Cyber-security is often a top national security priority. Many states have declared cyber-space a new domain of warfare, seeking to develop a military cyber-strategy. Governments' national risk assessments now frequently put the threat of hostile cyber-attack on a par with natural disasters, international terrorism or nuclear attack. This has provoked much policy talk and concern about the future of conflict, as well as societies' digital vulnerability. Moving into the 2020s, the 'cyber club' of proliferators is losing the exclusivity of the early 2000s. Over forty states have now publicly established a military cyber-command, including many countries in the West--the US, France, Germany, Italy, Spain, the Netherlands, Estonia--and elsewhere--Peru, Brazil, Vietnam, South Korea, Nigeria. At least another dozen have announced plans to establish such capability. No Shortcuts offers readers a level-headed view of the militarisation of cyber-space, bridging the divide between technology and policy to assess the building-blocks required to develop military cyber-capacity. Smeets argues that, for many states, the barriers to entry are currently too high, and explains the limits of capability transfer, by states and private actors; but he also shows, with wide-ranging empirical examples, how governments' abilities to develop these capabilities might change over time.