Cybersecurity Checkmate

One of the oldest pastimes, and a hobby of mine for many years, is a game I learned as a child, which became famous last year due to a Netflix limited-run series called "The Queen's Gambit" Yep, I'm describing Chess.

Now, I'm not a Grandmaster, International Master, or just a regular master of Chess. I am around a 1200 ELO in classic Chess and about 800 ELO in blitz-style Chess. Okay, I probably bored you with those terms and lost you. I know, I know, I lost you when I said "Chess"—granted, this game was re-energized early last year with the Queen's Gambit streaming and binge-worthy series on Netflix. The story of a girl addicted to alcohol, drugs, and all the while, is a brilliant chess prodigy. For those that are now genuinely wondering, ELO is the chess rating used to determine a player's relative skill level and capabilities compared to the world's grandmasters! (https://en.wikipedia.org/wiki/Elo_rating_system)

I mention Chess because it's interesting how it's like the world of cybersecurity. Professionals, experiencing the pains of managing and reducing risk with various tactics for offense and defense. Most of the time, in organizations, we play defense, and it sometimes feels like we're playing checkers while the cybercriminals are playing Chess.

Chess is a game of offense, defense, and strategy where a player needs to checkmate the opposing side's King by using pieces to place it into a position where it cannot be moved and is no longer safe. In cybersecurity, professionals work to secure and protect an organization and its critical assets. In Chess, we must know who supports and can help protect the King. Each player has eight Pawns along with a pair of Rooks, Knights, Bishops, and a Queen as their arsenal for defending and protecting the King. There are strong defenses with technological devices like firewalls, routers, secure email gateways, and Endpoint Protection & Response agents in cybersecurity. In parallel, the defense will also serve as the offense in providing intel in the perspective of logs. In addition to the lessons learned from incidents within their organization, they will share data with ISACs (Information Sharing And Analysis Centers) and other organizations advising on threat intelligence.

Sometimes the judgment against organizations who suffer a breach is they aren't playing Chess. They're playing checkers and just moving forward, not relying on their business mission or vision or a strategy. Or they have a plan but lack the resources, funding, or support available, and it's all about just moving forward, risking that they do not lose pieces along the way.

Personally, playing Chess, frustration creeps in from time to time, especially encountering a loss. A couple of weeks ago, a fellow cybersecurity expert (and a good one, too) Jake Williams posted a tweet that explains how Chess is like an incident response for an event.

I appreciate this quote because having a bad opening, like poor planning, can result in a losing situation. Having issues and trouble right out of the gate will eventually lead to failure and starting over.

For the CISO, they are the player defending the King using the various pieces available to him. In Chess, a player's opponent sits across from them at a 64 square board or virtually online. For the CISO, their opponent is invisible, not seen but indeed an adversary, nonetheless.

For this CISO, they are relying on threat intelligence to understand their cyber opponents. Sitting at the table, the Chess player can study their opponent's body language, as with any strategy style of game, and like a common phrase in the world of Poker, you're not playing the game; you're playing the person. The CISO must be aware of its users, the technology, and processes, to ultimately reduce the risk for the organization.

Organizations that lack the strategy to implement defenses in the right ways are the ones that end up on the front page of news websites. Within the game of Chess, it involves strategy and planning, and it's crucial to improve on our strengths and fix our weaknesses. Sometimes those weaknesses are exposed to us, and it's essential to learn from others and ourselves to strengthen our game and defenses - on the board and in the organization.

By the way, if you are ever interested, you can find me over at chess.com playing 5-minute games of Chess with people all around the world with the screen name: JRMScooter (https://www.chess.com/member/jrmscooter).

Unfortunately, I cannot see who I play, but then again, that's like cybersecurity. We never truly can see our adversary. We have to plan, strategize and practice to place our pieces in the right place to protect our critical asset and use those same pieces to checkmate their King.