This may sound like an odd question to many of you out
there, but with most of us WFH, have you been finding that you are playing more
board games with your kids in an effort to spend more time with them? If so, you are not alone. There are a number of families with whom I
have had conversations over the last week or so, and it seems like that board
games are the norm after dinner.
Whether its playing Twister, Trivial Pursuit, etc. at least you are engaging your mind with
others which helps stimulate the brain and the thought process far more that
just sitting in front of your computer or watching TV.
But there ,is one game out there, that could do more than
just that. It is called Chess. This is probably one of the most “thinking”
games that are involved, as it requires, skill, strategy, and even knowledge
about your opponent.
But being good at it does not happen overnight, rather it
takes time, and perhaps even a lifetime.
In fact, they are some people who are so good at it that they can even
make it a career. Personally, I have
played Chess the most back in high school, when I was on the team, and on and
off throughout college. Heck, I even
played it online a few times with friends as well.
So, you may be asking at this point where am I going with
this? Well, Chess can also be a great
way to build up your mindset to hone in your Cyber skills. Yes, everybody wants to have their skills
sharpened, but simply getting certs after certs or doing online training is not
going to cut it in the end. As Cyber
professionals, we all need to find ways to increase our thinking power, so here
are some ways in which playing Chess can actually do that:
1)
You can understand your opponent’s doubts:
In the world of Pen Testing the goal
of the Red Team is to get into the minds of a Cyberattacker, and literally
break down within the legal bounds of your contract. The same can said of Chess. You are trying to get inside the mind of your
opponent to see where their weaknesses may lie at. But the best thing about this particular
situation is that you are sitting directly in front of him or her. So, this gives you an opportunity to study
their gestures and reactions. Remember,
human beings react differently to certain things in the physical sense, so this
is the perfect opportunity to study those moves. And no, it does not AI or ML to do this. Remember, as I have pointed out before,
humans are also creatures of habits. It
is quite likely that the same bodily gesture will be used to reflect the same manners
of weaknesses.
2)
The creation of a plan:
In everything that I write as it relates
to security breaches, I always harp upon the need to have an Incident Response/Disaster
Recovery/Business Continuity Plans in place.
These are the documents that will guide you when you are hit. The same of true is of chess. You need to have some sort of plan in place
before you embark on your next game. It
doesn’t have to be on paper, but you need to have some sort of strategy mapped
out as to how you want to defeat in your opponent. Of course, unless this is a good friend of yours,
you will not know who your opponent is, therefore you need to be on your toes
to keep changing your strategy as your game evolves. This is the very same true of Cybersecurity. Simply knowing what the threat signatures
have been in the past are not enough to predict future strategies. Of course, you have AI and ML to help you to
do this, but in the end, you have to make your own calls. For example, you need
to have a game plan in mind every day as to how you plan to identify future
threats and combat them. Of course, they
probably will not evolve the way as you have planned out, but that is the beauty
here: Learning to be adaptable and make
changes to your game plan, as you have to do in Chess.
3)
Time management:
In the world of Cyber, there is no such
thing as time. We have to act quickly in order to keep the Cyberattacker at
bay. But of course, reality dictates the
opposite, as it takes IT Security teams at least 6 months to detect an attack
in progress, and the Cyberattacker of today is staying in for longer periods of
time in order to fully understand your environment. But once the moment happens, you have to be ready
to strike back in a minute’s notice. This
is where the value of time management comes into play. But unfortunately, the IT Security teams of
today are so overburdened that time management is not even heard of. For them, just trying to keep their heads above
for a single day without going insane is a herculean task. But playing a game of Chess (and often) and making
use of a time clock will help to a great degree sharpen your time management
skills. For instance, you are given a X
amount of time in order to make a move, and this could be the one that dictates
whether you win or lose the game. The
same can be said of trying to capture the Cyberattacker or fighting off a
threat.
4)
An Introduction to Automation:
As mentioned earlier in this blog, humans
are creatures of habit. We simply don’t
want to change unless we have to, even of it makes our lives easier. The same could also be said of automation. This is where the role of AI and ML come into
Cyber, especially when it comes to doing repetitive tasks and filtering out for
false positives. But in the world of
Chess, you do not have to all the time have a human opponent – you can also
have an automated one. This was made famous after Chess Master Garry Kasparov
lost to a computer automation tool developed by IBM called “Deep Blue”. This all happened back in 1997, so who knows how
much the technology has evolved since then?
More information about this historic Chess match can be seen at the link
below:
https://www.history.com/this-day-in-history/deep-blue-defeats-garry-kasparov-in-chess-match
My Thoughts On This:
So, here are some ways in playing a game of Chess parallels the
world of Cybersecurity, and how it can sharpen your IT Security Teams reasoning
and thought processes. Of course, it would
be great to sit in front of a Cyberattacker to learn their tactics and strategies,
but of course this will never happen until the turn to the good side.
As an IT Security manager, you need to challenge your staff
in different ways. Perhaps consider having
a Chess camp once a quarter where they do nothing but play games against each
other or a computer. True, it may sound kind
of boring, but have it some place where relaxation is the key, such as a
hotel. And of course, add some extra
incentive as playing a game of Chess may not excite all of your employees: A gift card for each attendee, and a grand
prize for the ultimate winner.
No comments:
Post a Comment