I heard this recently on the TV being attributed to Mike Tyson which made me chuckle for a couple of reasons. One because it is a great quote and secondly the surprise that such wise words actually came from Mike Tyson.
I would never want to upset him of course – but I don’t think it was an original quote from the champion boxer as various iterations of it have been used previously and it has been the title of an album by jazz guitarist Charlie Hunter. Jazz Club – Groovy.
But wherever it came from – it’s a great quote and concept and applies pretty much, to all things in life.
We all live and work according to plans. Some of the them may be quite loose – like my plan to win the lottery and live in luxury for the rest of my days and others are quite tight like a disaster recovery or business continuity plan. But whatever the situation, it’s good to have a plan.
My wife likes to write lists. She will create a strategic plan for pretty much everything we do. The reality is of course that no sooner has the ink dried on the page then the plan has changed due to a change in the situation.
Like all good plans – some work well and others come up against obstacles. In my experience, the latter is the more likely scenario – as nothing ever goes according to plan.
In the world of security – be it Physical, Infrastructure, Information or Cyber – we all have plans. These may be high level Strategic Plans which determine the main aim of security and the reasons why we need to do it – these are list makers. At this level you can do some homework about your opponent or adversary but it is mostly generic and often wide ranging. But you draft this plan knowing that it is subject to changes in situations.
Then, we have Operational Plans which determines how to implement certain things for certain situations in accordance with your Strategic Plan. These are a more specific and cater to our physical, technical and emotional skills. What tools do we have available, what are our strengths and perceived weaknesses? These are semi-loose as things can change at the operational level but generally these are not quick.
When we get down to the Tactical and Technical levels of planning you generally find that the best laid plans require some fancy footwork.
This is where you will quickly find out your weaknesses if you are not ready and prepared for them. That’s when a good plan is useful but ultimately won’t protect you. You may survive several little jabs but generally these are just testing your defences and responses and ultimately, lining you up for the big punch in the mouth.
If you think you can defend yourself by staying on the ropes and battling from there – think again as there is no escape route and your recovery plan wont work. If you don’t have sufficient techniques and skills in your arsenal and some creativity, then your continuity plan won’t work.
But most of all – if you don’t prepare and train in these areas, you are a sitting duck.
Of course, you could decide that it’s all far too risky and not do it in the first place. But where is the fun it that? Nobody ever won by not taking part.
I have never boxed in my life. I don’t own the kit. I have no idea about tactics and techniques. I am largely too unfit to dance around for 3 minutes of 12 rounds and would probably last less than 30 seconds against Mike Tyson.
Even if I studied him strategically for years and got myself prepared operationally with a fancy pair of gloves and boots – he would kill me. My plans would definitely fail at the first punch in the mouth.
Would I be able to keep going? Probably not.
Would I be able to recover? Probably not.
So, I would need to plan and make sure that I:
- Have a good team around me.
- Stay up to date with what my adversaries are doing and especially the ones I am likely to encounter.
- Make sure I know the latest tactics, techniques and procedures employed by my opponent.
- Make sure I have something that would counter the known indicators of compromise being used as best as I can.
- Never fall into the belief that I know everything and that I have everything covered in my plans.
- Train hard and get fit to defend myself.
- Learn how to avoid being hit in the first place (spot the signs of critical impact).
- Know that it is only a matter of time and what to do when I get hit.
- Wear sparkly shorts to work (optional).
Boxers have plans at all levels. Boxers know that they have to adapt and adopt new strategies at the tactical level. Boxers stay up to date with technical skills and tools. Boxers survive to fight another day even after suffering a punch in the mouth and generally learn from the experience. Boxers train hard.
Cyber defenders have plans at all levels. Cyber defenders know that they have to be flexible at the tactical and technical level. Cyber defenders know that they have to stay up to date with latest technology and tools. Cyber defenders learn from their experiences. Cyber defenders train hard.
Another great saying is “Train Hard, Fight Easy”. Military personnel are issued with a tee shirt with this on the first day of basic training. But it is a great quote and another simple concept.
If you attend a training course – make the most of it. Get everything you can out of the instructor. Make sure that your training makes an impact on life outside of the classroom.
In my mind that is the most important thing on a training course. Training must make an impact.
These days, I rarely have to punch my students in the mouth and they no longer allow me to wear the sparkly shorts to work. But I still aim to make an impact and if I don’t – I haven’t done a good job.
Train Hard and Prosper.
