Roll for Security: What D&D Teaches About Cyber Defense Artwork

Plaintext with Rich

Cybersecurity is an everyone problem. So why does it always sound like it’s only for IT people?

Each week, Rich takes one topic, from phishing to ransomware to how your phone actually tracks you, and explains it in plain language in under ten minutes or less. No buzzwords. No condescension. Just the stuff you need to know to stay safer online, explained like you’re a smart person who never had anyone break it down properly. Because you are!

All Episodes

Plaintext with Rich

Roll for Security: What D&D Teaches About Cyber Defense

April 17, 2026 • Rich Greene • Season 1 • Episode 21

0:00 | 10:28

The fighter absorbs hits up front. The rogue finds traps before the party walks into them. The cleric keeps everyone alive when things go wrong. And the bard convinces the people with resources to actually fund the quest. Nobody does everything. Everybody has a role. Now replace the dungeon with your company's network.

This episode maps cybersecurity roles to D&D character classes, SOC analysts as fighters, pen testers as rogues, incident response as clerics, security architects as wizards, CISOs as bards, and threat intelligence analysts as rangers. It translates the six core ability scores into an organization's security posture: Strength as technical controls, Dexterity as speed of response, Constitution as resilience, Intelligence as threat knowledge, Wisdom as judgment, and Charisma as communication. Then it breaks down why parties wipe, siloed teams, no incident response plan, main character syndrome, and ignoring the logs before closing with a five-step starter kit for building your party and running the campaign.

Whether you're a tabletop gamer who works in security or a leader trying to understand why your team needs every role filled, Plaintext with Rich has the quest briefing.

Is there a topic/term you want me to discuss next? Text me!!

YouTube more your speed? → https://links.sith2.com/YouTube
Apple Podcasts your usual stop? → https://links.sith2.com/Apple
Neither of those? Spotify’s over here → https://links.sith2.com/Spotify
Prefer reading quietly at your own pace? → https://links.sith2.com/Blog
Join us in The Cyber Sanctuary (no robes required) → https://links.sith2.com/Discord
Follow the human behind the microphone → https://links.sith2.com/linkedin
Need another way to reach me? That’s here → https://linktr.ee/rich.greene

