Security builder & leader

The Eternal Cycle of Cybersecurity

The fight between cyber attackers and defenders resembles an ecological cycle between predator and prey—the goal is equilibrium, not victory. Being complacent is risky because maintaining balance requires constant effort, but defining success as "winning" leads to the wrong investments.

The Eternal Cycle of Cybersecurity - illustration

When engaged in a fight, it’s natural to ask yourself whether you are winning or losing. However, in the context of cybersecurity, this question might not make sense, because it presupposes that the state of winning exists.

Maintaining the Equilibrium

Every day, new transactions, people, and systems appear online, making the digital world more attractive to criminals. Miscreants fund malicious software and attack operations, so they can achieve financial, political and other objectives. Security practitioners respond to evolving online threats; attackers adjust their tactics, defenders tweak their approaches, and the cycle continues.

Defenders sometimes feel that the attackers are innovating at a pace that’s outpacing our ability to defend sensitive data and computer infrastructure. Such observations tend to be based on emotions and subjective observations and often lead to questions about which party is winning the fight.

Defining our objectives in terms of winning or losing is not practical.

The Eternal and Vicious Cycle

My perspective on the dynamics between cyber attackers and defenders aligns with the ecological metaphor that tech journalist Lamont Wood described in an article Malware: War Without End back in 2013. He referred to it as:

“An eternal cycle between prey and predator, and the goal is not victory but equilibrium.”

When I spoke with Lamont, I suggested that attackers work to bypass our defenses and the defenders respond as part of the cycle. If attackers get in too easily, they are spending too much on their efforts. If we are blocking 100% of the attacks, we’re spending too much on defense.

The dynamic persists to this day. Ransomware-as-a-service lowered the cost of attacks, so defenders invested in better backup and recovery. Attackers pivoted to data exfiltration and extortion. AI tools exploded in popularity, but are able to amplify both sides. Each shift follows the pattern, not a trajectory toward either side prevailing.

The internet ecosystem as a whole continues to thrive, because it benefits its legitimate users and criminals that act as parasites within the system. However, individual participants in this ecosystem could find themselves at a disadvantage and suffer losses. Being complacent is risky for either party, because they must constantly apply energy to maintain the equilibrium.

If our goal is to “win” the fight against cyber criminals, we don’t stand a chance, in part because there will always be more threats to combat. It’s more productive to define success as maintaining equilibrium. We can do that by calibrating security spending to the threats we actually face and shrinking the attack surface so defense stays manageable. The cycle won’t stop. Our job is to make sure we’re not the ones standing still.

More on
Risk ManagementLeadership
After 6+ years building the security program at Axonius from startup to scale, I'm exploring what's next. As I work on independent projects, I'm open to CISO or security product leadership roles where technical depth enables business growth. To talk, reach out on LinkedIn or email me at my first name at my last name dot com.
2 min to read
Published: February 7, 2014
Updated: March 21, 2026

About the Author

Lenny Zeltser is a cybersecurity executive with deep technical roots, product management experience, and a business mindset. He has built security products and programs from early stage to enterprise scale. He is also a Faculty Fellow at SANS Institute and the creator of REMnux, a popular Linux toolkit for malware analysis. Lenny shares his perspectives on security leadership and technology at zeltser.com.

Learn more →