Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Partner Perspectives  Connecting marketers to our tech communities.
7/28/2015
10:00 AM
David Spark
David Spark
Partner Perspectives
Connect Directly
Twitter
RSS
50%
50%

What 30 Classic Games Can Teach Us about Security

Information security experts share their thoughts on how participating in games and sports helped hone their professional skills.

“My predisposition to be a gamer -- and to gravitate toward certain kinds of games -- also predisposes me toward security,” said Will Irace (@spblat), VP of technology alliances at Fidelis Cybersecurity.

Gaming is often a hidden form of training. In Ender’s Game, officials send the hero purposefully through a “game” to prepare him for the military. “The stress Ender goes through is not unlike the stress many cybersecurity professionals hit as well,” explained Steve Herrod (@herrod), managing director at General Catalyst Partners.

As you’ll soon see, there are plenty of analogies between gaming and security, but keep in mind that there is one significant caveat. While most games have structure, “the rules of cybersecurity are non-existent. There are no level playing field, no referee, and no arbitration authority,” noted Monzy Merza (@splunk), chief security evangelist at Splunk.

Read on for 20 sound security tips from a host of professionals and a list of great games to play to improve your infosec finesse.

1: Work as a team

Game: volleyball

“In both volleyball and security, working well with the rest of your team (IT, business operations, internal audit, etc.) is much more important than being the best individual player out there,” explained Robb Reck (@robbreck), CISO at Pulte Group. “An effective team knows when and where to pick up for the other players (what tasks are mine, and what are yours). One player who takes over everything ends up hurting the team in the long run.”

2: Manage the mind-numbing tedium of security

Games: World of Warcraft, poker

“Horrible, endless, boring repetition,” admitted Jayson E. Street (@jaysonstreet), infosec ranger at Pwnie Express, of the strategy necessary to win at both World of Warcraft and security. “You have to do repetitive tasks. You have to go out and collect a certain kind of trinket, or kill a certain type of monster a certain number of times to complete the quest. Not all infosec tasks involve fighting on the front lines of the cyberwar. The important things are repetitive such as making sure that systems are updated, making sure the IDS is configured properly, or enforcing policies.”

“[Similarly] poker, when done right, reduces to hours of tedium where you set up each hand to either be a small loss or a midsized gain,” said Jeffrey Bolden (@BlueLotusSIDC), managing partner at Blue Lotus SIDC. “Occasionally there is a situation you haven’t prepared for -- instead of a quick fold, you get unexpectedly raised and the hours of tedium are broken with a moment of terror when you realize you’ve lost control of the situation and you are the one facing a choice between surrendering your pot equity or making a large bet against odds. Good security, like poker, is about avoiding those moments through preparing for scenarios.”   

3: Play defense and offense simultaneously

Games: basketball, Risk

“The problem with our current information security program is that it is completely defensive in nature, always playing a half-court game on defense,” said basketball fan Jeff Bardin (@treadstone71llc), chief intelligence officer at Treadstone 71. “Information security needs offense to keep the opponent in a defensive posture.”

“Immediate advantage goes to those who can outthink their opponents early on in the game” when playing Risk, added Alan Kessler (@kessalan), CEO at Vormetric. “Like data encryption, your territory determines your risks. Some locations are easier to defend or attack, just like industries such as financial or healthcare.”

“Build an offensive front and disrupt their flank so they discover a weakness,” suggested Rob Juncker (@rjuncker), VP of engineering at LANDESK Software.

4: Stay ahead of your opponent and be prepared for attacks from any side

Game: chess

“Chess is all about protecting resources, primarily the king, from myriad attackers,” said Edward Dean (@perspecsys), CTO at Perspecsys.

“There are near countless numbers of ways that your enemy could approach and capture your king,” said Aaron Marks (@arcsource), VP of client services at Arcsource. “My job is to try to predict each potential method of attack and protect against all of them using every piece on the board working together.”

"In chess, when you don’t ask yourself what your opponent is threatening, you can easily lose valuable assets or get mated. Similarly, if you assume a piece is safe -- be it on the board or part of a system -- you will be compromised,” said Mikko Hypponen (@mikko), chief research officer at F-Secure.

“Think at least three steps ahead of your opponent, the bad guy, to win the battle,” said Varun Kohli (@vk_is), VP of marketing at Skycure

David Spark is a veteran tech journalist and founder of the brand journalism firm Spark Media Solutions. Spark has reported on the tech scene for more than 18 years in more than 40 media outlets. He blogs regularly at the Spark Minute, and you can listen to him weekly on his ... View Full Bio
Previous
1 of 4
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
vickipadila
50%
50%
vickipadila,
User Rank: Apprentice
6/4/2017 | 11:56:01 PM
Re: Life Principles
Pretty good post. I found your website perfect for my needs. Thanks for sharing the great ideas. I liked the article, Ill be back to read more of your blog later =) Thanks for posting it, again!

happy wheels 
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
7/28/2015 | 1:28:14 PM
Monopoly Cheating?
Is concealing your finances cheating in Monopoly? I always stacked my bills for the same reason that you did but would not constitute it as cheating but strategy. If it is cheating, I would be very surprised.
RyanSepe
100%
0%
RyanSepe,
User Rank: Ninja
7/28/2015 | 1:25:55 PM
Life Principles
Very interesting, great article. Many of these ideals can be leveraged not only in security but can be used as a good framework for life. I very much like how you applied each principle to real life security scenarios. Well done.
COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/25/2020
9 Tips to Prepare for the Future of Cloud & Network Security
Kelly Sheridan, Staff Editor, Dark Reading,  9/28/2020
Malware Attacks Declined But Became More Evasive in Q2
Jai Vijayan, Contributing Writer,  9/24/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-12505
PUBLISHED: 2020-09-30
Improper Authentication vulnerability in WAGO 750-8XX series with FW version <= FW07 allows an attacker to change some special parameters without authentication. This issue affects: WAGO 750-852 version FW07 and prior versions. WAGO 750-880/xxx-xxx version FW07 and prior versions. WAGO 750-881 ve...
CVE-2020-12506
PUBLISHED: 2020-09-30
Improper Authentication vulnerability in WAGO 750-8XX series with FW version <= FW03 allows an attacker to change the settings of the devices by sending specifically constructed requests without authentication This issue affects: WAGO 750-362 version FW03 and prior versions. WAGO 750-363 version ...
CVE-2020-4629
PUBLISHED: 2020-09-30
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a local user with specialized access to obtain sensitive information from a detailed technical error message. This information could be used in further attacks against the system. IBM X-Force ID: 185370.
CVE-2019-17098
PUBLISHED: 2020-09-30
Use of hard-coded cryptographic key vulnerability in August Connect Wi-Fi Bridge App, Connect Firmware allows an attacker to decrypt an intercepted payload containing the Wi-Fi network authentication credentials. This issue affects: August Connect Wi-Fi Bridge App version v10.11.0 and prior version...
CVE-2020-15731
PUBLISHED: 2020-09-30
An improper Input Validation vulnerability in the code handling file renaming and recovery in Bitdefender Engines allows an attacker to write an arbitrary file in a location hardcoded in a specially-crafted malicious file name. This issue affects: Bitdefender Engines versions prior to 7.85448.