Dungeon Party Analogy

SPEAKER_00 0:00

The party is deep in a dungeon. The fighter is out front, shield raised absorbing hits. The rogue slips behind the enemy looking for a weak spot, and your cleric is watching everybody, ready to heal before anyone drops. And of course, the bard is somehow keeping everyone calm while also negotiating with a dragon. Nobody does everything. Everybody has a role, and if one person wanders off alone, full party wipe. Now replace the dungeon with your company's network. Welcome to Plain Text with Rich. Today we're talking about why cybersecurity works like a DD party and what happens when you try to solo the dungeon. Now, cybersecurity is a team effort that requires specialized roles working together under pressure. No single person, tool, or skill can cover every threat, right? The party survives because every member fills a gap the others can't. Now, if you've played Dungeons and Dragons or watched someone play, that concept is already in your bones. Now, for those who don't know, a DD is a tabletop role-playing game where a group of players, each controls a character with specific strengths and weaknesses. They face challenges together. They succeed by combining what each person brings. Cybersecurity works exactly the same way. So let's build that party for us. We start with the fighter, your sock analyst. In DD, the fighter is on the front line, high armor, takes damage so others don't. They're always in the fight. Your security operations center, right? Or sock analyst is the fighter. They're watching the dashboards, triaging alerts, and responding to incidents in real time. When something hits the network, the sock analyst is the first one taking the blow. Now, they don't need to know every spell in the book or any spell whatsoever. They need endurance, pattern recognition, and the ability to hold the line while the rest of the party mobilizes. Now the rogue, the rogue's your pen tester. The rogue finds traps before the party walks into them. They pick locks, they move through places that others can't. They think like the enemy. That's your penetration tester, right? Their job is to find your vulnerabilities before an attacker does. They probe, they test, they exploit with permission. The rogue doesn't make the fortress stronger by defending it, they make it stronger by breaking in and showing you where the walls are thin. Every party needs someone willing to think like the bad guys. Now the cleric, the cleric's your incident response team. They keep the party alive. When someone goes down, the cleric brings them back. They don't prevent every hit, but they make sure a hit doesn't become a death. That's incident response. When a breach happens and eventually something will happen, the IR team contains the damage, restores systems, and gets the organization back on its feet. Without a cleric, one bad encounter becomes a total party wipe. Without incident response, one breach becomes an existential event. The cleric doesn't stop the fight. The cleric makes you sure that you survive it. Now your wizards, they're your security architect. The wizard is powerful but deliberate. They study, they plan, they don't bring a sword, they reshape the battlefield. Your security architect designs the systems that keep everything connected and protected. Network segmentation, zero trust frameworks, encryption strategies. That's the wizard laying down wards before the enemies even arrive. Now, wizards aren't flashy in the moment, but when the architecture holds under pressure, that's the wizard's work paying off. And now you're Bard, and you all know how much I love the Bard class, right? We can say that that could be your CISO. Now the Bard gets their jokes, but the Bard is quietly the most important class in the party. And I say that with all bias. The Bard inspires, the Bard negotiates, the Bard translates between the party and the outside world. And most importantly, the Bard convinces the people with resources to actually fund the quest. Now, this could be your chief information security officer or your CISO, right? They live between technical reality and business leadership. They translate risk into language the board understands. They secure budget, they set priorities, they keep the party moving in the same direction. Now, a CISO who can't communicate is like a bard who forgot their instrument, right? Technically still in the party, but not actually helping. Now, a ranger? A ranger we can look at as your threat intelligence analyst. The ranger reads the terrain. They know what's out there before the party encounters it. Tracks, patterns, creature behaviors. The ranger keeps the group from walking into an ambush. That's threat intelligence, right? These are the people monitoring the landscape, tracking adversary tactics, identifying emerging threats, right? And feeding that knowledge back in the team's defenses. The ranger doesn't fight every battle. They make sure the party picks the right ones. And now let's zoom out and look at the dungeon. We can look at the dungeon as your threat landscape. For those that know, in DD, the dungeon isn't just one room with one monster. It's corridors, it's traps, it's locked doors, hidden enemies, and rooms that look safe but aren't because of like mimics. Your organization's threat landscape works the same way. Fishing emails are the pit traps, right? Easy to fall into, easy to avoid if you're paying attention. Ransomware is the dragon, devastating, but it usually doesn't show up without warning. Insider threats are the mimic. They look like a normal treasure chest until they bite you. Misconfigurations are the unlocked doors, right? Not an attack, but an open invitation. And just like in DD, the dungeon doesn't stay the same. It shifts, new rooms appear, old traps get reset, which is why the party can't just be strong, it has to be adaptive. Now let's take a look at the character sheet, right? And we're going to frame this as your organization's security posture. Now every DD character has a character sheet. It lists their strengths, weaknesses, skills, and equipment. And your organization has one too. You just might not have it written down, but I think this is a really cool idea moving forward for organizations. In DD, the six core ability scores are strength, dexterity, constitution, intelligence, wisdom, and charisma. And we're going to translate those. When we look at strength, this is your technical controls, right? Firewalls, endpoint protection, encryption, your raw defensive power. Your dexterity, that's going to be your speed of response. How fast can you detect, contain, and recover, right? Your agility under fire. Constitution, right? Your resilience, backups, redundancy, disaster recovery. Can you take a hit and keep standing? Intelligence is your knowledge, right? Threat intelligence, vault management, understanding of your own environment. Wisdom is going to be your judgment, risk assessment, prioritization, knowing which threats to address first. And charisma is your communication, your board reporting, user awareness, cross-team collaboration, the ability to get buy-in. Now, most organizations overinvest in strength and underinvest in wisdom and charisma. They buy more tools instead of making better decisions. In DD, a character with 20 strength and three wisdom charges into every room and dies, right? In the first trap. Does that sound familiar? Now, the rules of the table, why parties usually wipe. DD parties don't fail because the monsters are too strong. They fail because the party falls apart. And here's what causes a wipe at the table and potentially in the sock, right? In DD, half the group goes left, half the group goes right, and both halves die alone. In security, this is siloed teams. Network doesn't talk to application, cloud runs its own playbook. You split the party, attackers love fragmented defenders. You have no healer, right? A party without a cleric assumes nothing will go wrong. I'm gonna say that's a pretty bad bet. An organization without incident response is making the same bet. You will take damage. The question is whether anyone is ready to stop the bleeding. You might have main character syndrome, right? That one player who ignores the party and does their own thing, not saying that might not be me. In DD, they get the whole group killed. In security, it's the exec who clicks every link on the team that deploys without telling anyone. What about ignoring the map? In DD, the DM drops clues, a lot of them. Most of us don't pay attention to them, right? Footprints, strange sounds, a door that opens too easily. In security, those clues are logs, alerts, anomalies. If no one is reading the map, the party walks straight into the ambush. Now, this is going to be our starter kit, right? First, know your party composition. Map your current security rules. Who's the fighter? Who's the cleric? Where are the gaps? If you don't have an incident response plan, you don't have a healer. If nobody is doing threat intelligence, you don't have a ranger. Name the gaps out loud. Second, fill that character sheet out. Assess your ability scores honestly. Strong on tools but weak on communication. High intelligence, but low dexterity. You can't fix what you haven't named. And like DD, you don't need perfect stats. You need to know where you're vulnerable. Third, stop splitting the party. Break down silos between security, IT, development, business leadership, right? Share context, run joint exercises. And the party that communicates survives. The party that fragments, wipes. Fourth, run a campaign, not a one-shot. Security isn't a single encounter, it's an ongoing campaign. Threats evolve, your party needs to level up. That means regular training, updated playbooks, and learning from every encounter. The party that debriefs after every session gets stronger. Fifth, remember the bard. Technical excellence means nothing if leadership doesn't understand the risk. Invest in communication, translate security into business language, get the resources your party needs, right? The bard isn't optional. The bard is essential. We look at our recap, cybersecurity is a party game, not a solo quest, right? Every role fills a gap that others can't. Your organization has a character sheet, know your stats. Parties wipe when they split, skip the healer or ignore the map. Build the party, run the campaign, fund the bard. Same dice, very different outcome when the party works together. Now, if there's a security concept you want explained, send it my way. Email me, DM me, or drop it in the comments. Bardic inspiration in the form of a well timed loot solo, also accepted. I read everything I can and I will get back to you if possible. If this episode helped or you enjoyed it, please share it with someone who'd actually benefit or also enjoy it. This has been Plain Text with Rich. Ten minutes or less, one topic, no panic. I'll see you next time.