🌊 Cyber Security: A Chess Perspective

I love analogies aye. It diversifies hobbies and there's skills we discover that turn out to be a bit transferrable. It ain't different to me for Chess and Cybersecurity. It's straight up uncanny how much cybersecurity lessons we can extract from a 1,400 year old board game. It's also a less lonely activity from hack the box. Good to have that abstract thinkin going to expand my mental tool box. It doesn't hurt that many terminologies are shared too! Let us begin, mate.

Asset

Now the king's the most important part of the game. We ensure that it's safe because once we're caught in a mating net, the game's pretty much over. In cybersecurity, asset is king. It's what corporate care about the most. I'd be lying if I said that this doesn't give me joy. The more risks, the more jobs for us. Threats ain't goin anywhere soon. It's just the reality of it aye. It's not a technology issue, it's human nature and happy to be in the part of good in the industry. 

Pieces

This refers to everything but the king and pawns. We're talkin Bishops, Knights, Rooks and Queen. It's what creates all them threats but also the same items.

The Game

It's divided into 3 phases. The Opening, Middle Game and End Game. The Opening is where you have to be principled and absolutely textbook. It's 1,400+ years old, don't be reinventin the wheel bruv. In Cybersecurity, this is a lot like the audit process. Updating devices, Password Managers, Privacy Settings, 2FA and all that dull lookin NIST compliant stuff. Yes, it's not that exciting for most (I disagree) but you need strong fundamentals even when perhaps the opposition want to badly skip all that and get to the Middle Game. This is kinda like some misled senior in corporate who doesn't recognise that value of it. Users don't respect it until they become real crazy compromi$ed. 

The Middle Game is where tactics and strategy comes together. This is a lot like the Blue, Red and Purple Team. You first have to ensure you get the CIA triad (Confidentiality, Integrity and Availability) protected. Confidentiality is when you secure your data, you wouldn't want your opposition in chess to know what you're planning! Integrity is tied to non-repudiation. We have to not be able to dispute the receipt like a chess algebraic notation. Hey, if the engine said that you played D4 (London System), you can't argue with that. Availability is ensuring that all assets stay active. You'd be in a hell lot of trouble if none of your pieces are activated and coherent by the time the Middle Game arrives. 

The End Game is what that one Avengers movie references. It's the result of doin your best fightin for the position and pieces ideal by the time this phase arrives. It's the stage that decides if it's a win or a draw. This is a lot like PenTesting from the Red Team. If the group finds success, you go to lessons learned, secure it and be a stronger player for the next match. 

Fighting Style

There's no correct "style". You use what works for you. 

Personally, being a big Manny Pacquiao and Gervonta Davis fan, I find comfort in calculated aggression. The puzzle's in the threats being given. I like reading the threats and respond accordingly. I found more success with that than playin pure defense and punish. I really tried! No luck. I just have better Offensive IQ than Defensive. 

I've trained wrong for too long. You'd think masters just exploit your weaknesses by how easily they violate their opponents on speedruns. Magnus, Hikaru, Naroditsky, Kasparov and even IMs like Levy sure make it look that way. No.. You exploit the offense! 

In Cybersecurity, thankfully we have OSINTs that exist, right? You'd want to know the attack being received to know how to defend it. Masters, it turns out, have just great defensive awareness so it looks as though their offense is unstoppable! They nullify the threats, risks and vulnerabilities that the opponents try to do. They know which squares the pieces should be in to accomplish that. It's amazing, really.

So, yeah. Technically, what I'm describing here is "styleless". Be water my friend. Ya can't fit the wrong lego bricks together. If you can't see a tactic, you play for better position that can likely spawn favourable patterns for you.

Sound familiar to a Cyber nerd? Ever heard of Risk Analysis and Threat Responses?