Maybe you’ve heard of Sun Tzu, but have you heard of John Boyd?

Sun Tzu’s “Art of War” is a classic when it comes to strategy. But if you’re in leadership today, John Boyd—the fighter pilot who revolutionized strategic thinking—deserves your attention.

Boyd’s principles are still vital in modern military operations and offer game-changing insights for leaders in today’s fast-paced, high-risk environments, particularly in cybersecurity.

I first encountered Boyd’s work as a young Air Force officer at Squadron Officer School and the impact has stayed with me throughout my military and corporate careers (shoutout SOS Class 07A, Flight 62, Worst to First).

Here are five key insights every leader, especially those in cybersecurity, should take from Boyd’s work:

1. The OODA Loop: Decision-Making in the Fast Lane

The OODA loop (Observe, Orient, Decide, Act)is perhaps Boyd’s most famous concept. It focuses on the speed at which you process information, make decisions, and act.

In cybersecurity, the faster you can detect and respond to threats, the more effective your defenses will be. The ability to outpace your adversary is not just about having the best technology—it’s about making quicker decisions than they can make moves.

Takeaway: Act faster than the threats you face by improving your decision-making speed and agility. 98% of what could happen is known, use that to your advantage.

2. Adaptability Is Your Competitive Advantage

In Boyd’s view, adaptability is more critical than strength. In both military and cybersecurity strategy, being able to pivot quickly and adjust to new conditions is the key to survival.

This adaptability means building systems and processes that can handle a constantly shifting environment—when new threats emerge rapidly, your defenses must evolve accordingly.

Intelligence drives operations and informs this adaptability (OODA, OODA, OODA…).

Takeaway: Adapt to new threats as they arise, and develop a responsive approach to cybersecurity that is flexible and which moves at the speed of need.

3. Decentralized Decision-Making Empowers Action

Boyd emphasized that successful operations require decentralized decision-making, empowering lower-level decision-makers to act quickly. This is crucial in cybersecurity, where rapid response is essential to containment and recovery.

Instead of waiting for approval from the top, cybersecurity teams should be able to make decisions at the keyboard level and take immediate action to defend critical assets.

This concept is called commander’s intent in the military.

Takeaway: Empower your cybersecurity teams to make quick decisions without waiting for approval ensuring swift response in the face of threats.

4. Training and Preparation Are Crucial for Success

Boyd stressed the importance of preparation—training and preparation allow teams to perform under pressure, regardless of what they face.

In cybersecurity, ongoing training and simulations (such as wargames) are essential for ensuring that your team is ready for any situation.

You don’t want the first time to be the first time.

Train your team not only in cybersecurity protocols but also in decision-making. This is key to maintaining resilience. Just like warriors prepare for battle, your cybersecurity teams and business partners must be prepared for any situation with ongoing training and simulations.

Takeaway: Continuous training ensures your team is always ready to handle emerging threats. Train like you fight and push the envelope when it is safe to do so.

5. Focus on the Long-Term: Winning the War, Not Just the Battle

Boyd believed that to succeed in warfare, you must focus on the long-term goal—winning the war, not just individual battles. In cybersecurity, this means thinking beyond immediate threats and focusing on building a resilient infrastructure that can withstand future attacks.

While it’s essential to respond to individual threats, the long-term goal should be building a cybersecurity strategy that evolves and improves over time, ensuring your business can operate securely for the long haul.

Takeaway: Build long term resilience. Focus on building a sustainable cybersecurity strategy that evolves with time and protects your business well into the Digital Age.

Why Boyd’s Insights Matter for (Cyber) Leaders Today

Boyd’s principles challenge the status quo and force us to rethink how we approach cybersecurity.

In an age of rapidly changing threats, the ability to act fast, adapt, empower your team, and focus on long-term resilience is critical for success.

Boyd’s ideas were transformative for military operations and they can be just as transformative for cybersecurity leaders on the digital battlefield today.

From the Commander’s Chair as well as the CIO and CISO seat, I’ve seen how adopting these principles help organizations not only survive but thrive in the face of evolving cyber threats.

Outthink the threat and you win.