[BreachExchange] What CISOs can learn from Tyrion on Game of Thrones

Audrey McNeil audrey at riskbasedsecurity.com
Thu May 31 19:02:19 EDT 2018


Game of Thrones is a gripping, global phenomenon. One of the main reasons
for its popularity is its nuanced portrayal of characters who are not 100%
good or evil.

Over seven seasons, the HBO show has spun a complex web of personas. Some
reveal their motivations and fears, often at perilous cost. One of the most
engaging characters is the dwarf Tyrion, the youngest member of the feared
Lannister house. Over the course of the series, he morphed from a drunk
womanizer into the most shrewd and diplomatic character due to his uncanny
ability to bend the ear of those in power.

GoT shares incredible parallels with the world of cybersecurity (E.g., The
Wall can be likened to perimeter protection, White Walkers are the hackers,
the Iron Throne is like the company’s sensitive data, etc.). Carrying this
further, Tyrion single-handedly changed the way the White Walkers and their
army of the undead fared so far. What can CISOs learn from Tyrion to fight
off white walkers – er, hackers — and how can they turn colleagues into
allies in the fight, as Tyrion did with Daenerys and Jon Snow? Here are
some hard-won lessons CISOs can learn from “the little lion:”

Tyrion’s strengths

Over the series, we learn that Tyrion’s strengths lie in his ability to be
empathetic and use people’s motivations to suit his own needs, all while
being quick to identify problems (like his treacherous sister and father)
and head them off. In regard to the white walkers, he’s one of the first to
believe the king of the North, Jon Snow, and is critical in creating an
alliance with the show’s other hero, Daenerys Targaryen, mother of dragons.

Tyrion is instrumental in getting the two power players to work together
and put their differences aside in order to unite against the white walkers
and their undead army. He not only facilitates the initial communication,
but lays out the perils of ignoring the larger threat in favor of
short-term goals. His diplomacy, pragmatism and penchant for compromise
brings together Jon and Daenerys — two clashing personalities who
eventually go on to become the most united front against the larger evil.
He uses both his strong intellect and diminutive stature to gain the trust
of those around him and get them to let down their guard. He uses these
strengths to gain access and get things done — exactly what CISOs should be
able to do in their own organizations.

What CISOs can do in their organizations to ring the alarm

For CISOs, it can be a bit like herding cats when trying to unite the
executive suite, employees and users against hackers. Everyone has
different goals, whether it be short-term profits, streamlining user
experience, or simply inertia and apathy. CISOs have the unenviable task of
leading a team of ragtag warriors (the C-suite) to fight off the white
walkers (hackers.)

Here are some things CISOs can do that will help unite the front against
their enemies:

Get C-suite buy-in from the beginning. Tyrion used his relationships with
the most powerful people in Westeros to unite them in their long-term goal
of survival. A CISOs job is very similar. You are fighting for the survival
of your organization, and having the C-suite on board from the start to
help implement and push through necessary security precautions are vital.
Without the big players in the room agreeing on what the overall goal is,
no real actions can be taken to stop the hackers.

Show, don’t tell. In the most recent season of the “Game of Thrones,”
Tyrion used action, not words, to get his point across. He gathered all the
important power players to one arena and showed them an actual member of
the undead army to display exactly how real the threat was, shocking all
key players into submission (for a time at least). For CISOs, it’s
important to use data, past examples, studies — anything at your disposal
to show how an investment in the right security solutions can make a
difference and help protect your critical data. Showing and not telling can
sometimes be the most powerful tool at your disposal.

Know who you’re dealing with. You may work with personalities who
understand the significance of your goals (a la Jon Snow), or you could be
working with someone who prefers to bury their head in the sand and is more
preoccupied with short-term goals (like Cersei). Know which personality
you’re dealing with, their motivations, and share how they could lose if
nothing is done to stop hackers. Both fear and the likelihood of success
are powerful motivators, and it’s the CISO’s job to invoke either in the
right situation.

Tyrion can teach us a lot about business through his expert use of
communication and diplomacy to bring an organization together to fight
against hackers. His quick-thinking and pragmatism are attributes that are
highly sought-after in CISOs, because they are often the warning system to
a company of what could happen or is happening right now.

CISOs who are frustrated by the lack of a clear pathway or conclusion can
remember to heed Tyrion’s lessons of putting pride aside and collaborating
with the entire team — even if you don’t entirely agree with them — in
order to accomplish your singular goal: keeping the bad guys outside the
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20180531/603eb78f/attachment.html>

More information about the BreachExchange mailing list