A field guide for your first 90 days.
Drawn from 15 years of disasters, near-misses, and hard-won lessons.
"He who has not suffered does not know."
Free. No spam. Just the book in your inbox.
I hate useless things.
I hate long introductions that tell you what you're about to read instead of just letting you read it. I hate security frameworks that exist to make consultants look busy. I hate advice that sounds good in a conference room and falls apart on a Monday morning when the CEO is calling when one critical application is down.
This book is about what actually happens in your first 90 days as a security professional, specifically, the first one in your company. The first one. The one who walks in and discovers nobody thought about any of this before you arrived.
Everything here comes from things that actually happened. The stories are real. If something is in this book, it's because I learned it the hard way, or watched someone else learn it the hard way, which is almost as good.
— From the introduction
Part 1 — What You're Actually Protecting Against
Part 2 — How to Actually Matter
Part 3 — Risk Analysis as a Professional Practice
Part 4 — Building Your Future
Every story in the book comes from something that actually happened. Names changed. Lessons intact.
The revenge deletion.
An employee deletes their server on the way out. No backup policy. No access restrictions. Gone.
The CISO who became a spy.
The person hired to protect confidentiality became the greatest threat to it.
The Christmas Eve phishing.
The attackers knew the company's calendar better than the security team did.
The VPN that cost 250,000 EUR per day.
You were right about the risk. But there was no record. It's your word against nothing.
The coffee break approval.
You validated a plan at the coffee machine. Weeks later, a breach. No documentation. Just his word and yours.
The virus that almost killed the company.
They didn't know sooner because nobody was watching.
...and 6 more. Each one teaches a lesson most professionals take decades to learn.
"You are not in the business of making decisions. You are in the business of making risks visible so that business owners can make decisions."
— Chapter 9
"Same information. Completely different room."
— Chapter 3, on translating CVE numbers into business consequences
"The people who build with AI won't be replaced by AI."
— Epilogue
→ You just got hired as the first (or only) security person at a company
→ You are a SOC analyst or pentester who wants to understand the bigger picture
→ You are switching into cybersecurity from IT, development, or GRC
→ You want to understand how security architects actually think
→ You are tired of certification material that has nothing to do with the real job
Fabien Soulis
15 years securing global enterprises. Zero major incidents across 150K+ employee environments. Sorbonne instructor. Built a SaaS cybersecurity business from zero. Career path: web developer → SAP analyst → IT auditor → security analyst → security architect for organizations serving 70 countries.
"I didn't read about this career path. I lived it. This book is what I wish someone had handed me on day one."
Enter your email. The book arrives in your inbox in minutes.
No spam. No follow-up sequences. Just the book.
Want more than a book?
The book gives you the thinking.
The program gives you the transformation.
If you want live calls, direct feedback, and proof projects you can show recruiters — the 90-day Escape Execution program is the next step. 900 EUR. 10 spots.
See the 4-Week Program →