Security is a Marathon

May 6, 2014

In his latest article for SecurityWeek, Mark Hatton talks about Marathon running and Security.

“Somewhere in the world someone is training when you are not. When you race him, he will win.” – Tom Fleming

As I’m writing this, runners from all around the world are gearing up to run what is sure to be a very special Boston Marathon this year. There is a type of dedication and preparation that is needed to endure such a grueling trek, and as this region hosts these thousands of athletes, it got me to thinking about analogies in the business world. As I looked at the dedication and forethought that these racers put in, I thought that many of the same principles apply in all other facets of life, including preparing an enterprise to thwart constant cyber-attacks.

One of the most basic principles, yet probably most difficult to achieve both physically and mentally, is that there are no days off. Friends of mine who are running enthusiasts tell me time and again that running isn’t a sport; it’s a way of life. Having spent nearly my entire professional career in the security industry, I can also tell you with conviction that security isn’t something that is “nice to have” or a side project IT focuses on when they have the time and budget. Security is a 24 hour a day, 365 day a year proposition and if you fail to keep this standard of vigilance, you will pay the consequences. While runners may not pound the pavement every day, they are always thinking about next steps. How many miles tomorrow? What should I be eating today in order to be ready? In security, if you aren’t planning ahead you are falling behind. That is where the mental preparation becomes so important.


On the surface it probably seems as though running is pretty basic. Simply put on your sneakers and go. Serious runners will tell that in order to be successful when running any type of race, especially a marathon, you need a plan. You need to approach the race in different parts, plan for contingencies and be prepared to adjust your strategy based on the elements and your surroundings. How fast do I want to run the opening few miles? I have to be sure not to burn out too early. When do I eat, drink, and how much of each? What is the weather forecast? What should I wear so I am warm enough but don’t overheat. When you break it all down, it becomes far more complex than it first appeared. It’s the same with your approach to security. When do I install patches? When do I need to schedule a restart for an upgrade? Where do I position the majority of my resources? What areas of the business are most at risk? Again, it goes much deeper than it may appear from the outside.

To read the entire article, please visit SecurityWeek at:

Mark Hatton, President, CEO



  • Executive Desk
  • What's New At Core

Ready for a Demo?

Eliminate identity-related breaches with SecureAuth!