Karate and cyber security: Everybody has a plan until they get punched in the face

For Patterson VP of CISO Peter Christy, martial arts and cybersecurity aren’t so different. Sure, one of them involves throwing kicks and blocking punches. The other requires writing code and working with computers. However, they’re both fundamentally related through their emphasis on the lens of defense.

A martial artist anticipates their opponent’s movements to predict a strike the same way cybersecurity employs proactive and reactive measures to build a defense and stop malicious actors. Being proactive is the cornerstone of any effective defense, and certainly in both disciplines.

This realization from Peter has played a big role in how he thinks about his job, and he’s applied that philosophy here at Patterson.

“The reality is, it’s rarely a highly sophisticated technique that causes a breach. The defender didn’t do the fundamentals as strongly as they could. It’s not fancy, it’s not always exciting, but you must rely back on the fundamentals and make sure you’re doing the basics really, really, really well.”

Back to the basics

Peter said this prioritization of the basics is something that’s hammered into you as a martial arts practitioner but the same is equally true with cybersecurity. It’s not like the movies where an attacker and defender are going head-to-head, throwing lines of code at each other. Attackers are much sneakier – attacks usually look like an unassuming email.

Peter started his interest in martial arts at a young age. He watched lots of Bruce Lee movies! He started his martial arts journey in his 20s at a Taekwondo dojo thinking he’d walk into a dojo and jump right into technique abilities, 560 spinning kicks and one-inch punches. The reality was much less exciting for a bright-eyed beginner. He started with the fundamentals and slowly worked up from there. A focus on fundamentals takes time, practice, form and repetition.

Peter took a break from martial arts – life happens – but is now a third-degree black belt.

In martial arts, good balance is essential. For cybersecurity, balancing security requirements with user experience is crucial.

Balance

Implementing overly strict security measures may be frustrating and lead to circumventing protocols (which we certainly don’t want to see), potentially compromising security. Conversely, prioritizing usability over security can result in vulnerabilities that cyber attackers exploit (which is maybe even worse!). It’s a fine balance that has to be managed and Peter puts a lot of time and thought into how Patterson’s cybersecurity parameters affect us – the users.

Innovation

There’s always something new to learn, no matter what discipline you’re talking about. Peter likened cybersecurity back to martial arts: there will always be something new and exciting for us to test out. Tools are constantly upgraded, new technologies come out, etc. But it’s all about revisiting those fundamentals along the way. These basics are what we build upon because innovation is still paramount for staying ahead of the threats who want your computer passwords.

Strategy

Peter presented all of the information being shared today at a cybersecurity conference called Secure 360. His final pillar of comparison was strategy, and he pulled a quote from the famous book The Art of War by Sun Tzu: “If you know yourself and you know the enemy, you need not fear the result of a hundred battles.”

This quote emphasizes the importance of knowledge, preparation and strategic thinking. Basically, if you know your own weaknesses then you understand where your opponents will try to strike.

As we’ve done through the rest of this story, the comparisons to cybersecurity are obvious. By understanding our own systems, networks and potential weaknesses, we can better defend against cyber threats.

As for Peter, he understands the monotony of doing some of the trainings involved at Patterson. However, they really do ladder up to protecting our company and ourselves at every level.