3 Things That Trailrunning and Cybersecurity Have in Common

I went for a fantastic trail run in the Boise foothills today after work. It's one of the many reasons I love Boise - you can be in the foothills within 10 minutes from my house, and it's one big hike and bike playground, and it's Spring!

Me, trailrunning in the Boise Foothills

As I was running off my winter beer belly, I realized that cyber-security and trailrunning have at least three things in common, and they are:

1: The tortoise beats the hare! Meaning that implementing and maintaining good security in the cloud is not a sprint, it's a marathon - be in it for the long haul! Don't sprint out of the gate, lose steam, and then stop improving your security posture because you got burned out. Small improvements day after day, over time, add up to excellent progress.

2: Pay attention to detail, or you might "twist an ankle". With trail running, if you don't watch where you put your feet, its easy to stumble, fall, or injure and ankle or knee. With cloud security, the same thing applies, but you'll injure your ability to accomplish your organizations goals. One misplaced comma, one bad ACL, or one misconfigured route table can shut down your production network, and possibly get you fired. So stay focused when you're making changes in security policy, or you could cause injury!

3: A little preparation goes a long way! With trail running, having adequate clothing, nutrition, and hydration can make a huge difference in how much you enjoy your trail run (or hate it). With cloud security, preparation is just as important. There are thousands of way to be prepared, but a few include...

• Staying aware of new threats and attack vectors
• Being crystal clear on your organizations goals as it relates to security practices
• Documenting your configurations in case you get hit by a bus, or get fired
• Staying on top of configuration management by having good policies and procedures
• Reviewing configurations for mistakes and errors before implementing that change in production

Those are just a few ways to be properly prepared, and they can make your task of improving your security posture MUCH more enjoyable, so don't just blindly go out there and start making changes to make your network more secure. Plan, prepare, review, and then proceed with confidence.

If you can think of any other ways in which cloud security is like trail running, I'd love to hear your comments. 

Stay fit, have fun, be secure, and I'll see you on the trails!