Diablo IV: Lessons from Sanctuary for Cybersecurity

I’ve been playing a lot of Diablo IV recently, and I’m sure many of you reading this have also been enjoying this highly addictive game. Having already lost a few hundred hours to Diablo III, picking up Diablo IV was a no-brainer. However, I also have a full-time job in the cybersecurity field, which got me thinking: what can I learn from Diablo IV to apply to my job? After some reflection, I came up with four parallels that could resonate with avid gamers and tech enthusiasts alike.

Prepare for the Worst

In Diablo IV, once you leave the safety of a city, your character automatically goes into fight mode – and for good reason! You never know what (literal) evil lurks around the next corner, whether it’s a gaggle of ghouls or a rampage of possessed goat men hiding behind an abandoned building. Just like our brave, ambitious character who is out to do the “right thing,” we as cybersecurity experts must also be well-prepared for the worst-case scenario! We need to ensure that our sister teams have backups, both tested and ready, on-site and off-site. Our defenses must be layered, implementing concepts such as “security in depth.” We should work to eliminate single points of failure, just as our hero might carry two weapons in case one loses all durability after a tough boss fight. By following tried and true best practices, we can be prepared to defend against all scenarios and stay vigilant.

Team Up with Others

Diablo IV is a game as a service and is always online. While some may love this and others may not, the game does have a group mechanic that can make tough fights easier. Likewise, a good cybersecurity team works well together and with other teams in the organization. When facing a time-sensitive issue, such as an essential application service being down due to a denial of service attack, it’s often better to fight it with the incident response team, operations team, site reliability team, and management all working together. Just as a barbarian can absorb direct damage during a fight while a sorcerer attacks with multiple damage over time (DOT) spells from a distance, diversity is key to success. The more minds with diverse backgrounds that you can throw at a problem, the faster the organization can achieve success!

Network Isolation

In Diablo IV, the Worldstone was hidden away due to its foundational importance. When it was destroyed and shards spread across the world, Sanctuary was plunged into war and chaos. Similarly, when network segmentation is lacking or weak, an attacker can pivot from an untrusted, segmented part of the network to a more trusted area. Ensuring correct implementation of network segmentation and auditing these configurations is essential. Untrusted servers should never be able to communicate directly with trusted servers or databases – there should always be filtering middleware in between. Untrusted devices should reside on a network with zero-trust access policies and heavily monitored traffic. Weak or destroyed network segmentation makes it harder to defend trusted resources from unwanted attacks, plunging our networks into chaos, just as it did with Sanctuary.

Real-Time Strategy and Thinking

When a security incident occurs, it’s an all-hands-on-deck moment. Things happen quickly, and clear, timely communication is key to a successful resolution. In Diablo IV, boss fights can shift rapidly, requiring your hero to change their avoidance maneuvers and counterattacks. Threat actors may actively be in your network at the time of discovery, changing their tactics if they know they’ve been detected. They may also have multiple plans in the late stages of an attack, becoming more aggressive if they realize they’ve been discovered. Defenders must think strategically and quickly, able to defend dynamically. By working with other teams, as previously mentioned, threats can be mitigated quickly, even when tactics shift. Being agile and adaptable, cybersecurity professionals must always be prepared, constantly learning and growing.

Have Fun and Enjoy the Challenge

Many cybersecurity professionals experience burnout. They find themselves working long hours, studying all weekend, and forgetting to have fun. This industry is challenging, but there should always be planned downtime. Just as many of us do, take the time to enjoy a long game of Diablo (1-4). Attackers will always be there, attacking. Working 12-hour days, six or more days a week is a recipe for accidents, failures, and burnout. A job should be challenging, just like a good game, but also enjoyable to some degree. We must enjoy what we’re doing, and when we’re not, we have some serious questions to ask ourselves. Often, these questions lead to direct changes. So, take days off, step away from the keyboard (or controller), go outside, and be good to yourself. Forgive yourself for failures – which are learning opportunities in disguise – and try again when you lose that boss fight for the fifth time.

End Game

In the end, we must find balance. We must learn to work together because no cybersecurity professional is an island, just as sometimes online games are more fun together! Remember to be good to yourself and realize that failure is part of life’s equation. Most losses are minor setbacks, and you can always load from the last save point. At the core, we are entrusted to protect data, so segment things – both networks and your work life from your personal life. Burnout is not an option. Failure is forgivable and doesn’t define anyone as a person. This is our perma-death run, so remember to have a little fun because we can’t reset at the end or select a new character.

Love yourself.

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *