Partner Perspectives  Connecting marketers to our tech communities.
7/28/2015
10:00 AM
David Spark
David Spark
Partner Perspectives
Connect Directly
Twitter
RSS
50%
50%

What 30 Classic Games Can Teach Us about Security

Information security experts share their thoughts on how participating in games and sports helped hone their professional skills.

“My predisposition to be a gamer -- and to gravitate toward certain kinds of games -- also predisposes me toward security,” said Will Irace (@spblat), VP of technology alliances at Fidelis Cybersecurity.

Gaming is often a hidden form of training. In Ender’s Game, officials send the hero purposefully through a “game” to prepare him for the military. “The stress Ender goes through is not unlike the stress many cybersecurity professionals hit as well,” explained Steve Herrod (@herrod), managing director at General Catalyst Partners.

As you’ll soon see, there are plenty of analogies between gaming and security, but keep in mind that there is one significant caveat. While most games have structure, “the rules of cybersecurity are non-existent. There are no level playing field, no referee, and no arbitration authority,” noted Monzy Merza (@splunk), chief security evangelist at Splunk.

Read on for 20 sound security tips from a host of professionals and a list of great games to play to improve your infosec finesse.

1: Work as a team

Game: volleyball

“In both volleyball and security, working well with the rest of your team (IT, business operations, internal audit, etc.) is much more important than being the best individual player out there,” explained Robb Reck (@robbreck), CISO at Pulte Group. “An effective team knows when and where to pick up for the other players (what tasks are mine, and what are yours). One player who takes over everything ends up hurting the team in the long run.”

2: Manage the mind-numbing tedium of security

Games: World of Warcraft, poker

“Horrible, endless, boring repetition,” admitted Jayson E. Street (@jaysonstreet), infosec ranger at Pwnie Express, of the strategy necessary to win at both World of Warcraft and security. “You have to do repetitive tasks. You have to go out and collect a certain kind of trinket, or kill a certain type of monster a certain number of times to complete the quest. Not all infosec tasks involve fighting on the front lines of the cyberwar. The important things are repetitive such as making sure that systems are updated, making sure the IDS is configured properly, or enforcing policies.”

“[Similarly] poker, when done right, reduces to hours of tedium where you set up each hand to either be a small loss or a midsized gain,” said Jeffrey Bolden (@BlueLotusSIDC), managing partner at Blue Lotus SIDC. “Occasionally there is a situation you haven’t prepared for -- instead of a quick fold, you get unexpectedly raised and the hours of tedium are broken with a moment of terror when you realize you’ve lost control of the situation and you are the one facing a choice between surrendering your pot equity or making a large bet against odds. Good security, like poker, is about avoiding those moments through preparing for scenarios.”   

3: Play defense and offense simultaneously

Games: basketball, Risk

“The problem with our current information security program is that it is completely defensive in nature, always playing a half-court game on defense,” said basketball fan Jeff Bardin (@treadstone71llc), chief intelligence officer at Treadstone 71. “Information security needs offense to keep the opponent in a defensive posture.”

“Immediate advantage goes to those who can outthink their opponents early on in the game” when playing Risk, added Alan Kessler (@kessalan), CEO at Vormetric. “Like data encryption, your territory determines your risks. Some locations are easier to defend or attack, just like industries such as financial or healthcare.”

“Build an offensive front and disrupt their flank so they discover a weakness,” suggested Rob Juncker (@rjuncker), VP of engineering at LANDESK Software.

4: Stay ahead of your opponent and be prepared for attacks from any side

Game: chess

“Chess is all about protecting resources, primarily the king, from myriad attackers,” said Edward Dean (@perspecsys), CTO at Perspecsys.

“There are near countless numbers of ways that your enemy could approach and capture your king,” said Aaron Marks (@arcsource), VP of client services at Arcsource. “My job is to try to predict each potential method of attack and protect against all of them using every piece on the board working together.”

