progress is made.

And New Year’s Day is the catalyst between the two, the moment you get to carry forward everything that served you and release everything that didn’t.

The turning of the calendar doesn’t magically transform you. It simply provides a precise date to keep measuring from.

It’s not a “new version” of yourself, just a more consistent one.

The New Year Activation Protocol

Your blueprint for the next 30, 60, and 90 days. These are the habits that actually move the needle.

These aren’t resolutions. They’re behaviors and behaviors build identity.

No more, “New year, new me!” Nonsense.

1. Choose Your Anchor Habit

Start with one non-negotiable daily action you can sustain even on your busiest days:

20-minute walk
Protein at every meal
10 minutes of mobility
15 minutes of reading each night before bed
One short lift session – make it 10-20 minutes to help get the ball rolling if you have to

Your anchor habit becomes the spine of your discipline.

2. Clarity Over Motivation

Motivation is a spark, but sparks fade fast. Discipline and clarity are your compass.

Define your goals in behaviors, not wishes:

No: “I want to lose weight.”
Yes: “I’m hitting my protein target daily.”

No: “I want to get healthier.”
Yes: “I’m sleeping 7-8 hours per night (and make the necessary changes to make it happen) and 15-20 minute walk daily. ”

Specific. Measurable. Repeatable.

3. Identity-Based Goals

Willpower is unreliable. Discipline is consistent.

Decide:

“I am someone who trains.”
“I am someone who eats with intention.”
“I am someone who gets up when life knocks me down.”

Then act in alignment, chasing persistence, not perfection.

4. Protein, Hydration, Sleep – the Unbreakable Trio

Forget New Year fads. These three change everything:

30–40g protein per meal
2–3L water per day
A sleep routine (sleep hygiene) that doesn’t involve doom scrolling – think reading…a book, that’s not on your phone!

These give you strength, recovery, mental clarity, emotional bandwidth, and energy.

5. The Rhythm → Not the Rush

Don’t sprint into January. Build a rhythm you can maintain into February, March, and beyond.

Your goal isn’t intensity, it’s consistency. Next thing you know it will be January of 2027.

Why This Year Will Be Different

Because this year, you’re not chasing perfection. You’re choosing persistence and consistency in your decision-making.

You’re not rewriting or “redefining” yourself, you’re simply refining yourself. You’re not waiting to feel ready. You’re starting *now* with small, steady, confident decisions.

This is the year you build momentum quietly, relentlessly, and intentionally.

And by the time you look up, you’ll be further along than you expected, not because you changed who you are, but because you committed to who you’re becoming.

Final Note – person to person

You don’t owe the world a reinvention this year. You owe yourself consistency.

Be thankful to yourself for showing up.
Be thankful to yourself for putting in the effort.
Be thankful to yourself for your strength, discipline, humor, humility, and humanity.

On the Lunar calendar, this is the Year of the Fire Horse. In Chinese tradition, the Fire Horse isn’t about luck or superstition; it’s about momentum. It’s about energy that moves forward on its own. Strong, independent, and restless in a good way. The kind of year that rewards people who are relentlessly moving forward and who enjoy the process.

So don’t rush. Just keep moving with a purpose. Do the work that matters to you. Build your momentum quietly and simply let it compound.

Keep fueling your fire and honoring your desires. May this New Year be steady and strong, full of the kind of momentum you earn, protect, and carry with you everywhere you go.

Happy New Year, my friend. Let’s make it count.

And remember: at midnight, open the back door to release the old year and whatever hardships came with it. Then open the front door to welcome the new year in, inviting luck, health, and fresh starts.

And be sure to wish your neighbors Athbhliain faoi mhaise duit!

Onward and Upward!

Zen and the Art of AWS Security | Domain 1 | Detection

Domain 1: Detection – Hearing and Seeing Clearly in the Cloud

There’s a saying in martial arts that applies perfectly to cloud security: “Awareness prevents more fights than strength.”

Most people think security begins with blocking, encryption, denial, and restriction. But AWS and attackers know differently. The real starting point is detection. You can’t defend what you can’t see, and you can’t respond to what you never noticed.

This is why Detection is Domain 1 on the AWS Security Specialty exam. Not because it’s the most technical topic, but because every other domain depends on it.

Identity, data protection, incident response, and infrastructure security all collapse the moment visibility disappears. In the cloud, as in combat, clarity is the highest security control.

1. AWS’s Philosophy of Detection

AWS designs detection around a core assumption: You cannot rely on perimeter security in a distributed, API-driven system.

Instead, AWS builds around three principles:

Every meaningful action must generate a log. Not optional. Not “best effort.” Mandatory.
Threat detection must be continuous and automated. The cloud moves faster than human reaction time.
Context matters more than isolated events. A single API call means very little.
A pattern of calls can mean everything.

The exam tests whether you understand this mindset—not whether you memorized service names.

Once you internalize the philosophy, the questions stop feeling tricky. They start feeling predictable.

2. Core Detection Services – What They Do & Why AWS Tests Them

Below is the high-value, exam-relevant, no-fluff breakdown of AWS detection services, explained the way AWS expects you to reason about them.

AWS CloudTrail – The Source of Truth, Telling You Who Did What

CloudTrail records:

Who made the request
When it occurred
From where
Against which service
And the result

If a question mentions API activity, auditing, investigation, or root cause, the correct answer almost always includes:

CloudTrail enabled
centralized log storage (S3)
encryption (SSE-KMS)
optional CloudTrail Insights for anomalies

Exam mental model: If you’re reconstructing events, start with CloudTrail.

Case in point: In 2019, Capital One suffered a major data breach in their AWS environment. Investigators traced the attack using CloudTrail logs, which revealed how a misconfigured firewall and stolen credentials allowed unauthorized access. This incident underscores why robust detection and logging aren’t just about passing the exam; they’re essential for real-world defense and forensic investigation.

CloudTrail isn’t just a checkbox when breaches happen; it’s often the first and last line of forensic defense.

AWS Config – The Historian Letting You Know What Changed?

Config tracks:

configuration changes
compliance drift
deviations from approved baselines

If the question mentions misconfiguration, continuous compliance, governance, or drift, the answer is:

AWS Config
Config Rules
Aggregators (for multi-account visibility)

Exam pattern callout: If a question mentions misconfiguration, compliance drift, or unexpected changes, AWS Config is usually the answer.

