Watch this episode on YouTube.
Reasonably Accurate 🤖🧠 Transcript
Morning everybody. How you doing today? In this episode of the show, we're gonna compare NBA free agency to cybersecurity policy. Hmm So the last week had NBA free agency madness. Uh If you follow the NBA at all, there was just an epic shift in where players signed contracts. There was a bunch of trades, there was the draft, there is tons of stuff going on about a third of the league's top players switch teams.
It's absolutely crazy, but that's to be expected when players contracts are up, they're gonna be moving around, but there's something else going on here. Now, I'm gonna give you a quick little NBA update so that you can understand this comparison. Now, my beloved Toronto Raptors who won the championship this year uh have been perennially struggling and they made some really smart roster moves last year to acquire superstar Kawhi Leonard.
Of course, his contract was up at the end of the year. So the big question in the NBA free agency was where would Kawhi Leonard go? There was a number of other free agents who were on or potential free agents who had a player option for next season it's not uncommon for the NB A's Elite to, uh, exercise their player option to terminate their contracts in order to get a raise.
Right. You have a really good year next year, you could either continue on your existing contract or you could opt out and go to free agency. It makes economic sense if you think you can get a raise or want to sign for a different team to opt out and go forward, also team options for different areas.
But that's sort of beside the point. So there was a number of free agents that were exercising their option. Kyrie Irving decided to move from Boston to Brooklyn. Kevin Durant, who's going to be sitting out next year, also decided to go to Brooklyn. Um That's a huge shift from west to East Klay Thompson who's injured, exercised his option, resigned in Golden State and then so on and so forth.
But why I'm bringing them so up, why we're covering NBA at all is because while there are structures in place with the uh NBA contracts with the collective bargaining agreement with the Players Association, something has really changed over the last few years because Kawhi Leonard, who was a free agent and could sign with any team he chose, he wanted to chose to go to L A, uh L A Clippers that is as opposed to the Lakers where lebron and Anthony Davis are currently under contract and we'll circle back there.
But what was interesting was part of Kaws choice to go to the Clippers was that he called up Kevin Durant and asked him to join him. Apparently, Kevin was surprised at that and decided to continue with his plan to go to the Laker or to the, uh, Nets apology to Brooklyn to sign mckye Irving.
But then Kawhi moved on to another friend, uh, Paul George who is currently under contract for two more years with a player option for the third in Oklahoma with the Thunder. Now, that's really interesting. Kawhi said, hey, Paul, get out of your contract or force a trade and come meet me in L A for the Clippers.
Now this isn't the first time that uh players have forced trades. He's even the first time Kawhi Leonard has been involved in a forced trade. So two years ago, Kawhi sat out the entire year and was under contract with San Antonio. He sat out the year, uh, uh injured and had a huge challenge with the organization and the basically that relationship spoiled and he said, forced to trade, which Toronto took advantage of and traded for him, traded away their all star guard Dem Marta Rose and a few other folks to get Kawhi Leonard and Danny Green.
Similarly, this year, there was massive drama when one of the top three players, Anthony Davis forced his way out of New Orleans to L A to the Lakers this time to team up with lebron James and now we have Kawhi Leonard convincing Paul George to force his way out of Oklahoma City, but Oklahoma City realizing that they had no choice in the matter major.
Sure that they got a ton of draft picks. Uh, actually the biggest haul ever for first round draft picks, they got five as well as two players for Paul George who's still under contract. Now, why did I bring this up? Why does anybody care unless you're a basketball fan? Well, the interesting thing here is that there are a set of rules, think of those as your cybersecurity policies that dictate what rights the players have under contract, they voluntarily sign these contracts.
And as we've already discussed, sometimes there are player option years where the player can say, hm I don't think I can get more than you're gonna pay me next year. So I'm gonna opt in and continue on another year of this contract or I think I can get more in the free market.
I'm gonna opt out. There's also team options where the team can choose whether or not that contract continues for an additional year. And in those contracts, there's also no movement clauses and modified, no movement clauses essentially saying you can't trade me at all without my permission or you can trade me to the list of the following teams without my permission.
Anywhere else you need to come ask and it's up to me. These are all ways that players can, can maintain control when they're under contract. But as we've seen with Kawhi Leonard, as we've seen with Anthony Davis and now Paul George, there is the ability for superstars and for players of sufficient importance to force their way out of these contracts.
Now, you may be thinking, isn't that crazy? They're under contract, right? Just like you're under a security policy. But the reality is there's a whole bunch of other factors at play. Here. There's player happiness. There is whether or not they're going to be collaborating with the team with the organization on the court.
If they're giving it their all, there's a number of factors that go in that aren't written down on paper, sort of the underlying unwritten rules and this is something you deal with every day in cybersecurity as well. You can sit back all you want, just take it easy, lean back and go, you know what?
Here's my security policy. I am going to say that, you know, every endpoint means this, every server needs this. Here's what you can do. Here's what you can't do, you know what doesn't work because the reality is you can design whatever you want on paper or on powerpoint more accurately and write them down as policies and write out these architectures.
And as soon as things go live, there's gonna be challenges, there's gonna be difficulties, there's gonna be things that need to be worked on and that's what's happening in the NBA. There's a written set of rules and then there's an unwritten set of rules where things are having monumentous effect. And this happens every day in your organization.
Like when you say, hey, you're not allowed to visit, you know, these sites or download software and run it without this approval process. You know, what do an inventory of your end points? I guarantee you there's tons of stuff out there that hasn't been approved. Not because people are trying to break these rules on purpose, but because the reality of getting the job done in the most effective manner means that they need to operate with the unwritten rules.
Now, the challenge for you as a security professional when you're writing policy, when you're creating controls and things like that is that you need to account for this, you need to account for the reality of what happens. There was a great discussion that happened on Twitter over the long weekend in the States.
Um And it was essentially saying, hey, if you were starting up uh in a new organization today as a security pro, what would you focus on it? So there was some really, you know, sort of entry level answers that you would expect from people new to the profession. And some of the old guard, the people who have been there with a very pragmatic and practical response were saying like, hey, you know what you need to spend months understanding the organization so that you can get these unwritten rules, uh, under your, uh, sort of purview.
So get to wrap your head around them to understand what's going on in reality because it's one thing to have it written down. It's another once it starts to get implemented. And I think that's the real key takeaway from NBA free Agency. There's a written set of rules from your security policy.
There's a written set of rules, but then there's reality and reality is actually what counts. Let me know what you think. Hit me up online at Mark NC A in the comments down below. And as always by email me at Mark N dot C A talk about this and many other issues online, we'll see you on the next episode of the show.
