Jiu Jitsu vs InfoSec: Black vs Blue
This is part of a series comparing Jiu Jitsu with InfoSec.
In BJJ, your instructor might tell you that your goal should be the black belt, not the blue belt, meaning you should focus on your improvement over a long period of time, not a quick minimal win. Your instructor may call it “a journey” to signify this commitment. Black belts often talk about how they continually learn as well. Some students, though, start off with the idea that they will progress from white belt (the first belt — no knowledge) to blue belt (the second belt, some basic understanding), then quit. All they need, they say.
In InfoSec, we see some of those same people. While there are people who have been in the field for years, continually learning, we also have some who are comfortable with a limited knowledge. They tend to not progress in their careers — maybe they only know one particular sub-domain of security knowledge.
Like BJJ, InfoSec should be viewed as a journey. We have roles for people with limited knowledge, and we have roles for people with very advanced knowledge. You show me a person with advanced knowledge who thinks they don’t need to continue learning, and I’ll show you a person whose technical skills will atrophy and in a short time (probably a couple years) will no longer be valuable at all in this space.
Even if you’re a white belt in BJJ (or the equivalent in InfoSec), your goal should be the black belt (mastery).
Read more: Jiu Jitsu vs InfoSec: Time on the Mat
