Knowledge dashboard
Security was never about response
The essay's knowledge, dashboard-shaped — graph, eyes, actions. The graph is the source of truth; the prose follows.
The essay's claims, typed and connected. Synthesis is the author's contribution. Citation grounds in a named source. Derivation follows from prior nodes. Click any node to jump to its card.
S S01-fire-department-no-fire-code · opening hook
A security team that responds well is a fire department with no fire code.
S S02-continuous-verification · spine
Security is continuous verification.
S S03-two-timescales · what's in security
Verification runs at two timescales: boundary-time gates fire on action, sweep-time gates fire on cadence.
derives_from: S02-continuous-verification , C01-saltzer-schroeder , C02-anderson
S S04-same-posture-different-cadence · what's in security · the synthesis
Both are gates. Boundary-time and sweep-time are the same posture at different cadences — sweeps are gates too.
derives_from: S03-two-timescales , C03-brooker
S S05-response-different-discipline · what's not
Response is what fires when verification fails — a different discipline.
derives_from: S02-continuous-verification , C04-nist
D D06-engineer-not-gate · shift-left fatigue
The thing that gets tired isn't the gate; it's the engineer holding it.
derives_from: S04-same-posture-different-cadence , C06-shortridge
C C01-saltzer-schroeder
Saltzer & Schroeder 1975 — complete mediation: every access to every object must be checked; a partial gate is not a gate.
grounds: Saltzer & Schroeder, "The Protection of Information in Computer Systems," 1975
C C02-anderson
Anderson 1972 — reference monitor: invoked on every reference, tamper-proof, small enough to audit.
grounds: James P. Anderson, Computer Security Technology Planning Study (USAF ESD-TR-73-51, 1972)
C C03-brooker
Brooker & Desai 2025 — AWS pairs formal methods with runtime validation of execution traces in production.
grounds: Brooker & Desai, Systems Correctness Practices at AWS, ACM Queue, Feb 2025
C C04-nist
NIST SP 800-53 — formalizes the preventive / detective / responsive control split.
grounds: NIST SP 800-53 Rev. 5
C C05-earlywatch
EarlyWatch (Brendan Burns) — Kubernetes validating admission webhook that denies unsafe operations at the API boundary against live cluster state.
grounds: github.com/brendandburns/early-watch
C C06-shortridge
Shortridge — humans-as-gates is the thing to push back against; the security-team-as-blocker, the change-advisory-board veto.
grounds: Kelly Shortridge, "Cybersecurity Isn't Special" / "Control vs. Resilience"
Claims that need more grounding. The essay's confident synthesis — but where external corroboration would strengthen the case, or an open question is implicit.
S04-same-posture-different-cadence
"Sweeps are gates too" is the author's named synthesis. The industry has adjacent vocabulary (policy-as-code, drift detection) but no clean prior naming of the same posture at two cadences.
Why eyes: The synthesis is sharp and useful, but external corroboration — a published taxonomy or operational pattern that already collapses boundary checks and cadence checks into one posture — would let the essay sit alongside it instead of asserting the move solo.
ground_with:
S01-fire-department-no-fire-code
The Alex narrative scenes (two-week silent gate, pattern mismatch with the edit directory) are pedagogical illustrations, not empirical case studies.
Why eyes: No real-world data on how often this exact "two-week silent gate" failure mode occurs vs. obvious-fail modes. The hook lands rhetorically; the prevalence claim is implicit. Open question: of personal-infra security failures, what fraction look like Alex's coverage gap vs. a missing gate entirely?
"The engineer holding the gate" framing is the author's reframe of shift-left fatigue. The reframe is plausible but the quantitative ground is thin.
Why eyes: The trade press articles cited (Help Net Security, Dark Reading) are themselves observational. Stronger grounding would come from quantitative studies on developer-tooling friction and review-queue load.
ground_with:
What the essay implies for the reader. Etudes drill specific claims; apply items put the principle to work; next points at sibling essays.
etude No etudes built yet
Opportunity for a "design a gate" interactive — pick a public surface (blog, repo, bucket), write the deny-by-default check, then add the sweep that catches what the gate misses. Drills S04 in the seat.
apply Audit your personal infra
What gates do you have? Are any silently failing because the path patterns don't match where you actually edit? Run each gate by hand against a known-bad input — if it exits silent, you have Alex's coverage gap.
apply Name the gate AND the sweep
For each surface you ship to (blog, repo, public bucket, deploy target), name the gate AND the sweep. If only one, you have a gap. Boundary-time without sweep-time means coverage drift goes unnoticed; sweep-time without boundary-time means every commit is a roll of the dice.
next Part I — A self was never flat →
The first essay in the know-thyself series. Sets up the personal-graph posture this essay's gates protect.
next Part II — Search was never about humans →
The middle essay. Search over the graph; this essay's gates run on the same substrate.
next How to run a cross-cutting campaign →
Same shape, different domain — context-in-hand for the human in the loop, applied to org-scale change.