The domino theory of cybersecurity

What FTI cybersecurity expert Greg Berkin knows about setting up (and removing) dominoes might just keep your organization from being hacked.

We all know the art and science of toppling dominoes from childhood. You set up dominoes on their tails and knock over the first in line to create a chain reaction. A successful “race” is the uninterrupted (and rewarding) flow of knocked down tiles until the very last one.

On the biggest stages, the most spectacular domino races involve thousands of tiles, intricate patterns and 3D stacks. Engineering success on this scale requires patience, vision and foresight, as well as a healthy dose of creativity.

Greg Berkin brings these virtues – developed through his passion for toppling dominoes – to his role as Senior Advisor at FTI Cybersecurity. Berkin has over three decades of experience as an application software developer and program manager that includes engineering complex platforms to protect organizations against cyberattacks. The beginning of his “race” dates back to 1984, when he founded an educational software company for an emerging company called Apple.

Earlier this year, Berkin’s distinctive skills earned him an invitation to appear on “Domino Masters,” an unscripted reality show airing on Fox TV (Disney). Teams of three competed to build the most elaborate and artistic domino reversals. Berkin’s team, the ‘OG Topplers’, with nearly a century of experience, reached the semi-finals of the competition.1

The event reinforced Berkin’s reflection on the close link between his profession and his vocation. “The skills required in the art of toppling dominoes have real-world applications,” he says. “I often find myself applying lessons learned from the viral sensation of building dominoes to my cybersecurity consulting work.”

Prepare for success

You don’t have to be a master of dominoes or an information security manager to know how critical and costly cybersecurity has become. Global spending on related products and services is expected to exceed $1.75 trillion cumulatively for the five-year period ending in 2025.2

The FTI Journal asked Berkin to further explain the connection between the digital world of cybersecurity and the analog science of toppling dominoes. Here are three of his theories.

Theory 1: Setting up your tiles before walking around the room is madness

Experienced domino setters carefully examine the place they are working in before laying out the tiles. Every space has its own nooks and crannies, and the tools and tricks to use for a stunning run often vary.

The same goes for having an effective cybersecurity strategy in place. Preparing for a cyberattack requires considering the nature of a business, the amount and type of information it maintains, and local regulatory requirements.

Just as each site places unique demands on a domino toppler, organizations face unique challenges based on the extent of their overall digital footprint. Know what makes your needs unique and opt for a tailored approach rather than cookie-cutter solutions.

Theory 2: Each. Only. Domino. Accounts.

Only one tile moved. That’s all it takes to create a massive failure in your knockdown. A single vulnerability in your security system can also cripple your operations and even damage your company’s reputation. In either case, risk mitigation starts with appreciating the hyperconnected nature of your assets.

Whether it’s creating a rollover or a cybersecurity plan, you need to recognize that your setup is only as strong as your weakest link or links. But it’s also important to know that focusing on just one domino in a race that involves a million pieces means you may never be completely set up. Likewise, conducting day-to-day business operations while simultaneously scanning for potential weak points in your system can prevent you from meeting deadlines. Or on budget.

Theory 3: Always have an alternate route to the final tile (prepare for the unexpected)

In the digital world, you cannot compromise critical functions; they have to work all the time. A successful domino run must also be in constant motion, knocking down the next piece in the correct order.

In both disciplines, you need to prepare for every type of eventuality to ensure that you run consistently and run reliably. This means having backups and knowing that they will work if a failure occurs elsewhere.

In domino knockdown, it involves setting up an alternate path to the finish with additional dominoes that split, so if one path fails, the other can succeed. In cybersecurity, this not only means creating digital backups in your system, but also simulating real-world scenarios to test resilience and improve your responses to potential attacks.

The big picture

Berkin strongly believes in working collaboratively. As with creating a cybersecurity plan, he says setting up a huge set of dominoes on your own can be tedious and even inefficient. “While it’s possible to go it alone, of course, partnering with other experts is key to better engineering,” he says. The domino master adds that it’s easy with cybersecurity to get caught up in the minutiae and anxiety of the moment. “You can end up missing the forest for the trees,” he says. “Or maybe I should say, ’tile flipping.'”

Sharon D. Cole