Five Reasons Digital Security Is Like American Football
|Butler's Interception (left) Made Brady's Touchdowns (right) Count|
"As I mentioned in the CEO roundtable, a comment that was made by one of my national security team — this is more like basketball than football in the sense that there’s no clear line between offense and defense. Things are going back and forth all the time,” he said.
I understand why someone on the President's national security team would use a basketball analogy; we all know the President is a big hoops fan. In this post I will take exception with the President's view, although I am glad he is involved in this topic.
The following are five reasons why digital security is like American football, not basketball.
1. Different groups of athletes play offense, defense, and special teams in football. It is rare to see a single player appear on more than one squad. (It does happen, though. Julian Edelman is a punt returner and wide receiver. JJ Watt has caught touchdowns a few times. And so on...) In basketball, five players are on the court, and they play both offense and defense. In digital security, it is exceptionally rare to find professionals who routinely work offensive and defensive operations. I recommend that they do, but daily life is generally not a mix of these disciplines. Digital security pros are more like American football players due to these groupings of expertise.
2. Digital security is highly specialized. There are simply too many areas of expertise to expect any single person to master more than one aspect. This is true within American football. It is rare for a player to routinely fill multiple positions, whether on the offense or defense. A few athletes come to mind, like Kordell Stewart, but they are exceptions. Basketball has positions and specialties as well, but they are not as distinct as football.
3. Lines and direction of activity in digital security are more like American football than basketball. It is rare for defenders to "score points," compared to the points scored by the offense. This is true for digital security and American football. Basketball, like ice hockey, is much more fluid, with the flow of play going back and forth. Now, some players in basketball and hockey are more offensive-minded than defensive minded, and vice-versa, but the idea of the "defense" scoring points against the "offense" doesn't really make sense in those sports.
|Sources: Business Insider, Arizona Cardinals|
5. Digital security involves progression across territory, in a manner more like football than basketball. Most of the action in a basketball game occurs in either team's half-court. In football, teams spend time across most of the field. This reminds me more of the progression of actions that must take place for an intruder to accomplish his mission.
Now, those of you with long memories of this blog may remember my 2006 post Digital Security Lessons from Ice Hockey. In that story I emphasized the benefits of "being well-rounded..." having "knowledge and capability in offense and defense." I still advocate that position, but I recognize that it is really tough to achieve it.
Those with slightly longer memories may remember my 2005 post Soccer-Goal Security, showing a player kicking the ball into a goal, while the goalie looks elsewhere. The point of that post was to focus one's defense on actual attacks, not theoretical concerns.
|Bejtlich's Mandiant Helmet|
Given that we used to get football helmets at Mandiant, you might have predicted this post...