Exam mental model: If something shouldn’t have changed, but did, Config already knows. Config is your early warning system for risky changes, catching drift before it becomes a compromise.

Amazon GuardDuty – The Sentinel Letting You Know “If Anything Is Behaving Abnormally

GuardDuty detects:

anomalous IAM behavior
malicious API usage
compromised EC2 instances
suspicious network activity
data exfiltration indicators

It is:

agentless
continuously running
driven by AWS threat intelligence

If the question mentions anomaly, unexpected behavior, suspicious activity, or threat intel, the answer is almost always: GuardDuty

Exam pattern callout: If the question mentions anomaly detection, threat intelligence, or suspicious behavior, GuardDuty is the right choice.

Exam mental model: When AWS wants you to detect weirdness, choose GuardDuty.

GuardDuty’s findings are your heads-up display—if it’s alerting, pay attention before a minor issue becomes a major breach.

Amazon Detective – The Investigator, Tells You Why Things Happened

Detective correlates:

CloudTrail
GuardDuty
VPC Flow Logs

…into a graph-based model showing relationships between events.

If the question mentions:

root cause analysis
investigation
relationships between actions
tracing an incident timeline

The answer likely includes: Detective

Exam pattern callout: For root cause analysis, investigation, or connecting actions across services, Detective is the answer.

Exam mental model: GuardDuty alerts you. Detective explains it.

Detective is your investigation toolkit, connecting the dots when the story isn’t obvious from a single log or alert.

AWS IAM Access Analyzer – The Boundary Checker

Access Analyzer identifies:

unintended public access
unintended cross-account access
overly permissive resource policies

If the question involves:

S3 exposure
IAM trust policies
KMS, ECR, or EKS access
cross-account risk

Answer: Access Analyzer

Exam pattern callout: If the question involves S3 exposure, overly permissive policies, or cross-account access, think Access Analyzer.

Exam mental model: Resource policy exposure = Access Analyzer.

Access Analyzer is your reality check, proactively surfacing risky permissions before the wrong person finds them.

AWS Security Hub – The Fusion Center

Security Hub:

aggregates findings
normalizes severity
provides centralized visibility

It pulls from:

GuardDuty
Inspector
IAM Access Analyzer
Macie
custom sources

If the question says “centralized findings”, “single pane of glass”, or “consolidated security view”, the answer is: Security Hub

Exam pattern callout: If the question asks about centralized findings, “single pane of glass,” or consolidated security data, Security Hub is the answer.

Exam mental model: Security Hub does not detect. It collects.

Security Hub is your security operations dashboard where all findings converge for centralized action.

3. Detection Exam Patterns – These Score You Points Quickly

AWS exam writers love pattern recognition.

Memorize these:

“Who did what?” → CloudTrail
“Unexpected behavior” → GuardDuty
“Investigate a finding” → Detective
“Cross-account exposure” → Access Analyzer
“Continuous compliance” → Config
“Centralized visibility” → Security Hub

These patterns alone solve a large percentage of Domain 1 questions.

4. Detection Is the Art of Paying Attention

Detection is not about tools. Tools amplify awareness; they don’t replace it.

Attackers understand this. That’s why social engineering works: it hijacks attention.

Propaganda uses the same mechanism:

control attention
shape perception
influence behavior

Detection in AWS is the defensive inversion of that logic:

Expand awareness → clarify perception → prevent escalation.

Detection isn’t about catching bad actors. It’s about not being surprised.

In martial arts, that’s everything. If you anticipate the strike, the strike no longer matters.

5. The Martial Parallel: Awareness Before Technique

Technique without awareness is empty.

You can block perfectly, but only if you can see or feel the strike coming.

You can counter cleanly, but only if you read the motion correctly.

In AWS:

CloudTrail is your eyes.
Config is your memory.
GuardDuty is your instincts.
Detective is your reasoning.
Access Analyzer is your boundary sense.
Security Hub is your situational awareness.

Without awareness, technique becomes panic. With awareness, technique becomes effortless.

6. Closing: The Quiet Strength of Clear Insight

Detection is the least glamorous domain.

No firewalls to tune.
No keys to rotate.
No dashboards that make you feel heroic.

And yet, everything depends on it.

A well-architected detection strategy:

eliminates blind spots
accelerates incident response
surfaces misconfigurations early
strengthens identity boundaries
anchors governance

On the exam, clarity is the deciding factor.

Domain 1 rewards candidates who pause, breathe, and reason, rather than react.

Security without pessimism begins here:

See clearly.
Think clearly.
Move deliberately.

Obviously, the detection process isn’t paranoia. It’s awareness of what’s going on in your environment. And awareness is where security and mastery begin. Detection isn’t just an exam topic; it’s the first line of defense in every real cloud breach.

Verification & Citations Framework (Leave No Doubt)

Authoritative AWS Sources Used for The AWS Security Specialty (SCS-C03)

Domain 1 Detection:

AWS CloudTrail Documentation
Amazon GuardDuty Documentation
AWS Config Documentation
Amazon Detective Documentation
IAM Access Analyzer Documentation
AWS Security Hub Documentation

Verification Checklist:

Services mapped to AWS exam guide Domain 1
Descriptions align with AWS documentation language
Mental models reflect AWS exam question patterns
No unsupported claims or third-party assumptions

Change Awareness Note:
AWS services evolve. Always confirm current feature behavior against official AWS documentation prior to exam or implementation.

The Art of Cyberwar | Part X | Terrain

The principles:

“The natural formation of the country is the soldier’s best ally; make use of it to your advantage.”

“When the general is weak and without authority; when his orders are not clear and distinct; when there are no fixed duties assigned to officers and men, and the ranks are formed in a slovenly haphazard manner, the result is utter disorganization.”

“The general who advances without coveting fame and retreats without fearing disgrace, whose only thought is to protect his country and do good service for his sovereign, is the jewel of the kingdom.” — Sun Tzu

Ground First

Sun Tzu makes a simple demand: know the ground on which you stand.

