author photo
By Bruce Sussman
Fri | Feb 1, 2019 | 7:30 AM PST

Going to a part for the weekend's big game? Chances are high someone at the football get together will ask what you do.

Good news: You can use football to explain some basic concepts of what happens in cybersecurity.

This football versus cybersecurity analogy can help your friends, your family, and even your executive board get a picture in their minds of what cybersecurity is and about what you do in an understandable way.

4 ways football explains cybersecurity

1. There is an offense and a defense.

Football game: The team on offense is trying to score, the defense is trying to stop them.
Cybersecurity: Hackers are on offense, trying to score. Instead of the end zone, they want into computer systems to steal information. Cybersecurity professionals are on defense, trying to keep hackers out of each company's IT zone.

2. The defense must win all the time to keep the other team from scoring.

Football game: Even a great defense can lose. One slip, one fail, and in a moment the other team can get the winning score.
Cybersecurity: Security teams playing defense against hackers must be right all the time to win; hackers only have to be right once to win the game.

3. Both sides are watching each other and preparing for their next move.

We love what SecureWorld contributor, speaker, and cybersecurity expert Dan Lohrmann says about this similarity between football and InfoSec:

"Just as offensive coaches in football scout the other team, watch film, look for defensive weaknesses, diagram options, practice plays and more to be successful and score touchdowns, so hackers gather data on companies and governments, look for holes, find weak links and vulnerabilities in the people processes and technologies deployed. If the defense takes away one thing in football (like stacking the line against the run), the offense will adjust and try something else (like passing).

In the same way, hackers constantly adjust their methods and techniques to get around cyberdefenses. There are even attack/defend cyber competitions all over the country with young (and old) people learning different roles in red teams and blue teams. The main point is that both hacking strategies and online defenses are moving targets, not one-and-done challenges."

4. The rivalry never ends.

Football game: The battle between two teams in a particular match-up may end, but the focus immediately shifts to next week or next season. Football never stops.
Cybersecurity: Cybersecurity professionals win most of the time, thankfully. Defeating hackers and threats today is exactly that—a win for the day. Hackers and crybercriminals are always looking ahead to what's next and what will work in their next attempt. The hacking season never stops.

Beyond these big picture scenarios, just decide which role on the field or the sidelines of a football game can be used in this cybersecurity analogy. 

Now you've helped paint a picture for non-IT folks of how cybersecurity can be viewed as a football game. 

One with the highest stakes of all.

Tags: Cybersecurity,