Jiu Jitsu vs InfoSec: Conservation of Energy

This is part of a series comparing Jiu Jitsu with InfoSec.

If you go into a BJJ gym during the sparring section of a class, chances are you’ll see a brand new white belt (newcomer) sweating profusely, pushing with all available strength, and tiring out quickly. Maybe you are that white belt. If you’ve trained Jiu Jitsu for awhile, you most certainly remember that being you and your instructor telling you how the intense exertion and quick loss of energy is a sign you’re not doing it the most efficient way.

One of the reasons why there are people training BJJ well into their 70s and 80s is based on this concept: conserve your energy. This directly ties back to the previous principle of leverage. If your energy is applied in the most efficient way possible, at the precise leverage point, you will tire out less often and last longer against your opponent.

The same can be said of InfoSec.

If your SOC is manually reviewing billions upon billions of security events per week, they will grow tired. The enthusiasm of a new team member will wane and burn out in short order. They will “tap out” and find a new job.

If your attempts at policy compliance result in 80 hour weeks, you won’t last long and mental sanity will fade quickly. You’ll give up to your opponent. It’s time to “tap out” and ask peers for advice on a new approach.

If you are managing thousands upon thousands of discovered vulnerabilities and trying to get system and application owners to patch in a timely fashion, but you find your mouth drying out as you repeat the same reason why patching is important over and over again, it’s a sign you’re not being as efficient as you could be. “Tap out.”

Observe the amount of energy being exerted, if it’s high, it may be a sign to take a new approach to become more efficient.

Read more: Jiu Jitsu vs InfoSec: Survive