Dear Frustrated Business Leader,
Right now, it’s even more important than ever to reduce the time from idea to implementation—especially for modern business services that depend on customer-facing software systems. Over the last 23 years, organizations have been working to adopt Agile delivery practices to help them deliver higher-quality projects in less time and with lest cost.
But it hasn’t always worked out as intended.
According to a recent survey on the real-world adoption of Agile delivery across various industry sectors, 38% of these organizations had given up on the current, popular frameworks and methods for Agile delivery.
You can take this information one of two ways. The first way is to assume that 38% of these organizations aren’t effective in their delivery of customer-facing software solutions because they aren’t using one of the popular, recognized approaches to Agile delivery.
However, based on the real-world experiences of myself and many others who have worked in software development since the ‘80s and ‘90s, I believe there’s another reason.
The current popular approaches to Agile delivery aren’t delivering on the promise of reducing the time from idea to implementation and actually delivering higher-quality projects faster and with less cost.
In fact, many times, the popular approaches to Agile delivery actually result in doing exactly the opposite.
Developers have an antagonistic relationship with management, so they end up working against the true needs and priorities of the organization.
Software is delivered, but remains underplayed for weeks – or even months – after the internal delivery metrics say it’s “done.”
Security is an afterthought to the software that is ultimately deployed, leading to many problems, lost or corrupted customer data and even high-profile security breaches.
Delivery teams are working on things with lower priority, or they sit idle, waiting for “upstream” dependencies to be delivered, wasting resources, increasing cost and resulting in costly delays and lost revenue recognition opportunities.
But it doesn’t have to be this way.
My name is Andrew S. Townley, and I primarily help large, global organizations build more effective security programs by focusing on business, not technology. I integrate security into the very heart of the business strategy and project delivery so that security is no longer a roadblock managed as a separate thing. Instead, security becomes a natural outcome of doing the right things in the right way at the right time. My approach leverages my extensive, 30-year background in software development and delivery working around the world and creating value-driven security programs. I fully integrate the Amplio system to streamline the entire, end-to-end nature of business value delivery.
However, while you might initially think “security” is secondary to Agile project delivery, in fact, it is not—at least when you adopt the right definition of what security actually means.
Security is the degree of confidence that someone is going to actually get what they want.
It’s a simple definition, and it’s dramatically different to the one most people know. But that’s why it’s so important.
If you’re responsible for delivering business value, you know that, in the immortal words of Peter Drucker, the purpose of a business enterprise is to create a customer.
And a customer is different than a buyer, because a customer makes a custom of buying from you. It’s not just a one-time transaction.
With today’s intense, competitive environment, customer retention is key, because it’s all too easy for people to switch from one offering to another—or even buy from multiple organizations in the same market.
So, if you’re using an ineffective approach to ensuring that new products and features are available in a timely manner, then you’re at risk of your current customers going somewhere else and your buyers today buying from someone else tomorrow.
To ensure you address this, you need an approach to delivering your products and services that gives you true security—not just in the traditional sense, but finally giving you the confidence you want that you’re delivering value that reflects in the business bottom line as quickly and effectively as possible.
In my 30 years of experience working with large organizations across diverse industries from manufacturing to finance and South Africa to the US to Europe to Saudi Arabia, there is only one approach that I’ve found that is capable of truly giving you this confidence, and that’s by combining the modular and flexible approach of Amplio and the proven, enterprise-grade SABSA® methodology to create something that I call The Agile Security System™.
The Agile Security System
How am I confident enough to make this statement? Because The Agile Security System didn’t just appear out of thin air. It’s based on real-world practical experience gained in the field from myself, Al Shalloway, the creator of the Amplio System, John Sherwood, David Lynas and Andy Clark who literally “wrote the book” on SABSA, the security architecture methodology originally created to support the SWIFT interbank transfer system’s $1 billion per transaction liability guarantee back in 1995.
For the last 20 years of my nearly 30-year professional career I have focused primarily on helping organizations deliver their desired business outcomes through two things: systems thinking and basic human interactions. These may sound strange for someone who normally works with large, global organizations to help them build more effective information and cyber security programs, but when you understand that the real definition of security isn’t about freedom from threats and vulnerabilities, it all fits neatly into place. I believe that the definition of security is the degree of confidence someone has that they’re going to get the result they want. This definition requires people to think about their objectives from the perspective of risk management, and it also means that security is about ensuring that this business objective is delivered to the best degree possible. It’s not optional. It’s essential.
