Partner Perspectives  Connecting marketers to our tech communities.
10:00 AM
David Spark
David Spark
Partner Perspectives
Connect Directly

What 30 Classic Games Can Teach Us about Security

Information security experts share their thoughts on how participating in games and sports helped hone their professional skills.

15: Learn to cope with failing equipment

Game: Ironman triathlons

“Triathlons require tremendous mental and physical preparation to endure both the demands of the course and the unexpected circumstances that inevitably conspire to keep you from your goal,” said James Bindseil (@Globalscape), CEO at Globalscape and Ironman competitor.

When your equipment breaks down on the course or in your IT environment, you need the mental acuity to press on, said Bindseil. “If you enter the race with a defeatist attitude, you’ve lost already."

16: Fill in network gaps

Game: Tetris

“The game that best prepared me for working in security is Tetris. Everything has to fit in order for you to be successful,” said Pavel Krčma (@stickypassword), CTO at Sticky Password.

“Networks are ever-growing stacks composed of twisted pieces that at best fit together poorly leaving frustrating gaps, and at worst take the system down,” said Dan Kaminsky (@dakami), chief scientist and co-founder of White Ops.

“Any gap missed, and you can be leaving your data open to hackers and impending threats,” added Krčma.

17: Constantly assess risk

Games: extreme water sports

“Extreme sportspeople often take risks, but these risks are always analyzed and calculated,” said Marc Woolward (@vArmournetworks), CTO at vArmour and the current British and World Cup Masters champion of surf kayaking. “Like extreme sports, today’s digital enterprise operates within an inherently dangerous environment. The only way to survive and succeed in such conditions is to conduct careful risk assessments based upon known facts -- and act upon them."

18: Accept defeat. It’s part of security.

Games: Rymdkapsel, martial arts, paintball

“Much like security, the goal of Rymdkapsel (see GIFs) is to develop a system that can successfully defend your base against a never-ending onslaught of faceless enemies who cannot be reasoned with,” said Fidelis Cybersecurity’s Irace. “As in security, 100% success cannot be assured, and defeat may be inevitable, and that has to be part of the plan.”

“We don't always have to win -- we just have to protect ourselves from losing,” said Ben Tomhave (@falconsview), security architect at K12 and a practitioner of BJJ. “As defenders, we don't need to win so much as work for a tie, ensuring that attackers don't win,” he added.

“Playing paintball, you’re going to get hit, but you can’t think of that or you’ll be playing defense all day long. Think instead of how many people you’re going to hit,” said Zensar’s Fellini. “Have fun with security and understand that you’re going to get hit, but don’t dwell on it. Have fun and go out and hit the other team.”

19: Reveal patterns with minimal information

Games: Myst, logic puzzles

“In order to succeed in infosec, you need to have and understand the hacker’s mindset,” said Corey Nachreiner (@WatchGuardTech), CTO at WatchGuard. “For me, the puzzle solving in Myst encouraged and developed this sort of thinking.” 

Similar to Myst, “logic puzzles such as Cheryl’s Birthday give you the barest minimum information with which you can find the answer through logical deduction,” explained Dave Bennett (@ionusecurityinc), CTO at IONU.

“In the game Myst, players are dropped into an environment they might not understand, with only a little backstory. They explore and extract little bits of information that might be useful to solve the connected puzzles that allow them to move forward to their objective,” said Sam Elliott (@Bomgar), director of emerging products at Bomgar. “For me as a security professional, identifying with the way a foe might be thinking is key to being able to develop solutions that help prevent them from being able to move forward.”

20: Exercise your social-engineering skills

Games: Diplomacy, Dungeons and Dragons, poker

“Games like Diplomacy, Dungeons and Dragons, and poker, with their high emphasis on the social domain and emotional quotient [as opposed to IQ], are important since much of security involves fundamental human conflict and understanding of people,” said Arbor Networks’ Curry.

“To immerse oneself in a character, improvise lines and actions, and then respond quickly to interactions from the group has helped shape a lot of the ways I handle presentations, brainstorming sessions, and troubleshooting,” said Thycotic’s Wenzler. “Most RPGs [role-playing games] reward players for talking their way out of situations and acting in a way that is appropriate for their role in the group.” 

Conclusion: Gamers have the right mindset for security

“These types of games are similar to building a foundation and adapting to the changing threats information security professionals face,” concluded Bob West (@rkw59), chief trust officer at CipherCloud. “I'm convinced these games allow me to make better decisions not just in how information is protected, but also in making strategic business decisions.”

David Spark is a veteran tech journalist and founder of the brand journalism firm Spark Media Solutions. Spark has reported on the tech scene for more than 18 years in more than 40 media outlets. He blogs regularly at the Spark Minute, and you can listen to him weekly on his ... View Full Bio
4 of 4
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Apprentice
6/4/2017 | 11:56:01 PM
Re: Life Principles
Pretty good post. I found your website perfect for my needs. Thanks for sharing the great ideas. I liked the article, Ill be back to read more of your blog later =) Thanks for posting it, again!

happy wheels 
User Rank: Ninja
7/28/2015 | 1:28:14 PM
Monopoly Cheating?
Is concealing your finances cheating in Monopoly? I always stacked my bills for the same reason that you did but would not constitute it as cheating but strategy. If it is cheating, I would be very surprised.
User Rank: Ninja
7/28/2015 | 1:25:55 PM
Life Principles
Very interesting, great article. Many of these ideals can be leveraged not only in security but can be used as a good framework for life. I very much like how you applied each principle to real life security scenarios. Well done.
Russia Hacked Clinton's Computers Five Hours After Trump's Call
Robert Lemos, Technology Journalist/Data Researcher,  4/19/2019
Tips for the Aftermath of a Cyberattack
Kelly Sheridan, Staff Editor, Dark Reading,  4/17/2019
Why We Need a 'Cleaner Internet'
Darren Anstee, Chief Technology Officer at Arbor Networks,  4/19/2019
Register for Dark Reading Newsletters
White Papers
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2019-04-22
A vulnerability was discovered wherein a specially crafted URL could enable reflected XSS via JavaScript in the pony mail interface.
PUBLISHED: 2019-04-22
An issue was discovered in the Medha WiFi FTP Server application 1.8.3 for Android. An attacker can read the username/password of a valid user via /data/data/com.medhaapps.wififtpserver/shared_prefs/com.medhaapps.wififtpserver_preferences.xml
PUBLISHED: 2019-04-22
The tiff_document_render() and tiff_document_get_thumbnail() functions in the TIFF document backend in GNOME Evince through 3.32.0 did not handle errors from TIFFReadRGBAImageOriented(), leading to uninitialized memory use when processing certain TIFF image files.
PUBLISHED: 2019-04-22
An issue was discovered in GNOME gnome-desktop 3.26, 3.28, and 3.30 prior to, and 3.32 prior to A compromised thumbnailer may escape the bubblewrap sandbox used to confine thumbnailers by using the TIOCSTI ioctl to push characters into the input buffer of the thumbnailer's control...
PUBLISHED: 2019-04-22
A hard-link created from log file archive of Check Point ZoneAlarm up to 15.4.062 or Check Point Endpoint Security client for Windows before E80.96 to any file on the system will get its permission changed so that all users can access that linked file. Doing this on files with limited access gains t...