Jiu Jitsu vs InfoSec: All in the Details

Tim MalcomVetter
Jul 20, 2017 · 1 min read

This is part of a series comparing Jiu Jitsu with InfoSec.

In BJJ, you may think you’ve learned a certain move, but find out that it’s ineffective during sparring. As you break it down with your peers or your instructor, it’s quite often some very minor detail, such as how you placed your grip, the angle of a certain joint, or where you’ve placed your weight in relation to your opponent. The devil is in the details and having those very minor differences accounted for and lined up can be the difference between you submitting your opponent or being submitted.

In InfoSec, it’s often the same. We know the expression (thanks to Bruce Schneier I believe) that “security is a chain, it’s only as strong as its weakest link” and that link could be a subtle, conditional detail that is glossed over by your peers. Know the details, while still seeing the big picture. For example, understand why just using cryptography doesn’t make all security problems go away, or why a certain vulnerability may or may not be exploitable in all circumstances. Understand that there is a process gap which an attacker can exploit if A, B, C, and D are lined up just right.

Get your hands dirty in those details.

Read more: Jiu Jitsu vs InfoSec: Learn 1 Thing

)

Tim MalcomVetter

Written by

Red Team Leader at Fortune 1. I left my clever profile in my other social network: https://www.linkedin.com/in/malcomvetter

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade