Acknowledgments

No book about defending the digital world is the work of one author, because defense itself is never the work of one person. It is the product of a community that has spent decades learning, in public and at cost, how to keep systems safe — and then giving that knowledge away. This book stands on that community's shoulders, and these pages are an attempt to repay a debt that can only ever be passed forward.

Our deepest thanks go to the standards bodies and primary-source organizations whose careful, unglamorous work is the backbone of modern defense. The National Institute of Standards and Technology (NIST) — whose Cybersecurity Framework and Special Publications (800-53, 800-61, 800-63, 800-207, and many more) are quoted, paraphrased, and relied upon throughout this book — has given the field a shared, rigorous, and freely available foundation that few other disciplines enjoy. MITRE transformed how defenders talk about adversaries with the ATT&CK knowledge base and the CVE program. The Center for Internet Security (CIS), through its Controls and Benchmarks, turned "harden your systems" from a slogan into a checklist anyone can follow. The Open Worldwide Application Security Project (OWASP) made application security legible to a generation of developers and defenders, and gave it away for free. CISA, the PCI Security Standards Council, the authors of the ISO/IEC 27000 series, the IETF and its RFC authors, and the cloud providers who publish their security guidance openly — every one of them made this book possible and made the field safer than it would otherwise be.

We are indebted to the broader security community: the researchers who disclose vulnerabilities responsibly, the blue teams and incident responders who share their hard-won lessons in conference talks and write-ups, the threat-intelligence analysts who publish their findings, and the countless practitioners who answer questions on mailing lists, forums, and late-night chat channels for no reward but a stronger collective defense. Much of what a working defender knows was never written in a textbook; it was handed down, peer to peer, by people who remembered what it was like not to know.

A special acknowledgment is owed to the open-source defensive-tooling community. The maintainers of the packet analyzers, network security monitors, SIEM and log pipelines, detection-rule formats, forensic toolkits, and the many Python libraries this book leans on have built, for free, the instruments that let small teams defend large estates. The bluekit toolkit you assemble in these pages is a small tribute to that ethos: tools you can read, understand, adapt, and own.

We thank the educators, mentors, and authors who came before — the people who wrote the books that taught us, ran the courses that shaped us, and modeled what it means to teach a hard subject honestly. The decision to release this book under a Creative Commons license, free for anyone to read, adapt, and build upon, is a direct continuation of their generosity. Education in this field should not be gated behind a paywall when the stakes are this high.

Finally, to the defenders themselves — the SOC analysts who work the overnight shift, the engineers who harden the systems no one thanks them for, the GRC professionals who read the regulations everyone else avoids, the responders who run toward the breach, and the leaders who fight for the budget before the incident rather than after — this book is written for you and because of you. The work is hard, often invisible, and absolutely essential. If these pages help one more person do that work well, the debt is partly repaid.

Any errors that remain are the author's own. Corrections, improvements, and contributions are warmly welcomed in the spirit of the license this book is released under — defense gets better when it is shared.