Cyber Sec General

Ted Lasso and Cyber Security — Why every team needs a Midfield General

There are loads of analogies and life lessons that you can take from the beautiful game of football and, if you need any convincing, just watch a single episode of Ted Lasso. Be warned, however, that one episode will definitely result in you binge-watching the lot!

Football, like most other top-level sports, is driven by money. And, although you could argue that it is all about sport and it’s just a game, it really isn’t. Generally, the teams that do well are the big ones with lots of income, lots of buying power and lots of resources to invest in their business. These teams are top of their league and sometimes not only through sheer talent and skill but also through the amount of money that they can throw at a problem.

These teams have specialist skills all over the park because they can afford to pay the right wages and train their players to the highest performance level. They can also afford to replace any member who is either under performing or past their sell-by date. It’s brutal – but that’s football.

But what about the smaller teams who play in the lower leagues? Same game, same aims and same problems. Just less money to chuck at it.

That’s why, if I was a football manager in one of the lower leagues (and, if you see my fantasy football league standings, you will know that I am pretty dire) – I would invest in a Midfield General.

The term ‘Midfield General’ has slowly slipped out of the vocab of most football clubs.

But back in the day – nearly every team had at least one. This player was a real generalist and commanded the pitch. They were able to understand the game in a way that allowed them to maintain a level of defence when required by keeping the attackers a good distance away from their goal whilst also dashing forward to help keep the front supported and had a good vision of the tactics, techniques and procedures that they could use to their advantage. Every team needs a Midfield General.

Midfield Generals were also good to feedback and train other players and report back to the manager as to how it was all going or how things could be improved.

In all leagues, there are games when the best meets the worst. And it can be quite painful when you see the giants go up against the minnows knowing that the chances of them surviving relentless attacks is next to nil. Normally in these games, the weaker team just piles on the defence and hopes that the attackers don’t get through – but invariably they do – and the result is a disaster.

Having a midfield general – or several of them – is a very cost-effective way of keeping the attackers away from their goal. They also allow for back up to strengthen defences when needed and although they are never going to be 100% effective, they do their very best to keep the opposition away from the danger zones.

All teams need specialists. And so, once your mid-field generals have mastered their key role, they can train in their chosen specialist areas. 

This might be taking corners or spot-kicks. Every team needs a penalty taker (or a couple of them). These are the players that hone their attack skills to keep the team afloat. They are also amazing to have on your side on the training field to test your defenders and goalkeeper.

All teams also need to use external or third-part specialists. A physio and medical team to keep them fit and healthy and a management team to look after the business side of things. These are not skills that you can train your players in (even the Mid-field Generals) as it would be far too costly and time consuming to do so. So, investment in non-playing team members is normally a given.

But training your mid-field generals to keep the team reasonably safe and sound means that you can start to get clever with your time and money and be in a position to make gains in the league. It is never going to be 100% effective – but nothing ever is.

In the most recent IPSOS Report (2023),

Cyber Security Skills in the UK Labour Market, research and analysis provided us with the following stats:

  • 50% of UK businesses have a basic skills gap in Cyber Security
  • 33% of UK businesses have more advanced skills gaps
  • 41% have an internal skills gap when it comes to incident response and recovery
  • 61% of Cyber sector firms have employees that work as Cyber Security generalists
  • Only 26% of the current workforce are Cyber Security generalists

New estimates for proportions of the workforce in the Cyber sector in specific roles show a high prevalence of generalists.

So, from a Cyber Security perspective – we need more Midfield Generals.

As a kid, I was pretty rubbish at football. I was lucky enough to come from a small village where there wasn’t a massive number of kids to choose from and so I got to play in the local village team every Sunday afternoon, but I was the ‘floater’ in the team.

I wasn’t good enough to be fullback, brave enough to be a goalkeeper or quick enough to be a forward, and so I generally loafed around in midfield and, although I ran around a lot, I didn’t score many goals and seldom got passed the ball. Cold, wet and muddy Sunday afternoons were a dream.

