jump to navigation

MY LATEST BOOK RELEASED! “The Science of Security” May 16, 2026

Posted by Chris Mark in cyberespionage, cybersecurity, Industry News, InfoSec & Privacy, Laws and Leglslation, Piracy & Maritime Security, Risk & Risk Management, security, security theater.
Tags: , , , , , , , , , , ,
add a comment

Announcing Scientia Securitatis: The Science of Security

After 34 years across nearly every security domain that exists — armed physical security at an overseas critical installation, combat force protection, security in a regional hospital’s psychiatric ward, payment-card industry compliance, armed maritime contracting off the East African coast, and a return to enterprise cybersecurity that has occupied the past decade — I have written the book I wish someone had written when I started.

Scientia Securitatis: The Science of Security — Theory, Frameworks, and Practice is available now.

The gap this book is intended to fill

The security profession does not lack books. Walk into any bookstore, scan any conference vendor floor, search any retailer’s security category, and you will find more material on cybersecurity, physical security, risk management, military theory, criminology, intelligence analysis, and organizational resilience than any single practitioner could read in a career. The field is overwhelmed with information.

What it lacks is integration.

Each security domain has developed its own vocabulary, its own frameworks, its own bestsellers, its own consultants. Each domain — when traced carefully to its analytical roots — is reaching for the same underlying concepts the next domain over named differently. Practitioners in physical and cybersecurity are working on the same analytical problems and rarely speak to one another. When they do, they discover that they have been duplicating each other’s work for decades.

Scientia Securitatis is an attempt to make that recognition the starting point of professional practice rather than an accident a few practitioners stumble into late in their careers.

What’s in the book

The book runs to 525 pages across 11 chapters and three appendices. It develops four original analytical frameworks:

  • The Mark Heptad — a taxonomy of seven adversary motivations (financial, espionage, war/defense, facilitation, hacktivism, revenge, nuisance) that maps directly to deterrence strategy
  • The IMCM Framework — Ignorance, Mistake, Complacency, Malice — for classifying human-induced vulnerabilities and matching them to specific interventions
  • The DIVE Framework — Direction, Intensity, Vulnerability, Exposure — for assessing specific exposure surfaces
  • The Multiplicative Security Model — the mathematical basis for defense-in-depth, with implications for how security architecture should actually combine

These original frameworks sit within a broader analytical apparatus drawn from criminology (Cohen and Felson’s Routine Activity Theory, Cornish and Clarke’s Twenty-Five Techniques of Situational Crime Prevention), cognitive science (Kahneman and Tversky on judgment under uncertainty), military theory (Sun Tzu, Clausewitz, contemporary unrestricted warfare doctrine), and systems-safety scholarship (James Reason’s Swiss Cheese Model, Charles Perrow’s normal-accident theory).

The book also examines — and critically engages — the victim-blaming reflex that dominates post-incident analysis, drawing on the foundational criminological literature on victim precipitation and contemporary case studies including Equifax, OPM, Target, and Snowflake.

A note on the Latin title

Scientia Securitatis translates as “the science of security,” and the choice was deliberate. The Latin signals that the book engages security as a serious analytical discipline whose intellectual roots long predate the cybersecurity industry’s tendency to treat its problems as historically unprecedented. The phenomena security examines are ancient; the framework for studying them rigorously has been available since at least the mid-20th century. The book argues that practitioners have, with rare exceptions, declined to use it.

Who this book is for

This book is for the practitioner who has noticed that decades of escalating security investment have not produced proportional security gains, and who wants to understand why. It is for the security executive building defensible programs across multiple domains. The policy professional confronting unrestricted warfare doctrine. The risk and compliance leader who suspects that frameworks alone are not stopping sophisticated adversaries. The graduate student approaching security as an analytical discipline rather than a job category.

It is not a tactical handbook. It is not a configuration guide. It is the analytical apparatus that determines whether tactical choices are well-made — the apparatus the field has been operating without.

Where to get it

Scientia Securitatis: The Science of Security is available now on Amazon in eBook, paperback, and hardcover formats:

Scientia Securitatis

If you find the book useful, please consider leaving a review. Self-published analytical nonfiction lives and dies by word-of-mouth among the practitioners it was written for — and a thoughtful Amazon review from a working professional is worth more to other professionals than any amount of marketing.

— Chris Mark

Random Thoughts On Piracy Summit (I have to talk about guns a little ;) May 1, 2012

Posted by Chris Mark in Industry News, Piracy & Maritime Security, Risk & Risk Management.
Tags: , , , , , , , ,
add a comment

In reflecting upon the Piracy Europe even in Hamburg that I attended last week, I was struck by a few things that were said and proposed.   The speakers were generally very good although the material is getting a bit old at this point.  With piracy at near 2007 levels, security vendors are scrambling to convince shipping companies that they are still needed.  Selling on Fear, Uncertainty, and Doubt (FUD) seems to be the new way of business development.

