I was standing on the tube (subway) in London a few weeks ago just before Christmas. It was reasonably busy so standing was the most sensible option. I was listening to music as I guess so many people do on public transport. Finding somewhere else to be mentally. The Bakerloo line has the odd jolting corner which can throw you off balance if you are not holding on. I have often danced gently (almost imperceptibly) and noticed that if you have chosen not to hold on, and bend your knees slightly while dancing, it is much easier to stay on your feet during the wobbly ride. It got me thinking….”Why is it when I am intentionally off balance, swaying back and forth dancing, that I am more stable than if I stand still and attempt to brace once a bump in the rails occurs?” This is not the first time the thought crossed my mind but this was the time when I decided to act and research whether this phenomenon is matched in nature and science.
Anticipatory Imbalance – (Biomechanics)
This concept explains how the body Central Nervous System (CNS) proactively generates a controlled state of instability known as anticipatory postural adjustments which prepare the body for expected and unexpected perturbations, leading to increased overall stability.
Dynamic stability
Also from movement science, describes maintaining balance not by being still but by staying in controlled motion, making continuous small corrections that make sudden disturbances less likely to knock you right over.
If you combine these concepts it is clear that there is something to this. If you continuously keep yourself off balance and moving, your responses to unexpected events will be quicker, more efficient and more effective.
This is not chaos; this is disciplined motion. It is rehearsed instability that builds true stability.
Cyber Security Application
We can use this concept to significantly improve our cyber security strategy. Doubtless many organisations have already been performing micro red team tests and using the results of this to both build muscle memory and to check that all the detection regimes are operating effectively. This is fantastic and maintaining this approach is a great way to get ready for a more significant event, especially if you deep dive the results and use this to improve your overall gait. However, there is a lot of security only focus to this, it doesn’t always get the rest of the organisation involved and it doesn’t (in my experience) include the practice of resilience, particularly mid and post incident. Resilience doesn’t just mean the ability to detect and respond to an adverse event, but also to withstand and recover from such an incident.
Dynamic Resilience
Why don’t we take the dual concepts of Anticipatory Imbalance and Dynamic Stability and, applied to Cyber Security, call it Dynamic Resilience?
Static security postures fail because they assume equilibrium or a final resting state. Cyber Security is ever moving. The internal and external threat landscape is constantly in motion. Modern threat actors force movement. Organisations that rarely practice movement fall when pushed. The Dynamic Resilience model deliberately avoids static equilibrium. It keeps the enterprise in constant, controlled micro-motion so that when a real shove comes, the organisation is already moving, already adapting, and already rehearsed.
Instead of “prevent so nothing happens,” the stance becomes “move so something cannot knock you over.”
Resilient organisations behave more like athletes than statues. A statue is perfectly balanced until the moment it isn’t, and then it breaks. An athlete is never fully still. Micro-adjustments maintain stability and generate responsiveness. Cyber security has been built on the statue model for decades. It doesn’t survive contact with a determined adversary.
The Dynamic Resilience approach treats controlled disturbance as a core component of readiness. You practice isolating a host every week, so when you need to isolate one for real, it happens instinctively. You review a backup restoration daily, so when ransomware hits, the team remains calm and confident. You rehearse the motions so often that the real thing feels like another rep in the same routine.
Dynamic Resilience Maturity Path
Stage 1 – Static Awareness
Organisation reacts only to incidents. No drills. Fragile.
Stage 2 – Introduced Motion
Weekly micro drills begin. Teams start learning controlled instability.
Stage 3 – Rhythmic Readiness
Motion becomes predictable and internalised. Response roles rotate. Automation increases.
Stage 4 – Integrated Dynamic Stability
Drills, automation, governance, and incident response merge into one continuous capability.
The organisation is always moving and therefore always ready.
Stage 5 – Dynamic Resilience (Target State)
Compromise no longer threatens operational stability.
The organisation recovers calmly and quickly because it rehearses constantly.
Leaders see resilience as a cultural property, not a project.
I am confident there is something in this model and that organisations are going to have to take “assume breach” to another level of responsiveness. Critically an organisation that is forever in an “assume breach” state will become exhausted if there is not a more substantial plan underneath to promote learning recovery and role rotation.
Until the next time, I am going to keep dancing on the tube. See you soon.