Drawing inspiration from Sun Tzu’s timeless military treatise The Art of War, Durga Prasad Dube, EVP & CISO, Reliance Industries Limited, outlined a strategic framework for modern cybersecurity at the 4th edition of ETCISO Secufest 2026. In his session titled Inside the Security Playbook, Dube explained how the principles of ancient warfare remain deeply relevant in the digital age, where battles are fought across networks instead of physical battlefields.
Dube began by drawing a parallel between historical warfare and modern cyber conflicts. “If you know the enemy and know yourself, you need not fear the result of a hundred battles,” he said, referencing one of Sun Tzu’s most cited principles. According to Dube, the same philosophy applies directly to cybersecurity, where organizations must understand both their own digital infrastructure and the tactics of adversaries. He emphasized that many breaches occur not because attackers are exceptionally advanced, but because organizations lack complete visibility into their own assets and vulnerabilities.
The cybersecurity battlefield, he noted, has simply evolved rather than fundamentally changed. Instead of soldiers, today’s defenders are analysts, engineers, and algorithms, while weapons have transformed into malware, misinformation, and AI-driven attacks. “The battlefield is digital, but the essence of the struggle remains the same — between visibility and deception, preparedness and surprise, resilience and overconfidence,” Dube explained.In outlining his 10 laws of cyber defence, Dube highlighted several strategic pillars, including deception, speed, defense-in-depth, and disciplined communication. One key principle is the idea of winning without fighting. “Victory is achieved when your defenses are so strong that the attacker chooses not to attack,” he said, noting that proactive threat hunting and strong architectural resilience can deter adversaries before incidents occur.
Another important principle involves prioritizing meaningful cybersecurity metrics over vanity statistics. While organizations often highlight the number of alerts or events processed, Dube stressed that resilience-focused metrics are far more valuable. “In the age of AI, you can say you process billions of events, but what matters is how quickly you can isolate a compromised system,” he said, adding that metrics such as mean time to isolate or contain attacks provide a more accurate measure of defensive capability.Dube also underscored the human dimension of cybersecurity. He pointed out that security analysts and SOC teams often win countless battles every day without recognition. Leaders, he said, must acknowledge their contributions and support their teams’ morale. “Your analysts win hundreds of battles every day, but nobody notices those wins. Leadership must recognize and support them,” he said.
Concluding his address, Dube argued that cybersecurity maturity ultimately lies in building resilient systems rather than chasing perfect protection. “The true art of defense is maintaining resilience,” he said, adding that organizations must design systems that are adaptable and strong enough that adversaries are discouraged from attacking in the first place.
Through the lens of Sun Tzu’s philosophy, Dube’s message was clear: effective cybersecurity is less about reactive defense and more about strategic preparation, disciplined execution, and building systems capable of enduring the inevitable pressures of the digital battlefield.
(With inputs from Nikita Virmani).
