Don’t train for the wrong fight.

I recently spoke at Fal.con about the Adversary Mindset. As part of this presentation, I discussed my experiences of training in various martial arts. I have trained in various areas; including taekwondo, kuai jiao, combat-applied kenpo, judo, and brazilian jujitsu. In my time training, fighting, and watching fights, I have learned an important lesson: “Don’t train for the wrong fight.”

This concept is easily understood by anyone who followed the UFC in the 90’s. Initially, various combatants came to the fights prepared for what can be oversimplified as ‘kick boxing’. They trained hard. They were skilled fighters. Then emerged Royce Gracie. He experienced success in the ring because his opponents had not trained to fight how he fought. They did not understand their adversary.

Similarly, we, as cybersecurity professionals, must focus our efforts on what our adversaries are doing. We must understand why and how they fight. And our teams must train accordingly.

Learn to train for the fight you and your organization will face. Understand your adversaries’ mindset.