Partner Perspectives  Connecting marketers to our tech communities.
10:00 AM
David Spark
David Spark
Partner Perspectives
Connect Directly

What 30 Classic Games Can Teach Us about Security

Information security experts share their thoughts on how participating in games and sports helped hone their professional skills.

15: Learn to cope with failing equipment

Game: Ironman triathlons

“Triathlons require tremendous mental and physical preparation to endure both the demands of the course and the unexpected circumstances that inevitably conspire to keep you from your goal,” said James Bindseil (@Globalscape), CEO at Globalscape and Ironman competitor.

When your equipment breaks down on the course or in your IT environment, you need the mental acuity to press on, said Bindseil. “If you enter the race with a defeatist attitude, you’ve lost already."

16: Fill in network gaps

Game: Tetris

“The game that best prepared me for working in security is Tetris. Everything has to fit in order for you to be successful,” said Pavel Krčma (@stickypassword), CTO at Sticky Password.

“Networks are ever-growing stacks composed of twisted pieces that at best fit together poorly leaving frustrating gaps, and at worst take the system down,” said Dan Kaminsky (@dakami), chief scientist and co-founder of White Ops.

“Any gap missed, and you can be leaving your data open to hackers and impending threats,” added Krčma.

17: Constantly assess risk

Games: extreme water sports

“Extreme sportspeople often take risks, but these risks are always analyzed and calculated,” said Marc Woolward (@vArmournetworks), CTO at vArmour and the current British and World Cup Masters champion of surf kayaking. “Like extreme sports, today’s digital enterprise operates within an inherently dangerous environment. The only way to survive and succeed in such conditions is to conduct careful risk assessments based upon known facts -- and act upon them."

18: Accept defeat. It’s part of security.

Games: Rymdkapsel, martial arts, paintball

“Much like security, the goal of Rymdkapsel (see GIFs) is to develop a system that can successfully defend your base against a never-ending onslaught of faceless enemies who cannot be reasoned with,” said Fidelis Cybersecurity’s Irace. “As in security, 100% success cannot be assured, and defeat may be inevitable, and that has to be part of the plan.”

“We don't always have to win -- we just have to protect ourselves from losing,” said Ben Tomhave (@falconsview), security architect at K12 and a practitioner of BJJ. “As defenders, we don't need to win so much as work for a tie, ensuring that attackers don't win,” he added.

“Playing paintball, you’re going to get hit, but you can’t think of that or you’ll be playing defense all day long. Think instead of how many people you’re going to hit,” said Zensar’s Fellini. “Have fun with security and understand that you’re going to get hit, but don’t dwell on it. Have fun and go out and hit the other team.”

19: Reveal patterns with minimal information

Games: Myst, logic puzzles

“In order to succeed in infosec, you need to have and understand the hacker’s mindset,” said Corey Nachreiner (@WatchGuardTech), CTO at WatchGuard. “For me, the puzzle solving in Myst encouraged and developed this sort of thinking.” 

Similar to Myst, “logic puzzles such as Cheryl’s Birthday give you the barest minimum information with which you can find the answer through logical deduction,” explained Dave Bennett (@ionusecurityinc), CTO at IONU.

“In the game Myst, players are dropped into an environment they might not understand, with only a little backstory. They explore and extract little bits of information that might be useful to solve the connected puzzles that allow them to move forward to their objective,” said Sam Elliott (@Bomgar), director of emerging products at Bomgar. “For me as a security professional, identifying with the way a foe might be thinking is key to being able to develop solutions that help prevent them from being able to move forward.”

20: Exercise your social-engineering skills

Games: Diplomacy, Dungeons and Dragons, poker

“Games like Diplomacy, Dungeons and Dragons, and poker, with their high emphasis on the social domain and emotional quotient [as opposed to IQ], are important since much of security involves fundamental human conflict and understanding of people,” said Arbor Networks’ Curry.

“To immerse oneself in a character, improvise lines and actions, and then respond quickly to interactions from the group has helped shape a lot of the ways I handle presentations, brainstorming sessions, and troubleshooting,” said Thycotic’s Wenzler. “Most RPGs [role-playing games] reward players for talking their way out of situations and acting in a way that is appropriate for their role in the group.” 

Conclusion: Gamers have the right mindset for security

“These types of games are similar to building a foundation and adapting to the changing threats information security professionals face,” concluded Bob West (@rkw59), chief trust officer at CipherCloud. “I'm convinced these games allow me to make better decisions not just in how information is protected, but also in making strategic business decisions.”

David Spark is a veteran tech journalist and founder of the brand journalism firm Spark Media Solutions. Spark has reported on the tech scene for more than 18 years in more than 40 media outlets. He blogs regularly at the Spark Minute, and you can listen to him weekly on his ... View Full Bio
4 of 4
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Apprentice
6/4/2017 | 11:56:01 PM
Re: Life Principles
Pretty good post. I found your website perfect for my needs. Thanks for sharing the great ideas. I liked the article, Ill be back to read more of your blog later =) Thanks for posting it, again!

happy wheels 
User Rank: Ninja
7/28/2015 | 1:28:14 PM
Monopoly Cheating?
Is concealing your finances cheating in Monopoly? I always stacked my bills for the same reason that you did but would not constitute it as cheating but strategy. If it is cheating, I would be very surprised.
User Rank: Ninja
7/28/2015 | 1:25:55 PM
Life Principles
Very interesting, great article. Many of these ideals can be leveraged not only in security but can be used as a good framework for life. I very much like how you applied each principle to real life security scenarios. Well done.
New Free Tool Scans for Chrome Extension Safety
Dark Reading Staff 2/21/2019
Making the Case for a Cybersecurity Moon Shot
Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  2/19/2019
Register for Dark Reading Newsletters
White Papers
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2019-02-22
Citrix NetScaler Gateway 12.1 before build 50.31, 12.0 before build 60.9, 11.1 before build 60.14, 11.0 before build 72.17, and 10.5 before build 69.5 and Application Delivery Controller (ADC) 12.1 before build 50.31, 12.0 before build 60.9, 11.1 before build 60.14, 11.0 before build 72.17, and 10.5...
PUBLISHED: 2019-02-22
An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. Invalid input to the function xmlrpc_decode() can lead to an invalid memory access (heap out of bounds read or read after free). This is related to xml_elem_parse_buf in ext/xmlrpc/libxmlrpc...
PUBLISHED: 2019-02-22
An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A heap-based buffer over-read in PHAR reading functions in the PHAR extension may allow an attacker to read allocated or unallocated memory past the actual data when trying to parse the file...
PUBLISHED: 2019-02-22
An issue was discovered in PHP 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.2. dns_get_record misparses a DNS response, which can allow a hostile DNS server to cause PHP to misuse memcpy, leading to read operations going past the buffer allocated for DNS data. This affects php_parser...
PUBLISHED: 2019-02-22
An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A number of heap-based buffer over-read instances are present in mbstring regular expression functions when supplied with invalid multibyte data. These occur in ext/mbstring/oniguruma/regcom...