The threat hunter’s gambit

Bill discusses why obsessing over strategy games is actually a secret weapon to outsmart threat actors.

Welcome to this week’s edition of the Threat Source newsletter.   “Study hard what interests you the most in the most undisciplined, irreverent and original manner possible. ” ― Richard Feynman    “I had discovered that learning something, no matter how complex, wasn't hard when I had a reason to want to know it.

” ― Homer Hickam, Rocket Boys    *looks around at - gestures - everything*   *opens a new tab in the browser, takes in the newest news on AI, a new tab on supply chains, a new tab on vulnerability, and a new tab on active exploitation and zero-days*    *closes tabs and throws laptop into the nearest bin, à la Ron Swanson*   *opens other laptop, avoids the internet*   *puts on headphones for deep work binaural audio*   *cracks knuckles*   I’m often asked about why I bring up board games and video games when interviewing perspective analysts or threat hunters, so I’m going to give the 8,000 foot view on my thoughts.

With everything that is going on, now more than ever we need the most curious people on the planet on our side.     What’s the very first and most important step to securing any environment? Knowing the environment, inside and out. When you play any gameyou must understand the rules: the standard opening moves of chess, or Go, or perhaps the common resource-gathering patterns in strategy games.

Once you understand what "normal" play looks like, you can immediately spot when an opponent makes a move that is inefficient or unusual — an anomalous trigger that, if spotted, can lead to victory.     When experienced players recognize patterns (a specific chess gambit, a defensive build in a strategy game, etc. ), they don't just react to the current move — they predict several moves into the future from both players, especially if they know their opponents' tendencies.

 As players gain experience and play against other skilled players, they begin involving feints or decoys (false flags, if you will). A player might sacrifice a minor piece to distract you from their true objective. Learning to look past that "noise" to find the real motivation is the key to taking your experience and skill to the next level.     Threat actors rarely follow a predictable script. They constantly evolve tactics, techniques, and procedures (TTPs).