What 30 Classic Games Can Teach Us about Security
What’s This?
“My predisposition to be a gamer — and to gravitate toward certain kinds of games — also predisposes me toward security,” said Will Irace (@spblat), VP of technology alliances at Fidelis Cybersecurity.
Gaming is often a hidden form of training. In Ender’s Game, officials send the hero purposefully through a “game” to prepare him for the military. “The stress Ender goes through is not unlike the stress many cybersecurity professionals hit as well,” explained Steve Herrod (@herrod), managing director at General Catalyst Partners.
As you’ll soon see, there are plenty of analogies between gaming and security, but keep in mind that there is one significant caveat. While most games have structure, “the rules of cybersecurity are non-existent. There are no level playing field, no referee, and no arbitration authority,” noted Monzy Merza (@splunk), chief security evangelist at Splunk.
Read on for 20 sound security tips from a host of professionals and a list of great games to play to improve your infosec finesse.
1: Work as a team
Game: volleyball
“In both volleyball and security, working well with the rest of your team (IT, business operations, internal audit, etc.) is much more important than being the best individual player out there,” explained Robb Reck (@robbreck), CISO at Pulte Group. “An effective team knows when and where to pick up for the other players (what tasks are mine, and what are yours). One player who takes over everything ends up hurting the team in the long run.”
2: Manage the mind-numbing tedium of security
Games: World of Warcraft, poker
“Horrible, endless, boring repetition,” admitted Jayson E. Street (@jaysonstreet), infosec ranger at Pwnie Express, of the strategy necessary to win at both World of Warcraft and security. “You have to do repetitive tasks. You have to go out and collect a certain kind of trinket, or kill a certain type of monster a certain number of times to complete the quest. Not all infosec tasks involve fighting on the front lines of the cyberwar. The important things are repetitive such as making sure that systems are updated, making sure the IDS is configured properly, or enforcing policies.”
“[Similarly] poker, when done right, reduces to hours of tedium where you set up each hand to either be a small loss or a midsized gain,” said Jeffrey Bolden (@BlueLotusSIDC), managing partner at Blue Lotus SIDC. “Occasionally there is a situation you haven’t prepared for — instead of a quick fold, you get unexpectedly raised and the hours of tedium are broken with a moment of terror when you realize you’ve lost control of the situation and you are the one facing a choice between surrendering your pot equity or making a large bet against odds. Good security, like poker, is about avoiding those moments through preparing for scenarios.”
3: Play defense and offense simultaneously
Games: basketball, Risk
“The problem with our current information security program is that it is completely defensive in nature, always playing a half-court game on defense,” said basketball fan Jeff Bardin (@treadstone71llc), chief intelligence officer at Treadstone 71. “Information security needs offense to keep the opponent in a defensive posture.”
“Immediate advantage goes to those who can outthink their opponents early on in the game” when playing Risk, added Alan Kessler (@kessalan), CEO at Vormetric. “Like data encryption, your territory determines your risks. Some locations are easier to defend or attack, just like industries such as financial or healthcare.”
“Build an offensive front and disrupt their flank so they discover a weakness,” suggested Rob Juncker (@rjuncker), VP of engineering at LANDESK Software.
4: Stay ahead of your opponent and be prepared for attacks from any side
Game: chess
“Chess is all about protecting resources, primarily the king, from myriad attackers,” said Edward Dean (@perspecsys), CTO at Perspecsys.
“There are near countless numbers of ways that your enemy could approach and capture your king,” said Aaron Marks (@arcsource), VP of client services at Arcsource. “My job is to try to predict each potential method of attack and protect against all of them using every piece on the board working together.”
“In chess, when you don’t ask yourself what your opponent is threatening, you can easily lose valuable assets or get mated. Similarly, if you assume a piece is safe — be it on the board or part of a system — you will be compromised,” said Mikko Hypponen (@mikko), chief research officer at F-Secure.
“Think at least three steps ahead of your opponent, the bad guy, to win the battle,” said Varun Kohli (@vk_is), VP of marketing at Skycure.
David Spark is a veteran tech journalist and founder of the brand journalism firm Spark Media Solutions. Spark has reported on the tech scene for more than 18 years in more than 40 media outlets. He blogs regularly at the Spark Minute, and you can listen to him weekly on his … View Full Bio
Article source: http://www.darkreading.com/partner-perspectives/tenable/what-30-classic-games-can-teach-us-about-security/a/d-id/1321470?_mc=RSS_DR_EDT