Defense in Depth

Defense in depth is the principle that security should never rest on a single control. Instead you stack multiple independent layers, so that if one fails, another still stands between the attacker and the asset. The metaphor is a medieval castle: a moat, a wall, a gate, guards, and a keep, each of which an intruder must defeat separately. NIST describes it as applying multiple, overlapping safeguards so that a weakness in one is compensated by the strength of others.

Layers for self-custody

A Bitcoiner practicing defense in depth might combine a hardware signing device (so keys never touch an online machine), a passphrase on top of the seed (so a found backup is not enough), multisig across separate devices and locations (so one compromise is not fatal), an air-gapped signing flow, and physically distributed, durable backups. No single layer is assumed perfect; each exists precisely because the others might fail.

Why one strong lock is not enough

Single-layer security creates a brittle, all-or-nothing failure mode: the moment that one control is bypassed, everything behind it is exposed. Layering converts a catastrophic single point of failure into a series of obstacles, each buying time and raising the attacker's cost. The trade-off is friction, so layers should be chosen deliberately against a real model rather than piled on reflexively, since unused complexity can itself become a weakness.

Defense in depth complements a small attack surface and the access discipline of the principle of least privilege; the surface decides how many doors exist, and the layers decide what waits behind each one.