Infosecurity Europe
3-5 June 2025
ExCeL London

Four Things Michael Johnson Taught us About Cybersecurity

Cybersecurity tips from Michael Johnson, the Olympic champion who knows a thing or two about winning

Four-times Olympic gold medallist and champion sprinter Michael Johnson opened Infosecurity Europe 2023 to a packed-out keynote stage. It’s hard to believe this was over a month ago and I had the privilege of introducing this sporting legend.

Some may have wondered why an athlete was there to open the biggest gathering of the information security industry in Europe, and Johnson even joked to the audience that he definitely was not in the wrong place. His talk was gripping and passionate and once Johnson sounded the starting gun on his speech the overlap between his career and the cybersecurity world became clear.

Here is my top four things Michael Johnson taught us about cybersecurity: 

1. Don’t Forget the Fundamentals 

Through his story about training for the track and field competition Johnson spoke of how he disliked the weight training element. He loved running since he was a child, but the idea of lifting weights turned him off.

“I tried to avoid the fundamentals,” he said.

His attempts at becoming World Champion without lifting a single weight did not come to fruition and it wasn’t until he committed to the fundamentals that his dream was realised.

There were a lot of nodding heads in the Infosecurity Europe audience as the parallels between Michael’s story and the world of cybersecurity were blatant.

Without having the fundamentals in place, basic cyber hygiene for instance, it will be much harder, if not impossible, to successfully secure your organisation. Once you have the cybersecurity fundamentals in place it will be much easier to grow your organisation’s security maturity and stay on top of the threat landscape.

“You have to commit and dedicate yourself to the things that are fundamental as much as the things that you’re good at,” Johnson said.

2. Know Yourself 

Knowing yourself and how to optimise performance under pressure is another key to success, Johnson outlined.

For Johnson, that meant understanding what drove personal confidence and then putting himself in the best emotional and mental state to manage high-pressure situations.

It is clear how this translates to the cybersecurity environment. If we don’t know our own organisation - its strengths, and weaknesses, how it works, its core business objectives - then we are not able to successfully secure the most important assets.

As a CISO if you know what is driving the business you work in and what the CEO and Chairperson’s top priorities are, it will better allow you to have security-related conversations with them that resonate and lead to action. 

3. Prepare for the Unknown 

You don’t know what your competitor is going to do once the start gun has fired but you can be prepared for their likely moves.

“It’s about understanding the challenge as best you can and arming yourself with as much insight as you can so you’re ready for the challenge next time it comes,” Johnson commented.

This is exactly how we in cybersecurity should continue to monitor the threat landscape, seek to understand how threat actors are behaving and ensure we are matching our most efficient competitors.

It is also hugely important to have a plan as to what to do when the unknown happens – which, if you speak with any cybersecurity professional, they’ll tell you it will. Have an incident response plan that is fit for purpose, know how your organisation can remediate quickly and, importantly, make sure you’re ready to take lessons learned from such incidents and implement them in the future. 


4. Less is More 

Michael Johnson’s famous gold running shoes, which took him to victory in the 200m and 400m gold medals at the 1996 Atlanta Olympics, were also relevant to the overlap with cybersecurity.

Speaking about the shoes, he said the development, in partnership with Nike, took him and his coach more than a year to work on. The aim was to have the lightest shoes on the track to drive him past his competitors.

It is tempting to add more “stuff,” Johnson reflected, but this is not always the right way to go.

It alludes to the idea of getting the fundamentals right once again but it’s worth looking at the tools available to the cybersecurity community. Walk around Infosecurity Europe and you’ll see a tool or service to solve all problems, but sometimes it is true that less is more.

Often cybersecurity practitioners invest in the latest, greatest solution without necessarily having the knowledge or resources to manage the technology to get the best results. Rather than adding to the security stack with equipment you may not be able to use, work with your suppliers to ensure the tools you already have are being used to their full potential.

Cybersecurity vendors will be more than willing to take the time to work with you to optimise what you already have before adding more. 

Enjoyed this article? Make sure to share it!

Looking for something else?