Security Magazine logo
  • Sign In
  • Create Account
  • Sign Out
  • My Account
  • NEWS
  • MANAGEMENT
  • PHYSICAL
  • CYBER
  • BLOG
  • COLUMNS
  • EXCLUSIVES
  • SECTORS
  • EVENTS
  • MEDIA
  • MORE
  • EMAG
  • SIGN UP!
cart
facebook twitter linkedin youtube
  • NEWS
  • Security Newswire
  • Technologies & Solutions
  • MANAGEMENT
  • Leadership Management
  • Enterprise Services
  • Security Education & Training
  • Logical Security
  • Security & Business Resilience
  • Profiles in Excellence
  • PHYSICAL
  • Access Management
  • Fire & Life Safety
  • Identity Management
  • Physical Security
  • Video Surveillance
  • Case Studies (Physical)
  • CYBER
  • Cybersecurity News
  • More
  • COLUMNS
  • Cyber Tactics
  • Leadership & Management
  • Security Talk
  • Career Intelligence
  • Leader to Leader
  • Cybersecurity Education & Training
  • EXCLUSIVES
  • Annual Guarding Report
  • Most Influential People in Security
  • The Security Benchmark Report
  • The Security Leadership Issue
  • Top Guard and Security Officer Companies
  • Top Cybersecurity Leaders
  • Women in Security
  • SECTORS
  • Arenas / Stadiums / Leagues / Entertainment
  • Banking/Finance/Insurance
  • Construction, Real Estate, Property Management
  • Education: K-12
  • Education: University
  • Government: Federal, State and Local
  • Hospitality & Casinos
  • Hospitals & Medical Centers
  • Infrastructure:Electric,Gas & Water
  • Ports: Sea, Land, & Air
  • Retail/Restaurants/Convenience
  • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
  • Industry Events
  • Webinars
  • Solutions by Sector
  • Security 500 Conference
  • MEDIA
  • Videos
  • Podcasts
  • Polls
  • Photo Galleries
  • Videos
  • Cybersecurity & Geopolitical Discussion
  • Ask Me Anything (AMA) Series
  • MORE
  • Call for Entries
  • Classifieds & Job Listings
  • Continuing Education
  • Newsletter
  • Sponsor Insights
  • Store
  • White Papers
  • EMAG
  • eMagazine
  • This Month's Content
  • Advertise
Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementPhysical

What poker can teach security leaders about decision-making

By Ricardo Villadiego
Security leaders can learn about decision making from poker
May 21, 2021

What can the game of poker teach a trained psychologist about the art and science of decision making? And how might those lessons be applied to help cybersecurity leaders improve their own decision-making capabilities?

In her most recent book, “The Biggest Bluff: How I Learned to Pay Attention, Master Myself, and Win” the psychologist and writer Maria Konnikova decided to spend a year immersing herself in the game of poker, specifically the most popular variant of the game, Texas Hold ‘Em, with the goal of competing in the game’s marquee event, the World Series of Poker.

Konnikova knew nothing about the game when she embarked on her journey but wanted to understand how she might apply her academic training in psychology and decision making to a game that might seem relatively simple and prone to the element of chance to the casual observer yet has confounded some of the great game theorists of our time.  

Like the game of Texas Hold ‘Em, the practice of security is ultimately an exercise in decision making. Specifically, how do you make the best decision possible with limited and incomplete information?

What makes poker special: Asymmetrical information

Asymmetric information theory deals with the study of decisions in transactions where one party has more or better information than the other. We see the dynamics of the asymmetric information model at work every day – it’s what the Internet is fundamentally really good at. It’s also what makes games like Texas Hold ‘Em different than other conventional games.

Checkers and chess are examples of perfect information games. All the information you need to make a decision is right there in front of you which is why these games can essentially be ‘solved’. Conversely, the game of Texas Hold ‘Em is a competition of hidden information. You don’t know what your opponent has and they don’t know what you have. This is why AI researchers have had a long-standing interest in poker as a way of understanding and deconstructing human decisions.

Fundamentally, poker is a contest in decision-making. The successful poker player combines their knowledge of probabilities with an understanding of psychology to help make consistently accurate judgments and consistently logical decisions. And I would argue that sound decision making in security follows a similar arc.

