Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Hope Is Not a Strategy: Four Lessons ‘Survivor’ Taught Me About Cybersecurity

The Fijian island landscape may look very different from the Cyber Exposure landscape, but surviving them has more in common than you would think. And I have the personal experience to prove it.

In 2018, I took a short break from my position as a Technical Writer at Tenable and traded writing documentation for vulnerability management solutions for something a little less high-tech. I flew to Fiji to compete on the CBS reality television game Survivor: David vs. Goliath. I survived two cyclones, underwent grueling physical and mental challenges and lived on a diet of only rice and coconuts for 32 of 39 days, until I was voted out in eighth place. It was the experience of a lifetime, pushing me far beyond what I thought I was capable of.

Among the many challenges I faced on Survivor, I learned several valuable lessons. Here are four of my takeaways and how they relate to cybersecurity:

1. You can’t succeed alone

It’s basically impossible to survive on an island alone. As a tribe, we were completely responsible for building our own shelter, finding food and building fire. Though everyone came from different walks of life we all worked as a team, using everyone’s unique knowledge and skills to our advantage.

Much like a functional tribe, the Tenable Cyber Exposure ecosystem includes a wide range of integrations and technology partners. These integrated solutions help increase the breadth of visibility across the modern attack surface and foster better collaboration across Security and IT Operations teams.

I’m grateful that throughout my adventures, my manager and technical writing team at Tenable had my back and fully supported me. To me, their support exemplified the Tenable value of One Tenable: the idea that we’re all one team, working together and winning together.

2. You have to learn to prioritize risk

Like any game worth playing, there is no reward without risk. I knew the $1 million prize on Survivor wouldn’t come easy, and I would have to take risks to get myself further in the game. These decisions ranged from low-risk (sticking with the majority and voting out a consensus target) to high-risk (blindsiding my ally at a critical time because I thought it might get me closer to winning).

I constantly weighed external risks in the game. Was a clash of personalities with an adversary an imminent threat to my game? Was it worth cooking an extra scoop of rice if it meant we’d run out of our rice supply sooner? Evaluating and prioritizing the various risks in the game were key to making strategic decisions.

The need for prioritization probably sounds familiar to many cybersecurity professionals. According to the National Vulnerability Database, there were 16,500 new vulnerabilities disclosed in 2018 alone, of which only a small fraction was actively weaponized for cyberattacks. When faced with such a high number of vulnerabilities in the cybersecurity landscape, you have to be able to identify, investigate and prioritize risk in order to identify what poses an actual threat to your business. One way to do that is with Predictive Prioritization, a machine learning algorithm from Tenable which helps you focus on the vulnerabilities that matter most.

3. You must be able to adapt to an ever-changing environment

On day one of the game, the host Jeff Probst presented us with the following premise for our season’s theme: “It’s not about who has the advantage, but what is the advantage?”

Three weeks into playing Survivor, late into the game, my alliance was at a disadvantage because we were in the minority. It appeared we would be picked off by the majority alliance, which had the numbers over us. Suddenly, the strategic landscape of the game changed: one of my alliance partners found a hidden advantage, allowing us to steal a vote from the other alliance. True to Probst’s words, it didn’t matter who had the initial advantage, because we had an advantage that trumped theirs, allowing us to reclaim power in the game.

In cybersecurity, attackers often have the first-mover advantage. Security teams have the power to reclaim the advantage by developing a risk-centric mindset. The Tenable advantage is the ability to adapt to new and evolving threats. The Cyber Exposure landscape is constantly changing, so you have to learn to be adaptable when it comes to your cybersecurity efforts.

4. At times, being proactive is better than being reactive

It’s good to be adaptable and react to a problem. It’s even better to be proactive and know when something might become a problem before it does. On Survivor, when I found myself in danger of being voted out of the game, I couldn’t be passive and merely hope things would go my way.

I decided to live by the phrase, “Hope is not a strategy.” Being proactive meant I had to take matters into my own hands, like stepping up for the main role in a team challenge, or initiating a strategic conversation to solidify an alliance.

In cybersecurity, merely hoping your assets aren’t vulnerable isn’t enough to shield you from attacks. Instead, you have to take fate into your own hands and find solutions that help you close your Cyber Exposure gap.

Though I’m back at my usual job, writing documentation for our Tenable products, my experience on Survivor will never leave me. I learned the value of being a team player, as well as how to be analytical, adaptable and proactive. Just like the Tenable products I write about.

Watch the video below to hear more about my experiences:

Learn more about Tenable, the first Cyber Exposure platform for holistic management of your modern attack surface. Get a free 60-day trial of Tenable.io Vulnerability Management.

Subscribe to the Tenable Blog

Subscribe
Try for Free Buy Now

Try Tenable.io

FREE FOR 60 DAYS

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Sign up now.

Buy Tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

$2,190.00

Buy Now

Try for Free Buy Now

Try Nessus Professional Free

FREE FOR 7 DAYS

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy Nessus Professional

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save

Try for Free Buy Now

Try Tenable.io Web Application Scanning

FREE FOR 60 DAYS

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable.io platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Buy Tenable.io Web Application Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578.00

Buy Now

Try for Free Contact Sales

Try Tenable.io Container Security

FREE FOR 60 DAYS

Enjoy full access to the only container security offering integrated into a vulnerability management platform. Monitor container images for vulnerabilities, malware and policy violations. Integrate with continuous integration and continuous deployment (CI/CD) systems to support DevOps practices, strengthen security and support enterprise policy compliance.

Buy Tenable.io Container Security

Tenable.io Container Security seamlessly and securely enables DevOps processes by providing visibility into the security of container images – including vulnerabilities, malware and policy violations – through integration with the build process.

Learn More about Industrial Security

Get a Demo of Tenable.sc

Please fill out the form below with your contact information and a sales representative will contact you shortly to schedule a demo. You may also include a short comment (limited to 255 characters). Please note that fields with asterisks (*) are mandatory.