I don’t know whether you’ve seen the movie Groundhog Day or not. I saw it when it came out, but since then, about 25 years ago, it’s become rather the meme for getting stuck in a rut.
On the off chance that you haven’t seen the movie, Bill Murray plays Phil Conners, a weatherman, sent to cover the Groundhog Day ceremonies in Punxsutawney, PA that happen every year on the 2nd of February. The idea of the holiday is that if Punxsutawney Phil, the famous groundhog, sees his shadow, there will be 6 more weeks of winter.
It’s actually a great movie, but you gotta admit that Phil (not the groundhog) is a bit of a jerk at the beginning of the movie, and being stuck in the same day – every day — does little to improve his mood, as you might well imagine.
At one point, after the day has gone on for a while, he’s sitting at the bar in the local bowling alley, and he laments to a couple of idling “good ol’ boys” sitting around with him:
“What would you do if you were stuck in one place, and every day was exactly the same, and nothing you did mattered?”
They stop. Think for a minute, and then one of them says, rather deadpan, “Yeah…that ‘bout sums it up to me.”
Ultimately, it’s a movie about improving yourself as the only way out of living the same day over and over…and over…and over…and over…
You get the idea.
Because that’s actually all we can do. Sure, we get stuck, but if we don’t change something, we’re going to get stuck…and we’ll stay stuck.
In the case of Weatherman Phil, it was apparently about 34 years that he spends in the time loop before he finally figures out exactly what it is he needs to change.
So my question for you isn’t really about how long you’ve been stuck, but it’s about how much of what you do have you actually done before?
How much of it is looking at basically the same kind of service or solution to give it the security OK stamp so it can go ahead?
How much of it is effectively assessing the same risks…in the same environment…for the same technologies…
“Oh, but this is version 101.2345…point 9, so it’s completely different, you know”
And how much time do you spend, on average, each month finding the same answers to the same questions, or…
…worse yet, finding different ones that cause the world to change one week…
…and then you need to change it right back the next?
Now, really, that’s not a rhetorical question. It’s something I have no idea what the answer is for your particular situation, in your team and for the nature of the work you do.
But I’m guessing that, if you think about it, there’s going to be more than a few hours that you’ll never get back that are wearing your own, localized Groundhog Day security rut.
Or…maybe not.
There’s one more lesson here that’s relevant to the journey of many security architects I speak with. One of the things I get when I talk to most people about the way they’re doing security architecture – and SABSA in particular – is a long list of reasons why they can’t do it “right.”
The reasons are pretty standard, recurring themes, and some of them were ones I mentioned yesterday. But the key lesson here is that, like the movie, the only way for change to happen is…
…for YOU to change.
In the movie, nobody else changed anything in 34 years, but they weren’t the ones really in control. Remember what I said about control yesterday? It’s the ability to start and stop at will.
There are ways to eliminate a lot of the redundant work you do.
There are ways to formalize and leverage all the work you do…and figure out when is the right time to go back, revise and revisit what you’ve done before.
It is possible. And it’s one of the biggest overall things I want people to take away from all the detail, examples, guidance and experience packed in to the forthcoming book I’m working on right now: The Definitive Guide to The Agile Security System™.
But it might not be for you. You might not be ready to change. Or you might not want to change what you’re doing now.
And that’s totally ok.
However, for those who do, and who want to help make sure this book actually gets written, you can pre-order your copy at about 50% less of what it will sell for in January when it’s released until the 31st of the month, when the offer turns into a big orange pumpkin.
It’s not cheap. It’s made of dead trees, and it won’t be available as an ebook. And, assuming there’s enough interest to go ahead, after the 31st, I’ll still let people pre-order, but the price will go up by at least $100.
All that said, what it might do for you is streamline your approach to security architecture. It might help you build fully-formed SABSA security architectures that connect the business strategy to security operations. It might help you communicate more effectively with your customers…
…and it might help you build the credibility and trust you need as security to get the things done you know need to be done in your organization.
But it will only do this if, a) you buy the book, b) if you read it, and c) you decide to put what’s in it to work building the habits you need to consistently build architectures that keep your organization safe.
If you’re the type who wants in early, here’s the link:
Next week (or sooner), there’ll even be a sales page talking about what’s in it in more detail. But for now, it’s just an order form.
As I said before, if for some reason there’s not enough interest, and I decide to not go ahead with it, I’ll make sure your card is refunded in full during November. Otherwise, I’m targeting a shipping date for the book for sometime in the middle of January.
Don’t drive angry,
ast
—
Andrew S. Townley
Archistry Chief Executive
P.S. And if you’re interested in subscribing to the monthly print Security Sanity™ newsletter where The Agile Security System™ first appeared, you can start with the next issue here: https://securitysanity.com
