I didn’t expect a feel-good comedy to stick with me as much as Ted Lasso did.

Also, I know basically nothing about football, which makes it even funnier that a show built around it completely won me over.

ted lasso secops

Yes, it’s funny. Yes, it won a pile of awards, including a big night at the 2021 Emmys. But what keeps bringing me back is something else: the show is quietly obsessed with how people behave under pressure.

That’s why it keeps popping into my head when I think about SecOps, incident response, and leading technical teams. The tools change every quarter. The human bits don’t. Here are eight lessons I’ve found genuinely useful, especially when the work gets messy.

The hidden price of empathy in security operations

Ted Lasso tries to carry everyone. It’s charming, until it isn’t. You can see the cost: the constant availability, the “I’m fine” mask, the slow drift toward exhaustion.

SecOps leadership can look the same from the outside: you’re the calm one, the one who takes the escalation, the one who shields the team from nonsense. But if you never draw lines, you’re not being kind, you’re slowly burning the org’s best people (including yourself).

This is where balancing empathy with clear boundaries becomes a practical skill, not a soft one. Clear on-call rules, real time off, and a firm stance on alert noise are not perks. They are how you keep a team effective for the long haul.

Leading technical teams through acknowledged ignorance

Ted starts in a domain where he’s objectively out of his depth, and he doesn’t pretend otherwise. That’s the point.

Security leadership today is similar in a different way. Nobody is simultaneously deep in cloud identity, Kubernetes, OT/ICS, detection engineering, AI abuse, and compliance. The dangerous move is pretending you are.

When leaders can say “I don’t know, teach me”, specialists stop self-censoring. A penetration tester can raise a concern without sounding like the villain. An engineer can say “this design has a security hole” without turning it into politics. That psychological safety often prevents real incidents.

Strategic patience in incident response

When Ted realizes Rebecca is sabotaging him, he doesn’t immediately go for the dramatic confrontation. Sometimes that’s wisdom, not denial.

In incident response, “move fast” is not the same as “rush”. Not every anomaly deserves a full-blown escalation. Good SOCs learn what noise looks like in their environment, then save their energy for what actually matters.

The same goes for security programs: sometimes the best way to change behavior is to build quiet momentum. A near-miss can teach more than a policy doc. Patience, backed by monitoring and good judgement, beats constant firefighting.

Building security culture over chasing compliance checkboxes

Season one ends with relegation. It’s a loss on paper, but the team gains something that lasts: identity and trust.

Security has the same trap. You can “pass” an audit and still be fragile. Culture is what shows up at 3 a.m. when the pager goes off.

If you want a durable security posture, you want developers who naturally ask “what could go wrong here?”, ops folks who take least privilege seriously, and leadership that treats customer data as a responsibility, not an abstract risk statement. The checkboxes follow. The reverse is not guaranteed.

The corrosive power of siloed competition

The show is full of characters competing in the wrong direction. It’s rarely subtle, and it’s also painfully realistic.

In tech, it shows up as “security vs engineering”, or the cloud team vs the on-prem team, or people hoarding knowledge because it feels safer than sharing it.

Meanwhile, the actual adversaries don’t care about your org chart. If teams compete internally, the security posture loses no matter how many tools you buy. A big part of leadership is redirecting that energy toward a shared target.

Forgiveness and developing future leaders

Rebecca’s arc is a reminder that “forgiveness” is often self-protection. Not in a moral sense, in an operational one: resentment burns time and attention.

In security, this maps cleanly to how you handle mistakes and incidents. If every post-incident review turns into blame, people learn to hide information. If reviews turn into learning, people bring you the ugly truth earlier.

And then there’s the leadership pipeline. Ted’s success is never about being indispensable. It’s about making others stronger. That’s a useful north star for SecOps too: mentor junior analysts, rotate engineers through different areas, and create ways for technical people to lead without forcing them into management.

The limits of toxic positivity in security

At some point the show makes a sharper move: it admits that optimism can be a coping mechanism.

In security, “everything is fine” is not positivity, it’s denial. Toxic positivity shows up when risk assessments get waved away because they’re inconvenient, or when leaders downplay a real incident because it might look bad.

Real confidence is being able to say “this is where we are” without flinching: vulnerabilities, insider risk, budget constraints, fatigue. From there you can make good trade-offs: innovation with guardrails, speed with stability, optimism with honest risk.

Curiosity beats judgement in investigations

One Ted Lasso line that security teams should steal outright is the spirit of “be curious, not judgmental.”

During incidents, judgement narrows your vision. You decide too early that it’s “just a misconfig” or “definitely malware”, and you miss the boring detail that explains everything.

Curiosity keeps you moving: what changed, what’s different from baseline, what assumptions are we making, what would prove us wrong. It also improves the human side of incident work. When an engineer makes a mistake, curiosity produces facts and fixes. Judgement produces silence.

Closing thought

If you’ve read my earlier piece on total football and cybersecurity, you know I like looking for useful ideas outside the usual security bubble. Ted Lasso works because it’s not a leadership manual. It’s a story about people.

And in SecOps, that’s the part we can’t automate.