As we celebrate the beginning of another baseball season, I thought it would be a good time to highlight an obvious parallel between America’s pastime and the world of IT/cybersecurity.
Yup, you read that right.
If I asked 10 baseball fans to name what they believe to be the toughest position or role in baseball, I’d get at least 5 or 6 different answers, maybe 10. But for my money, the toughest job in baseball is the closer, but not for the most obvious reasons. Sure, the closer nearly always enters the game under pressure-packed circumstances, faces the opposing team’s best pinch hitters mentally dialed in, and, by definition, has little room for error (no one brings in their closer when they’re up by 6 runs). But the most compelling reason that the closer has the toughest job in baseball is this: as a closer, you can’t win; you can only lose. Your team has scratched and clawed for 8 innings, found a way to score one or two more runs than the other team, so all you have to do is get three outs. Just don’t f*&k it up. Any job in which you get 100 times more attention for failing than for being successful is a tough gig, and exceptionally mentally taxing.
Which brings us to the world of IT and cybersecurity. Has anyone reading this ever emailed the IT team at your company at the end of a day to thank them for how well your computer, the network, and all your applications worked that day? How often does the CEO call the CISO to congratulate them on another week without a breach? And did the IT team get special mention at the company quarterly update for having patched 100 critical vulnerabilities? Even DraftKings wouldn’t take the odds of any of that happening…ever.
Conversely, when one out of 100 applied patches brings down all the Accounting systems for an hour, what’s the over/under on the time it takes for the first angry email/phone call/Teams message/text to hit the IT team? Vegas would probably set that at about 1 minute, and I’d bet a month’s salary on the under. And the only time the CISO gets the attention of the Board is either when they’re defending their cost-center/overhead/necessary evil budget…or there’s a breach. Funny how everyone cares about cybersecurity a whole bunch after they get the ransomware demands.
Sounds alot like being a closer to me. When the Orioles win a game (I live in Baltimore, so I’ve heard all the jokes), the writer covering the game spends 10 paragraphs detailing the heroics of all the players, and wraps up the article with “…and closer Felix Bautista worked a perfect ninth to pick up the save.” On the other hand, if Felix gave up the lead in the 9th, the headline mentions the blown save and 80% of the article focuses on his one lousy inning.
As an IT or cybersecurity pro, much like a closer in baseball, you’re only the star of the movie when you fail, and when you succeed, it’s expected, and let’s face it, unappreciated. Day-in and day-out, that ain’t easy.
Now, for all the baseball fans out there wondering if I’m going to address the obvious flaw in my analogy, here goes: the best closers in Major League Baseball make about $20MM a year. So maybe a baseball closer and an IT/cybersecurity pro are not that similar…the latter have a MUCH tougher job.
Let’s Go O’s.