I have to admit that I am caught up in the recent Game of Thrones (GoT) hype.

I have read all of George RR Martin’s books and am now re-watching all the episodes from the beginning in advance of the final season. In watching the show, I began thinking about how GoT relates to cyber security. Let’s have some fun and see where this concept leads us!

There can only be one who sits on the throne.

The fundamental theme of GoT centers on the struggles of a myriad of rich characters from around the 7 kingdoms and beyond to claim the Westeros throne – the ultimate prize. To reach the throne, rivals resort to treachery, warring, and even magic.

While we live in a real and more civilized time, the concept of having one person responsible for cyber security in any organization is paramount. My old boss, one of the best CIOs I ever reported to, had a saying that is very GoT-esque: he wanted “one throat to choke”! 

While it sounds crass, the idea is that he wanted to ensure one – and only one – person was the leader and responsible for his or her area within the organization. As CISO, it was abundantly clear that I had sole responsibility for all things cyber security-related. My CIO made it clear that he did not have cyber security expertise and that he relied on my counsel and expertise. He also made it clear that if I had a strong conviction about an issue threatening the organization and he did not support it, I had his approval to go “over his head” and take the issue to the company’s President and the Board of Directors. I never had to go over his head, as he was very supportive in approving reasonable budget and staffing request and increases.

Always expect the unexpected.

Besides the rich characters and plot lines, one of the allures of GoT is that you never know who might be adversely affected in some way, or, at worst, “eliminated”.  Popular characters like Rob Stark and his mother Cat were surprisingly slaughtered at Rob’s own wedding - the “Red Wedding”. And who can forget Tywin Lannister’s murder by the hand of his own son, Tyrion, as he sat on another type of “throne” – a toilet. Even children were not immune to GoT savagery where we saw several meet their demise throughout the eight seasons. 

Other surprising plot arcs saw characters adversely affected in some interesting way, such as Jaime Lannister, who loses his right hand and thus virtually eliminates his abilities as a master swordsman. As CISOs, we never know what we will be faced with as we walk into the office or respond to a call in the middle of the night. We have to “prepare for the worst and hope for the best”. 

Pay attention to the little things.

Arguably, no character is more interesting and powerful than the “imp”, Tyrion Lannister. Despite his diminutive stature, Tyrion uses his keen and superior intellect to worm his way out of one dreadful situation after another – any one of which could result in his demise. Tyrion has survived the eight seasons of GoT and is a champion of the weak and oppressed. We, as CISOs must be aware of the smallest issue or anomaly that may be a harbinger of dangerous and much larger cyber security-related issues.

One of the best examples of this concept is the basis for the seminal cyber security book, Clifford Stoll’s, The Cuckcoo’s Egg.   The gist of the real-life story is that Mr. Stoll was tasked with system administration duties at the Lawrence Berkeley National Laboratory.  In those “olden days”, mainframe computer usage was expensive.  Mr. Stoll investigated a minuscule 0.75 cent discrepancy in the accounting system that resulted in a multi-national hacker investigation.

I am not advocating that we worry about every little security issue or anomaly. But with experience, CISOs can usually “sense” when something that is seemingly minute may lead to a much larger issue.

Even the “Wall” can be breached.

Every GoT fan knows that there is a huge ice wall in the North that separates and protects the 7 kingdoms of Westeros from the “wildlings” and the “white walkers” who reside on the North side of the wall. Additionally, the wall is “manned” by the “Brotherhood of the Black”. The “Brothers” take oaths of celibacy and are dedicated to protecting the kingdom from attack from the North.

At one point in the story, the dead “white walkers” are moving South and the human “wildlings” breach the wall in an attempt to escape to the perceived security of the South. As CISOs, we know that even the best firewalls are no guarantee that our networks and systems will not be breached. Nefarious actors will take advantage of any means to gain access to their targets by circumventing firewalls, whether by email attack, unpatched systems, misconfigured systems, etc. 

Beware of dragons.

In GoT, three fire-breathing dragons have hatched and grow to their full and gruesome adulthood.  Despite some armies having superior forces, the army that has one or more dragons is at a distinct advantage. These fearful, albeit mythical beasts, fly over their foes and completely vanquish and devastate anything in their path. 

In cyber security, we have several levels of possible attackers. On the low end we have the “script kiddies” and on the high end we have state-sponsored actors. I would liken the state-sponsored actors to dragons. They have the necessary time and resources with which to attack their targets.

As CISOs, we need to be aware of the types of attacks that may be waged against our networks and systems by dragons. How do we do this? We need to continuously monitor sources such as US CERT and other cyber security “open sources” for the latest information on attack methods. In most cases, these sources have detailed technical information on attack methods and the means to mitigate them. 

At this writing, I am not sure who, if anyone, will ultimately occupy the coveted Westeros throne. But, like cyber security, it is a long and sometimes arduous journey. Along the way, we will experience twists and turns, defeats and victories, pitfalls and rewards.

The key is to never get too high or too low. After all, we never know what lies around the corner!

Share This Article


CISOBox Demo

See how CISOBox can help you with incident response handling, including graphs, analytics, and communication coordination.

Higher Education Case Study

Wondering if CISOBox is right for your organization? Read about Case Western University and the impact CISOBox had for them.