Tag: The Art of Cyberwar

The Art of Cyberwar | Part II | Let Your Great Object Be Victory

The principles:
“In war, let your great object be victory, not lengthy campaigns”…because “There is no instance of a country having benefited from prolonged warfare.”
— Sun Tzu, The Art of War, Chapter II

The Art of Cyberwar -- Part II -- Be Wary of Lengthy Campaigns

Historical precedent demonstrates that nations failing to adapt are often used as cautionary examples. Despite significant resources, the United States has not yet overcome this strategic challenge.

From Vietnam to Afghanistan, the United States has exemplified Sun Tzu’s warning by conflating endurance with strength and persistence with strategy. When military presence supersedes the objective of victory, campaigns extend beyond their intended purpose, resulting in significant human and material costs.

The Illusion of Victory

Following President George H. W. Bush’s declaration on March 1, 1991, that the United States had overcome the ‘Vietnam syndrome,’ national sentiment was celebratory. The Gulf War was conducted rapidly and with precision, widely broadcast as evidence of renewed national confidence. The conclusion of the Cold War was perceived as a triumph for democratic governance.

However, this perceived redemption represented a recurrence of previous strategic errors. The primary lesson of Vietnam—the futility of engaging in conflict without a defined objective—remained unheeded. Demonstrating rapid military success led to neglect of the risks associated with protracted engagements lacking clear victory conditions or exit strategies.

In subsequent decades, this hubris manifested in new conflicts. The invasions of Iraq and Afghanistan were initially framed as missions of defense and liberation, but evolved into prolonged operations characterized by strategic inertia. Between January 1968 and January 2022, the United States expended approximately $41 trillion on regime-change wars, supporting unstable governments, and reconstructing nations without explicit local consent.

When the conflict concluded in Kabul in August 2021, the resulting images closely resembled those from Saigon in 1975: helicopters evacuating personnel, abandonment of allied partners, and governmental collapse returning control to the previously ousted regime.

Two wars. Two generations. One unlearned truth:

“Contributing to maintain an army at a distance
causes the people to be impoverished.”

The resulting impoverishment extended beyond material losses to include diminished clarity, discipline, and strategic purpose.

The Cost of Long Wars

Sun Tzu recognized that prolonged conflict leads to internal deterioration. Geographic and temporal distance not only depletes resources but also impairs strategic perception.

Extended campaigns obscure strategic objectives and make it difficult to define victory when mere survival becomes the primary focus.

This confusion often results in a detrimental shift from strategic planning to operational maintenance.

The Cyber Parallel

A similar pattern is evident in contemporary cybersecurity. Prolonged defensive operations manifest as alert fatigue, excessive expenditures, and staff burnout. Continuous patching, monitoring, and incident response create an environment of persistent engagement. While terminology evolves, the underlying strategic mindset remains unchanged.

Cybersecurity teams often become engaged in repetitive activities, addressing recurring issues through marginally varied approaches without achieving lasting resolution.

This situation represents the cybersecurity equivalent of protracted military engagements, often referred to as ‘forever wars.’ Effective leaders, including Chief Information Security Officers (CISOs), recognize the importance of strategic restraint.

It is neither feasible nor advisable to attempt to defend all assets indiscriminately. The primary objective is not comprehensive awareness but rather targeted precision.

Security efforts should prioritize critical assets and aim to resolve threats efficiently rather than sustain ongoing conflict.

“The leader of armies is the arbiter of the people’s fate.”

Within organizational contexts, this leadership role may be assumed by a security architect, team leader, or any individual responsible for directing security resources. The fundamental responsibility remains the protection of the enterprise.

Victory Over Attrition

The primary cost of protracted conflicts, whether conventional or digital, is cumulative exhaustion. Achieving victory requires recognizing the appropriate moment to cease operations, consolidate gains, conduct assessments, and facilitate recovery.

Regardless of the domain, whether physical or digital, conflicts that lack a definitive conclusion cannot be considered genuine victories.

Once again, highlighting the timeless nature and importance of imbibing this story’s principles: “In war, let your great object be victory, not lengthy campaigns…”
because “There is no instance of a country having benefited from prolonged warfare.

Rep after Rep — Easy Day

Don’t no rep me

When I first wrote this, I wasn’t chasing promotions or algorithms. I was just trying to keep showing up to train, to learn, to get a little better each day. Back then, “rep after rep” was more than a training mantra. It was a way to stay grounded when progress felt invisible.

The hardest part wasn’t physical. It was the repetition, the daily grind that felt endless. Whether I was refining form under the barbell or troubleshooting code that refused to run, the challenge was the same: staying patient when nothing seemed to move forward.

Some days you make the lift. Some days the lift makes you. But the point is always to come back tomorrow.

At some point, I stopped expecting each session, physical or mental, to feel like a breakthrough. The breakthrough was the habit itself. The more I showed up, the more the process began to reveal patterns: what worked, what didn’t, and how small adjustments compound over time.

In strength and in cybersecurity, consistency is the quiet multiplier. Each drill, each review, each run-through, one more rep toward mastery.

That same mindset carries through everything I do now — training teams, hardening systems, or writing content. I don’t chase perfect outcomes anymore. I look for steady iterations. A little tighter form. A cleaner line of code. A stronger policy.

That’s how resilience is built, not simply through intensity, but through consistency.

Progress doesn’t shout. It stacks. And one day, you realize the work that used to test you has become the warm-up.

Training for the day:

7 mins of:

7 Banded Sumos

7 Banded bodyweight squats w/moderate band

7 Calf raises

+

A. Back Squat 10, 10,10,10; rest 2/2:30 – 10 RM-ish

B1. Heels elevated air squats x 10 x 3; rest :10

B2. RDL w/an empty bar, sweep away — lumbar focus x 15 x 3; rest 1

C. SL RDL stability, unloaded x 10 x 3; — 5 per leg; rest 1

+

10min alt EMOM:

20 Step-ups – 10 per

15 push-ups

Martial skill work — 5 x 5 min rounds of Z2-Z4 striking, upper push/pull bodyweight movements in trapping/grappling range, and take down defense/sprawling/working underhook escapes et cetera.

Today in my world of Linux and pentesting I worked on building out an Active Directory Lab and worked on the initial attack vectors when attacking an AD based system. Things like LLMNR Poisoning, Capturing NTLMv2 Hashes with Responder, Password Cracking with Hashcat, LLMNR Poisoning Defense, SMB Relay Attacks, Discovering Hosts with SMB Signing Disabled, Start SMB Relay Attack Defenses, & Gaining Shell Access.

Current affairs:

We Got Him (Again, and Again, and Again): On the Latest ISIS Takedown In a Long Line of American Military Actions by Andrew Bacevich

Virginia Supreme Court throws out challenge to Youngkin mask order

Bombshell Proof The ATTACK On Joe Rogan Is Politically Funded! This Is Deeper Than Spotify!

Boom: Rumble offers Joe Rogan $100M to leave Spotify…

And of course, the twat waffle who is Jonah Goldberg, is returning to his roots.

水滸傳
The Outlaws of the Marsh