Everybody wanted to be a striker and score goals or a specialist in some respects. Goalkeeper was a specialist position (my brother was a great goalkeeper) and fullback was another mainstay position (my mate Rob was an excellent fullback) if you were good at tackling. Sometimes people would remember a goalkeeper doing well, but everybody remembers the striker scoring goals (Jon was a great striker). Seldom do mid-fielders get a mention.

The same thing happened to me when I joined the military and I played for sections teams. I was never good enough to play for the station but on one occasion in Gibraltar (playing on a hard, gravelly pitch) – I was ‘promoted’ to centre forward. The reason behind this was quite clear when the game started as I was never likely to see the ball as we were playing against one of the top teams and it was decided early on that it would be mostly defence for 90 minutes.

I spent nearly 75% of the match bored out of my mind with nothing to do apart from mill around in the centre circle and not get in the way. It was like being a playing spectator, but I was a specialist. As chance would happen, I did actually score a goal in this match when a rare corner came over, hit me and ended up in the back of the net. I think the score was a 9-2 loss in the end and nobody remembers my goal.

If my passion and skill for football had been greater, I would have loved to have been a mid-field general. But that takes commitment and training and I preferred other things – like beer. (Although I was okay at hockey!)

Specialists are only needed on special occasions. We need them to offer trained protection (like a Goalkeeper), we may need them to provide support further up field before the attack gets to our line of defence and we definitely need them to provide specialist support such as training, governance and management.

The IPSOS report also highlights the use of the Cyber Security Council’s Cyber Career Framework.

This framework maps the pathways for 16 specialisms in cyber security and includes the Cyber Security Generalist.

The responsibilities for a generalist are:

  • Track vulnerabilities in software, systems and networks
  • Identify and assess cyber threats
  • Identify and assess cyber security risks and recommend measures to manage them
  • Design security controls, including those affecting the selection and development of systems
  • Draft cyber security policies and procedures, particularly for the secure operation of systems
  • Test and report on the security of an organisation’s systems and networks
  • Manage external providers
  • Advise IT staff and business managers on cyber security risks and controls, including procedures and staff behaviours
  • Brief and train non-cyber staff on cyber security awareness and safe practice

With more experience, you may also: 

  • Be responsible for the overall performance and security of live systems
  • Work with managers in other teams to ensure effective cyber security across the organisation
  • Recruit, train and assess others 

I am involved in training all sorts of people. Newcomers to specialists and I am lucky to say that, unlike my passion for football – my passion for cyber has not waned. I have worked and trained with some of the best people, and I consider myself to be a bit of a mid-field general with some specialist areas of interest.

The most important thing is that when I work with the team – I know what I can do and what I can’t do and who to call on to bridge the skills gap.

I can almost guarantee on every bootcamp or apprenticeship that I work with – there are lot of newbies that are focused on becoming a specialist. 

I wish I had a pound for every time I hear “I wanna be a pentester!” 

And don’t get me wrong – I get it. But having done pentesting and worked with some of the most elite pentesters I know – I also recognise the fact that it is the tip of the iceberg and a specialism which is not as sexy as it first looks. There is a lot of paperwork, a lot of governance and a whole lot of ethics involved in high level auditing. There is also a lot of training and experience required to be a good one.

Like a centre forward, there is also a lot of hanging around and doing routine milling around before it gets exciting. So, although my response is always positive to anybody who wants to become a specialist in cyber, my advice is always: get good with the basics first. Aim to become a mid-field general and then you know what’s what and potentially where the gaps are.

And the fact is that you might actually enjoy being in the centre of things and develop into other areas of cyber that will benefit you and the organisation better.

This is crucial if you are not working for a large enterprise with a large budget for Cyber Security. SMEs need more mid-field generals and it is a great opportunity for anybody in cyber to seek out. It is also a great opportunity for SME’s to recruit and train cyber professionals into.

It’s a project I am working on – so hopefully watch this space. But my mission is to get more mid-field generals out there – where I know they can make a difference.

Kick Long and Prosper.

Photo: ©Ted Lasso/Apple TV+