Jiu Jitsu vs InfoSec: All in the Details
This is part of a series comparing Jiu Jitsu with InfoSec.
In BJJ, you may think you’ve learned a certain move, but find out that it’s ineffective during sparring. As you break it down with your peers or your instructor, it’s quite often some very minor detail, such as how you placed your grip, the angle of a certain joint, or where you’ve placed your weight in relation to your opponent. The devil is in the details and having those very minor differences accounted for and lined up can be the difference between you submitting your opponent or being submitted.
In InfoSec, it’s often the same. We know the expression (thanks to Bruce Schneier I believe) that “security is a chain, it’s only as strong as its weakest link” and that link could be a subtle, conditional detail that is glossed over by your peers. Know the details, while still seeing the big picture. For example, understand why just using cryptography doesn’t make all security problems go away, or why a certain vulnerability may or may not be exploitable in all circumstances. Understand that there is a process gap which an attacker can exploit if A, B, C, and D are lined up just right.
Get your hands dirty in those details.
Read more: Jiu Jitsu vs InfoSec: Learn 1 Thing