The proper ground turns disadvantage into leverage. The wrong ground turns strength into exposure. Terrain is not merely soil; it is topology, logistics, law, culture, and architecture. In the modern world, it includes cloud regions, compliance borders, identity planes, and network topology. Choose well, and the fight often narrows into something you can actually win.

This is not an abstract chapter. It’s a practical one.

If you’ve ever seen a breach unfold, you’ve witnessed terrain deciding outcomes in real time: attackers rarely “win” because they are stronger; they win because they enter through easy ground, move through poorly observed corridors, and reach valuable systems before defenders can orient.

The defender’s job is to resist. It is to shape the ground, so the adversary’s best options become expensive, loud, or impossible.

Types of Terrain – What They Feel Like, What They Demand

Sun Tzu names a wide variety of ground. In practice, the terrain we face, militarily, digitally, and politically, collapses into recurring patterns: open, narrow, steep, encircled, and expansive.

Each demands a distinct strategy. Each punishes a different kind of arrogance.

Open Ground – Fast, visible, unforgiving

Open ground is where you can be seen.

In war, it is flat land with no cover: movement is easy, concealment is costly, and discipline decides whether speed becomes an advantage or panic. Detection and clean maneuvering are important because contact is constant.

In cybersecurity, open ground is your public-facing surface area: internet-exposed services, public APIs, external portals, and remote access entry points. This is not where you want complexity. You want ruthless simplicity, fewer doors, fewer endpoints, fewer exceptions, paired with strong telemetry. Frameworks like the CIS Controls and NIST CSF explicitly prioritize inventorying and minimizing public-facing assets—making clarity and control here a universal best practice.

Open ground is also where deception works best. Decoys, false signals, and baited paths can pull an enemy out of position. In cyber, honeypots and canary tokens do the same: they invite movement into visibility and turn curiosity into evidence.

Real-world case: In 2021, the Microsoft Exchange Server vulnerabilities (ProxyLogon) exposed thousands of organizations’ email systems to the internet. Attackers rapidly exploited unpatched, public-facing assets—demonstrating why CIS Controls and NIST CSF stress the importance of inventory and minimizing the external attack surface.

Open ground isn’t “unsafe.” It’s honest. It shows you what you built.

Narrow Ground – Chokepoints, bridges, legacy stacks

Narrow ground is where everything funnels.

In military history, chokepoints decide battles because geometry becomes force. A smaller army can hold a larger one, not by being stronger, but by limiting the enemy’s options. Just think of the legendary last stand of Leonidas and the Battle of Thermopylae.

In cyber and cloud, narrow ground is often the infrastructure everyone relies on and no one wants to touch: legacy integrations, VPN tunnels, identity gateways, brittle on-prem choke points, systems tied to modern workflows by thread and habit. They become bridges. Bridges become targets.

If you harden one thing this quarter, harden your chokepoints, segment around them. Add compensating controls. Increase logging where applicable. Treat narrow terrain as sacred because when it fails, everything behind it is exposed. The MITRE ATT&CK framework’s focus on lateral movement and privilege escalation highlights why chokepoints must be secured and closely monitored.

Mini-case: The 2021 Colonial Pipeline ransomware attack targeted a single VPN account—an overlooked chokepoint with no multi-factor authentication. This breach underscores the criticality of securing and monitoring privileged access pathways.

Martial principles show up cleanly here. Wing Chun teaches that in close range, cutting angles and superior structure become everything. Trapping is about denying your opponent options. Narrow terrain does the same: it constrains movement and penalizes sloppy positioning.

Steep Ground – Visibility and defensibility, limited mobility

Steep ground is an advantage you must maintain.

High ground offers visibility and defensive leverage, but you don’t sprint on it. Movement becomes deliberate. Once you lose it, regaining it costs more than taking it did.

In cyber/cloud terms, the “steep ground” is where you place your crown jewels: production enclaves, privileged access vaults, critical logging pipelines, backup infrastructure, and identity governance, zones with strict access controls, immutable logs, and minimal pathways. NIST Special Publication 800-53 and CIS Controls both emphasize layered defenses and strong separation for critical assets, reinforcing the need for deliberate, hardened environments.

These environments should feel “steep” to anyone moving through them, including your own staff. That friction is the point. Steep terrain ensures enforcement of control.

Industry example: Major cloud providers routinely isolate customer data and management functions in highly restricted “steep ground” zones, applying controls from NIST SP 800-53 and CIS to prevent lateral movement and ensure containment if a breach occurs.

In Jiu Jitsu, this is akin to mount or back control: you don’t rush to snatch up a submission. You stabilize, isolate, and apply pressure through position and then finish. The defender who gets impatient on steep ground usually falls off it.

Encircled Ground – When you risk being surrounded

Encircled terrain is where isolation becomes lethal.

In war, encirclement breaks supply lines, erodes morale, and forces rash decisions. In cyber, encirclement often begins as “convenience” and ends as captivity: vendor dependencies, brittle third-party integrations, shadow IT no one owns, “critical” workflows held together by one person’s tribal knowledge.

The danger is that encirclement rarely feels dramatic at first. It feels normal until you need to restore. Until a vendor is down. Until the contract becomes leverage. Until the only admin is on PTO and the incident is already in motion.

Encircled ground demands exits: recovery paths, out-of-band access, air-gapped backups, and playbooks that restore connectivity without improvisation. CIS Control 11 and the NIST CSF Recovery Function both emphasize the importance of tested backup and recovery plans, as reliance on a single vendor or system is a strategic vulnerability.

Recent headline: In the wake of the 2022 Okta breach, organizations that relied exclusively on one identity provider faced business continuity risks. Those with tested out-of-band recovery and contractual exit clauses, as recommended by CIS and NIST, were able to restore operations more quickly.

If you don’t have those, you don’t have resilience. You have hope.

Expansive Ground – Flat, wide, tempting for overreach

Expansive terrain invites ambition. It also hides risk.

Movement feels easy because there’s “room,” but oversight drops as the supply lines lengthen. This is how empires, and cloud estates, collapse: not from one failure, but from accumulated, ungoverned territory.

In cyber, expansive ground is sprawl: dozens of cloud accounts, multiple providers, endless permissions, duplicated tools, integrations stacked on integrations. Sprawl isn’t evil. It’s simply unmanaged terrain.

