Recently, my BJJ coach promoted me to blue belt. BJJ, for the uninitiated is Brazillian Jiu Jitsu, a martial art originating in Japan (Jiu Jitsu) which was adopted by the Gracie family in Brazil and exported to the world. Like cybersecurity, I arrived at the BJJ game later in life – it took me a long time to step onto the mat, for reasons many women reading this may understand, we carry that t with us and sometimes it takes a minute, or a lifetime to step over certain thresholds.
In BJJ there are two styles of training, gi and no-gi. Think of gi like pyjamas – collars, long loose pants and even a belt, and no gi like cycling wear – tight hugging and slippery. There is a belt ranking system for gi, and you move through it over time starting at white belt, and if you train long enough and are disciplined enough to stay curious, you eventually arrive at black belt. You can read more about the belt ranking system here, or watch this great video.
Being promoted was obviously a great honour for me, as I do tend to dip my toes in the shadowy depths of imposter syndrome at times, never quite believing that I am ‘good enough’ So as much as it’s a form of external validation, and is technically just a piece of fabric – the symbolism and show of faith from one’s coach helps to shine some light in the darkness of imposter syndrome.
Conversely, in cybersecurity I have been feeling very stagnant lately and frankly – a little bit frustrated. Part of this feeling I know, has come from factors relating to general life stuff – family commitments, work challenges, all draining me emotionally and mentally – however part of if too, is that unlike BJJ there is no linear pathway to enter the field of cybersecurity, so I often feel a little like I’m grasping for belts in the dark.
In these last 18 months I have applied for many opportunities such as mentorship and internships, and completed micro-courses and self-paced study, I’ve been working on my CTF game and OSINT skills and will shortly begin a course focussed purely on developing my Python skills, I’ll attend my first hackathon next month too, which I’m excited about. Yet I still feel like I am lacking direction. Mentors have been helpful in providing some insights into getting into the industry, but, through no fault of their own, often seem as mystified about entry as I do – distilling well-meaning advice into a combination of discipline, tenacity and raw luck.
Lately I’ve been working on networking much more, understanding how important this skill is and also reflecting on how difficult it is for me. I am an introvert, and although love being around people (provided I get my recharge time post interactions) I am always the one asking questions. Selling myself and my skills and experience has always been such a sticking point for me. Rationally, I understand the importance, and yet executing it makes me feel a little bit of the ‘ick’.
However, in keeping with the catalyst for this post and for much of this blog, I carry some clear lessons from BJJ into cyber and I want to share one of the key thoughts I’ve had on this in the last week, and that is the gravity of understanding one’s game. Bear with me as we delve into some BJJ-speak, but trust me when I say it’s universal so you’ll have some takeaways, I promise.
One’s game refers to the individual strengths and weaknesses a BJJ athlete brings to a roll (BJJ lingo for sparring) A roll is a 1 vs 1 round for 5 – 7 minutes, and varies in intensity. In competition it’s a 10/10, but in a gym setting at the end of a formal class you’ll sit between a 3 – 7/10 usually, depending on who your rolling partner is. In the roll you have an opportunity to develop your game – your unique physical and mental attributes, ability to problem-solve and new and old knowledge that you bring to the practice of BJJ. Depending on who your partner is, you may have an opportunity to practice attacks and submissions or it may be an excellent moment to work on defence, or maybe you practice transitioning between offensive and defensive positions during the roll – no two rolls are ever the same so it’s always a learning experience.
Your game will evolve over time as you learn and remember more; as your technique evolves so too does your game. To a greater extent, as you understand more about yourself, your game will improve. Self-awareness is incredibly important in BJJ, and given your physical body and ability to problem solve and think under pressure are the weapons, how you choose to apply yourself will determine your success rate.
If we extrapolate the lessons on the mat to the lessons on the mac (couldn’t resist….) all of this is to suggest that, like in BJJ we have to learn from mistakes, develop our strengths but pay attention to our weaknesses and work to lean into them – such as networking in cybersecurity – or my top game in BJJ. If we don’t proactively work to develop our game, we wind up stagnant, and that word repulses me as much as the feeling it triggers – so I am always working hard to avoid and/or exit this state.
The upside of the non-linear entry into cybersecurity is that there are many ways forward, which can feel overwhelming, but I figure provided I keep learning, embrace community, apply existing skills and experience, stay curious and patient (maintaining that beginners mind set), and leverage the many pathways I will advance my game.
I hope this post helped you if you too are feeling the pinch of early days in cyber land. Feel free to reach out to share your thoughts and please share this post if you think others may benefit.
Seeline CYBER 
Leave a comment