The term ‘Left of Bang’ originated in the US Marine Corps. In military terms, the bang is the event, the IED detonation, the ambush, the breach. Left of bang is everything that happens before it, the observation, the pattern recognition, the intervention that stops the bang from ever arriving.
Cyber security has borrowed the concept, and it fits perfectly. In cyber, the bang might be a ransomware payload detonating at 2am. It might be credentials silently exfiltrated over six months. It might be a supply chain compromise so quiet you won’t find it in the logs for another year. Right of these bangs is panic, stress, late nights filled with recovery (and so much coffee), notifying regulators, and board status updates… Left of bang at this point feels like a distant memory and a series of ‘what ifs’. “What if we had just disabled that unused account?” “What if we had introduced network segmentation?” “What if we’d patched that critical vulnerability?”
Right of bang is reactive. None of it reduces the chance that the bullet hits. It helps you survive the impact.
In comparison, left of bang is calm, it’s measured, it’s proactive, it reduces the blast radius, and the coffee tastes better! I prefer being left of bang.
Security money and attention usually go right: Incident response retainers, Detection and response tooling, SIEM, SOAR & recovery solutions, Tabletop exercises, Forensics, Breach notification, Cyber insurance. All crucial, but all after the shot has been fired.
There’s a reason we drift focus more to the right though. Right of bang is scary. It’s visible, it has drama, dashboards, and a clear story: the alert fired! > the team responded! > the threat was contained! > here’s the slide. It feels like security because it looks like the films. Left of bang work, by contrast, is a list of unglamorous chores: the stale accounts you disabled, the exposed service you decommissioned, the attack path you closed. These produce no incident, no story, and therefore no credit. You can’t screenshot the breach that didn’t happen. The only pat on the back you may get is from the auditors (or is that just a sympathetic hand on your shoulder?…)
But that breach that didn’t happen or when it does is contained with minimal disruption is the whole job. That’s the goal. That’s what this blog is about. No vendor marketing. No compliance theatre. Just the practical, unglamorous work of staying left of bang: understanding your attack surface, reducing it, and building the visibility to know when something is moving against you before it detonates.
Welcome to Left of Bang. The bang is coming. Let’s make sure you’re ready.