Expansive ground demands scalable governance: infrastructure-as-code policies, automated compliance, continuous asset inventory, and hard limits on “just one more integration.” Otherwise, you end up “owning” too many things to defend any of them properly. Both NIST CSF and the CIS Controls call for continuous asset management and automated enforcement to keep sprawl in check.

This is where adversaries thrive, inside your noise.

Example: Several high-profile breaches, including Capital One (2019), were linked to sprawling cloud environments where asset management and policy enforcement lagged behind rapid deployment. This highlights why NIST CSF and CIS Controls call for continuous inventory and automated governance.

Choosing the Ground – Offense Through Selection

A leader’s first tactical choice is where to fight. Good generals choose terrain that favors their force and punishes the enemy’s approach. That’s a decision, not a reflex.

In cybersecurity, this is how you win before the breach: place valuable services behind hardened, observable layers and force attackers into monitored choke points. Make lateral movement steep. Make privilege escalation loud. Make time and friction the price of progress.

In cloud architecture, it refers to trust zones and least-privilege boundaries that govern movement, much as terrain shapes an army’s movement. If an adversary wants access, they must climb and be exposed while doing it.

In foreign policy, it means choosing diplomatic and economic levers rather than landing zones that stretch logistics and public support. Sometimes the “terrain” is public will. Sometimes it’s alliance cohesion. Sometimes it’s your economy. Burn those, and you’ve lost the campaign even if you win the first clash.

Choosing ground is an active defense. It doesn’t surrender initiative; it shapes the enemy’s options.

This is where martial deception becomes a strategy. A feint isn’t a lie, it’s an invitation. In Wing Chun, you draw the reach, trap the limb, clear the line, and strike at the same time. In Muay Thai, you show the jab to invite a teep to sweep the leg. In Jiu Jitsu, you offer the submission attempt you’re prepared to counter. Terrain selection works the same way: you present what looks like access, but what you built is a corridor of control.

Leadership, Discipline, and Knowing Your Soldiers

Sun Tzu insists a general must know his troops. That’s leadership in a sentence.

A leader’s indecision, ego, or poor communication is as lethal as bad geography. Poor leaders over-commit, under-communicate, or ignore warnings. They treat friction as disobedience and clarity as optional. That is how organizations drift into the “slovenly haphazard” disorder Sun Tzu warns about: plenty of tools, no coherence.

Discipline matters. Soldiers and engineers, treated with respect but held to standards, perform under pressure. Leniency breeds sloppiness; cruelty breeds silence. Both are operational risks.

Know your teams: strengths, fatigue thresholds, and tempo. Rotate duty. Limit emergency hours. Maintain training. In cloud and cyber, this includes on-call limits, respect for sleep, post-incident retrospectives, and psychological safety to report near-misses before they become incidents.

Morale shows up earlier than metrics. Leaders build the culture that sustains long campaigns.

Calculation Before Battle – The Work of Winning

Sun Tzu elevates calculation above impulse: the commander who measures many variables before engagement usually wins; the one who does not, loses.

This calculation is methodical: map terrain, count supplies (capacity), estimate enemy options, and plan contingencies.

In cyber, that means knowing your attack surface, understanding threat actor patterns, identifying likely pivot points, and building tested response runbooks. Rehearse, not because you expect a breach, but because you refuse to improvise under duress.

In the cloud, this entails calculating blast radius, recovery objectives, and the cost of complexity relative to the cost of resilience. It also means choosing fewer tools and mastering them, because every new platform is a new terrain you must defend.

In policy, it means calculating costs in treasure, trust, and time. Private-sector analogs are attention, capital, and brand.

Winning is the product of preparation. You cannot improvise a viable posture in a crisis.

Specific Strategies by Terrain – Practical Moves

Open ground: prioritize speed and detection; keep public assets to a minimum; deploy decoys and canaries; monitor aggressively. (CIS Controls 1, 7; NIST CSF Identify & Protect).
Narrow ground: enforce access controls and logging; funnel traffic through audited gateways; validate identity aggressively. (MITRE ATT&CK, NIST CSF Detect)
Steep ground: design immutable environments and strict separation; place critical controls in high-ground enclaves with minimal human pathways. (NIST SP 800-53, CIS Control 13)
Encircled ground: ensure out-of-band recovery, air-gapped backups, manual admin paths; maintain contractual exit clauses with vendors. (NIST CSF Recovery, CIS Control 11)
Expansive ground: prune and consolidate; adopt infrastructure-as-code policies and automated compliance; set hard limits on new integrations. (CIS Control 1, NIST CSF Asset Management)

Every choice reduces the opponent’s options and preserves the defender’s leverage. In practice, aligning terrain strategies with proven frameworks isn’t bureaucracy; it’s how you translate doctrine into daily operations.

Parallels: Rome, Corporations, and Nations

Rome didn’t fail because it was weak; it failed because it could no longer pay for its expansion. The pattern repeats: a leader mistakes reach for control, stretches supply lines, and forgets the home base.

In business, over-expansion without integration kills cash flow and culture. In policy, interventions without sustainable objectives are hollow support. In cyber, growth without governance turns territory into liability.

The remedy is the same: select advantageous ground, keep logistics tight, and honor the limits of what you can sustain.

Closing: Ground, People, Calculation

Terrain teaches humility. It forces honesty about supply lines, political will, and human limits. Leaders must select ground that fits their forces, know their people well enough to deploy them without breaking them, and calculate relentlessly before contact. The best strategy isn’t the loudest; it’s the one most rigorously mapped to the ground and standards that define your domain.

Sun Tzu’s point is blunt: the general who prepares wins because he has already made many small victories before the first clash. The rest simply discover, too late, what the ground beneath them already knew.

The Next Step: Situations Reveal the Ground

Sun Tzu ends this chapter the way a good fighter ends an exchange: not with noise, but with control.

Terrain is not merely where you fight; it is what the fight allows. It determines which tactics are available, which movements are costly, and which victories are possible without incurring blood, bandwidth, or morale costs. The wise commander doesn’t “try harder” on bad ground. He changes the angle, changes the conditions, and shapes the enemy’s options.

