Jiu Jitsu vs InfoSec: Personal Space Bubble
This is part of a series comparing Jiu Jitsu with InfoSec.
In modern times, especially in Western cultures, we like our personal space. Social psychologists have conducted studies that measured our “bubble” and it turns out that on average ours is larger in diameter than other cultures.
A while ago on his podcast, Jocko Willink, retired Navy SEAL turned Leadership consultant who is also a BJJ black belt, presented an interesting perspective on Jiu Jitsu as a self-defense system that I had not previously considered: since training in BJJ requires hours and hours of close physical contact with your training partners, after some time that translates into becoming comfortable with the contact. When an actual attack happens, the BJJ practitioner’s response isn’t to flinch away from the discomfort of somebody inside their personal space bubble. Instead, through a form of operant conditioning, the BJJ practitioner responds with enjoyment, since the Jiu Jitsu training as a physical exercise tends to be physically and mentally rewarding, and all exercise can actually release endorphins (i.e. the “high” a runner or weight lifter can actually feel after exercise). It’s a confident response, not a fear response.
So rather than shrink away because a street thug has crossed into the socially awkward space of your personal bubble, you react almost as if this thug is just another training partner and rise to the occasion that your attacker has presented. This lack of flinching is important — in the first few milliseconds of the attack, the defender’s window of opportunity to turn the attack sideways shrinks quickly. An Air Force pilot named John Boyd called this the OODA loop, and a defender who can “observe, orient, decide, and act” quicker than the attacker may be able to reset the attacker’s OODA loop and win. Even a few milliseconds of time misspent dealing with the awkward close physical contact from the mugger can determine the difference between going home to your loved ones versus spending the night in the hospital (or worse). So, conditioning away the flinch response is a big deal.
In InfoSec, it’s the same — when the Blue Team (defenders) go through iterative rounds with the Red Team (simulated attackers), over time this exercise conditions the Blue Team to not panic (or at least to panic less) when certain Indicators of Compromise (IOCs) percolate through the security alert system. We have our normalcy bias, where we perceive everything as normal even if it’s not. This is the “deer in the headlights” reaction that can occur if, for the first time, we perceive an actual breach may be occurring. Red Teaming allows us to condition this response away. Blue becomes good at responding — confidence builds, response actions become second nature, and successfully containing Red might actually release endorphins as well.
When Blue observes what may be an attack, and the first reaction is “I bet it’s the Red Team” they respond with vigor to defeat an opponent who they perceive is their colleagues. We would all rather go up against our training partners rather than the real thing, so conditioning this reaction is ideal. We want these positive mental associations to outweigh fear so defenders can execute confident and decisive responses.
Whether in InfoSec or BJJ, get out and train. Don’t be “in the hole.” Respond with delight and go on the offensive.