With regard to the security vendors, there appeared to be two distinct perspectives on how to stop pirates.  Neither seemed appropriate.  One company had a rep get up and show a picture of himself with a Barrett .50 cal SASR (special application scoped rifle) (shown in the pic above with the very skilled, handsome and smart USMC Sniper..yeah its me).  The intimation was that if you have larger guns, you have more ‘firepower’ and thus better security.  This is a very simplistic way of thinking about security and demonstrates one of the challenges of maritime security.  Security is not about technology…it is about people, strategies, and tactics.  Tools (such as weapons) are useful but only if employed correctly.  You can read the whitepaper “weapons and tactics in the prevention of piracy” here. This “goons with guns” approach was not well received and quite frankly, I felt it perpetuated what the attendees think of American security…knuckle-dragging, goons with guns. Blackwater is alive and well in the minds of most of those who attended the event. (more…)

SAMI Accredidation?…Check before you believe… April 30, 2012

Posted by Chris Mark in Industry News, Laws and Leglslation, Piracy & Maritime Security.
Tags: , , , , ,
add a comment

I am recently back from speaking an an anti-piracy event in Hamburg, Germany.  Overall, it was a good conference but I was struck by one particular company that was strongly advertising that they were SAMI Accredited.  I thought this claim merited some investigation and it would allow me to understand what, exactly, it means to be SAMI Accredited. First…here is the list of accredited PSMCs through SAMI. The Security Administration for the Maritime Industry or SAMI is a: a global organisation representing companies working in maritime security and related industries. SAMI has introduced a level of compliance and scrutiny to ensure that the maritime industry can easily identify reputable private maritime security companies. SAMI provides reassurance, guidance, and minimum quality and standards in the delivery of maritime security where none has existed before. The SAMI Standard has been established as the international benchmark for standards within the industry. The Association is an international non -governmental organisation (NGO), which exists to facilitate clear dialogue and a common standards framework in the delivery of maritime security products to the shipping community.”  As a membership organization anyone that is a signatory on the ICOC can join SAMI as a ‘member’.  This does not mean you are accredited.  After joining SAMI a company may then volunteer to participate in the 3 step SAMI Accreditation Programme.  According to the SAMI website: (more…)

UPDATE: Copying of GlobalRiskInfo Blog (and others) April 24, 2012

Posted by Chris Mark in Industry News, InfoSec & Privacy, Piracy & Maritime Security.
Tags: , , ,
1 comment so far

2nd UPDATE: lT appears that the company  read my blog and has now (after April 24th) included sources to a few of their posts. Interestingly, the AKE post still does not have AKE’ information included.  I also welcome them to add my own blog to their list of references.  Here is a link to Dr. Heather Mark’s post on her experience with plagiarism.

UPDATE: Curiosity got the best of me so I started checking the other blog posts.  I should be grateful that the company did not simply cut and past my content.  Here are other “borrowed items”.  It is a disgrace when a company cannot do their own work.  At a minimum, writers are required to cite their sources and give attribution.  The absence of even a mention of where the content originated is, in my opinion, intended to cause the reader to assume it is original work.

April 11th, 2012 Post- “Pirates Demand Dh11M to Free Hostages” is a direct cut and paste of The National.ae post of the same name.

April 9th, 2012 Post- “Somali Pirates hijack Vessel with 17 on Board” is a direct cut and paste of an MSNBC.com article of the same name that originally was published on Indiatoday.

The most glaring of these actions can be seen in the post titled: “Somali Pirate Activity Reaches 15 Month High”.  This was originally an article of the same name published by Bloomberg where the information was provided by Intelligence Company AKE who also provides Maritime Security.  The article was copied verbatim with all references to AKE removed.  The intent is clear.

It is pointless to review any further.

 ORIGINAL Few things frustrate a writer more than someone using their work without attribution.  Today a company introduced new blog with numerous posts dated from Jan 2012-April 2012 .  In reviewing the blog, it certainly appears that the company has done little more than “borrow” my own work and not provide attribution to me..the originating author.

Of 15 posts, fully 1/3 appear to be  summaries of my own work.   Maybe I should be flattered?  Maybe the company is simply acknowledging my expertise over their own. Feel free to read the articles and decide…(each of the GlobalRiskInfo posts predate the summarized posts) (more…)

Nexus Security Calls for Investigation into Maritime Pirate Shooting April 20, 2012

Posted by Chris Mark in Piracy & Maritime Security, Uncategorized, weapons and tactics.
Tags: , , , ,
1 comment so far

In a recent press release, Nexus Consulting Group’s Founder and President calls for the recently released video of armed security firing on pirates to be investigated.   You can view the video here.  It appears to be an American company firing on a Somali boat.  As stated by Mr. Doherty:  “As president of Nexus Consulting, a leading provider of armed security teams in the defense of mariners against Somali pirates, I would like to personally note that though we are operating quite regularly conducting anti-piracy missions, the team in this video is not a Nexus team,”  Nexus also provides some valuable vetting questions for those considering maritime security. (more…)