Muay Thai does it with ring craft: take space, cut off exits, force exchanges where your strikes land cleanly. Jiu Jitsu does it with: position, then control, then submission, and sometimes with a ruthless setup: allowing the opponent to chase the submission you expected, only to counter when they overextend.

Terrain works the same way. Choose it well, and you’re not only defending but shaping the enemy’s approach until their “attack” becomes the opening you built the environment to reveal.

That leads us directly back to the principles that opened this chapter:

“The natural formation of the country is the soldier’s best ally; make use of it to your advantage.” Because once you understand the ground, you stop fighting the fight the enemy wants, and start forcing the battle they cannot win.

And when leadership is weak, orders are unclear, and duties are unfixed, the result is exactly what Sun Tzu promised: utter disorganization, not because the enemy was brilliant, but because the ground exposed what was already unstable.

The highest standard remains unchanged: the general who advances without vanity and retreats without fear, whose only thought is to protect his people and do good service, is the jewel of the kingdom.

Bridge to Part XI – The Nine Situations

Terrain teaches you what is possible. The Nine Situations teaches you what to do when possibility collapses into reality, when you’re advancing, retreating, encircled, trapped, deep in enemy ground, or approaching decisive contact.

It is a doctrine of movement under pressure: acting in accordance with circumstances without losing coherence.

You’ve learned how to read the ground.
Next, you’ll learn how to fight on it.

Have A Very Merry Christmas: Staying Strong Through the Most Wonderful Time of the Year

The end of the year doesn’t mean the end of your progress. If you’ve trained hard for twelve months, Christmas isn’t a threat to your goals; it’s the reward for having them.

You don’t need perfection. You need intention.

This season is about joy, connection, celebration, and, yes, great food. Here’s how to honor your momentum while enjoying the holiday the way it’s meant to be enjoyed.

The 3 Holiday Non-Negotiables

Let’s clear one thing up immediately: December is not the month to white-knuckle your way through parties and potlucks. It’s the month to stay anchored to what matters without losing your mind, your friends, or your muscle.

1. Earned Enjoyment > Empty Indulgence

Restriction doesn’t build discipline; consistency does. One plate of your favorite Christmas dinner won’t derail anything. A month of “whatever, who cares?” absolutely will.

The difference is awareness, not anxiety.

Here’s a simple guideline that works for most people:

Build your plate around the foods you genuinely enjoy.
Eat slowly enough to taste it.
Stop when you’re satisfied, not stuffed.

That’s it. No food guilt. No drama. No moral judgment of anyone’s cooking.

Christmas dinner is not a metabolic emergency.

What not to do:

• Don’t “earn” your food with cardio.
• Don’t starve yourself all day to “save calories.”
• Don’t narrate your macros at the table (honestly, no one cares)

What to do:

• Move because it feels good, not because you feel guilty.
• Eat like normal leading up to the feast so you don’t binge from hunger.
• Say “yes,” “no,” or “I’m good, thanks” with zero explanation.

Food is part of the celebration. So is self-respect. You’re allowed to have both.

2. Don’t Skip Lifting, Protein, and Carbs

To channel my inner Jocko:

Traveling? Good.
Schedules scrambled? Good.
Gym hours weird? Good.

Your body doesn’t need perfect conditions; it needs the right signals and the right supply:

Signal:

Any resistance training at all.
20 minutes of bodyweight, bands, dumbbells, hotel gym—whatever you’ve got.
This preserves muscle protein synthesis and keeps neuromuscular patterns active.

Supply:

~30–40g protein + a moderate serving of carbohydrates per meal.
Protein maintains lean mass.
Carbs replenish glycogen and support training, sleep, and recovery.

This combo is one of the most research-supported ways to maintain muscle during chaotic schedules. Protein stimulates muscle protein synthesis for 3-5 hours post-meal, while carbohydrates replenish muscle glycogen and reduce cortisol, both critical when training volume or sleep quality drops.

Two habits. Huge return.

3. Stay Hydrated, Even in Celebration Mode

Holiday cocktails, desserts, and rich foods, enjoy them. Just don’t forget water.

A simple rule that works: One drink? Drink at least one 8 oz. glass of water.

An even better rule: Don’t drink.

Hydration directly affects recovery, digestion, appetite, performance, and whether you wake up feeling human or like you got hit by a truck.

Here’s what most people get wrong: they think the problem is too much food on Christmas. It’s not. The problem is eating like a monk for 3 days before and 4 days after, then binging because restriction always backfires. One great meal won’t hurt you. Seven days of chaos will.

Rituals > Rules

Rules restrict you. Rituals support you. A ritual says, “This is who I am, regardless of the season.”

A few reliable ones:

A family walk before or after the big meal
A 15–20 minute lift or circuit before coffee and gifts
Getting adequate sleep before traveling
A quick protein + fat snack before heading to dinner so you arrive in control, not starving

A rule says “no dessert.” A ritual says “I train before the family meal because it centers me.” One feels like punishment. The other feels like identity.

Rituals reinforce identity. And identity, not willpower, is what keeps people consistent long term.

You’re not someone who “tries to stay healthy.”
You’re someone who trains, eats with intention, and still enjoys Christmas like a sane adult.

Consistency Compounds

Your results don’t come from Christmas Day. They come from what you do the other 364 days.

If you’ve been consistent for 50 weeks and ease up for two? That’s a 94% success rate. You know what a 94% success rate means in any other domain? Elite. Professional. World-class.

But for some reason, people think two weeks of relaxed eating erases a year of work. It doesn’t. Math doesn’t care about your guilt.

If you haven’t been consistent this year? Then let Christmas be a reset, not a regret.

Start small:

Take a walk
Get a lift in (when all else fails, do something as simple as alternating Tabata intervals of bodyweight squats (full ROM!) and sit-ups, in 8 minutes, you’ll be done, it’s really that easy)
Pack a protein shake for travel.
Decide now that January is not “starting over,” it’s continuing forward.

Momentum respects one thing: action. Preferably today.

Final Thought

Fuel your work.

Feed your life.

Let Christmas be a celebration of both. Enjoy the food, the family, the music, the lights, the peace, and the moment.

A merry, strong, and “muscular” Christmas isn’t about rigid rules; it’s about honoring the discipline that got you here and trusting yourself enough to enjoy the holiday without fear.

Merry Christmas to every one of you. Stay strong, enjoy the feast, and remember discipline isn’t what stops you from celebrating. It’s what lets you celebrate without fear.

Security Without the Pessimism | Capstone: The Human Architecture of Resilience

There’s a moment in every incident, and in every life, when things go sideways.
An urgent alert comes in at 2 a.m.
The phone buzzes with something you didn’t want to see.
The room suddenly feels smaller.
Your pulse skyrockets ahead of your ability to reason.

That’s the pivot point.

Not the breach, not the threat actor, not the malware strain. The moment your mind decides whether to rush, freeze, or breathe.

And if the past two decades in cybersecurity have taught us anything, it’s this: The most overlooked control isn’t technical at all — it’s the ability to think clearly under pressure.

You can build the best firewall on earth, layer your identity stack, and lock down every endpoint within reach. But if the wrong person panics at the wrong moment? Your architecture won’t crumble, but your response will.

And the irony is that the same pattern shows up everywhere.
In the gym.
In martial arts.
In American foreign policy across multiple generations.
In corporate culture.
In our personal lives.

Technology changes. Tools evolve.
But human behavior remains the battlefield.

This capstone is about that battlefield, the one beneath all the dashboards and diagrams.
The human architecture of resilience.

Not fear.
Not pessimism.
Not endless warnings.
Just clarity, culture, awareness, and depth.

I. The Calm Before the Click: Thinking Clearly Under Pressure

Cybersecurity professionals often discuss “root cause.”
The CVE.
The misconfig.
The missing patch.
The malicious link.

But if you trace incidents far enough back, you rarely find a purely technical failure.
You find someone who was tired.
Someone who rushed.
Someone is overloaded with tasks, tabs, or alerts.
Someone who clicked before the mind caught up.

Attackers have known this longer than we have.
Social engineering is, at its core, the psychological equivalent of an ambush.
It doesn’t rely on brilliance — it relies on rhythm.
Interrupt someone’s rhythm, and you can make them do almost anything.

History played the same game long before phishing emails existed.

During WWI, the U.S. population had no appetite for a European conflict until the Committee on Public Information mastered message engineering on a national scale.

During Vietnam, selective narratives were used to anchor the Gulf of Tonkin resolution, one of the clearest examples of how urgency overrides discernment.

After 9/11, emotional exhaustion and fear gave the green light to decisions that would shape two decades of conflict, including the push toward Iraq in 2003 on intelligence the government already knew was questionable at best.

The pattern is timeless: pressure → perception drops → people accept what they would normally question.

In cybersecurity, that’s the moment a breach begins. Not when the payload deploys, but the moment someone stops breathing long enough to see clearly.

Martial arts teach this early: when your structure collapses, so does your mind. The fight is rarely won by the strongest, but by the one who stays calm.

Cybersecurity isn’t so different. We need quieter minds, not louder alarms. Consider the Apollo 13 mission: when an oxygen tank exploded in space, it wasn’t advanced technology alone that saved the crew—it was the unwavering composure, clear communication, and problem-solving focus of both astronauts and mission control. Their story remains a testament to the power of preparation, training, and the human spirit under pressure.

Psychological research supports this need for balance: the Yerkes-Dodson Law demonstrates that while a certain level of stress can sharpen performance, too much leads to mistakes and paralysis. It’s not the loudest alarms or the highest stress that produce the best outcomes, but the ability to operate with steady focus under pressure.

II. Security Isn’t a Toolset. It’s a Culture.

This is the part vendors never put in their brochures.
Tools matter, of course they do, but they’re not the foundation.
If a team’s culture is fractured, fearful, or fatigued, the best tool becomes another dashboard no one trusts.

A culture of security is built on three traits: Curiosity. Communication. Psychological safety.

Curiosity is the click buffer. It’s the pause before the action. It’s the “does this feel right?” instinct that catches what technology misses.

Communication is the force multiplier. If people don’t feel comfortable asking questions, you don’t have a security program; you have a façade. The worst breaches happen in organizations where employees believe that reporting something suspicious will get them punished.

Psychological safety is the foundation beneath it all. You cannot build defense through fear.
If people feel judged, they go silent. And silence is where threat actors win.

Across American history, the same dynamic appears at scale. Governments that relied on controlling the narrative rather than fostering transparency created long-term instability.
Nations that punished dissent instead of listening to it made poorer decisions, walked into unnecessary conflicts, or ignored early warnings because no one felt safe raising them.

In cybersecurity, the equivalent is leadership that says: “If you click a bad link, come to us immediately, you’re part of the solution, not the problem.”

Culture isn’t a policy. Culture is what happens when no one is watching.

III. The Invisible Threat: Complacency

Complacency is the enemy that feels like a friend. It arrives quietly. It shows up after long stretches of “nothing happened.” It hides behind phrases like:

“We’ve never had an incident.”
“We’ve always done it this way.”
“Our tools would catch that.”

Every major breach you can name—SolarWinds, Equifax, Colonial Pipeline—roots itself in complacency somewhere: A missed update. An over-trusted vendor. An assumption that the environment was safer than it actually was. The 2013 Target data breach is a sobering example: multiple security alarms were triggered, but critical warnings were overlooked amidst noise and unclear processes. The failure wasn’t just technical—it was cultural and human. True resilience is built not on more tools, but on clear communication, shared responsibility, and organizational discipline.

There’s a parallel here, too, in public psychology. Before WWI, the U.S. believed oceans protected it.

Before the Vietnam War, we believed that superior technology guaranteed strategic clarity.
Before 9/11, we believed asymmetrical warfare couldn’t reach our shores.
Before the Iraq invasion, many believed intelligence agencies couldn’t be wrong.

Every time, familiarity dulled skepticism. Certainty replaced awareness.

Threat actors exploit the same weakness in cybersecurity: When we stop questioning our own assumptions, we hand them the keys.

But the solution isn’t paranoia. It’s presence—the discipline to stay aware without fear, engaged without burning out, and to use quiet periods to strengthen fundamentals rather than relax them.

Martial artists call this “maintaining the white belt mentality.” It’s the idea that no matter how skilled you become, your awareness must remain humble. The strike you don’t see coming isn’t the strongest; it’s the one you assumed wouldn’t land.

