Skip to content

What Football Coach Bill Belichick Can Teach Us About Cybersecurity

The NFL legend’s wisdom and practices could be the outline for a winning cybersecurity playbook.


While all eyes this Sunday will be on the historic Super Bowl rematch between the San Francisco 49ers and the Kansas City Chiefs in Las Vegas, I can’t help glancing eastward to Massachusetts, and the home of famed NFL coach Bill Belichick, who announced his departure from the New England Patriots last month and whom pundits predicted would be quickly snapped up by an eager franchise. And yet he remains, err, unemployed.

Somehow Belichick – the only coach to win nine conference titles and six Super Bowl trophies, making him arguably the greatest football coach of all time – didn’t find any takers among the eight teams that were actively searching for new head coaches this year. Sure, he’s 71 and the Patriots’ last four seasons were grim. And I’m no superfan, coming from a family of Giants diehards. (Go Big Blue!) But there’s no denying the dude’s still feisty, a legendary strategist, and a motivational icon. Talk about your transferable skills. In fact, I could even imagine football’s loss becoming cybersecurity’s gain.

Might Belichick be willing to consider a pivot from the world of footballs to firewalls, linebackers to white-hat hackers? Because – crazy as this sounds – there are striking parallels between the lessons he imparts on the gridiron and the battles we wage in the digital arena.

Football teams aren’t the only ones with playbooks. Learn how incident response playbooks – tracked on a single platform – can intercept threats before they spread across your network.

Take a walk with me down this (completely implausible) fantasy-football-on-mushrooms dreamscape where Belichick trades in his coach’s whistle for whatever the heck chief information security officers (CISOs) wear around their neck. The vast landscape of professional sports has seen some unexpected crossovers:

  • Michael Jordan – basketball to (briefly) baseball.
  • Bo Jackson – baseball to football.
  • Rosey Grier – “Fearsome Foursome” defensive lineman to needlepoint fan.
  • Jesse Ventura – World Wrestling Federation star turned governor.

So why not a septuagenarian Super Bowler turned CISO? Sure, he’d have to take a slight pay cut. And his penchant for cut-off hoodies might stretch the most casual of Casual Fridays. But he’d feel at home. Both coaches and CISOs must track offensive and defensive maneuvers, hone leadership skills, and exude a gritty determination when facing the press or the owner of the team. And with his stoic demeanor and relentless drive, Belichick’s a natural.

Just listen to how his words of wisdom echo far beyond the locker room and into the realms of information security.

“Do your job” – the mantra of good cyber hygiene

Belichick’s famed catchphrase, preached on the sidelines and caught in countless NFL Films, isn’t just some workplace cliché. It’s a doctrine of focus and keen attention to detailed tasks, an attitude critical for maintaining proper cyber hygiene.

Our team is kind of like a car. Some guys might be the motor…. Other guys might be like the lug nuts or something, but the car’s not going to run if you don’t have the lug nuts on.

Danny Amendola, former receiver and kick returner, New England Patriots

In cybersecurity, the smallest oversight can lead to a catastrophic breach. Put another way: Details count.

Like blocking and tackling, routine patch management, multifactor authentication, and the simple act of not clicking on suspicious links are all mundane but vital to the goal. Belichick exhorts his players to embrace the mundane, to find beauty in consistency. In cybersecurity, that translates to regularly updating anti-virus software, enforcing strong password practices, and fostering a culture where security is everyone’s job.

“Our team is kind of like a car,” Patriots receiver and kick returner Danny Amendola told CBS News shortly before their fourth Super Bowl win (over the Seattle Seahawks) in 2015. “Some guys might be the motor. Some guys might be the windshield wipers, the lights, steering wheel. Other guys might be like the lug nuts or something, but the car’s not going to run if you don’t have the lug nuts on. No matter what it is, you’ve got to do your job.”

“It’s not about the scheme, it’s about the execution” – a call for swift patch management

Every few weeks, software vendors publish updates to patch recently discovered vulnerabilities that might otherwise leave their clients open to threats. The sooner these patches are applied, the less chance a cybercriminal has to exploit a vulnerability. Belichick’s philosophy on execution underscores a truism in myriad fields: A good plan isn’t worth much if it’s not implemented effectively and swiftly.

[Read also: The not-so-hidden cost of unpatched devices]

Today, with new vulnerabilities popping up with increasing frequency, swift and effective patch management requires automation. By automating any patch functions previously done manually by the operations team, security leaders can simplify and accelerate the process and free up their staff to work on other and more challenging tasks.

“Knowing you have a good backup long snapper allows you to sleep good at night” – wait, CISOs sleep?

