What 30 Classic Games Can Teach Us about SecurityInformation security experts share their thoughts on how participating in games and sports helped hone their professional skills.
8: Develop team-based situational awareness
Games: basketball, hockey, soccer, dodge ball
“If you ever watch a basketball, hockey, or soccer team, where the players have been playing for a while, they instinctively know where their teammates will be on the court, rink, or field,” explained Edward Haletky (@texiwill), managing director at The Virtualization Practice. “Similarly, in dodge ball you have to know where you are and where everyone else is at all times. It builds great situational awareness, which is required for security professionals -- something they can help others to learn as well as to use themselves.”
9: Flex real-time response skills
Games: Doom and first person shooters
“There is nothing like a Zerg rush to create the panic of a DDoS attack,” said Daniel Riedel (@riedelinc), CEO of New Context.
Eddie Schwartz (@eddieschwartz), international VP of ISACA and president and COO of White Ops, agrees. He loves the stress of playing the real-time first-person shooter game, Doom.
“True success is in your team's ability to be prepared, be agile, and act decisively in the face of much stronger numbers and innovative enemies,” said Schwartz.
10: Manage your resources
“In security, we don’t have the luxury of unlimited time and resources to prepare against an attack, because we don’t know when it will come,” said Adrian Sanabria (@sawaba), senior analyst at enterprise security practice 451 Research. “In both Minecraft and information security, you have to understand the threats and your time/resource limitations. Then you have to act and hope the time and resources you have are enough to be ready when the attack comes.”
11: Learn how to hack
Games: Dungeons and Dragons, Rogue
“Dungeons and Dragons is complicated, literate, creative, social, open-ended, and has about a gazillion rules, all ripe for hacking,” said Bruce Schneier (@schneierblog), CTO at Resilient Systems Inc. “What better way to imbue someone with the security mindset?”
Playing Rogue exposed Wendy Nather (@RCISCWendy), research director at Retail CISC/ISAC to “unintentional functionality” that resulted in a bug in the game’s code. “I learned how to cheat,” admitted Nather.
The bug, Nather discovered, was the unstoppable power of a reused arrow, which allowed her to get the high score.
“I learned how to think creatively, try functions in ways that were never intended, and hunt around for things to exploit,” said Nather. “In other words, I learned to hack.”
12: Build defenses and manage penetration
The real-time strategy and first-person shooter game Savage taught Lee Holloway (@icqheretic), co-founder and lead engineer at CloudFlare, critical aspects of managing exploits in his defenses. The game uses a combination of intelligent commanders and soldiers who do the grunt work, and it was highly akin to Holloway’s work in security.
“A hacker will send the equivalent of his soldiers [his probes] to look for weaknesses in your infrastructure, and then attempt to exploit them when he finds them. Good products will deny these attacks, but you also need probes of your own, designed to watch for and record these attacks, sending the intelligence back internally so you can build a better defense,” explained Holloway. “Good security is a strong defensive foundation that denies the opponent intel.”
13: Plan for the worst
SimCity wouldn’t be much of a challenge if you didn’t have to deal with random natural (e.g., tornados, fire) and unnatural (e.g., monsters) disasters.
“Without the right planning and placement of elements in the game that prevent or mitigate these disasters, there is a negative impact on overall progress,” explained Jason S. Dover (@jaysdover), director of product line management at KEMP Technologies. “Data centers metaphorically mirror the complex infrastructures of the cities built in real life and in the game. The planning and architecture phase is the best point to think about how to prevent and mitigate security risks.”
14: Develop strategy or win by cheating
“Monopoly taught me to plan, not just react to what is happening this turn, but to think about what may or may not happen in the future; to have a strategy and be ready to react to things that are outside of my control from paying other players after landing at their hotel or going directly to jail,” said Adam Ely (@adamely), co-founder of Bluebox Security. “This planning of strategy, knowing where and when to buy and how to account for the unknown, is much like building a security program.”
If strategy doesn’t work, then maybe you can cheat.
“Playing Monopoly, I would conceal the amount of money I actually had so that my competitors underestimated my buying power,” said Steve Prentice (@stevenprentice), writer at CloudTweaks. “This taught me to trust no one, especially when they look legitimate since I would never want to be taken by someone as underhanded as myself.”
David Spark is a veteran tech journalist and founder of the brand journalism firm Spark Media Solutions. Spark has reported on the tech scene for more than 18 years in more than 40 media outlets. He blogs regularly at the Spark Minute, and you can listen to him weekly on his ... View Full Bio
3 of 4