Abstract
We argue that compositionality is important when building meaningful methodologies and tools for cybersecurity. There are many cybersecurity mitigations, but how do they compose? For example how do access controls and cryptography compose against a threat like data theft? Some cybersecurity controls may compose independently, others cooperating, in other cases "the winner takes it all", etc. This compositionality presents challenges to linearity and so to performance. We will talk about recent work on the mathematics of this compositionality and its role in developing decision support systems for cybersecurity capable to efficient analyze billions of possible strategic behaviours.