Let the Cybersecurity (Winter) Games Begin

February 3, 2022 CyberArk Blog Team

Cybersecurity olympics

Nothing draws people together like sporting events — we love the inspiration that comes from witnessing the best of the best — and groan together in the agony of defeat. For the athletes themselves, events like the Winter Games represent the culmination of a lifetime of dedication. And while there’s no gold medal to celebrate their hard work, cybersecurity professionals spend their careers in similar fashion to top athletes — honing their craft as they fight the good fight. That’s why even a humble couch potato can learn a few security lessons from the Games, as the determination and camaraderie of the athletes parallel cybersecurity’s team sport mentality.

As the classic movie Cool Runnings teaches us (time and again), bobsled is a sport that requires agility, control and, most importantly, teamwork. Not only must security teams work together in lockstep, but they must also collaborate closely with other business functions — such as DevOps teams — to quote the movie, “feel the rhythm, feel the rhyme.” And since leaning too far in one direction can spell disaster, security approaches must strike the right balance between protecting the business and moving at the pace of innovation.

One of the most physically demanding sports of the Games, alpine skiing combines speed and skill. Slalom skiers must traverse down a winding mountain path, passing through gates positioned on alternating sides. Missing a gate can lead to disqualification. It’s a concept well understood by cyber attackers: to reach an intended target — the “finish line” — they must use hijacked privileged credentials to get through “gated” areas and unlock higher levels of access. Defenders understand that when an attacker inevitably barrels down the mountain, blocking this privilege progression is the best way to protect valuable assets from harm.

Like the figure skaters who weave together strength and beauty, cybersecurity threat researchers toe the line between science and art. Researchers have their own unique style and approach to problem solving, and sometimes the data they gather requires interpretation to work through various shades of grey. Analytics help them map connections, model threats and paint a comprehensive picture of the landscape.

Sometimes referred to as “chess on ice,” curling requires a great deal of strategy and patience to overcome the opponent. Cybersecurity requires the same mindset, with security teams thinking moves ahead, slowing attackers’ progression down the board and blocking access to valuable corporate assets. A mistimed or ill-aimed stone or an unprotected or misconfigured privileged account could give the opposing team the advantage and, ultimately, place you in checkmate.

Skeleton is one of the fastest-paced sports at the Games, with a single athlete sliding headfirst down an icy track at speeds of 80 miles per hour or higher on a tiny sled. In a DevSecOps-enabled business, DevOps is the “sled” you jump into to develop, test and release new innovations with agility and speed to meet fast-evolving customer needs. But the smallest detail, like the angle of a turn on the track or a mismanaged secret, can slow things down or even result in a multi-sled pileup (or a ripple effect down a supply chain). Shifting left to build security into development workflows can make the run as smooth as possible without sacrificing the speed you need to win.

Nothing depicts a Red Team vs. Blue Team exercise better than hockey. Much like red teams, forwards are laser-focused on scoring goals — often by whatever means possible. Adversarial simulations help these teams think like their opponents to outscore them. And like hockey defensemen stopping opponents from gaining the zone, Blue Team cyber defenders need a high degree of skill paired with hyper vigilance to close gaps and block shots.

Short track speed skating offers an extra layer of excitement with pack starts. Crashes are common as skaters jockey for position, hoping to pace themselves just right to end the race in first place. Security Operations Center (SOC) teams work in “short track” environments, where things can change in fractions of a second as analysts triage threats from all angles. Like a skater determining the best time to push ahead, SOC analysts must stay cool under pressure, quickly prioritizing and responding to the riskiest security events.

Snowboarding combines athleticism with the creativity of skateboard tricks. Sometimes the prevailing conditions on the halfpipe can affect an athlete’s performance — requiring adaptation midair. In the world of cybersecurity, adversaries are constantly adapting their methods, and security teams must be just as agile and creative to stay ahead. One thing is certain on the halfpipe and on security’s front lines: no two flight paths are ever the same.

The world-class athletes we see at the Games have gone through years of intensive training and preparation. Likewise, security defenders must prepare to stay on the edge of threat research trends, continuously advance their skills and race against time to outthink and outsmart attackers to win gold.



Previous Article
Why User Session Visibility is Key for Secure Applications
Why User Session Visibility is Key for Secure Applications

“What’s happening?” In the movie Office Space, it was a question to dread whenever Initech Vice President B...

Next Article
Secure Third-Party Access to Protect Water Systems and Critical Operational Technology
Secure Third-Party Access to Protect Water Systems and Critical Operational Technology

82 gallons: that’s how much water the average American uses each day. While we should all attempt to minimi...