Baseball and cybersecurity have more in common than you think

A former pro baseball player and coach turned sports psychologist believes there is much cybersecurity pros can learn from sports mental conditioning. He wants to help them hit more home runs.

Baseball player hitting at a lock

Illustration: Getty Images/Lisa Hornung

One of the hardest things to accomplish in sports is to hit a baseball. If a professional baseball player gets a hit 30% of the times they step up to the plate, they're likely headed for the Baseball Hall of Fame. Scientists who study baseball say it takes physical skill, but more than anything else, it takes the mental ability to identify pitches and decide whether they are hit-worthy in less than 150 milliseconds. 

SEE: Security incident response policy (TechRepublic Premium)

Cool, but what does this have to do with cybersecurity? Upper-management types at one well-known cybersecurity company believe the mental skill set required for optimal performance on the baseball field transfers to the field of cybersecurity. 

"Whether in sports or business, a mindset-focused approach to performance simply works, and it's an initiative that has fueled ReliaQuest's rapid growth," said CEO Brian Murphy in a press release. Murphy is referencing the success former professional baseball player and coach Derin McMains has accrued in creating mindset-focused programs. 

In his article for Infosecurity Group, Interview: Baseball Star Derin McMains Appointed as Director of Mental Conditioning at ReliaQuest, writer James Coker interviewed McMains about his story and why he made such a drastic career move. McMains is now ReliaQuest's director of mental conditioning.

It all began with an anomaly. McMains noticed that ballplayers looked exceptional in training, but during an actual game there would be quite a difference in their performance. McMains wanted to know why. That took him back to school, eventually obtaining a Master of Science in Psychology and a Master of Arts in Sport and Exercise Psychology. He then became a certified mental performance consultant.

Next, McMains went looking for answers to the following questions:

  • Who are the high-level performers and why?
  • What are some of the ways they see the world?
  • What's their perspective?
  • What are their specific coping strategies?
  • What mantras get the achievers into the right frame of mind to perform at a high level?

Several successful professional and college sports teams have benefited from his insight, including the San Francisco Giants, Seattle Mariners and the University of Notre Dame. Put simply, it's about studying the best performers, how they can perform efficiently and consistently over a sustained period, and applying those principles to others.

Why the move to cybersecurity?

McMains told Coker he's been wanting to initiate a mental training program in the corporate space. He's concerned that, "For our generation, cybersecurity threats are probably the greatest issue we need to solve."

McMains and CEO Murphy had several conversations. "After consulting with us and driving impactful results, it's a natural progression for Derin to join us full time. This will allow us to take our performance to an even higher level," Murphy said.

SEE: How to manage passwords: Best practices and security tips (free PDF) (TechRepublic)

McMains admitted that applying his program to cybersecurity professionals requires a few tweaks and changes. However, he firmly believes the mindset required for optimal performance in both environments is identical. McMains said he intends to focus on the following:

  • Teaching the psychological components of high performance and how they apply to the company's core values
  • Supporting company management in clarifying strategy, processes and communications to achieve goals
  • Developing long-term habits that drive consistency in execution
  • Finding the best way to communicate the mindset employees should work toward and get employee buy-in

To get buy-in, McMains said he wants employees to participate in defining their goals and describe what success looks like to them. With that information, McMains hopes to develop a process for achieving their goals and instilling habits that will maintain consistency in executing each employee's strategy.

Interestingly, McMains said he is also concerned that employees are successful at home as well as at work. He told Coker he calls this concept his "inner-tranquility and outer-effectiveness approach." 

Something else McMains considers crucial is internal communications. He has developed a multi-faceted communications tool called MindGym. "MindGym is used to drive the mindset messaging to all employees and drip feed optimal-thinking patterns," McMains said. 

Not many would have placed professional sports and the field of cybersecurity on the same footing. Yet, McMains said he firmly believes, "The principles of sports psychology can and should be applied to cybersecurity, where achieving consistent, high-level performance in a pressurized environment is critical."

With cyberattacks growing in volume and sophistication, it seems clear that an  attack is a pressurized environment, and high-level performance will go a long way to mitigate the attack and reduce the ensuing fallout.

Also see