IV. Defense in Depth Begins With Humans in Depth

Defense in depth is usually presented as a diagram: Layers. Controls. Policies. Logging. Detection.

But the deepest layer is always the human beings behind the console.

Humans who communicate clearly under pressure.
Humans who don’t panic.
Humans who collaborate instead of silo.
Humans who maintain integrity even when no one is watching.

You can’t automate those traits.
You can only cultivate them.

A resilient team has depth:
Depth of character.
Depth of discipline.
Depth of humility.
Depth of trust.

Leadership plays a massive role here.
A leader who panics creates a cascading failure.
A leader who hides incidents creates blind spots.
A leader who blames creates avoidance.

But a leader who stays calm?
A leader who listens?
A leader who respects the intelligence of their team?

That kind of leadership becomes its own security layer, the kind attackers can’t penetrate.

Martial philosophy applies here beautifully:
The master doesn’t fight everything.
The master knows when not to fight.
The master conserves energy, maintains structure, and remains sufficiently present to move precisely when needed.

That’s cybersecurity at its best. Not a flurry of tools or panic-driven responses. But steady awareness, grounded action, and a team that trusts itself. The response to the Stuxnet worm demonstrated the power of multidisciplinary collaboration: security researchers, government agencies, and private-sector teams worked together to analyze, share intelligence, and adapt rapidly. Their coordinated effort underscores that no single individual or technology has all the answers—resilience is a collective achievement.

V. The Four Pillars of Real Resilience

Looking back across this entire series, four fundamentals keep appearing.

1. Calm

The ability to breathe before acting. Security begins in the mind, not the machine.

2. Culture

Tools help. Culture protects. Culture catches what software can’t.

3. Awareness

Not paranoia, presence. The discipline to question, verify, and stay awake to the world around you.

4. Depth

Technical depth is valuable. Human depth is irreplaceable. Depth fuels resilience in every domain: networks, clouds, teams, and nations.

These aren’t pessimistic ideas. These are empowering ideas. They’re principles that make security feel less like fear and more like clarity.

Threat actors depend on confusion. They depend on fatigue. They depend on people who doubt their instincts.

A calm mind. A strong culture. A present awareness. A deep team.

That’s how you win. Not loudly, but with consistency.

VI. Final Thought: Security Is a Human Practice Before It’s a Technical One

If there’s a thesis to Security Without the Pessimism, it’s this: Security isn’t something we bolt onto systems. It’s something we build into ourselves.

The work isn’t glamorous or cinematic. It’s often quiet, slow, and unrecognized. But it matters, because every decision and moment of awareness contributes to something bigger than any one of us, a culture of resilience.

So here’s the takeaway: You don’t need pessimism to stay secure. You just need presence. You need clarity and people who care enough to pause, communicate, and stay humble.

That’s the foundation of a safer digital world, built one calm, aware, disciplined human at a time.

The Art of Cyberwar | Part IX | The Army on the March

“The Army on the March” — Illustrated for The Art of Cyberwar, Part IX. This artwork evokes the visual language of classical Chinese scroll painting, capturing the essence of Sun Tzu’s Chapter IX with striking thematic fidelity. The scene unfolds in layers across a sweeping golden landscape: tightly ordered battalions march along mountain paths, supply barges cross a winding river, and distant formations assemble beneath the rising sun. Each element reflects the logistical burden, psychological tension, and environmental dependence that define an army deep into foreign territory.
At the foreground, a lone commander on horseback surveys the terrain, flanked by advisors whose varied stances suggest counsel, observation, and caution. His elevated vantage mirrors Sun Tzu’s emphasis on awareness — the practice of reading fatigue, momentum, and environmental signals before they harden into irreversible consequences. The river crossing, perilous and slow, symbolizes the fragility of overextension; the distant city, shimmering beyond the horizon, represents both ambition and the looming threat of exhaustion.
The overall composition blends serenity with strain, grandeur with vulnerability. In doing so, it transforms ancient military wisdom into a timeless reminder for modern strategists: every march requires vigilance, and every expansion carries its cost.

The Principle:

“When you leave your own country behind, and take your army across neighboring territory, you find yourself in a position of dependence on others. There you must watch for signs of strain.”— Sun Tzu

The Signs Before the Fall

Sun Tzu’s ninth chapter is about perception.

Here he shifts from action to awareness. It’s about how a commander reads fatigue, imbalance, and internal decay before they destroy an army from within.

This is not simply a lesson in combat, but more importantly, it’s a lesson in foresight. This is a crucial distinction that often separates a near-flawless victory from a crushing defeat.

Because every empire, every enterprise, every cyber defense effort eventually faces the same drift:

expansion that outruns understanding
momentum that hides exhaustion
ambition that blinds leadership
reach that exceeds resources

Armies break this way.
Companies implode this way.
Nations lose coherence this way.

In martial arts, this is the moment a fighter looks powerful, but their footwork is mis-aligned, the subtle tell of hand movement, the delayed return to guard, or the half-beat of hesitation that usually precedes success but this time leads to being hit.

Sun Tzu teaches us: if you can’t read the signs, you can’t survive the march.

Overreach: The Eternal Temptation

History loves proving this point.

Rome’s legions stretched from Britain to Mesopotamia until it could no longer feed its own frontiers. Britain built an empire “over all seas,” only to watch its overstretched supply lines rot from within.

The United States, victorious after World War II, constructed a global presence so vast that presence itself began replacing purpose.

Sun Tzu warned: The longer the march, the more fragile the army becomes.

Modern America has been marching for generations, militarily, economically, digitally, and each expansion has carried both pride and price.

Corporations experience the same decay. Cloud ecosystems suffer it even faster. What begins as strength, scale, reach, integration, becomes fragility when maintenance exceeds cost-tolerance.

In martial arts, overreach is the fighter who throws too many power shots, chasing a knockout rather than reading the opponent. They exhaust themselves long before the opponent is even breathing heavily.

Strength without pacing is just a longer route to collapse.

The Weight of Infinite Reach

In cybersecurity, overreach becomes complexity collapse.

Each new department adopts a new tool. Each executive demands a new dashboard. Each vendor promises a universal cure.

