Cybersecurity Maxims

What are your favorite leadership, strategy, or warfare maxims that apply to cybersecurity?

“There is nothing new under the sun,” the old adage goes, so let’s take that wisdom and apply it to cybersecurity.

The idea for this list came about when I recently shared my 2014 blog post What Did Sun Tzu Teach About Cybersecurity? and got many excellent comments from people sharing their own favorite Sun Tzu teachings. I have regularly blogged about Sun Tzu on Cybersecurity and now we are expanding that list and hope to include your favorites maxims, whether they are your own or from great historical thinkers of the past.

Many of the maxims listed below came from my friends across the Internet, and there are a few of my own as well. Please help make this list better by including yours as well — you can do it by (1) going to the original LinkedIn post and adding your comment, (2) posting your comment to this page, or (3) tagging me in a tweet with it!

The Maxims

“Every Battle is Won Before it is Fought” -Sun Tzu (submitted by David Long)
“Opportunities multiply as they are seized.” -Sun Tzu (submitted by Robin Austin)
“If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle.” -Sun Tzu (submitted by Carlos Flores)
“The art of war teaches us to rely not on the likelihood of the enemy’s not coming, but on our own readiness to receive him; not on the chance of his not attacking, but rather on the fact that we have made our position unassailable.” -Sun Tzu (submitted by Chris Dix)
“In all fighting the direct method may be used for joining battle, but indirect methods will be needed to secure victory.” -Sun Tzu (prior blog)
“You can be sure of succeeding in your attacks if you attack places which are not defended.” -Sun Tzu (prior blog)
“The spot where we intend to fight must not be made known; for then the enemy will have to prepare against a possible attack at several different points; and his forces being thus distributed in many directions, the numbers we shall have to face at any given point will be proportionately few.” -Sun Tzu (prior blog)
“Every battle is won before it is ever fought.” Gordon Gekko “quoting” Sun Tzu
“Now the general who wins a battle makes many calculations in his temple before the battle is fought. The general who loses a battle makes but a few calculations beforehand. Thus do many calculations lead to victory, and few calculations to defeat: How much more do no calculation at all pave the way to defeat! It is by attention to this point that I can foresee who is likely to win or lose.” -Sun Tzu (prior blog)
“Recognizing opportunities where others fail to and seizing them can make the difference between success and failure.” -Robin Austin
“The supreme art of cyberwar is to subdue the passwords without fighting.” -Jason Smith
“If you know the enemy and know [some guy with a great line of b.s.], you need not fear the result of a hundred battles.” -Edward Block
The friction and fog of war. Vom Kriege (On War) by General Carl Von Clausewitz. When parts collide -friction- “opportunities” -in cyber- warfare arise. Munitions (software/apps) don’t work as expected, orders are incorrect due to fear or poor communications/leadership, etc. Fog, not being able to sense anything through limited visibility, e.g. lack of knowledge. In cyber, fog could be a “salad” of routers -old and new hardware/software/firmware; incorrect white/black lists; not knowing what systems you own or their configuration. – Carlos Flores