Micro Focus is now part of OpenText. Learn more >

You are here

You are here

5 Things SecOps Can Learn from Dungeons & Dragons

Rik Ferguson VP, Security Intelligence, Forescout
Photo by Clint Bustrillos on Unsplash

Dungeons & Dragons (D&D) has been experiencing a cultural renaissance thanks to the popularity of TV shows such as Stranger Things, web series such as Critical Role, and clothing lines such as Death Saves. The tabletop role-playing game leans heavily on fantasy tropes such as wizards and warriors, elves and goblins, and the eponymous dungeons and dragons. In essence, D&D is a storytelling game built in a shared reality—codified by hundreds of pages of rules and presided over by a dungeon master.

Anyone who has ever experienced a SOC 2 or ISO 27001 audit might see the parallels between a lengthy framework of rules and their arbiter. Still, D&D is significantly more fun than a cybersecurity audit. In fact, when it comes to security preparedness there are quite a few lessons that security operations (SecOps) teams that are responsible for the security of connected assets—including myriad Internet of Things (IoT) devices—can learn from D&D. And they might just have a bit of fun along the way.

Assemble Your Party

From wizards and warriors to clerics and rogues, there are a wide variety of classes in D&D—each with its own specializations. The key to an effective adventuring party is to combine them in a way that the strengths of one character can mitigate the weaknesses of another. Building a cybersecurity team is no different. Aside from all the specialized roles within cybersecurity, such as incident-response or threat-hunting teams, an effective approach to security preparedness requires cross-functional collaboration between IT teams, operational-technology (OT) teams, and other lines of business to better understand how to balance business objectives with security requirements.

Cybersecurity Is a Campaign

Although there are so-called one-shot adventures in D&D, by and large the game is played over the course of multiple sessions as a campaign. It is important to approach cybersecurity the same way. The threat landscape itself is always changing; for many organizations, the rise of IT/OT convergence and IoT devices means their environment is becoming increasingly complex.

Cybersecurity is therefore a continuous process. Abandon the mantra of "set it and forget it." SecOps teams should be conducting periodic assessments of their environments to understand the business logic behind how devices operate and communicate in those environments. Deep visibility and automation can help ease this process.

Become All-Seeing and All-Knowing

D&D adventures tend to be filled with hidden treasures, secret rooms, and elaborate traps that can be sprung if you're not careful. As a player, this is all shrouded in mystery—but the dungeon master has advance knowledge in the form of detailed maps and notes, which are kept concealed behind a screen.

How can SecOps become more like the all-seeing and all-knowing dungeon master? One solution is effective visibility.

Visibility delivers a real-time map of the entire network, details of every device that connects to it, and contextual insight into communications flows. This enables SecOps to automatically discover all of their critical assets with the context needed to understand where they are, what they are, and how they communicate. Cybersecurity visibility solutions can also identify vulnerable devices and isolate them until they can be remediated—as easily as a rogue might disarm a trap in D&D.

Plan for Critical Failure

In D&D, when players attack, they roll a 20-sided die. Rolling a 20 is a critical hit; rolling a 1 is a critical failure. Unfortunately, in D&D there is little to be done to mitigate a critical failure, but that is not the case for security operations. Planning to fail is one of the most effective ways to build resilience into your cybersecurity preparedness.

Penetration testing can help to identify vulnerabilities that need to be remediated. Some organizations even embrace the role-playing aspect of D&D with tabletop exercises intended to drill the basics of responding to an incident. This can be helpful in identifying processes that need improvement before an actual crisis occurs.

Work on Your Modifiers

The 20-sided die is not the only thing that determines the effectiveness of your attack; your abilities and proficiencies can make a big difference, too. A greater level of strength will increase the power of your sword arm, while dexterity will make all the difference to your archery skills. Your proficiency with your weapon of choice will also determine your chances of success.

Novel attack techniques, emerging and zero-day vulnerabilities, and the evolution of technological and regulatory landscapes wait for no one. Cybersecurity requires a commitment to lifelong learning. Staying abreast of the latest attack and defense techniques means a commitment to training and the ability for introspection—learning from the success and, importantly, the failures of your perfectly prepared party.

Cybersecurity professionals don't need to leave their operations up to the roll of the die. By adopting new approaches to security preparedness with deep visibility and automation, they can level up their cybersecurity processes.

Keep learning

Read more articles about: DevOpsSecure DevOps