![[Original size] Yes2Tech Logo (3)_edited.png](https://static.wixstatic.com/media/818269_c61f4e099b9b46afaa3d06f9f6353d4b~mv2.png/v1/fill/w_60,h_92,al_c,q_85,usm_0.66_1.00_0.01,enc_auto/%5BOriginal%20size%5D%20Yes2Tech%20Logo%20(3)_edited.png)
Have you ever played with Lego or any other building blocks? You will have realized that you need to look at what you are trying to build from a holistic perspective while understanding how different pieces fit together. In the cyber world, these building blocks include effective cross-team collaboration, strategic planning, communication, and overall cyber resiliency. But even more importantly, establishing a strong foundation is crucial to anchoring the different building blocks together and connecting mind and body in cyber resiliency.
Generated by DALL-E
Cyber Resiliency Through the Eyes of a Jiu-Jitsu Practitioner
With over 12 years in cybersecurity and six years as a Jiu-Jitsu practitioner, I've discovered remarkable similarities between the mat and my life — personal and professional.
I’ve seen similarities in how situations are handled, conversations are had, and conflict deescalated.
Using Rener Gracie's "The 32 Principles: harnessing the power of Jiu Jitsu to succeed in Your business Relationship at Life,” he provides a unique framework that transcends martial arts, offering profound insights applicable to the world of cybersecurity — and the rest of your life.
There are six principles from the book I’d like to reflect on and will discuss the first principle in this blog post. These principles are applicable to the cyber and tech world to help create a more resilient cyber force. Something that is inherently critical to keeping pace with the fast-evolving cyber world while addressing cyber resiliency.
Principle One: The Pyramid Principle
The first principle explores the importance of establishing a robust foundation, mirroring the strength of a pyramid.
As a nerdy engineer, I got ecstatic about this principle. When I first began my Jiu Jitsu journey, I saw a lot of physics in the techniques and movements. Vectors, inertia, momentum, math equation, and Newton’s theories. Oh my! I went into full on geek mode!
I hold a bachelor’s degree in computer science, and while I’m an advocate for self-study rather than the typical educational program for the tech industry, this degree granted me a foundation for my life and career. It has formed the base for my cybersecurity journey, just like limestone, granite, basalt, gypsum, and baked mud bricks formed the base of pyramids around the world.
Over the years, society has changed and so has our accessibility to information and how we receive that information. If you like structure, pre-defined deadlines, and assignments, then I’d recommend going the higher education route. Conversely, some of the most impressive engineers I’ve met have been the self-educated and self-disciplined folks that took learning the fundamentals into their own hands, as they built and grew in their careers. This, however, is for its own blog post.
Back to the pyramids.
Generated by DALL-E
A pyramid is an amazing shape in areas such as engineering, mathematics, Legos, and Jiu Jitsu. In cybersecurity we have a fundamental practice of the CIA triad - Confidentiality, Integrity, and Availability (or Accessibility). These three points are the pillars of any security initiative. These three points are how a company protects its critical assets and what attackers leverage for their strikes.
So, how does a pyramid principle, aside from all the nerdy facts that I just gave you, relate to both jujitsu and cyber security?
It’s a solid way to invest in a strong foundation.
A take away from my last Jiu Jitsu competition was my stance. My base. You can’t be taken down if you have a solid stance. If you’ve developed a strong foundation and built in instincts, you remain immovable like the pyramids have been for many centuries.
So, one of the things that I've really been honing this year in my Jitsu is having a strong stance for this reason. I've done numerous squats and lunges to help with hip rotations/movement and dropping into fast momentum. In passing the Guard, we change levels, move and shift directions. There's a lot that plays into it.
Cisco defines Cyber resilience as …”an organization's ability to identify, respond, and recover swiftly from an IT security incident. Building cyber resilience includes making a risk-focused plan that assumes the business will at some point face a breach or an attack.”1
Much like when it comes to your base in Jiu Jitsu, it's hard to pivot if you're not in a solidified base stance – in essence if you don’t have a plan in place. You could be on one foot, but having to make swift movements, allowing you to adjust the angle and direction that you're facing. You may need to quickly go from one foot that replaces your last foot to move ahead and get to the next spot that you're walking towards. Without creating and instilling resilience in the people working in cyber security, we lose parts of the creativeness, precision and integrity required to drive cyber resiliency.
I see Jiu Jitsu really in four quadrants that encompass weight distribution or priorities in resilience. There are areas of attack that I can do from those areas and learning the different pieces that come into play in each of the areas has its own requirements. So, for a security professional, having a strong foundation in the area that they are protecting is crucial.
It's such a big, big, big role. Now, you could be a security professional in non-tech industries such as healthcare or military or just something that's not very tech heavy. It could be someone changing careers and moving into the tech industry for software. Regardless of background, understanding how software works, how to build it, how to write it, how to read it, plays into having a strong base stance. It becomes very useful.
I'm very fortunate I have a computer science background and really understand how software is like the belts in jiu jitsu practice. In addition, having worked in the tech industry I have a deep understanding of how SaaS products are created, and see all the different business units that are connected to the single product and how security plays into it.
You can't do your part without a strong foundation. It stops you from taking your shots. As I mentioned, when I’m on the mats, I'm not moving unless I know that I have a solid base to move, because if I do move, I'm distributing my weight in a certain area that's just not going to capitalize any shape or form for me.
Much like a Lego build requires a solid base to remain standing, security professionals, folks living life, anybody reading this, really start thinking about investing in that baseline.
Generated by DALL-E
Jiu Jitsu is one of the foundational pieces for a resilient baseline for me, what is yours?
What holds you up?
What keeps you going?
And that is your mind, your body, and your spirit.