Suddenly:

no one sees the whole system
logs pile up unread
alerts become background noise
integrations multiply into untraceable webs
dependencies form faster than they can be understood

What once felt powerful becomes paralyzing.

Foreign policy suffers the same rhythm on a grander scale.

WWI.
WWII.
The Cold War.
Korea.
Vietnam.
Bosnia
Iraq.
Afghanistan.

Each began with a clean, confident objective. Most devolved into attrition, mission creep, and moral fatigue. It can confidently be argued that mission creep began with WWI, but that’s a conversation for another time.

Sun Tzu would summarize it simply: When the troops are weary and the purpose uncertain, the general has already lost.

In BJJ, this is the fighter who scrambles nonstop, burning energy on transitions without securing position. Sometimes, not even needing to scramble or change position, but hasn’t trained long enough to even know that.

In boxing, it’s the puncher throwing combinations without footwork. The fighter simply stands in place, wondering why his punches never land.

In Kali, it’s the practitioner who commits too aggressively, losing awareness of angles and openings.

The march becomes too long.
The lines become too thin.
And collapse becomes inevitable.

Business: The Corporate Empire Syndrome

Businesses suffer the same fate as empires.

Growth attracts attention. Attention fuels pressure to expand. Expansion becomes compulsive.

Suddenly, the company is chasing:

ten markets
ten products
ten strategies
ten “high-priority” initiatives

Each of these demanding its own “army.”

The parallels to national instability are perfect:

Expansion without integration
Strategy scaling faster than understanding.
Leaders mistaking size for stability.

Eventually, the weight becomes unsustainable.

The company can no longer “feed the army.”
Costs rise.
Culture cracks.
Purpose fades.

What killed Rome wasn’t the final battle; it was the slow erosion of balance across its territory.

Most businesses die the same way, and so do most digital ecosystems.

In Wing Chun, this is the collapse of structure, the moment you can see a fighter trying to do too much, forgetting the centerline, being everywhere except where they need to be.

Overreach is always invisible until it isn’t.

The Modern March: Cyber Empires and Digital Fatigue

Our networks are the new empires.

Every integration is a border.
Every API is a supply line.
Every vendor is an ally whose failure becomes your crisis, and you can never plan for when that crisis comes.

Cloud architecture multiplied this exponentially.

Organizations now live everywhere and nowhere at once.

Sun Tzu’s image of an army dependent on supply lines maps perfectly to modern digital infrastructure:

Multi-cloud systems
SaaS sprawl
CI/CD pipelines with invisible dependencies
Third-party integrations with inherited vulnerabilities

When visibility fades, risk multiplies. When dependencies become opaque, consequences become catastrophic.

A company that cannot trace its supply chain of code is like an army that has lost its map.

One outage.
One breach.
One geopolitical tremor.

And the entire formation can buckle.

We call this “scalability.”
Sun Tzu would call it: Marching too far from home.

Reading the Dust Clouds

Sun Tzu taught his officers to read subtle signs:

dust patterns revealing troop movement
birds startled into flight
soldiers’ voices around the fire
the speed of camp construction
the tone of marching feet

Modern versions of those signs are just as revealing:

Escalating ‘critical’ alerts no one addresses
Morale fading under constant pressure
Defensive posture maintained through inertia
Strategies repeated because they worked once, not because they work now
Partners showing hesitation before they show defection

In WWI, the Lusitania offered one of the clearest “dust clouds” in modern history.

Germany declared unrestricted submarine warfare. British intelligence knew passenger liners were targets. The Lusitania was warned. The U.S. was warned. Even the ship’s cargo, which included munitions, made it a predictable target.

Yet the warnings were dismissed.
The signs were clear.
The perception failed.

And America’s reaction, too, was predictable; a “neutral nation” was pushed closer to war by a tragedy entirely foreseeable. Some might argue that certain American politicians sought to force the US into the war. Again, that’s a discussion for another time.

Sun Tzu’s maxim remains timeless: The first to lose perception always loses position.

The Cost of Endless Motion

Overextension rarely appears dramatic at first.

It looks like success:

revenue rising
troops advancing
dashboards expanding
integrations multiplying

Then the consequences arise:

fatigue
erosion
misalignment
burnout
doubt

You begin fighting just to justify how far you’ve marched.

In cybersecurity, this is the company chasing every vulnerability without fixing their architecture.

In foreign policy, it’s the nation fighting endless “small wars” that collectively cost more than stability ever would.

In boxing, it’s the fighter who keeps moving forward until they walk into exhaustion, not a punch.

In Kali, it’s the flow practitioner who adds complexity until their movement becomes noise rather than intent.

Sun Tzu warned: An army that has marched a thousand li must rest before battle.

Modern systems rarely rest. We only measure uptime, not wisdom.

Restraint as Renewal

The answer isn’t retreat, it’s an informed, measured rhythm.

Knowing when to:

advance
consolidate
recover
regroup
reconsider the terrain

Strategic restraint is not weakness. It is self-preservation.

Rome could have lasted longer by fortifying fewer borders. Corporations could thrive longer by protecting focus instead of chasing scale. Nations could endure longer by strengthening their homeland defenses before ever wasting a single dime projecting power abroad.

Sun Tzu’s art was never about conquest. It was about sustainability.

Victory without stability is just defeat on layaway.

Awareness in Motion

Awareness is the antidote to overreach.

It requires honest measurement:

what’s working
what’s weakening
what’s cracking
what’s already lost

It requires humility: no army, business, or nation can move indefinitely without rest.

In cybersecurity, awareness is visibility.
In leadership, it’s listening.
In foreign policy, it’s simply remembering.

Awareness doesn’t stop momentum. It calibrates it.

It’s the half-beat between breaths that keeps the system alive.

Bridge to Chapter X | Terrain

Sun Tzu ends this chapter by looking outward again.

Once you’ve learned to read fatigue, imbalance, and decay within, the next step is to read the environment beyond.

The internal determines how you survive the external.

Which returns us to the opening principle: When you leave your own country behind…you find yourself in a position of dependence on others.

An army on the march teaches us to see ourselves. Chapter X Terrain teaches us to read the world:

its obstacles
its openings
its deception
its opportunities
its traps

Awareness of self means little without awareness of landscape. That’s where the next battle begins.