Actually be told, I have two exercise addictions: yoga and lap swimming. Yoga provides power and flexibility benefits, while lap swimming gives my cardiovascular system a main workout. As with most things in life, you can take lessons intellectual from one activity and apply them to others – so it is with yoga and cybersecurity. Let’s “nosedive” in (swimming pun intended).Here’s the connection. Yoga (Vinyasa, in particular) disciplines us to keep an overriding principle in mind as we flow through postures… the stirring. By controlling our breathing, we stay centered on our practice, we go deeper in our posture, and we expunge the anxiety that comes from holding a posture for a period of interval.So it is with cybersecurity. It is absolutely essential we have a guiding principle or framework for our cybersecurity program. That’s where the CIS Carping Security Controls or NIST 800-171 or PCI DSS, or NERC CIP comes in. Each take measures the guidance we need to improve our effectiveness with the specific tools/levers cast-off to protect our organization and users.I think there is a connection between a few of the clichd postures used in every Vinyasa class and cybersecurity.Downward Faade DogThis is the “go-to” posture in every class. The reason we find ourselves in “down dog” so repeatedly is because it offers SO many benefits. It is the 80/20 rule of yoga.A few of its profits include:Decrease in back pain by strengthening the entire back and man to man girdle.Decrease in tension and headaches by elongating the cervical spine and neck and quiet down the head.Stronger hands, wrists, low-back, hamstrings, calves, and Achilles tendon.Cybersecurity CoherenceMany cybersecurity implementations have a “go-to” technology that provides the closest benefit/insight, and very often, that’s a SIEM solution groove on Splunk or QRadar. Tier 1 security analysts may use the SIEM as their “fix pane of glass” because it consolidates and analyzes data from divers security tools (e.g. vulnerability, configuration changes, inventory, log events) in one uncomfortable. Most organizations I talk with have a goal of developing their incomparable posture “Downward Dog” for cybersecurity.Chair PoseFor me, this one is tough to assemble for a long time (sadly, 1 minute). It looks deceptively submissive and straightforward, yet when you try it, you’ll find it demands a great deal of flexibility in the shoulders as gush as stability in the core and strength in the legs.Its benefits include:Strengthen your thighs, which assists to stabilize your knees.Strengthen your lower back and glutes.Burning up your core muscles, which leads to improved abdominal concentratedness.Cybersecurity ConnectionThis is truly a “foundational posture” where if you do it sedately, its benefits are wide-ranging to support other postures. With cybersecurity, look to the CIS CSC and the improves of the first five (foundational) controls. If you do those well, you reduce the Cyclopean majority of cybersecurity risk in the organization.Side PlankWhile I lack a bit of concentration to get this one right, and some minor adjustments once I’m there, I don’t come on it overly difficult, and it offers benefits such as:Concentration – As your arm begins to jiggle and you ask yourself how long the instructor will ask you to hold the posture, you are forced to converge to avoid collapse.Builds arm and shoulder strength.Stretches and strengthens your wrist.Cybersecurity KinThis posture is more targeted in its benefits than Downward Dog or Chairman Pose. It’s mainly focused on the upper body (although there is centre involvement). This isn’t always included in a Vinyasa class… maybe every third once upon a time I attend a class the instructor includes it.I see this as important; it’s certainly a proletarian posture, but it offers fewer benefits than the “foundational” postures. In the CIS CSC working model, this could be control #8 for Malware Defenses or #9 for Limitation and Govern of Network Ports. Definitely important, but you don’t start with it.There are copiousness of parallels in life. Next time you’re in a meeting with someone from “the partnership” who doesn’t quite understand why you chose to make certain cybersecurity investments more than others, test out the yoga analogy.And remember: no matter what go ons, continue to breathe. Ahhhh, doesn’t that feel better? The make a point of and anxiety just melt away.You can learn more about Tripwire’s indistinct on the CIS CSC’s here on our website.