A reader's note, a borrowed Sun Tzu line, and the gap the Handbook was built to close.
This one isn't a lab walkthrough. No Debian VM threw an error at me this week that I'm itching to write up — though give it time. This is a shorter note, prompted by something that landed in my feed and stuck with me longer than most things do.
A reader put it plainly:
"Instead of just rehashing abstract theory, it bridges the gap between high-level security principles and real-world execution. It's practical, actionable, and a great tool for anyone designing or engineering modern infrastructure."
First - thank you Djordje Jovanovic for the kind words. I'll be honest — that's the line I most wanted someone to be able to say, and the one I had the least control over. You can aim a book at that target. You don't get to decide whether it lands.
The Slowest Route to Victory
There's a line that gets hung on Sun Tzu so often it may as well be his by adoption: strategy without tactics is the slowest route to victory; tactics without strategy is the noise before defeat. Whoever actually wrote it understood the trap our field falls into constantly.
We have no shortage of strategy. Frameworks, maturity models, reference architectures, principles you can recite in a steering committee and watch heads nod. And we have no shortage of tactics either — the person who can stand up a tool, tune a rule, carve a disk image. What we're chronically short on is the bridge. The architect who can hold the principle in one hand and the running process in the other, and explain why this control, on this box, configured this way, actually serves the thing the strategy was after.
That bridge was the whole design goal. Not a survey of ideas. Not a recipe book of commands divorced from why. The connective tissue between them — which is exactly the part that's hardest to fake, because it only shows up when you've actually done the work.
Two Books, One Cover Price
I've described the Handbook before as two books sharing a cover price: the strategy text and the field manual, written so they answer to each other. The endorsement above is really a reader noticing that seam and finding it holds.
It holds because I didn't let myself write the execution half from memory. Every lab in the supplemental curriculum runs on real infrastructure — Debian 13 on KVM, actual services, actual failures. When Prowler refuses to run on Python 3.13, the lab says so and shows the uv workaround. When there's no ssg-debian13 content published yet, the lab doesn't pretend otherwise — it bridges from debian12 and tells you exactly which path the CPE dictionary belongs in. When a SCAP database takes ninety minutes to rebuild, you're warned before you start staring at a stalled screen wondering what you broke.
That's not me being thorough for its own sake. It's the only way the bridge stays load-bearing. The moment the execution half goes theoretical — and then you simply configure the scanner — it stops being a bridge and becomes another piece of strategy wearing a command prompt as a costume. Every enterprise practitioner has been burned by that documentation. I wasn't going to ship it.
The Architect's-Eye View
Here's the part I care about most, and the part the reader's word engineering gets at. Tools are interchangeable. The open-source stack in the labs — Wazuh, Greenbone, Velociraptor, Keycloak, Graylog — exists so you can build the muscle without a purchase order. But the muscle is the point, not the logo. Map Greenbone to your enterprise vulnerability platform, Keycloak to your commercial IdP, Wazuh to whatever SIEM your org actually pays for, and the reasoning carries straight across. The reasoning is what an architect sells.
That's the throughline I tried to keep visible on every page: not here is a tool, but here is how a tool earns its place in a design, and how you defend that choice to the people who sign the budget.
Closing the Loop
So — to Djordje Jovanovic, and to everyone who's reached out with some version of it: thank you. Not for the kind words, exactly, though those are nice. For confirming the seam holds under weight. That's the only review that ever mattered to me.
If you've read the Handbook and want to put the execution half through its paces, the full lab curriculum lives on the book's associated GitHub page, and I'm working through it domain by domain over at secdoc.tech — real boxes, real errors, no costumes.
If you have not gotten your copy of the book, you can get it at Amazon, so pick your copy now.
Strategy without tactics is the slow road. Let's keep building the bridge.
