Part I: Security Foundations
"An attacker needs one person to slip; defenders need layers that hold even when someone does."
A phishing email nearly took down Meridian Regional Bank on an ordinary Tuesday. It did not look sophisticated — it looked like a DocuSign request a loan officer opens forty times a day — and it failed for a boring reason: a hardware security key she could not be tricked into bypassing. That single morning is the whole discipline compressed into one story, and it is where this book begins. Before you can architect a network, harden a server, or run an incident response bridge at 2 a.m., you need the vocabulary and the mental model that everything else hangs from. Part I builds that foundation.
This part exists because security has a vocabulary problem and a thinking problem. People say "threat" when they mean "vulnerability," "risk" when they mean "scary thing," and "we're secure" when they mean "we bought a firewall." A defender cannot afford that imprecision. When you write a risk-register row, brief a board, or triage an alert, the words have to mean exactly one thing — and that meaning has to point at a decision. So we start with the core vocabulary (threat, vulnerability, exploit, risk, asset, control), then the people who attack and why, then the principles that turn vocabulary into engineering, and finally the cryptography that underpins nearly every control you will ever deploy. By the end of Part I you will think in terms of risk rather than fear, and you will see every later control as the answer to a concrete danger rather than a checklist item handed down from nowhere.
The throughline of these five chapters is the asymmetry at the heart of the field: attackers need to be right once; defenders need to be right every time. That asymmetry is not a reason for despair — it is the design constraint that justifies defense in depth, monitoring, and an incident-response capability. We assume failure on purpose. Every layer is built as if the one in front of it has already been breached. Learn to see the world this way and the rest of the book becomes obvious; skip it and everything later reads as disconnected tools.
What you will learn
- Chapter 1 — What Is Cybersecurity? Distinguish threat, vulnerability, exploit, and risk with practitioner precision; understand why the attack surface has exploded; and compute a first risk score (likelihood × impact) to decide what to fix first.
- Chapter 2 — The Threat Landscape. Categorize threat actors by motivation and capability; trace an intrusion end-to-end with the cyber kill chain and MITRE ATT&CK; and map every attacker move to a defensive opportunity.
- Chapter 3 — Security Principles. Apply the CIA triad, AAA, least privilege, separation of duties, and defense in depth; classify controls by type and function; and meet the zero-trust mindset you will design for in Chapter 32.
- Chapter 4 — Cryptography Fundamentals. Choose between symmetric and asymmetric encryption, hashing versus encryption, and reason about key sizes, entropy, digital signatures, and the PKI that binds identity to keys — while avoiding the crypto mistakes that sink real systems.
- Chapter 5 — Applied Cryptography. Walk the TLS 1.3 handshake, choose VPN and disk-encryption technologies, manage the certificate lifecycle (and HSMs), and spot weak TLS configurations in the wild — defensively.
Advancing the Meridian program
Part I lays the program's cornerstone. In Chapter 1 you scope Meridian's environment, build the first asset inventory, and write the opening row of its risk register. Chapter 2 adds a threat model and actor profile so the bank knows who it is defending against. Chapter 3 erects the control-framework skeleton — the taxonomy every later standard will slot into. Chapters 4 and 5 establish Meridian's encryption and data-protection standards (algorithms, key sizes, in-transit and at-rest requirements), the bedrock for PCI-DSS and GLBA obligations you will formalize in Part VI. In the bluekit toolkit you will write your first modules: riskcalc.py (risk scoring), threatmodel.py (kill-chain mapping), controls.py (control classification), and cryptutil.py (hashing, HMAC, entropy). These are the seeds; everything else grows from here.
Prerequisites
None. This is the front door. Chapter 1 assumes no security background; later chapters in the part build strictly on the ones before them (Chapter 5 depends on Chapter 4's crypto vocabulary, and Chapter 3 leans on the threat framing of Chapters 1–2). Read Part I in order, and read it before anything else in the book — every other part assumes this vocabulary and these principles as given.
Time investment
| Chapter | Title | Estimated hours |
|---|---|---|
| 1 | What Is Cybersecurity? | 5–6 |
| 2 | The Threat Landscape | 5–6 |
| 3 | Security Principles | 5–6 |
| 4 | Cryptography Fundamentals | 6–7 |
| 5 | Applied Cryptography | 6–7 |
| Part I total | 27–32 |
Budget more time on Chapter 4 if cryptography is new to you — the math is medium-intensity and practical, but the concepts repay slow reading. SOC-track readers can move quickly through the crypto internals and focus on Chapters 1–3; engineering-track readers should linger on Chapters 3–5.
Where this leads
With the vocabulary fixed, the threat actors named, the principles in hand, and cryptography demystified, you are ready to defend something concrete. Part II takes these foundations to the wire — the networks where most attacks live, and the controls that watch and shape the traffic.
Chapters in This Part
- Chapter 1: What Is Cybersecurity? Threats, Vulnerabilities, Risk, and Why Everything Is Under Attack
- Chapter 2: The Threat Landscape: Who Attacks, Why They Attack, and How Attacks Actually Work
- Chapter 3: Security Principles: CIA Triad, Defense in Depth, Least Privilege, and Zero Trust
- Chapter 4: Cryptography Fundamentals: Encryption, Hashing, Digital Signatures, and PKI
- Chapter 5: Applied Cryptography: TLS, VPNs, Disk Encryption, and Securing Data in Transit and at Rest