“In football if you don’t practice you don’t win and in cybersecurity if you don’t practice you don’t win.” -Critt Golden
With the SuperBowl less than a week away, I’ve found myself spending a lot more time thinking about football. It’s hard not to admire the skills of professional athletes, who compete at such a high level. While their abilities are impressive, the focus and dedication successful athletes have is almost more awe-inspiring.This got me thinking; what can football teach us about cyber security? Or better yet, how can cyber professionals train in a way that mirrors professional athletes?It seems this comparison has been made before, but in my opinion, it’s less about the ‘game’ itself, and more about how the players play it.
Offense, Defense, Offense
In football, offensive coaches are constantly looking to improve their game by watching films, diagramming plays, and of course, by having the players practice. Similarly, hackers gather data on a given company or individual and look for holes in their ‘offense,’ so when those protections are weakest, they can get into the system.In this offensive/ defensive, reactive environment that mirrors many competitive games, offense and defense are continuously changing as one party responds to another. During the ‘game,’ ‘players’ are expected to be performing at their most optimal level. Of course, we know that the Internet never stops, not even for a ‘time-out,’ so keeping pace is incredibly hard for cyber professionals.What’s more, with new technology and new vulnerabilities, the strategic and tactical battle is constantly evolving. It takes not only the abilities of an individual, but an entire team working and communicating seamlessly together with a clear, shared vision to even attempt to keep hackers at bay.Even with a ‘start quarterback,’ no organization has a silver bullet to security. Teams are always adjusting to changes and setbacks and new ‘enemies’ gaining their own new secret weapon, at least temporarily. You can almost picture team rivalries like Team Black Hat vs. Team White Hat.“They succeed and fail together. Only together will they have the resources and ability to meet the challenges presented by today’s sophisticated hackers – who ALSO work in teams,” says Allison Kramer, “When you draft your defense in fantasy football, you don’t do it player by player. It’s as a unit.”
Developing the Playbook
With a football team mentality in mind, and knowing that change is a large part of the what challenges athletes and cyber professionals, how can we expect individuals to perform their best, work alongside other prepared individuals, and know which threats are the most serious at a constant pace?It’s probably no surprise that our answer to this question is training. Every member of a security team must be able to perform on ‘game day,’ and that doesn’t mean running the same plays time after time. Practitioners in the field must be adaptable and able to respond in real time. They need hands-on experience with the tools they’ll encounter and should be regularly challenged to solve problems quickly and efficiently.This process should begin on ‘draft day,’ where new employees are assessed before they’re hired to ensure they’re the best fit for the team. That assessment process should continue throughout their career and coincide with new, continuous training.Managers must move past the idea that training is an ‘extra’ and start thinking like a football coach where there is no game without practice.“If football players just talked about football while sitting around a table or practiced against fake, cardboard cutouts of the opposition, they wouldn’t win. Your security analysts need real practice too. That practice needs to be on your real, production network leveraging your real security controls, processes and people against real attacks,” writes CSO Online.Leveraging a virtual environment where professionals can get their hands on the technology has been found as the best approach because it allows users to gain comprehensive skills in a safe, working environment without the need to invest in additional hardware and software.On Cybrary, virtual labs from Practice Labs
are popular options for individuals interested in honing the practical experience they need on the job
. These virtual labs are an affordable resource that can be easily integrated in any security training program.Keep in mind, however, that a player’s training must be robust and evolve over time. Continue to challenge your ‘star players’ with more advanced techniques so they can continue to develop and one day become coaches themselves.Your mentality should be to diversify the team and help them develop in their careers, adjusting the playbook as individuals skill-up and new opponents emerge. The playbook should never be stagnant.To make for a winning team, let’s break down the 'football cyber security approach' like this:
- Understand your opponent
- Leverage the team mentality
- Complete practical training often
- Adjust your playbook as new opponents emerge
And most importantly this Sunday, GO EAGLES!Olivia Lynch (@Cybrary_Olivia)
is the Marketing Manager at Cybrary. Like many of you, she is just getting her toes wet in the field of cyber security. A firm believer that the pen is mightier than the sword, Olivia considers corny puns and an honest voice essential to any worthwhile blog.