The Gentle Art of Moving Target Defense
The 32 Principles: Harnessing the Power of Jiu-Jitsu to Succeed in Business, Relationships, and Life - by Rener Gracie and Paul Volponi
They call Brazilian Jiu-Jitsu “the gentle art,” but when you’re trapped under someone twice your size, it doesn’t feel gentle at all. What makes BJJ beautiful is how it turns chaos into strategy. You learn to adapt to pressure, flow with resistance, and stay calm in the face of overwhelming odds.
That’s why I love it. And it’s why it inspires the way I think about cybersecurity—specifically, the work we’re doing with Automated Moving Target Defense (AMTD).
When I read The 32 Principles by Rener Gracie, it felt like the missing manual for both my training on the mat and my approach to cyber defense. The principles are universal—they teach you how to think dynamically, solve problems creatively, and use your opponent’s moves against them. The same ideas that help you escape a chokehold can also help protect a network from relentless attackers.
Connection: Feeling the Threat
Rener writes, “Connection is not just about holding on to your opponent—it’s about feeling them, understanding their intention, and staying one step ahead.” In BJJ, this means staying so connected to your opponent that you can feel their moves before they commit to them.
In cybersecurity, connection means understanding your environment and your adversaries. Attackers rely on predictable systems—they map your infrastructure, look for static configurations, and exploit what doesn’t change. With AMTD, we break that connection by constantly shifting the environment. Adaptive NIMs don’t sit still; they reconfigure, move, and reset, making it impossible for attackers to get a foothold. Just like in BJJ, the moment they think they’ve found control, we’ve already moved.
Energy Efficiency: Winning with Less
Another of Rener’s principles is “Energy efficiency: The goal is not to overpower your opponent but to outlast them, conserving your energy while they waste theirs.” This couldn’t be more relevant to cybersecurity.
When an attacker targets a static system, they can deploy all their tools at once, knowing the target won’t change. But with AMTD, the rules are different. Every reconfiguration forces them to restart their attack, wasting time and resources. And here’s the kicker: we achieve this with just 1-2% additional cloud cost. Like a skilled grappler using minimal energy to maintain control, our solution keeps attackers on the defensive without draining resources.
Positional Strategy: Controlling the Fight
In BJJ, if you control the position, you control the fight. Rener writes, “A good position is one where you have options, and your opponent has none.” This resonates deeply with how we approach security.
AMTD is all about positional dominance. Static environments give attackers the upper hand—they dictate where the fight happens. But with AMTD, we control the position. By constantly changing configurations and environments, we leave attackers with no openings, no patterns, and no time to react. They’re stuck chasing a moving target while we dictate the terms of engagement.
Flow with the Go: Thriving in Chaos
Perhaps the most famous principle from BJJ is “Flow with the go.” It’s the idea that you don’t resist the chaos—you embrace it and use it to your advantage. This principle is at the heart of AMTD.
Attackers thrive in predictable environments. They study patterns, exploit static systems, and use chaos to their advantage. AMTD flips the script. By introducing controlled chaos—constantly evolving configurations, adaptive infrastructures, and dynamic responses—we make it impossible for attackers to keep up. Instead of fearing unpredictability, we weaponize it.
Proactive Defense: Attacking the Attack
In BJJ, waiting passively to defend against your opponent’s moves is a losing strategy. Instead, you proactively create situations where they overcommit, expose their weaknesses, or make mistakes.
Rener Gracie writes, “The best defense isn’t just surviving; it’s setting traps that turn their attack into your advantage.”
The same applies in cybersecurity. Traditional defenses are reactive—they wait for attackers to make a move and then respond. AMTD flips that mindset. By constantly changing configurations and environments, we don’t just react to attackers—we disrupt them before they can act. Adaptive NIMs proactively reconfigure based on metrics, making the attack surface a constantly moving target. It’s the digital equivalent of baiting your opponent into a sweep or submission, turning their aggression into a liability.
This approach isn’t about playing defense—it’s about forcing attackers into a reactive state where they’re always a step behind. Like in BJJ, the goal isn’t just to survive—it’s to control the fight, dictate the terms, and leave your opponent chasing shadows.
The Art and the Science
Both BJJ and cybersecurity are about problem-solving under pressure. On the mat, you learn to stay calm when trapped, assess your options, and adapt in real-time. In the cloud, we face the same challenges. Attackers are relentless, resourceful, and always evolving. But just like in BJJ, the answer isn’t to panic or brute force your way out—it’s to stay a step ahead, use leverage, and turn their strengths into weaknesses.
Rener Gracie writes, “A black belt isn’t someone who doesn’t get caught. It’s someone who knows how to escape.” In cyber, no system is 100% invulnerable. The key is building systems that can adapt, recover, and evolve faster than attackers can exploit them.
This is why I train in Jiu-Jitsu. It teaches me how to solve problems dynamically, stay calm under pressure, and embrace the chaos of the roll. And it’s why I work in cybersecurity. AMTD applies the same principles to protect what matters most—turning unpredictability into an advantage and evolving faster than the threats we face.
In both BJJ and cybersecurity, you don’t just defend. You adapt. You evolve. And eventually, you dominate.