"Resilience is not what happens to you. It's how you react to, respond to, and recover from what happens to you.” - Jeffrey Gitomer
Welcome to my holistic approach to the cyber world, where we take a deep dive into the intriguing realm of cyber resiliency through the arts, and by "arts," we're not talking about painting, but rather the profound world of martial arts.
With the multifaceted nature of resiliency, we can draw inspiration from martial arts philosophy to understand its profound impact on cybersecurity professionals and our cyber space.
Martial arts is a holistic discipline that encompasses the training of the mind, body, and spirit. Think pro athletes and UFC competitors—they spend hours honing their mental and physical prowess in preparation for any challenge. Yet, in the world of cybersecurity, a parallel in holistic training is notably absent. What does this mean? The cyber world has many similarities to martial arts including the fact that they both require risk assessment and threat modeling to identify potential vulnerabilities and exploits. However, cyber security lacks a holistic approach in building resiliency.
Drawing similarities between a martial artist preparing for a challenge and a corporation readying for an unscheduled pen test, we uncover the importance of training the body and instincts to be ready for the unexpected. Cyber resiliency, like martial arts training, involves considering worst-case scenarios and proactively addressing vulnerabilities.
Breaking the misconception that cyber resiliency requires only highly technical individuals, we explore the roles of technical specialists, technical generalists, and the importance of a well-balanced understanding of the cybersecurity landscape.
In a sector that is both complex and incredibly fast paced, a well-crafted and executed plan is crucial. In addition, so are multiple contiguous plans that are dependent upon highly skilled and supported technical specialists and generalists.
So, when we hear the quote from Mike Tyson, “Everyone has a plan, until you get punched in the mouth,” we generally don’t think that it applies to cybersecurity. Which begs the question in cyber resiliency, is there a plan for one of our most important assets…our people?
We see the need for resiliency in major companies and organizations across the world, from government agencies to the entertainment industry like MGM to service providers like Microsoft. There is continued vulnerability and as noted in a Forbes article by Emil Sayegh (1), lack of comprehensive tools and cohesion in the sector is to blame.
Such data breaches cost organizations millions of dollars annually and regardless of industry, the vulnerability is staggering. Aaron Drapkin in Tech.co (2) compiles a list of data breaches showing just how varied the impact is – social media icons like Apple and Meta, mobile carriers including T-Mobile, and service providers including Norton Healthcare and Toronto Public Library. Unfortunately, as the cyber space continues to grow, so will these threats, requiring an increasing urgency for resiliency.
The first step towards that is training and building discipline around resiliency in the industry. The training and discipline that I draw from comes from Rener Gracie’s recently released book: “The 32 Principles: Harnessing the Power of Jiu Jitsu to Succeed in Business Relationships in Life.”
Absolutely. Great read. I got both the physical copy and the audio book to really take advantage of multiple senses and appreciate the wisdom this book imparts. When I saw the book release, something just clicked. I was like, “Yes, this is what I was talking about! This is what has been swimming around my mind.”
As I hear from the Grand Masters themselves, I'm really excited that they put this information together and my goal is to make it mainstream in the realm of cybersecurity.
There are six principles from the book that I will be reflecting on and discussing in this blog over several posts. These principles are applicable to the cyber and tech world to help create a more resilient cyber force.
The six principles include:
The pyramid principle — investing in a strong foundation.
The anchor principle — committing wholeheartedly to the people, processes, and principles that optimize your effectiveness and your impact.
The creation principle — beginning with the end goal in mind, and then using targeted actions to make your vision a reality.
The Kuzushi Principle — seeking first to understand, then to be understood.
The Depletion principle — Overcoming resistance to patience, persistence, and pressure.
The Grand Master principle — living the confidence of a “black belt” while learning with the humidity of a “white belt”.
I delve into these principles and offer clarification to help envision and build resiliency in our cyber space.