What Did the Super Bowl Teach Us About Cybersecurity: It Only Takes One Mistake

Tuesday, February 15th, 2022



We owe our information security teams the same kind of focused support the NFL provides to their officials, coaches and teams. The job is challenging. The stakes are high. And they “only need to be wrong once.”

We recently completed a tabletop incident response exercise for a large customer of ours. We made a point to compliment the CISO, our main contact at the financial institution, for the great job he does ensuring the safety and security of his bank. He quickly brushed aside the praise and admonished us (and his executive team) with, “I only need to be wrong once!”

He’s right. And if you are a CISO or information security professional, I am sure you can empathize. At DefenseStorm, our customers send us on average almost 90 million log events every day. That’s a big hill to climb while worrying about “one mistake”.

At some level, that’s the nature of the job. But the pressure not to have a negative impact is huge. And the Super Bowl February 13 pitting the Rams and Bengals made me think of this conundrum a couple of times.

In the first case, one of the officials made “one mistake”. And it cost the Rams a touchdown! As you can see clearly in the picture on the right, Bengals’ receiver Tee Higgins clearly grabbed the facemask of Rams defender Jalen Ramsey. The official missed it. There were 127 plays in this game. The official missed one call. And the result is clear in the picture on the right – an easy touchdown for Cincinnati.

Later in the game, Bengals’ linebacker Logan Wilson fell to the “one mistake” dynamic. And it may have cost his team the Super Bowl. Thomas was on the field for 74 plays, including 100% of the Bengals time on defense in this game. He made one mistake. On third and goal, with less than 2 minutes left in the game and the Bengals up by 4, Wilson held the jersey of Rams WR (and the ultimate Super Bowl MVP) Cooper Kupp. This time, the official didn’t miss the call. Wilson made “one mistake” and now lives in Super Bowl infamy. That penalty gave the Rams a fresh set of downs and they took advantage of his mistake and walked off the field champions.

The NFL’s Officials will certainly review the missed call on the Tee Higgins touchdown. The official will get coaching and instruction on how not to make the same mistake again. The league might even consider changing its replay rules. The same is true for Wilson. That hold will be reviewed in film with his coaches. And the Bengals’ defensive staff will try and adjust his technique to prevent future mistakes.

We owe our information security teams the same kind of focused support. The job is challenging. The stakes are high. And they “only need to be wrong once.”

Steve Soukup

Steve Soukup

Chief Executive Officer

Steve Soukup has served as Chief Executive Officer since 2020 and in that role is responsible for leading all aspects of the company’s business. He is passionate about building a community of trust among our teams and with our customers while also enabling our customers to do the same with their accountholders. Steve joined us as Chief Revenue Officer in May 2017 with a charge to drive growth for the business while leveraging his extensive experience serving the banking vertical. He was promoted to President in October 2019 and then to CEO in April of 2020. Under his leadership, DefenseStorm has set the standard for enabling banks and credit unions to achieve cyber risk readiness.

Steve has built world class customer-focused sales teams that have delivered double-digit year-over-year profitable revenue growth in fast paced and competitive environments. His background includes shaping a 100+ sales organization at e-banking leader Q2 to deliver 30% year-over-year revenue growth, as well as leadership positions at Intuit, S1 Corporation and KPN. Steve also has direct banking experience through management positions at Key Bank, BankBoston and State Street Bank. Steve is a graduate of Boston College and earned a Master of Business Administration degree from Boston University. A native of Cleveland, Ohio, Steve and his family have called the Atlanta area home for over 10 years.