Survivability Engineering

1. Part 1: Risk Assessment
2. Part 2: How To Talk About Security Risk
3. Part 3: AI and the New Tech
4. Part 4: Threat Modeling with Reality
5. Part 5: Chaos and Red Teaming
6. Part 6: Surviving Reality

Security Brutalism Under Real Conditions

1. Part 1: Introduction
2. Part 2: The Framework
3. Part 3: Knowing What You Have
4. Part 4: Building the Program
5. Part 4.5: Scoping Confidence
6. Part 5: The Active Layer and Agents
7. Part 6: Starting from Zero
8. Part 7: Where This Goes Next

About

Survivability Engineering is the security discipline of designing systems to keep functioning, absorb damage, and recover fast.

I’ve been working in the security field for over 25 years across nearly every area. In that time, I’ve seen how security programs often break down when they meet real-world conditions. The problem usually comes down to a missing assumption: no matter what we do, compromise is always possible. What the architecture promises, what the controls report, and what we believe to be true often diverge from what is actually happening on the ground.

Security survivability engineering focuses on building systems that continue to function when things go wrong. This blog explores how to design with failure in mind, measure true resilience, and close the gap between what your security program claims and how it performs under stress. The goal is not to prevent every attack, but to understand how long systems remain in a failed state and to continuously reduce that time.