Playbook

Security Fundamentals

Do the ONE most critical thing first. Then work outward.

← All playbooks

The Expanding Circles Model

Security is overwhelming if you try to do everything at once. Don't. Start at the center — the ONE thing that matters most right now — and expand outward in circles.

Each circle you finish makes you meaningfully more secure, and you don't have to get through all of them to be better off than you are today. Do one, then the next.

Circle 1: Your Email

Start here. This is the ONE thing.

Your email is where password resets land — for banking, cloud services, and social media. If someone gets into your email, they can usually work their way into most of the rest, which is why it's worth securing first.

Action items

  1. Use a strong, unique password — 16+ characters, randomly generated. Not your dog's name plus some numbers.
  2. Enable 2FA — Use an authenticator app, not SMS. Hardware keys (YubiKey) are even better.
  3. Check your recovery options — Is your recovery email also secured? Is your phone number up to date?
  4. Review connected apps — Revoke access for anything you don't recognize or no longer use.

Which email accounts?

Prioritize the ones where password resets go for:

  • Banking and financial services
  • Cloud providers (AWS, Google Cloud, etc.)
  • Domain registrars
  • Password managers
  • Business-critical SaaS
Use the Interactive Email Security Wizard →

Circle 2: Coming Soon

Password managers, critical accounts, and the next layer of defense.

Circle 3: Coming Soon

Device security, network hygiene, and operational awareness.

Download PDF Talk to us