Thomas A. McGonagle

KravZT and the Cyber Defense Matrix

KravZT and the Cyber Defense Matrix

Thomas A. McGonagle's photo
Thomas A. McGonagle
·

5 min read

My name is Thomas A. McGonagle. The most positive experience of my life was playing football for eight years. I was voted a first-team All-Star in high school and then went on to play in college at Bentley University, which is a Division II program and during the 1990s held a record for most consecutive wins when they were Division III. It is also where I met my close friend and co-author of this blog Dr. David Yates. He is a trained computer scientist and entrepreneur teaching business and computer information systems.

I played Left Offensive Tackle, and my life purpose during those years was to protect the blindside. This required a tremendous amount of focus and effort, especially during the off-season when I cross-trained in Boxing, Wrestling and Judo. This cross-training prepared me to instantly recognize Krav Maga as the most effective self-defense system available to study and practice. My background in grappling and boxing was similar to the founder of Krav Maga used those skills to protect his Jewish community in Bratislava from fascist groups in the 1930s.

To say that I am into security is an understatement. I am enrolled in my second Master’s degree at the University of Massachusetts in an Master of Science in Security Studies and am personally very interested in the historical martial arts scholarship, which I would focus on and write about if I could retire tomorrow. “Krav” in Hebrew means contact. My KravZT is supposed to refer to “full contact zero trust”. It is the application of the best practices and principles of the Krav Maga self-defense system to the computer networking defense system zero trust, where you “Never Trust and Always Verify” all devices, applications, networks, data and users. An example of this verification would be a zero trust system noticing if a user’s geographic location has shifted significantly to a new locale in a short time window. This would be indicative of someone else logging in with that user’s credentials.

The tenets of KravZT can be found at https://KravZT.com and are:

1. Be aggressive but smart in your problem-solving.

2. Be vigilant in identifying and addressing challenges.

3. Be proactive based on your current weaknesses or vulnerabilities; react quickly when you have to.

4. Be tool agnostic.

5. Invoke precision when executing tasks.

6. Employ simple and repeatable techniques.

7. Include situational awareness in all aspects of your practice.

8. Understand the impact of stress on your planning and response.

This blog is a first in a series of blogs on KravZT and is focused on the seventh tenet “Include situational awareness in all aspects of your practice”. This basically requires a hyper focus on: Who is doing what in your zero trust networks. AND Why, how and where are they doing it. This focus on situational awareness is primarily a reaction to the ineffective paranoia often demonstrated by some security personnel within enterprises. Paranoia is important to security, but can often dwarf a project or organizations larger goals to produce and manage software and is often most concerned with an “apex predator” hacker archetype, where as KravZT’s focus and suggestion is to primarily work on the basics and to do those well and with purpose.

Situational awareness is one of those basics, and is similar to physical balance in Krav Maga. The first thing you learn in Krav Maga or Wrestling for that matter is where and when you or an opponent is off and on balance. The difference between the two can be as little as two inches forward or backward. This on or off balance concept is a metaphor for situational awareness. According to ChatGPT the definition of “situational awareness” is:

  • Is the ability to perceive and understand the current state of your environment, as well as the potential events that may occur in the near future. It involves being attentive to your surroundings, processing information quickly and accurately, and being able to anticipate and plan for potential changes or challenges.

The last part of that definition about anticipating changes or challenges is the important part, especially to zero trust. The ability to anticipate and get in front of security issues is what will set apart the successful versus the unsuccessful and situational awareness is the way to anticipate what is might happen next. A significant influence on KravZT and this approach to situational awareness is Sounil Yu’s Cyber Defense Matrix. A screen shot of the matrix is below:

Source: info.jupiterone.com

The X-axis is the NIST five functional areas. They are Identify, Protect, Detect, Respond, and Recover. The Y-axis are the assets: Devices, Applications, Networks, Data and Users. “At bottom of the grid, we show a continuum that characterizes the degree of dependency on technology, people, and process as we progress through the five operational functions of the NIST Cybersecurity Framework. TECHNOLOGY plays a much greater role in IDENTIFY and PROTECT. As we move to DETECT, RESPOND, and RECOVER, our dependency on TECHNOLOGY diminishes and our dependency on PEOPLE grows. Throughout all five operational functions, there’s a consistent level of dependency on PROCESS. This continuum helps us understand where we might have imbalances in our reliance on PEOPLE, PROCESS, and TECHNOLOGY when trying to tackle our cybersecurity challenges”.

Krav Maga also has the concept of “retzev” or continuous motion. Each strike flows into a block and each block flows into a strike. This continuous motion is similar to how I approach the cyber defense matrix where when practicing it I am constantly doing a continuous motion of “continuous gap analysis”. By regularly assessing the security of these key areas, an organization can identify vulnerabilities and areas for improvement, and take steps (apply controls) to address them proactively. This can include implementing new security technologies and protocols, educating users about security best practices, and monitoring network activity to detect and respond to threats in real-time. A continuous gap analysis approach helps organizations stay up-to-date with the latest security threats and ensure that their security measures are effective and appropriate for their evolving business needs. By prioritizing security and taking a proactive approach, organizations can minimize the risk of cyber attacks and protect their critical assets and reputation.

On May 1st at 12PM ET, Sounil will be on my webinar discussing the Cyber Defense Matrix and its influence on KravZT. The link to join the webinar is here.

DevSecOps