It’s mile 22, the point in a marathon where my legs feel like concrete, my brain is foggy, and every part of my body is telling me to stop.
Around me, the crowd noise blurs into white static as I hit the dreaded wall — the point in the race when your body starts to give up and your mind must decide if you will submit to its demands.
But this isn’t the only time I recall feeling this fatigue.
As a cybersecurity leader, I’ve hit a version of that same wall at work, one where exhaustion, adrenaline, and intense emotions collide. In both cases, the only option is to keep moving forward.
As fall marathon season continues in full swing, I’m reminded of the numerous parallels I can draw between my job and my lifelong passion.
Cyber Threat Intelligence Analyst at LastPass.
Both marathon training and working in a fast-paced, high-pressure industry require consistency, patience, and long-term focus.
Running a marathon is grueling for obvious reasons, but whether you’ve laced up a pair of running shoes or not, working in cybersecurity flexes some of the same muscles.
In short, the lessons you learn through 26.2 miles apply directly to a career in one of the most high-stressed, fast-paced industries.
By taking the time to make those thoughtful connections —— between the endurance and persistence of both training plans and security strategies — you prime yourself for success both on the track, on the road, and in the office.
Finding the right stride
I started my career in cybersecurity right before the COVID-19 pandemic, blind to what was looming just around the corner. As the pandemic settled in and impacts swiftly took effect, it became apparent that COVID’s implications on health, society, and cyber would be long lasting.
Right away, industry veterans noted how busy this period was, with malware, ransomware, phishing attacks, and social engineering attacks rising drastically. During this time, I would often work long hours from home on projects that were a high priority for our leadership.
Learning how to be a good threat intel analyst while navigating this increasingly complex threat landscape — all while setting personal boundaries — was a challenge during this period.
I was being thrown into information overdrive, and later — when I led our team’s annual threat assessment process — I had to master tedious processes that required intense coordination across many moving parts.
It all felt overwhelming, but I started to feel like I’ve been in this position before. Once I drew the first parallel, I couldn’t stop. That’s when I realized: Running marathons taught me everything I needed to survive work in one of the most complex industries.
Harnessing the power of movement and mindset
Running a marathon, much like working in cybersecurity, is all about your mindset. If you want a good race time or positive work outcomes, you must put in the time and effort. Both marathon running and being an effective cybersecurity leader require a level of mental toughness that isn’t natural, but instead, learned and earned over time.
I love to run because it challenges us to navigate pressure, overcome obstacles, and maintain resilience. One of the first things I learned while running was creating bite-sized, actionable tasks for myself instead of focusing on a daunting end goal.
Instead of, “How am I going to run 600 miles over my 16-week training block?” it was simply, “Here’s what I need to get done today.” I applied the same logic to my complex work projects, learning how to block out noise and focus on the one step that would take me closer to the finish line.
The value of training
Running a marathon isn’t something you can wake up one morning and do; it takes months of dedicated training — from long runs and speed runs to pacing practice and recovery.
It’s a careful balance of consistency and strategy, and it’s highly individualized. I’m not going to follow an elite runner’s training plan; I’d probably just end up injured.
That same mentality applies to cybersecurity. Just like marathon training requires deliberate, ongoing preparation, maintaining a secure environment demands proactive effort long before race day, or in this case, before an incident ever occurs.
You can’t expect fortified protection if you’re not consistently testing systems, monitoring vulnerabilities, and refining response plans. The first step is making sure essentials — strong password hygiene, robust multi-factor authentication, and heightened phishing awareness — are squared up.
Individualized training and preparation will get you far in both work and sport, helping you stay on your toes, remain forward-looking, and constantly adapt.
Cybersecurity is a marathon, not a sprint
The longer I’ve run and the longer I’ve led, the more I’ve realized that endurance is a discipline, not a destination. The habits that carry you through a marathon are comparable to the same ones that help cybersecurity teams thrive under pressure and adapt to constant change.
A few of those lessons have proven universal, whether I’m lacing up for a race or just getting ready for another day at work:
Pacing is key: Every runner knows that your fastest mile is not your first. If you start your race too quickly, you’ll burn out before seeing the finish line. Cybersecurity is the same; it can’t be fixed overnight by a single product or patch. Maintaining robust protection requires consistent effort, regular patching, and ongoing vigilance — that’s how you go the full distance.
Watch for fatigue: In cybersecurity, burnout or complacency can leave the door open to breaches. Just like a long run, you must encourage yourself to push harder, dig deeper, and continuously improve. The best cybersecurity leaders are those who consistently monitor and stay several steps ahead of threat actors.
Identify who your cheerleaders are: Seeing a familiar face on the course or even hearing strangers yell out my name printed on a race bib always gives me such a boost.
Whether it's my run club teammates who put in hours of training with me, my husband who cooks nutritious meals to help me recover, or even the race day volunteers — you can’t succeed without community.
When I think about mentors, bosses, and teammates who have taught and encouraged me throughout my career, I realize that my success is really the collective sum of parts.
Turn more people at your company into cybersecurity champions. The more cybersecurity can lead business decision-making, and the bigger community we build, the safer we’ll all be.
The finish line is not the end: Even after you cross that finish line, recovery and reflection are still part of the marathon process.
In cybersecurity, post-incident analysis and improvement are vital to remaining resilient. And, like the marathoners who are always eyeing their next race, cyber leaders must continue to build and switch up their protection methods — especially as the threat landscape continues to rapidly evolve.
Running has taught me that there’s no final finish line, only the next race, the next challenge, and the next opportunity to grow stronger. Cybersecurity feels much the same.
Every project and every lesson add up to how we respond when the next step comes. When we look at both marathons and cybersecurity, we realize that endurance isn’t built in a single moment of triumph, but instead, in the quiet, consistent work we do day after day.
Both on the road and in our work, progress comes in the form of steady miles, patience, and persistence. Carrying that same mindset forward — the one that pushes us to keep showing up even when it’s hard — there is no limit to what we can achieve.
We've featured the best identity management software.
This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro
English (US) ·