It’s one thing to be proud of the work you do, but it’s a whole other thing to be so in love with it that you start idolizing the work and forget…
…what the work is actually for.
And this goes as much for assuming people can immediately see the value of what you do as is it does for pin striping it to the point of being pathetic.
…which is the exact opposite of the “powerpoint” architecture I mentioned a few days back.
The astute reader will notice that the points above actually have nothing to do with the mechanical skills of “security” or producing “architecture”—whatever that might mean to you today.
However, the wise reader will also recognize that while you might create the best, most amazing, and most complete security architecture artifacts in the world. They don’t actually add any value unless you
…communicate them
…demonstrate how they help people make decisions
…and be able to meld what you’ve done seamlessly into the worlds of your customers so they wonder how they ever got anything done without your help.
The astute AND wise reader will recognize that, effectively, this is a skill called marketing. Because, as has been proven time and time again, the best product in the world won’t go anywhere by itself…
…while the mediocre product – with great marketing – can become part of the everyday lives of an entire planet.
What I see most often with security architects who struggle in their role is that it isn’t about doing the “security work”. Many are actually pretty good, or even bloody brilliant at the design layers of the SABSA model—much, much better than me. There’s no question that they know how to do the work, and can do it well.
Where they struggle is GETTING to do the work.
They just can’t explain what they want to do well enough so anyone cares enough about what the architect wants to do that they ultimately get to do it.
And when this happens, you get “security architects” relegated to policy enforcers/security quality control technicians sitting in stage-gate review meetings…
…watching their souls wither and die a slow, quiet death.
As a reaction and an attempt to revolt against this, it can spawn the arrogant, self-important and narcissistic security architect. The kind of security architect that lets everyone know how brilliant they are…how hard the work…and how meaningless and misguided “the business” is in trying to go around doing things in an “insecure” way.
In short, they’re committing one of the 7 deadly sins of security architecture: pride.
And, as I said at the top, I mean “bad” pride, not legitimate pride in the work they do because it adds value to other people.
This “reactive” pride…this haughty, high self esteem is actually a reaction. And it’s a reaction to the simple skill deficit of not being able to effectively communicate the value of what you do.
Because if you can do that, you can easily
…link what you do to the business
…make the case to do the work you want to do
…and even get the budget you need to do it
If you think about it, being able to do those 3 things are 90% of what makes an effective security program. It’s not about doing the work. It’s being able to get it done.
And that’s why about 80% of what I teach is how to do that part, because there’s absolute ZERO value in the things you can’t do—no matter how much you’ve invested in them.
That’s ultimately what The Agile Security System™ is all about. It’s a reliable system to do that “hard stuff” where most security architects struggle – and even some C-level security leaders –
…so you can link it with the “easy stuff” of security you already know how to do, or at least have a way to do.
And you can do it quickly and predictably.
What I’ll be talking about in the March issue of our premium, print and expensive Security Sanity™ newsletter are the 7 sins of security architecture—and give you some concrete examples of what you need to do to…
…recognize them in your own work
…and help you deal with them
…so you can get out of your own way, and be more productive, more respected and to actually enjoy more of the work you do every day.
To get it, you’ll need to visit this link
And make sure you’re subscribed by Saturday night at midnight when I deactivate the shopping cart.
Stay safe,
ast
—
Andrew S. Townley
Archistry Chief Executive
