Look inside my upcoming book, Defending Bitcoin: Industrial-Grade Cybersecurity for the Monetary Grid 👇
First, the Foreword by Mikko Hyppönen. One of the most widely-respected figures in cybersecurity with his own take on Bitcoin. I'm grateful that he agreed to contribute his view to the Defending Bitcoin!
Next the Introduction. My story of how I started in the Industrial Controls sector, then found Bitcoin, and merged the two worlds. Also goes over the format of Defending Bitcoin.
Part I is the introduction to Bitcoin and Cybersecurity, forming a basis of vocabulary for readers familiar with either or neither subject.
Chapter 1. Bitcoin — The Decentralized Protocol
All about Bitcoin the technology, written for technically-minded readers who don't know about how Bitcoin works.
Chapter 2. Bitcoin — The Hardest Money Ever Made
All about Bitcoin the money. What makes Bitcoin's monetary properties different from every other money in history.
Chapter 3. Cybersecurity Fundamentals — The Universal Shield
The vocabulary of cybersecurity based on industry best practices. What is risk, what are threats, vulnerabilities, controls. Everything we need for the rest of the book.
Chapter 4. Industrial Control Systems and Securing Critical Infrastructure
How critical infrastructure is defended differently from traditional cybersecurity. Includes a primer on industrial control systems and critical infrastructure so my the comparison to Bitcoin makes sense.
Chapter 5. Bitcoin as Critical Infrastructure — The Monetary Grid
The core thesis, that Bitcoin is the first decentralized critical infrastructure for money and should be defended the same way we protect power grids, pipelines, and factories.
Part II is the Bitcoin Threat Landscape. 10 chapters of threats on an individual and network level, and what we can do about them.
Chapter 6. Exchange and Custodial Failures
From Mt. Gox to FTX, why custodial Bitcoin keeps blowing up, and what that means for your stack.
Hint: the answer is to get your Bitcoin off the exchanges and into self-custody.
Chapter 7. Securing Your Bitcoin: Personal Defense of the Private Key
The full personal custody chapter, covering hardware wallets, multisig, seed phrase handling, and inheritance. You have the responsibility to secure your Bitcoin. Learn how here.
Chapter 8. Privacy, Physical Security, and Staying Safe
Privacy on-chain, OPSEC off-chain, and maintaining your physical security when people know you own Bitcoin.
Huge shoutout to the excellent Praxeology of Privacy by
@Max , read that after this chapter.
Chapter 9. 51% Attacks and the Decentralization of Mining
What a 51% attack would actually look like, why mining concentration is important, and how decentralized the hashrate really is. Includes practical steps to do something about it, as always.
Chapter 10. Node-Level Threats and Client-Side Defenses
Everything to do with the security of your node, including all the work being done to secure Bitcoin node software, and what they defend against.
Run a node, stay secure while you do.
Chapter 11. Arbitrary Data and Witness Abuse
An overview of ordinals, inscriptions, and arbitrary data. You may not think these are a problem. I lay out why it's a cybersecurity issue and makes Bitcoin worse as money.
Chapter 12. Governance Risks.
An honest examination of the risks Bitcoin faces from development centralization, and what can be done about it. It's not one-sided, though. I also cover the risk of changing Bitcoin, especially without wide consensus.
Chapter 13. Political and Regulatory Threats
Bans, surveillance, KYC, and mining restrictions, plus the realistic ways Bitcoin survives state-level pressure.
Chapter 14. Grid and Network Failures: Keeping Bitcoin Alive Offline
What happens when the grid goes down or the internet gets cut, and how Bitcoin stays alive offline through mesh networks, radio, and satellite.
Chapter 15. Emerging Threats: Quantum and AI
Full coverage of the latest developments of Bitcoin and Quantum. No FUD, but it's not something we should ignore.
Also includes coverage of AI as it affects everyone more and more these days.
Conclusion
We end summarizing everything together, and it's optimistic! Defending Bitcoin isn't about doom and gloom. It's about knowing what's out there, and finding out what you can do about it. There's always something you can do. Always.
Appendices
Included in the print book are glossaries of cybersecurity and Bitcoin terms, and a section of recommended reading across all topics.
Further resources are available on defendingbitcoin.com, including a threat model worksheet where you can find out how the threats in Defending Bitcoin apply to you. No data collection, I promise!
You can see more about the book at the Look Inside page, including the full foreword, introduction, and previews from two chapters.
Look inside: Defending Bitcoin
Full table of contents, with foreword, personal introduction, and openings of Chapter 5 and Chapter 7 expandable in place.
Reminder, Defending Bitcoin will be available on Amazon and bitcoininfinitystore.com from June 15th, and the first physical copies will be available at
@BTC Prague - come see me there and get a signed copy!
This is where the cybersecurity side of the book starts. Chapter 3 walks the core concepts the rest of the book runs on, in plain language.
It opens with the CIA triad (just a coincidence, I promise!), the three properties cybersecurity defends in every system. Confidentiality keeps information from anyone who shouldn't have it, integrity keeps it from being altered without authorization, and availability keeps it reachable for the people who need it. Every threat in Part II maps back to one of those three.
From there it gets into threat modeling, which is a structured discipline rather than a vibes-check. Before you defend anything, you ask who the adversary is, what the asset is, where the attack surface lies, and what the mitigation looks like. Run that formally and some threats turn out to be less important, while others turn out larger than you'd expect.
Then comes defense in depth, which is just the principle that you never lean on a single control. You layer them so each one stands on its own, and a failure in one doesn't cascade through the rest. The chapter walks how to design those layers so the whole system doesn't unwind from a single point.
We also formally define the concept of risk, measured as likelihood times impact. A threat that's devastating but unlikely calls for different controls than one that's common but survivable, and that matrix is how Part II keeps everything in proportion. Without it, the threat chapters that follow would read like a long list instead of a prioritized map.
By the end, you've got the cybersecurity vocabulary that the rest of the book depends on, and the bridge from "I hold Bitcoin" to "I'm responsible for defending a system I have a stake in."