The world of cybersecurity is not so different than a high-stakes chess game. In chess as in cybersecurity, players must outsmart their opponents, capitalize on their weaknesses in a timely and strategic manner, and think numerous steps ahead. As the need for cybersecurity grows in our increasingly digitized world, these skills will become more and more in demand.
With interest in chess booming, here are five ways in which strategic chess play can inspire the next generation of cybersecurity experts.
1. Understand Weaknesses
Chess, unlike its board, isn't just black and white. The best chess players must have mastery over tactics, strategy, openings, endgames, and more. Players must memorize key moves and predictable patterns while solving chess puzzles to hone their ability to adapt to near-infinite scenarios. Each skill must be finetuned on its own before being combined into a sum greater than its parts, and no one player is perfect in every regard.
Similarly, there is also no such thing as 100% cybersecure. There’s a famous saying in the cybersecurity industry: "You can’t protect what you can’t see." As in chess, cybersecurity experts must steep themselves in what is visible – assets, vulnerabilities, threats, patterns of past attacks, and so on – to prepare for what is not yet visible. Knowing that your own king is protected is as important as knowing when your opponent's king isn’t.
2. Get into the Minds of Opponents
In chess, each turn is a complex effort to estimate what an opponent will do next and then determine how to respond to that estimated move, how the opponent will respond to the response, and so on. The very same principle is key to a good cybersecurity strategy. Getting insight into the opponent's mindset by studying past moves is key to intuiting future ones.
Using adversarial techniques, red teams, and vulnerability research, cybersecurity experts also attempt to find their own weaknesses. Sometimes a single weakness in security posture will be enough for an adversary to exploit the entire network – a dangerous gambit. The goal is to always stay ahead by knowing those weaknesses better (and sooner) than bad actors do. The adage "know thyself" is imperative – in cybersecurity, in chess, and in life.
3. Have a Plan — Any Plan
"A bad plan is better than no plan." This quote from former World Chess Championship competitor Mikhail Chigorin should guide every chess player. Moving pieces without a clear guiding strategy makes it difficult to evaluate the situation and make required changes when needed. If you're making moves on the fly, you've already lost.
The cybersecurity world is noisier and filled with even more unknowable possibilities than a chess game. Thus, it is critical to ensure that every security decision an organization makes is part of a thoughtful, comprehensive long-term strategy, built around concrete objectives. Incident planning, for example, is a good way to ensure that once an incident occurs and panic likely ensues, the right controls and processes will already be in place.
4. Keep Time on Your Side
Time is a key element in chess. If you don’t organize your pieces fast enough, your opponent will get an advantage. If you play too slow, you'll be pressured later to make suboptimal decisions.
As a cyber defender, the growing number of increasingly sophisticated threat actors forces you to outsmart an unpredictable opponent faster than they outsmart you. And the playing field isn't just an eight-by-eight checkered board right in front of you. In the cybersecurity game, opponents ceaselessly attempt to exploit your systems, and they do so along myriad invisible, global digital connections.
Be timely, or be hacked.
5. Automate … Everything
The advent of computers has changed chess dramatically. When the Deep Blue computer beat World Champion Garry Kasparov in 1997, chess programs became a must-have for every professional player. These programs enable players to analyze games and prepare for matches while allowing them to focus on creativity and strengthen weaknesses in a controlled environment.
For cybersecurity, the use of automation whenever possible is key to staying ahead of the meteoric rise in the number of devices and types of connectivity; it is simply impossible for the human brain to keep track of so much at once. Having the right automated cybersecurity tools will allow security staff to focus on the most important challenges, without leaving basic security functions unaddressed.
The Internet has made it easier than ever for anyone to learn and play chess. This is beneficial for an increasingly online generation, challenging young minds in new ways and potentially positioning them as the cybersecurity experts of the future.