In my previous article, I looked at how, like a motorcyclist, security providers and managed service providers (MSPs) can employ the SIPDE methodology as part of their ongoing cybersecurity services. In this piece, I am taking a look at the parallels between motorcycle driver training and cybersecurity practices, emphasizing vigilance, adaptability, and creative problem-solving in cyber defense strategies.
Years ago, when I was training for my motorcycle driver’s license, the instructor focused a lot on situational awareness and risk management. Motorcyclists are uniquely vulnerable on the road – no well-designed steel structure or airbag protects you if something goes wrong. What would be a minor event in a car – like a very slow-speed collision with a vehicle or object – can be deadly for someone on a motorcycle.
We emphasize that same focus on awareness and risk management to our partners when providing cybersecurity services to their customers. Thinking about the parallels brought to mind, Robert Pirsig’s classic book, “Zen and the Art of Motorcycle Maintenance,” reflects some of the same guidance we give our partners.
So, to all my dedicated, passionate, and tireless cybersecurity engineers and analysts, here’s some zen to get you through the day. The following quotes from the book apply to the excellent work that Red and Blue Teams do daily.
“You look at where you’re going and where you are, and it never makes sense, but then you look back at where you’ve been, and a pattern seems to emerge.”
Patterns are critical in an environment where cyber threats are ceaselessly evolving. That’s why tools that leverage artificial intelligence and machine learning to scan network activity and email anomalies are critical. No matter how talented your staff may be, they cannot manually manage that level of surveillance — technology can help you spot patterns that indicate a breach, even if they aren’t obvious.
“You climb the mountain in an equilibrium between restlessness and exhaustion.”
I am sure plenty of our partners have experienced restlessness and exhaustion in their quest to keep their clients protected – and you never quite get to the top of the mountain because the threats don’t go away.
“On any mechanical repair job, the ego comes in for rough treatment. You’re always being fooled and making mistakes, and a mechanic with a big ego to defend is at a terrific disadvantage.”
Ego in security can be a disaster. There is always someone smarter than you, and they are probably devising a phishing attack or malware attack that could cripple your clients. Assume the bad guys are three steps ahead of you, and act accordingly.
“The real purpose of the scientific method is to make sure nature hasn’t misled you into thinking you know something you don’t actually know. There’s no mechanic, scientist, or technician alive who hasn’t suffered from that one so much that he’s not instinctively on guard.”
Never assume you have something figured out unless you have good evidence. Cyberattacks are founded on deceit, and if you think you’ve got a handle on something in this field, you can quickly become complacent.
“Motorcycle maintenance gets frustrating. Angering. Infuriating. That’s what makes it interesting.”
You could easily substitute cybersecurity for motorcycle maintenance in that sentence. You are working against the craftiness of attackers and the bad habits of clients all the time, but there is no more critical puzzle to solve in our inherently connected era.
“Actually, a root word of technology, techne, originally meant ‘art.”’ The ancient Greeks never separated art from manufacture in their minds, and so never developed separate words for them.”
Cybersecurity specialists are technologists, but creative ones. We have to be. Do you know who some really creative people are? Cybercriminals. To successfully secure client networks, you need more than good tools; you need skilled staff who can think quickly and creatively to prevent and respond to attacks.
“The best students always are flunking. Every good teacher knows that.”
A few teachers might disagree, but there is a good point here in the value of failures. But you don’t just learn from mistakes; you can build on them. Each successful attack gives the cybersecurity industry some knowledge it didn’t have before. Each misstep in your MSP business tells you something you didn’t know. The key is to do something with those lessons.
“For every fact, there is an infinity of hypotheses. The more you look, the more you see.”
I see two cybersecurity analogies here. First, visibility is always critical regarding security – the greater our visibility into client systems, the more secure they will be. Second, this speaks to identifying opportunities. You are not just watching for immediate threats; you are also looking for vulnerabilities that haven’t been exploited yet or opportunities for new business with those clients by establishing yourself as a trusted partner who has their best interests in mind.
If you’ve read the book, do you have any favorite quotes or ones that parallel our lives in the cybersecurity industry and the channel? Share your favorite quote with me at jbeal@barracuda.com.
Note: This was originally published via Channel Futures.
Photo: Evgeny Bendin / Shutterstock