15: Learn to cope with failing equipment
Game: Ironman triathlons
“Triathlons require tremendous mental and physical preparation to endure both the demands of the course and the unexpected circumstances that inevitably conspire to keep you from your goal,” said James Bindseil (@Globalscape), CEO at Globalscape and Ironman competitor.
When your equipment breaks down on the course or in your IT environment, you need the mental acuity to press on, said Bindseil. “If you enter the race with a defeatist attitude, you’ve lost already."
16: Fill in network gaps
“Networks are ever-growing stacks composed of twisted pieces that at best fit together poorly leaving frustrating gaps, and at worst take the system down,” said Dan Kaminsky (@dakami), chief scientist and co-founder of White Ops.
“Any gap missed, and you can be leaving your data open to hackers and impending threats,” added Krčma.
17: Constantly assess risk
Games: extreme water sports
“Extreme sportspeople often take risks, but these risks are always analyzed and calculated,” said Marc Woolward (@vArmournetworks), CTO at vArmour and the current British and World Cup Masters champion of surf kayaking. “Like extreme sports, today’s digital enterprise operates within an inherently dangerous environment. The only way to survive and succeed in such conditions is to conduct careful risk assessments based upon known facts -- and act upon them."
18: Accept defeat. It’s part of security.
Games: Rymdkapsel, martial arts, paintball
“Much like security, the goal of Rymdkapsel (see GIFs) is to develop a system that can successfully defend your base against a never-ending onslaught of faceless enemies who cannot be reasoned with,” said Fidelis Cybersecurity’s Irace. “As in security, 100% success cannot be assured, and defeat may be inevitable, and that has to be part of the plan.”
“We don't always have to win -- we just have to protect ourselves from losing,” said Ben Tomhave (@falconsview), security architect at K12 and a practitioner of BJJ. “As defenders, we don't need to win so much as work for a tie, ensuring that attackers don't win,” he added.
“Playing paintball, you’re going to get hit, but you can’t think of that or you’ll be playing defense all day long. Think instead of how many people you’re going to hit,” said Zensar’s Fellini. “Have fun with security and understand that you’re going to get hit, but don’t dwell on it. Have fun and go out and hit the other team.”
19: Reveal patterns with minimal information
Games: Myst, logic puzzles
“In order to succeed in infosec, you need to have and understand the hacker’s mindset,” said Corey Nachreiner (@WatchGuardTech), CTO at WatchGuard. “For me, the puzzle solving in Myst encouraged and developed this sort of thinking.”
Similar to Myst, “logic puzzles such as Cheryl’s Birthday give you the barest minimum information with which you can find the answer through logical deduction,” explained Dave Bennett (@ionusecurityinc), CTO at IONU.
“In the game Myst, players are dropped into an environment they might not understand, with only a little backstory. They explore and extract little bits of information that might be useful to solve the connected puzzles that allow them to move forward to their objective,” said Sam Elliott (@Bomgar), director of emerging products at Bomgar. “For me as a security professional, identifying with the way a foe might be thinking is key to being able to develop solutions that help prevent them from being able to move forward.”
20: Exercise your social-engineering skills
Games: Diplomacy, Dungeons and Dragons, poker
“Games like Diplomacy, Dungeons and Dragons, and poker, with their high emphasis on the social domain and emotional quotient [as opposed to IQ], are important since much of security involves fundamental human conflict and understanding of people,” said Arbor Networks’ Curry.
“To immerse oneself in a character, improvise lines and actions, and then respond quickly to interactions from the group has helped shape a lot of the ways I handle presentations, brainstorming sessions, and troubleshooting,” said Thycotic’s Wenzler. “Most RPGs [role-playing games] reward players for talking their way out of situations and acting in a way that is appropriate for their role in the group.”
Conclusion: Gamers have the right mindset for security
“These types of games are similar to building a foundation and adapting to the changing threats information security professionals face,” concluded Bob West (@rkw59), chief trust officer at CipherCloud. “I'm convinced these games allow me to make better decisions not just in how information is protected, but also in making strategic business decisions.”