Lately, I have been thinking a lot about the various parallels between Brazilian Jiu-Jitsu and Information Security. I think this is a result of not being able to train on the mats since Covid has altered the way we live. Even though I began to train jiu-jitsu last year, I have developed a passion for it. It's extremely difficult to master since it goes against conventional thinking. A bigger and stronger person can be dominated by someone who is smaller and weaker. The "lesser" person can even do so off of their back, a position that most would think is disadvantageous. In this series, I will discuss how we can use jiu-jitsu as a tool to better understand the abstract world of InfoSec.

So why BJJ and InfoSec?

Chris Sanders - Investigation Theory

Last year, I had the pleasure of taking a class called, "Investigation Theory", which is instructed by Chris Sanders. The main objective of the class is how to think through a security investigation with the available data sources you have access to, knowing how to pivot off of those data sources, and how to limit your own biases. What stood out to me was the section on metacognition; the awareness of one's thinking or learning processes. To dive further into this, I read one of the books Chris recommends called, "Make It Stick." In the book, there is a memorization technique called, "Memory Palace." Essentially, it's a method which "involves storing information in the form of associative images in our minds. We then store these images in a virtual location in our mind, such as your house, street, school, etc. When we walk through this virtual location, we can work out the information from the images stored there." I'll go over this in more depth in another blog post.

Tim MalcomVetter and Jeremiah Grossman

I wanted to add to the conversation that Tim and Jeremiah had already started. I stumbled across Tim's blog earlier this year and immediately gravitated towards his approach to the two subjects. Running the Red Team for a Fortune 1, I know Tim brings a lot to the table when discussing both of these subjects. I'm excited and eager to learn more from him. Jeremiah created the Brazilian Jiu-Jitsu Smackdown which is an invite-only event where computer security professionals from all over the world collaborate and train Jiu-Jitsu. He's been in the industry for over 20 years and is a black belt in BJJ as well.

Make InfoSec concepts tangible

Often times, when I think of a security concept, it's difficult for me to visualize in my mind. In order to understand it, I have to spin up a virtual lab and walk through it step by step myself in order to see what exactly is happening. Since there are many analogies between InfoSec and jiu-jitsu I think BJJ can bridge the gap to make security concepts easily understood by all, especially non-technical audiences. Below you'll find a few topics that are relevant in both disciplines.

Screen-Shot-2020-11-24-at-12.56.48-PM

Feel free to sub jiu-jitsu for another sport or activity that has a similar offense-defense strategy. The goal of this series is to think of InfoSec concepts in a different way that resonates with the reader on a personal level.