Jiu Jitsu vs InfoSec: Focus on Weaknesses

Tim MalcomVetter
Jul 20, 2017 · 1 min read

This is part of a series comparing Jiu Jitsu with InfoSec.

BJJ instructors often tell progressing students to focus on improving their weaknesses so that those weaknesses are not exploited by their opponent. For instance, a player may have an exceptional side control game, but not have the ability to get into the side control position to use it. Training with multiple partners with multiple BJJ styles allows those weaknesses to emerge. After a long time in the same gym with the same training partners, regional competitions allow you new opportunities to discover weaknesses, simply by introducing new opponents with new styles and strategies.

The same is true of InfoSec: a security program that focuses on its strength will have its weaknesses exploited. A security program comprised of humble-minded practitioners will say “Yes, we are good at X now, but we have to fix A, B, and C as soon as possible.” Often the list is never ending, because there is a long road and your adversaries are training to beat you right now while you read this.

Read more: Jiu Jitsu vs InfoSec: Vocabulary

)

Tim MalcomVetter

Written by

Red Team Leader at Fortune 1. I left my clever profile in my other social network: https://www.linkedin.com/in/malcomvetter

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade