Playbook

Security Fundamentals

Do the ONE most critical thing first. Then work outward.

← All playbooks

The Expanding Circles Model

Security is overwhelming if you try to do everything at once. Don't. Start at the center — the ONE thing that matters most right now — and expand outward in circles.

Each circle you complete makes you meaningfully more secure. Perfect is the enemy of good. Progress beats paralysis.

Circle 1: Your Email

Start here. This is the ONE thing.

Your email is the skeleton key to your digital life. Password resets for banking, cloud services, social media — they all go to your email. Compromise your email, compromise everything.

Action items

  1. Use a strong, unique password — 16+ characters, randomly generated. Not your dog's name plus some numbers.
  2. Enable 2FA — Use an authenticator app, not SMS. Hardware keys (YubiKey) are even better.
  3. Check your recovery options — Is your recovery email also secured? Is your phone number up to date?
  4. Review connected apps — Revoke access for anything you don't recognize or no longer use.

Which email accounts?

Prioritize the ones where password resets go for:

  • Banking and financial services
  • Cloud providers (AWS, Google Cloud, etc.)
  • Domain registrars
  • Password managers
  • Business-critical SaaS
Use the Interactive Email Security Wizard →

Circle 2: Coming Soon

Password managers, critical accounts, and the next layer of defense.

Circle 3: Coming Soon

Device security, network hygiene, and operational awareness.

Download PDF Talk to us