The swinging pendulum of information

In terms of cybersecurity, a good hacker is always trying to game the information asymmetry model – which is why we have seen a marked uptick in ‘Attacker Dwell Time’ which refers to the amount of time a threat actor spends undetected inside the network perimeter. It’s what distinguishes the petty street criminal who smashes a window and grabs whatever might be in their immediate vicinity from the sophisticated Oceans 11 crew that has spent weeks meticulously planning their big heist.

Increasingly, this new breed of cybercriminal is using their time inside the network to conduct intelligence reconnaissance, mapping out how various systems are connected to one another, identifying where the most valuable assets are housed, and plotting the steps required to escalate their privileges.

Whether its physical security or cybersecurity threats, the more information the bad actor has collected about a target over time, the more effective he or she will be in fully exploiting it down the line.

A professional poker player is likewise always looking to tilt the balance of information in their favor. From the visual ‘tells’ that an opponent might inadvertently divulge to recognizing the patterns and nuances of betting behaviors and what those might imply – the ability to collect and make sense of even small pieces of data and turning that into usable intelligence will often mean the difference between a winning and losing hand.

As Konnikova observes, “real life is based on making the best decisions you can from information that can never be complete; you never know someone else’s mind, just like can never know any poker hand but your own.”

Closing the feedback loop

A closer look at the most egregious security breaches that have hit the news show that better decision-making could have prevented many attacks and incidents, or at least mitigated their effects. Following such an event, security leaders often find themselves asking: “what could I have done better?” But perhaps the more insightful question would be: “what piece of missing information might have led to a different decision?”

Generally speaking, decision-making in security can be broken out into two broad categories. The first and most common is an ‘open-loop’ event-based decision-making process in which a security team works to quickly respond to a specific incident. This approach is largely reactive, time-bound, and by its very nature, constrained by limited or incomplete information.

The average security team makes hundreds of these reactive decisions every day as each alert demands an immediate response. The second and more strategic approach is one that incorporates the various inputs back into the decision-making system by closing the feedback-loop, ensuring that the system itself is codified with the learnings and experiences from previous decisions.  

These two decision frameworks are also what distinguishes the professional Texas Hold ‘Em players from the long-tail of amateurs. These pros recognize that they must continuously recalibrate their strategy depending on the variables that are known (e.g., their cards, the community cards, their position at the table) and those that are unknown (e.g., other player’s cards, the community cards that are still to come, etc.). By playing hundreds of thousands of hands over the course of many years, they have honed their ability to not only process and assimilate a greater volume information but also spot the small details that an average player will often overlook.

Of course, in security, the problem isn’t necessarily that we are making decisions with too little information. In fact, the larger problem is that we have often too much information at our disposal and have neither the tools or processes by which to distinguish the signal amidst a sea of noise.

3 lessons for security leaders

While there are many parallels and learnings that can be drawn between the game of poker and security practices, there are three lessons that I believe are most relevant to security leaders in these dangerous and uncertain times.

  1. Illuminate your own blindspots and biases. In her book, Konnikova recognizes that one of her shortcomings is that while she is adept at reading the non-verbal cues of her opponents, she hasn’t taken the time to identify the blindspots in her own game. To this end, she begins working with a behavioral psychologist to help her become more aware of her own behavioral blindspots as well as other subconscious biases that might be inadvertently projecting her intentions to her opponents across the table.

Similarly, cognitive biases are perhaps the most underappreciated vulnerability among most security teams today. Because they are so embedded in our sense of self, they represent a glaring blindspot that can be challenging for even the most self-aware individuals and teams to objectively evaluate. Our instincts inform our perception of security. Unfortunately, as so many recent examples have illustrated, how we perceive security can differ greatly from its reality.

  1. Mind The description-experience gap. In the field of behavioral science, the Description-Experience gap describes how we tend to overweight the risks of rare events while underestimating those risks that are more likely to occur. As Konnikova observes, “in study after study, people fail to internalize numeric rules, making decisions based on things like ‘gut feelings’ and ‘intuition’ rather than based on the data … but here’s what psychologists find over and over: you can show people all the charts you want, but that won’t change their perceptions of the risks or their resulting decisions. What will change their minds? Going through an event themselves or knowing someone else who has.”

Surely any battle-tested security professional can relate to this sentiment. We can throw all the quantitative data at the business owners but they likely won’t fully appreciate the risk of a data breach until they experience one themselves or read about it happening to another company in their industry. We likewise tend to place our trust in people or things that are familiar versus those that are not. With cybersecurity, this is perhaps one of the reasons why system administrators often fail to patch known vulnerabilities as they tend to give more weight to the possibility that the patch might break other stuff versus the very real possibility that it might cause irreparable damage sometime in the future.