"In chess, when you don’t ask yourself what your opponent is threatening, you can easily lose valuable assets or get mated. Similarly, if you assume a piece is safe -- be it on the board or part of a system -- you will be compromised,” said Mikko Hypponen (@mikko), chief research officer at F-Secure.

“Think at least three steps ahead of your opponent, the bad guy, to win the battle,” said Varun Kohli (@vk_is), VP of marketing at Skycure

David Spark is a veteran tech journalist and founder of the brand journalism firm Spark Media Solutions. Spark has reported on the tech scene for more than 18 years in more than 40 media outlets. He blogs regularly at the Spark Minute, and you can listen to him weekly on his ... View Full Bio
Previous
1 of 4
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
vickipadila
50%
50%
vickipadila,
User Rank: Apprentice
6/4/2017 | 11:56:01 PM
Re: Life Principles
Pretty good post. I found your website perfect for my needs. Thanks for sharing the great ideas. I liked the article, Ill be back to read more of your blog later =) Thanks for posting it, again!

happy wheels 
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
7/28/2015 | 1:28:14 PM
Monopoly Cheating?
Is concealing your finances cheating in Monopoly? I always stacked my bills for the same reason that you did but would not constitute it as cheating but strategy. If it is cheating, I would be very surprised.
RyanSepe
100%
0%
RyanSepe,
User Rank: Ninja
7/28/2015 | 1:25:55 PM
Life Principles
Very interesting, great article. Many of these ideals can be leveraged not only in security but can be used as a good framework for life. I very much like how you applied each principle to real life security scenarios. Well done.
Want Your Daughter to Succeed in Cyber? Call Her John
John De Santis, CEO, HyTrust,  5/16/2018
Don't Roll the Dice When Prioritizing Vulnerability Fixes
Ericka Chickowski, Contributing Writer, Dark Reading,  5/15/2018
New Mexico Man Sentenced on DDoS, Gun Charges
Dark Reading Staff 5/18/2018
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
Tenable Network Security provides continuous network monitoring to identify vulnerabilities, reduce risk and ensure compliance. Its family of products includes SecurityCenter Continuous View™, which provides the most comprehensive and integrated view of network health, and Nessus®, the global standard in detecting and assessing network data. Tenable identifies all types of risk on the network — including missing patches, malware and intruders, missing configurations and missing monitoring — so customers can make informed decisions about where they are exposed. Its products reach across cloud, virtual, mobile and traditional IT systems and measure attack vectors in each of these domains. Tenable’s continuous network monitoring solution measures organizations’ compliance in real-time. This ensures that gaps in security coverage and lapses in security programs get detected and prioritized immediately. Tenable is relied upon by many of the world’s largest corporations, not-for-profit organizations and public sector agencies, including the entire U.S. Department of Defense.
Featured Writers
White Papers
Video
Cartoon Contest
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-11321
PUBLISHED: 2018-05-22
An issue was discovered in com_fields in Joomla! Core before 3.8.8. Inadequate filtering allows users authorised to create custom fields to manipulate the filtering options and inject an unvalidated option.
CVE-2018-11322
PUBLISHED: 2018-05-22
An issue was discovered in Joomla! Core before 3.8.8. Depending on the server configuration, PHAR files might be handled as executable PHP scripts by the webserver.
CVE-2018-11323
PUBLISHED: 2018-05-22
An issue was discovered in Joomla! Core before 3.8.8. Inadequate checks allowed users to modify the access levels of user groups with higher permissions.
CVE-2018-11324
PUBLISHED: 2018-05-22
An issue was discovered in Joomla! Core before 3.8.8. A long running background process, such as remote checks for core or extension updates, could create a race condition where a session that was expected to be destroyed would be recreated.
CVE-2018-11325
PUBLISHED: 2018-05-22
An issue was discovered in Joomla! Core before 3.8.8. The web install application would autofill password fields after either a form validation error or navigating to a previous install step, and display the plaintext password for the administrator account at the confirmation screen.