Without an understanding of the entire system of value delivery both inside the organization and the way an organization interacts with the outside world, delivering this definition of security is impossible. It takes understanding the systems at work, discovering the truly essential parts required to deliver their function and then being able to easily switch between analysis and synthesis to ensure the right value delivery structures can be created. Doing this requires a deep understanding of the most common parts of business systems: people and technology.
However, it’s not enough to just understand the nature of the parts themselves, how they work and how they might work better. It’s also essential to understand how they relate to each other so you’re able to optimize their interactions—not individually, but within the context of the whole. This is why systems thinking is so fundamental. It helps you see the structures that deliver value, whether it’s in a business enterprise, within a market or even across cultures and countries. Once you see the systems and truly understand them, you realize that the biggest, most essential parts are people. That’s why effective value delivery ultimately comes down to effectively establishing and managing human interactions.
Everything else – technology, resources, products, systems, solutions and services – are a function of those interactions, so failing to address them and structure them intentionally means ultimately relying on blind luck to ensure business value is delivered. Executives, shareholders and even employees don’t want to rely on luck. They want confidence that what they’re trying to achieve will actually materialize. That’s why security is defined in terms of confidence. And helping organizations establish, measure and communicate that confidence is exactly what I do. In fact, it’s what The Agile Security System was built to do.
So, if you’re interested in learning more about how your organization can solve your current issues in your end-to-end approach to delivering value to your customers in a way that can finally give you the true confidence you want because you can literally see where and how all of the current bottlenecks, roadblocks and inefficiencies are being addressed, then let’s have a conversation about making it happen.
Stay safe,
—
Andrew S. Townley
Archistry Chief Executive, Certified Amplio ACE and Certified SABSA Security Architect
andrew.townley@archistry.com
What People Are Saying About Andrew
A True Thought Leader
“Andrew is a highly skilled and experienced architect and consultant. He is innovative in his thinking and a true Thought Leader in his specialist domains of knowledge—in particular the management of risk. Andrew has also been a significant contributor to expanding the SABSA body of knowledge.”
John Sherwood – SABSA® Creator and Chief Architect
Makes Things Work
“Fabulous person to work with. Very engaging and insightful. Extremely good technical knowledge with ability to relate concepts together and overcome differing opinions. Makes things work.”
Kevin Howe-Patterson – Chief Architect, Nortel - Wireless Data Services
Clarity, Depth and Breadth
“Andrew was able to bring clarity and great depth of knowledge to the table. His breadth of thinking and understanding of the business and technical issues along with a clear and effective communication style were of great benefit.”
Doug Reynolds – Product Manager, MobileAware
Fabulous Consultant
“Andrew is a fabulous consultant and presenter that you simply enjoy listening to as he manages to develop highly sophisticated subjects in a very understandable way. His experience is actually surprising!”
Biljana Cerin, Director, Information Security and Compliance
Interesting, Useful and Full of Ideas
“Found the link to the July issue and read through this afternoon. Think you’ve done a really good job with it and especially around the objective of it being interesting, useful and full of ideas—which the newsletter easily met. Really looking forward to the September issue. If, in the unlikely event an August addition become available, I would happily purchase!”
Andy Smith – Security Architect
More Value Than Anything Out There
"As you have mentioned before, it always all about controls and frameworks. The gap between where the industry is and where we should be seems to be about 180 degrees. Whenever someone asks the question, 'should we have a framework to align business to security?' well they need to look at what Archistry offers. I refuse to pay for any other training class out there. No value after taking BESA, and it's the reason why I spend my money on Security Sanity instead. Absolutely more value there."
Tereston Bertrand – Enterprise Security Architect
A Source of Sanity
“I have been working flat out the last 2-3 weeks on a very detailed program. The one thing that has kept me sane has been your daily emails about the Archistry training. Keep those great emails coming!”
Shane Tully – Enterprise Security Architect
Compelled to Subscribe
"Reading your blogs and content I was rolling at some of the references you make. You write like the frustration of the past guides your fingers across the keys. I was compelled to subscribe to the newsletter."
Vince Nalin – Enterprise Security Architect
Thought-Provoking, Practical Ideas
"Your thought-provoking messages about security, leadership … are welcome. I enjoy reading them. There are many ideas which can be applied to the work, even within the limits of a heavily-regulated organization like my employer."
Helvi Salminen – Information Security Manager