top of page

Cyber Security Lessons from Mountain Bike Racing

Series Introduction

I have always felt that we have as much to gain from looking at how other industries operate as we do from looking within the bubble of our own. When we look within the bubble it's easy to just follow the same path as everyone else. Even if this means doing it better than the competition it doesn't necessarily mean doing it differently which can be 10x better.

There are many examples of this. One example is the founders of Air B'nB who did not have a hospitality background. So they looked at the industry through a new lens from those already operating in the hospitality bubble.

"...doing it differently which can be 10x better"

So with this in mind I'm writing a series of Lessons from a variety of pursuits, activities or industries for the world of Cyber Security. Of course inevitably there will be many similarities in lesson topics across these however the value is not just in the difference. It is also in how they approach addressing these topics and the challenges they each address.

In the last Episode I covered the world of Formula 1 which, aside from being a personal passion also coincided with the Formula 1 being in Melbourne. This episode we look at another personal passion of mine. Let's look at Cyber Security lessons from Mountain Bike Racing.

Five lessons from Mountain Bike Racing for Cyber Security

Mountain bike racing and the world of cyber security may seem like very different fields, but there are actually several lessons to be learned

1.Preparation is key

When it comes to mountain bike racing preparation is at least the most important activity. If you include planning into preparation it becomes clear why. Without a plan you can engage in all sorts of misdirected activities that will ultimately net little or no benefit. They can even be detrimental if they cause injury. As in mountain bike racing, preparation is key in cyber security. Having the right plan, tools, processes and team in place before an incident occurs can make all the difference to the outcome. Equally, appropriate preparation will enable the creation of a strong security capability that will significantly reduce the risk of a breach.

In mountain biking I have to look at my technical preparedness and my physical fitness. Supporting this requires ensuring I ride technical trails, that I increase strength in the gym and that my nutrition is on point. All of these elements work in unison to create the best possible outcome. From a Cyber Security point of view this means ensuring that the team have the skills required, that the team is appropriately resourced and that they function as a team.

2.Focus and awareness

In mountain bike racing, focus and awareness are necessary to navigate the terrain and avoid obstacles. Failure to be focus and be aware of what is going on around you can see you go into a corner too quickly. The outcome of this can see the rider pancake into a rock or smack their head into a tree and wake up with a concussion (Yes I have done both). Or you might miss the snake on the trail in front which isn't fun either. Similarly, in cyber security, focus and awareness is critical. Focus on the ultimate goal of preventing breaches is aligned with focus on finishing the race in Mountain Biking. Awareness of the internal and external business and security variables is vital in identifying potential threats and vulnerabilities.

In Cyber Security external variables are pretty obvious, albeit ever changing and extremely challenging. Internal variables can include nefarious insider behaviour but also internal behaviour that unintentionally creates risk. This can be poor cyber habits of users however can also occur when the needs of the business conflict with strong Cyber Security hygiene practices. Cyber Security Teams must be aware of these variables by being aware of business direction, objectives and goals.

3.Risk management

Mountain bike racers are trained to take calculated risks, balancing the potential rewards with the potential consequences. In cyber security, risk management is also essential to balance the need for access and usability with the need for security. This can see tension between the needs of the business and the security team. One of the best ways too overcome this is through ongoing education and awareness regarding Cyber Security Risks for all levels within the business. Certainly not least Exec and Board Members.

4.Collaboration and teamwork

In both fields, collaboration and teamwork are important. Mountain bike racers often rely on their support crew. Such as coach, physio and training partners. Cyber Security teams need similar support.

Coach: Someone to ensure the teams activities, both individually and collaboratively are appropriately focused and resourced. Some of this support can come from internal resources as part of the team however a 3rd party view or short-term resource to fill a hole can also be invaluable.

Physio: Someone to ensure that each individual in well supported to ensure they can delivered thier best as a member of the team

Training Partners: Team members who challenge but support each other, mentor others, pitch in when required and contribute to a generally positive 'vibe' within the team

5.Continuous training and education

In both fields, staying up-to-date with the latest developments is crucial. Cyber threats are constantly evolving, and mountain biking techniques and equipment are always improving. Continual training and education are necessary to stay competitive and effective.

By applying these lessons from mountain bike racing to the world of Cyber Security, organisations can better prepare, manage risk and work together to protect their assets and data.

Please provide feedback and if you haven't already please subscribe to this newsletter and share it with a friend. The next lesson for Cyber Security will be from the world of Gaming.

Mark Williams - Founder -



bottom of page