jump to navigation

MY LATEST BOOK RELEASED! “The Science of Security” May 16, 2026

Posted by Chris Mark in cyberespionage, cybersecurity, Industry News, InfoSec & Privacy, Laws and Leglslation, Piracy & Maritime Security, Risk & Risk Management, security, security theater.
Tags: , , , , , , , , , , ,
add a comment

Announcing Scientia Securitatis: The Science of Security

After 34 years across nearly every security domain that exists — armed physical security at an overseas critical installation, combat force protection, security in a regional hospital’s psychiatric ward, payment-card industry compliance, armed maritime contracting off the East African coast, and a return to enterprise cybersecurity that has occupied the past decade — I have written the book I wish someone had written when I started.

Scientia Securitatis: The Science of Security — Theory, Frameworks, and Practice is available now.

The gap this book is intended to fill

The security profession does not lack books. Walk into any bookstore, scan any conference vendor floor, search any retailer’s security category, and you will find more material on cybersecurity, physical security, risk management, military theory, criminology, intelligence analysis, and organizational resilience than any single practitioner could read in a career. The field is overwhelmed with information.

What it lacks is integration.

Each security domain has developed its own vocabulary, its own frameworks, its own bestsellers, its own consultants. Each domain — when traced carefully to its analytical roots — is reaching for the same underlying concepts the next domain over named differently. Practitioners in physical and cybersecurity are working on the same analytical problems and rarely speak to one another. When they do, they discover that they have been duplicating each other’s work for decades.

Scientia Securitatis is an attempt to make that recognition the starting point of professional practice rather than an accident a few practitioners stumble into late in their careers.

What’s in the book

The book runs to 525 pages across 11 chapters and three appendices. It develops four original analytical frameworks:

  • The Mark Heptad — a taxonomy of seven adversary motivations (financial, espionage, war/defense, facilitation, hacktivism, revenge, nuisance) that maps directly to deterrence strategy
  • The IMCM Framework — Ignorance, Mistake, Complacency, Malice — for classifying human-induced vulnerabilities and matching them to specific interventions
  • The DIVE Framework — Direction, Intensity, Vulnerability, Exposure — for assessing specific exposure surfaces
  • The Multiplicative Security Model — the mathematical basis for defense-in-depth, with implications for how security architecture should actually combine

These original frameworks sit within a broader analytical apparatus drawn from criminology (Cohen and Felson’s Routine Activity Theory, Cornish and Clarke’s Twenty-Five Techniques of Situational Crime Prevention), cognitive science (Kahneman and Tversky on judgment under uncertainty), military theory (Sun Tzu, Clausewitz, contemporary unrestricted warfare doctrine), and systems-safety scholarship (James Reason’s Swiss Cheese Model, Charles Perrow’s normal-accident theory).

The book also examines — and critically engages — the victim-blaming reflex that dominates post-incident analysis, drawing on the foundational criminological literature on victim precipitation and contemporary case studies including Equifax, OPM, Target, and Snowflake.

A note on the Latin title

Scientia Securitatis translates as “the science of security,” and the choice was deliberate. The Latin signals that the book engages security as a serious analytical discipline whose intellectual roots long predate the cybersecurity industry’s tendency to treat its problems as historically unprecedented. The phenomena security examines are ancient; the framework for studying them rigorously has been available since at least the mid-20th century. The book argues that practitioners have, with rare exceptions, declined to use it.

Who this book is for

This book is for the practitioner who has noticed that decades of escalating security investment have not produced proportional security gains, and who wants to understand why. It is for the security executive building defensible programs across multiple domains. The policy professional confronting unrestricted warfare doctrine. The risk and compliance leader who suspects that frameworks alone are not stopping sophisticated adversaries. The graduate student approaching security as an analytical discipline rather than a job category.

It is not a tactical handbook. It is not a configuration guide. It is the analytical apparatus that determines whether tactical choices are well-made — the apparatus the field has been operating without.

Where to get it

Scientia Securitatis: The Science of Security is available now on Amazon in eBook, paperback, and hardcover formats:

Scientia Securitatis

If you find the book useful, please consider leaving a review. Self-published analytical nonfiction lives and dies by word-of-mouth among the practitioners it was written for — and a thoughtful Amazon review from a working professional is worth more to other professionals than any amount of marketing.

— Chris Mark