Security Fundamentals

Do the ONE most critical thing first. Then work outward.

The Expanding Circles Model

Security is overwhelming if you try to do everything at once. Don't. Start at the center — the ONE thing that matters most right now — and expand outward in circles.

Each circle you complete makes you meaningfully more secure. Perfect is the enemy of good. Progress beats paralysis.

Circle 1: Your Email

Start here. This is the ONE thing.

Your email is the skeleton key to your digital life. Password resets for banking, cloud services, social media — they all go to your email. Compromise your email, compromise everything.

Action items

  1. Use a strong, unique password — 16+ characters, randomly generated. Not your dog's name plus some numbers.
  2. Enable 2FA — Use an authenticator app, not SMS. Hardware keys (YubiKey) are even better.
  3. Check your recovery options — Is your recovery email also secured? Is your phone number up to date?
  4. Review connected apps — Revoke access for anything you don't recognize or no longer use.

Which email accounts?

Prioritize the ones where password resets go for:

  • Banking and financial services
  • Cloud providers (AWS, Google Cloud, etc.)
  • Domain registrars
  • Password managers
  • Business-critical SaaS
Use the Interactive Email Security Wizard →

Circle 2: Coming Soon

Password managers, critical accounts, and the next layer of defense.

Circle 3: Coming Soon

Device security, network hygiene, and operational awareness.

← All Playbooks Download PDF