Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Partner Perspectives  Connecting marketers to our tech communities.
7/28/2015
10:00 AM
David Spark
David Spark
Partner Perspectives
Connect Directly
Twitter
RSS
50%
50%

What 30 Classic Games Can Teach Us about Security

Information security experts share their thoughts on how participating in games and sports helped hone their professional skills.

15: Learn to cope with failing equipment

Game: Ironman triathlons

“Triathlons require tremendous mental and physical preparation to endure both the demands of the course and the unexpected circumstances that inevitably conspire to keep you from your goal,” said James Bindseil (@Globalscape), CEO at Globalscape and Ironman competitor.

When your equipment breaks down on the course or in your IT environment, you need the mental acuity to press on, said Bindseil. “If you enter the race with a defeatist attitude, you’ve lost already."

16: Fill in network gaps

Game: Tetris

“The game that best prepared me for working in security is Tetris. Everything has to fit in order for you to be successful,” said Pavel Krčma (@stickypassword), CTO at Sticky Password.

“Networks are ever-growing stacks composed of twisted pieces that at best fit together poorly leaving frustrating gaps, and at worst take the system down,” said Dan Kaminsky (@dakami), chief scientist and co-founder of White Ops.

“Any gap missed, and you can be leaving your data open to hackers and impending threats,” added Krčma.

17: Constantly assess risk

Games: extreme water sports

“Extreme sportspeople often take risks, but these risks are always analyzed and calculated,” said Marc Woolward (@vArmournetworks), CTO at vArmour and the current British and World Cup Masters champion of surf kayaking. “Like extreme sports, today’s digital enterprise operates within an inherently dangerous environment. The only way to survive and succeed in such conditions is to conduct careful risk assessments based upon known facts -- and act upon them."

18: Accept defeat. It’s part of security.

Games: Rymdkapsel, martial arts, paintball

“Much like security, the goal of Rymdkapsel (see GIFs) is to develop a system that can successfully defend your base against a never-ending onslaught of faceless enemies who cannot be reasoned with,” said Fidelis Cybersecurity’s Irace. “As in security, 100% success cannot be assured, and defeat may be inevitable, and that has to be part of the plan.”

“We don't always have to win -- we just have to protect ourselves from losing,” said Ben Tomhave (@falconsview), security architect at K12 and a practitioner of BJJ. “As defenders, we don't need to win so much as work for a tie, ensuring that attackers don't win,” he added.

“Playing paintball, you’re going to get hit, but you can’t think of that or you’ll be playing defense all day long. Think instead of how many people you’re going to hit,” said Zensar’s Fellini. “Have fun with security and understand that you’re going to get hit, but don’t dwell on it. Have fun and go out and hit the other team.”

19: Reveal patterns with minimal information

Games: Myst, logic puzzles

“In order to succeed in infosec, you need to have and understand the hacker’s mindset,” said Corey Nachreiner (@WatchGuardTech), CTO at WatchGuard. “For me, the puzzle solving in Myst encouraged and developed this sort of thinking.” 

Similar to Myst, “logic puzzles such as Cheryl’s Birthday give you the barest minimum information with which you can find the answer through logical deduction,” explained Dave Bennett (@ionusecurityinc), CTO at IONU.

“In the game Myst, players are dropped into an environment they might not understand, with only a little backstory. They explore and extract little bits of information that might be useful to solve the connected puzzles that allow them to move forward to their objective,” said Sam Elliott (@Bomgar), director of emerging products at Bomgar. “For me as a security professional, identifying with the way a foe might be thinking is key to being able to develop solutions that help prevent them from being able to move forward.”

20: Exercise your social-engineering skills

Games: Diplomacy, Dungeons and Dragons, poker

“Games like Diplomacy, Dungeons and Dragons, and poker, with their high emphasis on the social domain and emotional quotient [as opposed to IQ], are important since much of security involves fundamental human conflict and understanding of people,” said Arbor Networks’ Curry.

“To immerse oneself in a character, improvise lines and actions, and then respond quickly to interactions from the group has helped shape a lot of the ways I handle presentations, brainstorming sessions, and troubleshooting,” said Thycotic’s Wenzler. “Most RPGs [role-playing games] reward players for talking their way out of situations and acting in a way that is appropriate for their role in the group.” 

Conclusion: Gamers have the right mindset for security

“These types of games are similar to building a foundation and adapting to the changing threats information security professionals face,” concluded Bob West (@rkw59), chief trust officer at CipherCloud. “I'm convinced these games allow me to make better decisions not just in how information is protected, but also in making strategic business decisions.”

David Spark is a veteran tech journalist and founder of the brand journalism firm Spark Media Solutions. Spark has reported on the tech scene for more than 18 years in more than 40 media outlets. He blogs regularly at the Spark Minute, and you can listen to him weekly on his ... View Full Bio
Previous
4 of 4
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
vickipadila
50%
50%
vickipadila,
User Rank: Apprentice
6/4/2017 | 11:56:01 PM
Re: Life Principles
Pretty good post. I found your website perfect for my needs. Thanks for sharing the great ideas. I liked the article, Ill be back to read more of your blog later =) Thanks for posting it, again!

happy wheels 
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
7/28/2015 | 1:28:14 PM
Monopoly Cheating?
Is concealing your finances cheating in Monopoly? I always stacked my bills for the same reason that you did but would not constitute it as cheating but strategy. If it is cheating, I would be very surprised.
RyanSepe
100%
0%
RyanSepe,
User Rank: Ninja
7/28/2015 | 1:25:55 PM
Life Principles
Very interesting, great article. Many of these ideals can be leveraged not only in security but can be used as a good framework for life. I very much like how you applied each principle to real life security scenarios. Well done.
Florida Town Pays $600K to Ransomware Operators
Curtis Franklin Jr., Senior Editor at Dark Reading,  6/20/2019
Pledges to Not Pay Ransomware Hit Reality
Robert Lemos, Contributing Writer,  6/21/2019
AWS CISO Talks Risk Reduction, Development, Recruitment
Kelly Sheridan, Staff Editor, Dark Reading,  6/25/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-1619
PUBLISHED: 2019-06-27
A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device. The vulnerability is due to improper session ...
CVE-2019-1620
PUBLISHED: 2019-06-27
A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to upload arbitrary files on an affected device. The vulnerability is due to incorrect permission settings in affected DCNM software. An attacker could ex...
CVE-2019-1621
PUBLISHED: 2019-06-27
A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to gain access to sensitive files on an affected device. The vulnerability is due to incorrect permissions settings on affected DCNM software. An attacker...
CVE-2019-1622
PUBLISHED: 2019-06-27
A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to retrieve sensitive information from an affected device. The vulnerability is due to improper access controls for certain URLs on affected DCNM software...
CVE-2019-10133
PUBLISHED: 2019-06-26
A flaw was found in Moodle before 3.7, 3.6.4, 3.5.6, 3.4.9 and 3.1.18. The form to upload cohorts contained a redirect field, which was not restricted to internal URLs.