Jiu Jitsu vs InfoSec: Focus on Weaknesses
This is part of a series comparing Jiu Jitsu with InfoSec.
BJJ instructors often tell progressing students to focus on improving their weaknesses so that those weaknesses are not exploited by their opponent. For instance, a player may have an exceptional side control game, but not have the ability to get into the side control position to use it. Training with multiple partners with multiple BJJ styles allows those weaknesses to emerge. After a long time in the same gym with the same training partners, regional competitions allow you new opportunities to discover weaknesses, simply by introducing new opponents with new styles and strategies.
The same is true of InfoSec: a security program that focuses on its strength will have its weaknesses exploited. A security program comprised of humble-minded practitioners will say “Yes, we are good at X now, but we have to fix A, B, and C as soon as possible.” Often the list is never ending, because there is a long road and your adversaries are training to beat you right now while you read this.
Read more: Jiu Jitsu vs InfoSec: Vocabulary
