jump to navigation

MY LATEST BOOK RELEASED! “The Science of Security” May 16, 2026

Posted by Chris Mark in cyberespionage, cybersecurity, Industry News, InfoSec & Privacy, Laws and Leglslation, Piracy & Maritime Security, Risk & Risk Management, security, security theater.
Tags: , , , , , , , , , , ,
add a comment

Announcing Scientia Securitatis: The Science of Security

After 34 years across nearly every security domain that exists — armed physical security at an overseas critical installation, combat force protection, security in a regional hospital’s psychiatric ward, payment-card industry compliance, armed maritime contracting off the East African coast, and a return to enterprise cybersecurity that has occupied the past decade — I have written the book I wish someone had written when I started.

Scientia Securitatis: The Science of Security — Theory, Frameworks, and Practice is available now.

The gap this book is intended to fill

The security profession does not lack books. Walk into any bookstore, scan any conference vendor floor, search any retailer’s security category, and you will find more material on cybersecurity, physical security, risk management, military theory, criminology, intelligence analysis, and organizational resilience than any single practitioner could read in a career. The field is overwhelmed with information.

What it lacks is integration.

Each security domain has developed its own vocabulary, its own frameworks, its own bestsellers, its own consultants. Each domain — when traced carefully to its analytical roots — is reaching for the same underlying concepts the next domain over named differently. Practitioners in physical and cybersecurity are working on the same analytical problems and rarely speak to one another. When they do, they discover that they have been duplicating each other’s work for decades.

Scientia Securitatis is an attempt to make that recognition the starting point of professional practice rather than an accident a few practitioners stumble into late in their careers.

What’s in the book

The book runs to 525 pages across 11 chapters and three appendices. It develops four original analytical frameworks:

  • The Mark Heptad — a taxonomy of seven adversary motivations (financial, espionage, war/defense, facilitation, hacktivism, revenge, nuisance) that maps directly to deterrence strategy
  • The IMCM Framework — Ignorance, Mistake, Complacency, Malice — for classifying human-induced vulnerabilities and matching them to specific interventions
  • The DIVE Framework — Direction, Intensity, Vulnerability, Exposure — for assessing specific exposure surfaces
  • The Multiplicative Security Model — the mathematical basis for defense-in-depth, with implications for how security architecture should actually combine

These original frameworks sit within a broader analytical apparatus drawn from criminology (Cohen and Felson’s Routine Activity Theory, Cornish and Clarke’s Twenty-Five Techniques of Situational Crime Prevention), cognitive science (Kahneman and Tversky on judgment under uncertainty), military theory (Sun Tzu, Clausewitz, contemporary unrestricted warfare doctrine), and systems-safety scholarship (James Reason’s Swiss Cheese Model, Charles Perrow’s normal-accident theory).

The book also examines — and critically engages — the victim-blaming reflex that dominates post-incident analysis, drawing on the foundational criminological literature on victim precipitation and contemporary case studies including Equifax, OPM, Target, and Snowflake.

A note on the Latin title

Scientia Securitatis translates as “the science of security,” and the choice was deliberate. The Latin signals that the book engages security as a serious analytical discipline whose intellectual roots long predate the cybersecurity industry’s tendency to treat its problems as historically unprecedented. The phenomena security examines are ancient; the framework for studying them rigorously has been available since at least the mid-20th century. The book argues that practitioners have, with rare exceptions, declined to use it.

Who this book is for

This book is for the practitioner who has noticed that decades of escalating security investment have not produced proportional security gains, and who wants to understand why. It is for the security executive building defensible programs across multiple domains. The policy professional confronting unrestricted warfare doctrine. The risk and compliance leader who suspects that frameworks alone are not stopping sophisticated adversaries. The graduate student approaching security as an analytical discipline rather than a job category.

It is not a tactical handbook. It is not a configuration guide. It is the analytical apparatus that determines whether tactical choices are well-made — the apparatus the field has been operating without.

Where to get it

Scientia Securitatis: The Science of Security is available now on Amazon in eBook, paperback, and hardcover formats:

Scientia Securitatis

If you find the book useful, please consider leaving a review. Self-published analytical nonfiction lives and dies by word-of-mouth among the practitioners it was written for — and a thoughtful Amazon review from a working professional is worth more to other professionals than any amount of marketing.

— Chris Mark

Digital Impersonation on OnlyFans: Is it Possible? October 20, 2025

Posted by Chris Mark in Uncategorized.
Tags: , , , , , , , , ,
add a comment

Recently, I was personally accused of “digitally impersonating” someone to set up an OnlyFans in their name! Let me be clear. #1…I would NEVER do that and #2…it is NOT possible (well..it approaches mathematical impossibility. But, I digress). Because I know this person and I know technology, when it was exposed, I was the easy target…sooooo…. I took the opportunity to actually do a study on OnlyFans authentication architecture! (because I am a cyber nerd) The findings are mind blowing! Outside of financial institutions, OnlyFans has one of the, if not THE, most robust authentication architecture in the industry! Read the entire paper here! Good Job OnlyFans! Of to court we go!!

Here is a summary of the findings…

“This analysis examines OnlyFans’ multi-layered verification system to demonstrate how multiplicative security controls create exponential attack complexity. The platform employs three sequential, mandatory verification layers: document verification (government ID analysis), biometric verification (liveness detection and facial matching), and banking verification (KYC/AML compliance through financial institutions).

Using a multiplicative probability model, the analysis calculates that attackers face dramatically reduced success rates. Unsophisticated attackers have only 0.003% success probability (1 in 33,000 attempts), while even sophisticated attackers using professional forgeries and advanced deepfakes face just 0.21% success rates (1 in 476 attempts). This represents a 452-fold security improvement over single-factor systems.

Banking verification emerges as the critical control, providing a 28.6× security multiplier due to independent organizational oversight, regulatory requirements, and specialized fraud detection infrastructure.” (read the rest here!) I hope you read the article!! It is actually a great read for us nerds!

Devil in Black Boots- Snipers in Somalia PodCast March 31, 2024

Posted by Chris Mark in Uncategorized.
Tags: , , , , ,
add a comment

Here is my latest PodCast….

New PodCasts! “A Sniper’s Perspective” February 9, 2024

Posted by Chris Mark in Uncategorized.
Tags: , , , , , ,
add a comment

I recently took some friends’ advice and began podcasting. I seem to have a lot to say so decided to become the next Joe Rogen ;) Hopefully, I will sound more like Joe Rogen than Joe Biden!! I invite you to listen to my podcast, A Sniper’s Perspective on Spotify, Youtube, PocketCast or just right here! Below is a fun podcast I recorded yesterday on becoming a ScoutSniper. 

Chinese Cyber Attacks and Unrestricted Warfare February 1, 2024

Posted by Chris Mark in Uncategorized.
Tags: , , , , , , , , ,
add a comment

I first wrote about this phenomenon in 2012. It is becoming reality. The recent cyber-attacks attributed to the Chinese government on American infrastructure can be analyzed within the conceptual framework of “unrestricted warfare,” a doctrine developed by two PLA Colonels, Qiao Liang and Wang Xiangsui, in response to the perceived military superiority of the United States. This doctrine signifies a strategic shift from traditional, kinetic warfare to a multifaceted approach incorporating a broad spectrum of tactics including economic, political, and PR maneuvers to conduct ‘sub wars’ and ‘pseudo wars’.

At the core of unrestricted warfare is the recognition that the principles of war have evolved. As the authors state, “If we acknowledge that the new principles of war are no longer ‘using armed force to compel the enemy to submit to one’s will,’ but rather are ‘using all means including armed force and non-armed force, military and non-military, lethal and non-lethal means to compel the enemy to accept one’s interests’”[1]. This perspective broadens the scope of warfare to encompass non-traditional methods such as economic manipulation, cyber-attacks, and disinformation campaigns, transcending the conventional battlefield.

The Chinese cyber-attacks on the U.S. infrastructure, as reported in the aforementioned sources, align with this doctrine. These attacks represent a strategic choice to exploit vulnerabilities in critical systems to cause disruption and potential societal panic, without resorting to open military confrontation. This approach fits into the broader pattern of asymmetric threats.

Asymmetric threats, characterized by a disparity in the means and methods between different adversaries, are further defined by three criteria: the involvement of a tactic that one adversary could and would use against another, the unique ability or willingness of the adversary to use such means, and the potential for serious consequences if these means are not countered. In the cybersecurity realm, these threats take on a significant role. A minor actor with basic hacking tools can compel major entities to invest heavily in defense, illustrating the asymmetry in resources and efforts between attackers and defenders.

The Chinese strategy, as evidenced by the cyber-attacks, meets these criteria of asymmetric warfare. It involves tactics that the Chinese government is capable and willing to employ, which the U.S. would not mirror. The potential consequences of these attacks are severe, necessitating significant defensive measures.

Further aligning with the principles of unrestricted warfare, the authors note that unconventional methods can be formidable weapons in modern conflict. They observe, “As we see it, a single man-made stock-market crash, a single computer virus invasion, or a single rumor or scandal that results in a fluctuation in the enemy country’s exchange rates or exposes the leaders of an enemy country on the Internet, all can be included in the ranks of new-concept weapons”[2]. This recognition of non-traditional tactics as weapons underscores the expanded battlefield that now includes economic, political, and technological realms.

In conclusion, the Chinese cyber-attacks on U.S. infrastructure, as part of their broader strategic approach, are indicative of the principles of unrestricted warfare. They represent a calculated move to use asymmetric tactics to undermine U.S. strengths and exploit vulnerabilities, extending the battlefield into the cyber realm. This strategy exemplifies a modern approach to warfare, where the lines between military and non-military means are blurred, and the battleground extends into multiple domains.

Loading the Elevenlabs Text to Speech AudioNative Player…

References:

  1. Qiao Liang and Wang Xiangsui, “Unrestricted Warfare.”
  2. Ibid.