The snapper in question – praised by Belichick at the man’s retirement ceremony in 2017 – was Patriot Rob Ninkovich, who’d been cut four times by previous teams, deemed too slow to play linebacker, too small for a defensive end. But when he came to New England, he flourished under Belichick’s leadership, serving on special teams and transforming into one of the squad’s most valuable and beloved players.

A long snapper is the guy who often comes in when the chips are down, snapping the football back to a punter when the team fails to advance or to a field goal kicker when a touchdown is unlikely.

In cybersecurity, companies must have robust backup strategies in place in the event of data breaches, system failures, and other unforeseen disasters. Strategically timed data backups and reliable recovery plans are the essential functions that kick in when primary systems fail, minimizing downtime and data loss.

Implementing multiple layers of backup solutions, such as offsite storage, cloud backups, and regular testing, ensures that even if one system is compromised, others can step in to maintain the integrity and availability of critical data.

“I don’t Twitter, I don’t MyFace, I don’t Yearbook” – a warning about social media

This was the coach’s response in 2011 to a press query about a player’s social media presence. Belichick, most often sagacious but stymied by social media, was renowned for his malapropisms: He also didn’t “YourFace,” “SnapFace,” or “InstaFace.”

Not on SnapFace, not too worried what they put on InstaChat.

The perennially social-media-challenged Belichick, in 2016

Humorous, sure, and a stark reminder of the privacy and security dangers these platforms can pose. In reality, Belichick’s eye-roll response to what his players were doing online was perhaps somewhat naïve. In cybersecurity circles, however, such reluctance to engage in social media is a cornerstone of managing one’s digital footprint.

Cybersecurity professionals can champion this mindset by implementing clear policies about the sharing of sensitive information online and educating employees on the potential risks. Social media platforms brim with personal details that can be used in phishing, business email compromise, and other social engineering attacks.

[Read also: Our writer describes being on the receiving end of a “vishing” call – welcome to the world of emboldened social engineering]

Staffers should be reminded that every post can be scrutinized and exploited by cybercriminals, much like how opposing coaches scrutinize each other’s public communications. There’s a reason coaches cover their mouths with clipboards when barking orders from the sidelines. Employees need to be equally circumspect in their online posts.

“We’re on to Cincinnati” – focus, focus, focus

The Patriots had hit rock bottom in the first month of the 2014 season. They’d gone 10 years without a Super Bowl and were a dismal 2-2 at the end of their fourth game (when they were trounced by the Chiefs). Tom Brady’s iconic quarterback days were done, the dynasty finished, the critics groused.

Belichick remained resolute, focused on their Week 5 opponent: the Cincinnati Bengals. Pelted by searing questions at a midweek press conference, Belichick kept repeating four words: “We’re on to Cincinnati.” It became a rallying cry, especially after the Patriots steamrolled the Bengals (43-17) and went on to win the Super Bowl. Again.

If “Do your job” is a mantra for a cybersecurity team’s uneventful days, this paean to persistence is for the day when crises strike. Cyberattacks, it bears repeating, are inevitable. It’s not a matter of if, but when. And when that day comes, cybersecurity teams will need to focus on the immediate challenges ahead, following their incident-response playbooks without being tethered to or distracted by past failures. (The same can be said for past laurels.)

In cyber defense, dwelling on mistakes or becoming complacent with current security measures can leave an organization vulnerable to evolving cyber threats.

[Read also: Ultimate guide to AI cybersecurity – benefits, risks, and rewards in the ever-evolving cyber landscape]

“We’re on to Cincinnati” speaks to a proactive stance in cybersecurity efforts. It’s crucial to continuously update and refine cyber defenses, stay on top of cyber trends and innovations, incorporate them into practice, and train teams to handle new threats. By emphasizing evolution and adaptation, cybersecurity teams can embody Belichick’s relentless commitment to improvement.

Given all his cyber-relevant wisdom, Belichick seems a perfect fit for the world of IT. At the very least, some clever CISO out there might want to consider a kick-the-tires phone call with the second-most-winning coach in NFL history. (First, if we’re talking about those still living.)

I mean, hey, the guy’s available.

Joseph V. Amodio

Joseph V. Amodio is a veteran journalist, television writer, and the Editor-in-Chief of Focal Point. His work has appeared in The New York Times Magazine, Men's Health, Newsday, Los Angeles Times,, and, and has been syndicated in publications around the world. His docudramas have aired on Netflix, Discovery, A&E, and other outlets. He also produces Tanium’s new Let’s Converge podcast—listen here.

Tanium Subscription Center

Get Tanium digests straight to your inbox, including the latest thought leadership, industry news and best practices for IT security and operations.