Jiu Jitsu vs InfoSec: Survive

This is part of a series comparing Jiu Jitsu with InfoSec.

A brand new white belt may often be taken aside by an instructor and told: “Don’t try to submit the purple belt, just try to survive the 6 minute round.” This is good advice. Most newcomers may not realize just how non-intuitively they move on the mats, and they definitely don’t realize how the higher belt training partners are ensaring them in complicated human chess matches.

“Survive.”

That means you may be in a bad position, it may be unpleasant, you likely won’t win, but don’t do anything stupid that gives an easy submission to your more skilled opponent. Think “cat’s game” in Tic Tac Toe. White belts often accomplish this by keeping their chin and arms in tight, blocking certain basic movements. It’s not easy and it takes a long time to learn.

InfoSec is the same way.

The InfoSec practitioner in a first InfoSec job may become overwhelmed with terminology and concepts, and that’s just in meetings with peers, let alone dealing with an actual adversary.

The organization under attack that can maintain a certain defensive posture and endure an unpleasant attack may discover the attacker has become frustrated and moved on to an easier target. This maybe isn’t an organization performing advanced forensics and incident response, this is just an organization that knows how to keep its arms from being joint locked and protects its neck and back from basic chokes.

As time progresses, maybe the organization even learns how to perform simple sweeps to get the opponent off of them, but the organization started out with a simple objective: just survive. Nothing fancy, just keep in the game until the buzzer sounds off.

Read more: Jiu Jitsu vs InfoSec: Feel Your Opponent