## Overview Opportunistic attackers (burglars being the canonical example) select targets by optimizing across three variables: **Time** to defeat the defense, **Sound** generated by the attempt, and **Visibility** to third parties. The goal of defense is not to be uncrackable — it's to raise any one of these variables enough that the attacker picks a softer target. This reframes security as a relative-attractiveness problem, not an absolute-strength problem. ## Core Framework - **Time**: How long the attacker is exposed while defeating the barrier. Every minute outside increases catch risk. Raise with: multiple locks, reinforced frames, anti-pry gaps, layered perimeters. - **Sound**: Noise generated by the attempt. Breaking glass, splintering wood, and alarms all attract attention. Raise with: shatter-resistant film (slows + muffles differently), audible alarms, active dogs. - **Visibility**: Whether neighbors or bystanders can see the attempt. Dark, obscured, or isolated entry points are attacker-preferred. Raise with: motion-activated lighting, dusk-to-dawn bulbs, clear sightlines, trimmed landscaping near entries. **The relative-attractiveness principle**: You don't need to outrun the bear; you need to outrun the other hiker. Most defenders win by being marginally harder than the next house on the block. ## Cross-Domain Applications **Fraud/Scam Prevention**: Scammers optimize the same triad — Time (until you realize), Sound (reporting speed), Visibility (social graph catching on). 2FA, rapid alerts, transparent finances raise all three. **Cybersecurity**: Same triad underlies threat modeling — make exploitation slow (defense in depth), noisy (intrusion detection), visible (audit logs). **Personal OPSEC**: Visible security (camera signage, alarm decals, barking dogs) deters without needing to actually work — raising *perceived* cost suffices. ## See Also [[Attack-Defense Balance Shift Across Domains]] ## References - [[2 Resources/A Home Defense Primer]] — Jameson Lopp, Casa blog