A cyber-samurai in the digital dojo…

Dimitri van Zantvliet

19 March 2024

In the serene yet potent ethos of ancient Japan, where the discipline of Budo, the martial way, was not merely about combat but a profound journey towards self-mastery, integrity, and the protection of one’s community, we find surprising parallels to the modern role of a CISO in the realm of critical infrastructure. This comparison may initially seem like a stretch of the imagination but delve deeper, and one discovers that the essence of karate, a distinguished Budo art, resonates with the core responsibilities and ethical stance of a CISO in today’s technologically driven and threat-laden landscape.

The stance of readiness: karate’s Kamae and the CISO’s vigilance

In Karate, the concept of Kamae, or readiness stance, is fundamental. It’s not just a physical posture but a state of mental preparedness, awareness of one’s surroundings, and the anticipation of potential threats. Similarly, a CISO must maintain a constant state of readiness, with systems and teams primed to detect and respond to cyber threats. This vigilance mirrors the martial artist’s blend of calm and alertness, embodying the principle of Zanshin, or remaining aware.

Mastery of technique: Kata and cyber defense strategies

Kata, the pre-arranged forms or sequences of karate, teach practitioners to execute techniques with precision, balance, and efficiency. Each Kata embodies strategic thinking, as it is a set of responses to multiple imagined threats. For a CISO, developing and refining cyber defense strategies is akin to practicing Kata. It involves anticipating various attack scenarios and preparing an orchestrated response. The mastery of these techniques, through repetition and improvement, is crucial in both disciplines.

The spirit of Budo: ethical conduct and leadership

The way of Budo emphasizes honor, respect, and the ethical use of one’s skills. Karate practitioners are taught to use their abilities for defense, never for unprovoked aggression. In parallel, a CISO’s power lies in safeguarding information and infrastructure from misuse and harm. This role demands a high moral compass, as the consequences of failure can affect not just the organization but society at large, especially when critical infrastructure such as railways is at stake.

Resilience and adaptability: Kuzushi and cyber resilience

In martial arts, Kuzushi refers to the concept of unbalancing an opponent, finding and exploiting weaknesses to gain an advantage. For a CISO, the digital landscape is the battleground, and cyber resilience is the goal. This means not just defending against attacks but also ensuring that the organization can continue to operate effectively during and after a breach. Like a Karateka who learns to adapt and find stability in the face of disruption, a CISO must build an organization that can withstand and recover from cyber threats.

Embrace the Budo way

Drawing from the ancient wisdom of Budo, today’s CISOs are called upon to embrace the way of the warrior: to lead with integrity, prepare meticulously, and act with courage and resilience. As guardians of our digital domains, particularly in critical infrastructure, they must foster a culture of continuous learning, ethical conduct, and strategic foresight.

The path of the Karateka and the journey of a CISO in safeguarding critical assets are deeply interconnected. Both roles require a balance of strength and flexibility, strategy and ethics, action and reflection. In recognizing these parallels, CISOs can find inspiration in the disciplined, holistic approach of Budo to meet the challenges of the digital age.

As we look to the future, let us call upon our CISOs to not only defend against the threats of today but to do so with the wisdom, honor, and spirit of the ancient warriors. In this way, they can ensure that the critical infrastructures under their guardianship remain steadfast and resilient, embodying the timeless virtues of Budo in the face of ever-evolving cyber threats.

Dimitri van Zantvliet is the Cybersecurity Director and CISO of Dutch Railways (Nederlandse Spoorwegen). He’s also Co-Chair of the Dutch and European Rail ISACS and European Railway CISO Forum, a cyber columnist/author and a regular speaker at international conferences, chair of the board of the Dutch CISO Foundation, and member of the supervisory board of the Dutch Anti Online Child Abuse foundation OffLimits.

Dimitri holds an international master’s degree in business administration and cyber certificates such as CISSP, CRISC, CISA, CISM, CDPSE, CIPP/E, CIPM, and FIP. He holds a Shotokan Karate black belt and is a Wado Ryu Karate novice.