Jiu Jitsu vs InfoSec: Feel Your Opponent
This is part of a series comparing Jiu Jitsu with InfoSec.
As the white belt, in a world of information overload or maybe better described as on a road trip without a map, begins to piece together basic counter-moves to basic attacks from an opponent, it is not uncommon for the white belt to hesitate — even pause — to stop and think about the next step in the defense. Unless the white belt is rolling with an exceptionally patient training partner, the pause will cause the white belt to fall farther behind the OODA loop, missed defensive opportunities piling up, and eventually the opponent submits the white belt.
BJJ instructors often tell their students they need to “feel” their opponents moves, not watch for them with their eyes. When the physical contact changes — when a few pounds of force are applied in a different way, that’s the signal that the opponent is beginning a new attack, and the signal where the defender should be reacting immediately into the counter-move, such as starting a sweep to regain a top position. The counter move can’t be clunky, or choppy. It must be drilled until it’s smooth. It can’t be thought, it must be reaction; muscle memory.
In InfoSec, it’s the same.
When the SOC receives an alert, that’s the pressure indicator of a certain type of adversarial movement. If the analyst pauses to think for too long, instead of relying on SOPs for specific next steps, that is the opportunity the attacker needs to get ahead. The reactions must be determined before the input is received, and the input — no matter how subtle — must not be ignored.
Still want more? Read Jiu Jitsu vs InfoSec: Layers of Defense.