  1. Deconstruct your decision process. Konnikova’s poker coach, the legendary poker Champion Erik Seidel, encourages her to not worry about how to play every given hand in every possible situation but rather to train herself to understand, rationalize and articulate her thought process. As he counsels her, “sometimes the cards won’t go your way but so long as you are thinking correctly you shouldn’t beat yourself up about it.” This guidance helps her to break the negative thinking that often clouds our judgment when things that are out of our control, don’t go our way.

The decision-making process in security requires a similar discipline. Even the highest performing security teams are unable to plan for every potential attack or threat scenario. Nor should they. Rather, security leaders should invest their time and energy into helping their team focus on understanding the decision process itself so that they can clearly and confidently articulate the thought process that helped them arrive at a specific decision. Because the hard truth is that most people don’t ask themselves the simple question: what led me to make that decision. This basic exercise also helps foster greater accountability, awareness, and ultimately, will yield better decisions.  

Perhaps the single unifying thread between poker and security is that it ultimately comes down to the same skill: an ability or inability to correctly determine and quantify risk. And like game of poker, security is an endeavor of precision and probabilities which are being continuously assessed, recalibrated and refined. The more you can train yourself to make smart decisions with imperfect information, the more successful you will ultimately be.

If you’re interested in learning more about the dynamics of decision-making in poker and how it can be applied to the domain of security, you can watch this presentation from Maria Konnikova herself in this webcast.

 

 

KEYWORDS: business continuity cyber security data security risk and resilience security leadership

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Ricardo villadiego

Ricardo Villadiego is the founder and CEO of Lumu, a cybersecurity company focused on helping organizations measure compromise in real-time. 

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Top Cybersecurity Leaders
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Logical Security
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Logical Security
    By: Charles Denyer
close

1 COMPLIMENTARY ARTICLE(S) LEFT

Loader

Already Registered? Sign in now.

Manage My Account
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

The Money Laundering Machine: Inside the global crime epidemic - Episode 24

The Money Laundering Machine: Inside the global crime epidemic - Episode 24

Middle East Escalation, Humanitarian Law and Disinformation – Episode 25

Middle East Escalation, Humanitarian Law and Disinformation – Episode 25

Security’s Top 5 – 2024 Year in Review

Security’s Top 5 – 2024 Year in Review

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Internal computer parts

Critical Software Vulnerabilities Rose 37% in 2024

Coding

AI Emerges as the Top Concern for Security Leaders

Half open laptop

“Luigi Was Right”: A Look at the Website Sharing Data on More Than 1,000 Executives

Person working on laptop

Governance in the Age of Citizen Developers and AI

Shopping mall

Victoria’s Secret Security Incident Shuts Down Website

2025 Security Benchmark banner

Events

June 24, 2025

Inside a Modern GSOC: How Anthropic Benchmarks Risk Detection Tools for Speed and Accuracy

For today's security teams, making informed decisions in the first moments of a crisis is critical.

July 17, 2025

Tech in the Jungle: Leveraging Surveillance, Access Control, and Technology in Unique Environments

From animal habitats to bustling crowds of visitors, a zoo is a one-of-a-kind environment for deploying modern security technologies.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • screen-enews

    Here's What the Wells Fargo Outage can Teach us About Risk Management

    See More
  • hacking freepik

    What the Kaseya attack can teach local governments about preventing third-party data breaches

    See More
  • Dispelling the Dangerous Myth of Data Breach Fatigue; cyber security news

    The four insights network metadata can reveal about your compromise level

    See More

Related Products

See More Products
  • 9780367259044.jpg

    Understanding Homeland Security: Foundations of Security Policy

  • 9780367030407.jpg

    National Security, Personal Privacy and the Law

  • into to sec.jpg

    Introduction to Security, 10th Edition

See More Products

Events

View AllSubmit An Event
  • October 29, 2024

    Data-Driven Security: Turning Incidents into Strategic Assets

    ON DEMAND: Are you looking for tips on how to turn everyday data into a powerhouse for your security strategy? Join us for our webinar, "Data-Driven Security: Turning Incidents into Strategic Assets," and find out how to unlock the full potential of your incident data.
View AllSubmit An Event
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing

Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!