🏈 Human Cyber Performance

Another week, another win for Dr. Dustin Sachs. He’s now within spitting distance of the first undefeated season in Phish Bowl history. Should that happen, I fully expect him to be illuminated by a great light from the heavens and ascend into the stars—immortalized as a constellation in the shape of a gold fish bowl trophy. It's that rare.

This week, I am preparing to be the one who ends his 8-game winning streak. But before we can look ahead at Week 9, we must acknowledge that Week 8 was rough.

Injuries and underperofmrance were everywhere. Cam Skattebo went down, a few other stars limped off, and most of us fantasy managers are now patching together rosters held up by duct tape, caffeine, and prayers to the fantasy gods.

By midseason, everyone’s a little hurt. Every player. Every team. Every fantasy manager.

And that’s when performance becomes about more than talent—it’s about recovery, adaptability, and smart decisions under stress.

That’s true on the football field. And it’s true in cybersecurity.

I’ve spent my career exploring the crossroads of science, technology, and human performance—first in medical research and consumer health tech, and now in cybersecurity. What drew me to this field is how closely it mirrors that same intersection through the People, Process, Technology framework. However you frame it, every story begins and ends with people and measurement and management of their performance.

‍

From People Problems to Performance Questions

In cyber, we often say: “It all comes down to people.”‍

Their choices under pressure. Their habits. Their focus.
‍

But that goes for the security teams too—their processes, coordination, tools, and decision-making under stress.

When you look closely, both sports and cybersecurity are games of human performance.
‍

That’s why I want to introduce a concept I’ve carried from my days in sleep research and sleep technology into this field:
👉Human Cyber Performance.

What Sleep Taught Me About Behavior and Metrics

About 20 years ago, I joined the world of sleep research because I was fascinated by the intersection of biology, technology, and behavior.

Back then, the hardest part wasn’t collecting the data—it was convincing people that sleep mattered.

We researchers would throw data at them:

• Sleep deprivation increases risk of stroke.
• Sleep loss leads to poor judgment and emotional regulation, and slower reaction times.
• Sleep debt raises blood pressure and mortality risk.

We were shouting: “You’d better sleep… OR ELSE!”

People didn't even bother to shout back because they weren't listening. The message was not penetrating. Negativity rarely does.

The game changed when the conversation was reframed around performance.

When elite athletes—Kobe, LeBron, Federer—started saying sleep was their competitive edge, the message clicked. Suddenly, sleep wasn’t about avoiding failure. It was about achieving excellence.‍

Sleep (and napping) quality became a badge of honor like a nutritious meal or a new workout method; it became a hack for human performance.

Cybersecurity Is Having Its Sleep Moment

We’re at a similar turning point in cybersecurity.

The old message—“Don’t click the bad link, or else!”—has hit its limits.

Fear and shame don’t build champions.

Performance coaching does.

That’s the shift from traditional “Security Awareness Training” to what I call Human Cyber Performance Coaching—a model built on behavior, metrics, feedback, and improvement.

To make that leap, we need the same ingredients that revolutionized sleep science and sports analytics:

🧠 1. Good Metrics

Sleep scientists stopped measuring one empty metric (hours slept) and started combining heart rate, breathing, and movement to tell a full story.
Cybersecurity must move past “phishing failure rate” and start looking at multi-metric performance:

• Reporting rates
• Dwell time
• Real vs. simulated threat detection
• Organization-wide malicious click reduction

Together, these metrics tell a richer story of resilience—not just risk.

📊 2. A Summary Score

Sleep tech cracked it with the “Sleep Score”—green for good, red for bad.

Cyber is working toward something similar: a resilience dashboard that measures performance across individuals, teams, and the entire organization.

It’s your team’s cyber box score—your record, your stats, your progress.

🏋️ 3. Measurable Outcomes

In sports, it’s wins and losses.

In sleep, Harvard’s Charles Czeisler and Stanford’s Cheryl Mah showed that rested athletes had better accuracy, faster sprint times, and longer careers.

In cyber, we must track what matters most:

• Do people detect real attacks?
• Do teams patch vulnerabilities faster?
• Do organizations respond to incidents more effectively?

That’s the cyber equivalent of a winning season.

🧬 4. Individual Profiles

Athletes train differently depending on their position and physiology. Everything from nutrition to exercise load is carefully calibrated according to their biology.

In cybersecurity, people learn and respond to threats differently, too.

By understanding roles, personality types, and behavioral baselines, we can personalize training for humans—not just job titles.

🤖 5. Technology That Elevates

After 2014, new wearables like my former company Beddit (later acquired by Apple) changed sleep forever.

They gave everyone access to personalized, real-time performance feedback.

In cybersecurity, AI-enabled human-risk platforms are doing the same—auto-personalizing training, detecting real threats, and tracking improvements in human performance at scale.

We’ve entered the Apple Watch era of cybersecurity.

🏆 Human Cyber Performance = Resilient Teams

Change the way you think about cybersecurity and people, and you can transform your outcomes.

We're not punishing people for behaving stupidly. We're rewarding them for acting correctly.

We're not expecting security teams to thwart every attack. We're empowering them to optimize risk mitigation.

We’re not scaring people straight. We’re coaching them to maintain cool heads and perform under pressure.

That’s what great athletes do. That’s what great teams do. And that’s what resilient organizations do.

Like every fantasy football manager knows, performance is never static.

It evolves. It adapts. It requires rest, feedback, and smarter play-calling every week. You must be able to adjust your leadership, management, and training to accomodate the nuances of optimal human performance.

Final Score

As we enter the back half of the Phish Bowl season—banged up, battle-tested, and still chasing that perfect record—remember:

Cybersecurity, like sports, is a game of human performance. It’s not about who never clicks the link. It’s about who learns, recovers, and comes back stronger the next play.

So get your sleep. Track your stats. Manage your teams.

And keep building up your Human Cyber Performance.

Because champions—on the field or in the SOC—aren’t born. They’re coached.

‍