Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Partner Perspectives  Connecting marketers to our tech communities.
7/28/2015
10:00 AM
David Spark
David Spark
Partner Perspectives
Connect Directly
Twitter
RSS
50%
50%

What 30 Classic Games Can Teach Us about Security

Information security experts share their thoughts on how participating in games and sports helped hone their professional skills.

“My predisposition to be a gamer -- and to gravitate toward certain kinds of games -- also predisposes me toward security,” said Will Irace (@spblat), VP of technology alliances at Fidelis Cybersecurity.

Gaming is often a hidden form of training. In Ender’s Game, officials send the hero purposefully through a “game” to prepare him for the military. “The stress Ender goes through is not unlike the stress many cybersecurity professionals hit as well,” explained Steve Herrod (@herrod), managing director at General Catalyst Partners.

As you’ll soon see, there are plenty of analogies between gaming and security, but keep in mind that there is one significant caveat. While most games have structure, “the rules of cybersecurity are non-existent. There are no level playing field, no referee, and no arbitration authority,” noted Monzy Merza (@splunk), chief security evangelist at Splunk.

Read on for 20 sound security tips from a host of professionals and a list of great games to play to improve your infosec finesse.

1: Work as a team

Game: volleyball

“In both volleyball and security, working well with the rest of your team (IT, business operations, internal audit, etc.) is much more important than being the best individual player out there,” explained Robb Reck (@robbreck), CISO at Pulte Group. “An effective team knows when and where to pick up for the other players (what tasks are mine, and what are yours). One player who takes over everything ends up hurting the team in the long run.”

2: Manage the mind-numbing tedium of security

Games: World of Warcraft, poker

“Horrible, endless, boring repetition,” admitted Jayson E. Street (@jaysonstreet), infosec ranger at Pwnie Express, of the strategy necessary to win at both World of Warcraft and security. “You have to do repetitive tasks. You have to go out and collect a certain kind of trinket, or kill a certain type of monster a certain number of times to complete the quest. Not all infosec tasks involve fighting on the front lines of the cyberwar. The important things are repetitive such as making sure that systems are updated, making sure the IDS is configured properly, or enforcing policies.”

“[Similarly] poker, when done right, reduces to hours of tedium where you set up each hand to either be a small loss or a midsized gain,” said Jeffrey Bolden (@BlueLotusSIDC), managing partner at Blue Lotus SIDC. “Occasionally there is a situation you haven’t prepared for -- instead of a quick fold, you get unexpectedly raised and the hours of tedium are broken with a moment of terror when you realize you’ve lost control of the situation and you are the one facing a choice between surrendering your pot equity or making a large bet against odds. Good security, like poker, is about avoiding those moments through preparing for scenarios.”   

3: Play defense and offense simultaneously

Games: basketball, Risk

“The problem with our current information security program is that it is completely defensive in nature, always playing a half-court game on defense,” said basketball fan Jeff Bardin (@treadstone71llc), chief intelligence officer at Treadstone 71. “Information security needs offense to keep the opponent in a defensive posture.”

“Immediate advantage goes to those who can outthink their opponents early on in the game” when playing Risk, added Alan Kessler (@kessalan), CEO at Vormetric. “Like data encryption, your territory determines your risks. Some locations are easier to defend or attack, just like industries such as financial or healthcare.”

“Build an offensive front and disrupt their flank so they discover a weakness,” suggested Rob Juncker (@rjuncker), VP of engineering at LANDESK Software.

4: Stay ahead of your opponent and be prepared for attacks from any side

Game: chess

“Chess is all about protecting resources, primarily the king, from myriad attackers,” said Edward Dean (@perspecsys), CTO at Perspecsys.

“There are near countless numbers of ways that your enemy could approach and capture your king,” said Aaron Marks (@arcsource), VP of client services at Arcsource. “My job is to try to predict each potential method of attack and protect against all of them using every piece on the board working together.”

"In chess, when you don’t ask yourself what your opponent is threatening, you can easily lose valuable assets or get mated. Similarly, if you assume a piece is safe -- be it on the board or part of a system -- you will be compromised,” said Mikko Hypponen (@mikko), chief research officer at F-Secure.

“Think at least three steps ahead of your opponent, the bad guy, to win the battle,” said Varun Kohli (@vk_is), VP of marketing at Skycure

David Spark is a veteran tech journalist and founder of the brand journalism firm Spark Media Solutions. Spark has reported on the tech scene for more than 18 years in more than 40 media outlets. He blogs regularly at the Spark Minute, and you can listen to him weekly on his ... View Full Bio
Previous
1 of 4
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
vickipadila
50%
50%
vickipadila,
User Rank: Apprentice
6/4/2017 | 11:56:01 PM
Re: Life Principles
Pretty good post. I found your website perfect for my needs. Thanks for sharing the great ideas. I liked the article, Ill be back to read more of your blog later =) Thanks for posting it, again!

happy wheels 
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
7/28/2015 | 1:28:14 PM
Monopoly Cheating?
Is concealing your finances cheating in Monopoly? I always stacked my bills for the same reason that you did but would not constitute it as cheating but strategy. If it is cheating, I would be very surprised.
RyanSepe
100%
0%
RyanSepe,
User Rank: Ninja
7/28/2015 | 1:25:55 PM
Life Principles
Very interesting, great article. Many of these ideals can be leveraged not only in security but can be used as a good framework for life. I very much like how you applied each principle to real life security scenarios. Well done.
7 Truths About BEC Scams
Ericka Chickowski, Contributing Writer,  6/13/2019
DNS Firewalls Could Prevent Billions in Losses to Cybercrime
Curtis Franklin Jr., Senior Editor at Dark Reading,  6/13/2019
10 Notable Security Acquisitions of 2019 (So Far)
Kelly Sheridan, Staff Editor, Dark Reading,  6/15/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-12865
PUBLISHED: 2019-06-17
In radare2 through 3.5.1, cmd_mount in libr/core/cmd_mount.c has a double free for the ms command.
CVE-2017-10720
PUBLISHED: 2019-06-17
Recently it was discovered as a part of the research on IoT devices in the most recent firmware for Shekar Endoscope that the desktop application used to connect to the device suffers from a stack overflow if more than 26 characters are passed to it as the Wi-Fi name. This application is installed o...
CVE-2017-10721
PUBLISHED: 2019-06-17
Recently it was discovered as a part of the research on IoT devices in the most recent firmware for Shekar Endoscope that the device has Telnet functionality enabled by default. This device acts as an Endoscope camera that allows its users to use it in various industrial systems and settings, car ga...
CVE-2017-10722
PUBLISHED: 2019-06-17
Recently it was discovered as a part of the research on IoT devices in the most recent firmware for Shekar Endoscope that the desktop application used to connect to the device suffers from a stack overflow if more than 26 characters are passed to it as the Wi-Fi password. This application is install...
CVE-2017-10723
PUBLISHED: 2019-06-17
Recently it was discovered as a part of the research on IoT devices in the most recent firmware for Shekar Endoscope that an attacker connected to the device Wi-Fi SSID can exploit a memory corruption issue and execute remote code on the device. This device acts as an Endoscope camera that allows it...