Archistry

Survivability by Design™ since 2006

  • Home
  • About
    • Who Is Andrew?
    • C2T System™
    • The Agile Security System™
  • Contact
You are here: Home / Archistry Daily / Cisco’s CISO gets it right—but is off by 80%

April 7, 2020

Cisco’s CISO gets it right—but is off by 80%

In today’s long list of emails was a link to an interview from RSA with Jeff Reed, Cisco’s CISO talking about why complexity is a top challenge for CISOs. Those of you who remember some of my previous emails – especially those talking about the launch of The Agile Security System™ itself last July – may remember that this topic has come up more than a few times in the past.

I agree 100% with Jeff’s premise. However, when he goes to elaborate, the only kind of complexity he talks about is the complexity from having lots of security vendors and trying to manage them all. He calls this phenomenon “cyber fatigue,” and without a doubt, it’s a real thing.

However, and given that Cisco’s a component vendor after all, it’s not surprising that he gets stuck on the lowest level of security architecture. It’s interesting, but it won’t take you very far.

If you’re trying to tame it by starting with, as I called it in the August 2019 newsletter:

“that pile of legacy spaghetti made up of not only the cables, but the code and the connections that use them. That Jabberwock of the enterprise. That Wyvern of the Intraweb. The Dark Place of the enterprise’s very soul.”

You’re starting at the wrong place.

Sure, that mess is, well…a mess…once you get too many vendors in the mix selling too many different types of controls generating too many alerts…

…but that’s a type of complexity that’s a symptom rather than a root cause.

The kind of complexity that gets you in trouble starts well before you approve a single PO. It starts with the way you think about what you’re trying to do.

If we actually realize the true scope of the danger of complexity in our enterprise, then we’re far too late. To actually make a difference and do something tangible about all that complexity, we have to root it out – wherever it may be – and attempt to tame it.

Violently.

That’s why Principle #5 of The Agile Security System explicitly gives advice about going toe to to with this primordial evil. It extols you to “violently encapsulate complexity.”

Almost every single organization I’ve worked with failed to heed that advice, and the result is almost always…

…a lot more people than are actually required

…a lot more controls than are necessary

…and – far more importantly – a lot more cost across the board, in terms of time, energy and money.

It’s no wonder burn out and people leaving the industry is higher in security – especially cyber security – than it is in other similar disciplines.

But maybe that’s ok with you and your organization. Maybe you already have a plan to fight this ugly abomination on its home turf—and win.

Or maybe you don’t.

If you don’t, then this is one of the first things we do as part of the Effective Security Leadership coaching and mentoring program once we start working together. And it’s the very first thing we need to do, because until we get some kind of handle on the complexity in your world…

…there’s no way anyone can help you fix it—including even yourself.

To find out more about how the program works and request an opportunity to work with me directly to start the transformation of your security program today so that it’s more effective, more aligned with the business, and it does a much better job keeping your organization safe than it is today, just visit the link below and schedule a screening call today.

No, there’s no “buy now” button, and I’m not going to do a hard sell on you. In fact, until we have a conversation, I have no idea at all whether anything I do can even help you right now.

But there’s only one way to find out.

Book your call here: https://securityleadershipcoaching.com

Stay safe,

ast
—
Andrew S. Townley
Archistry Chief Executive

Article by Andrew Townley / Archistry Daily / Agile Security, Complexity, Security Architecture, Security Leadership

  • Email
  • LinkedIn
  • Twitter
  • YouTube

EMAIL NEWSLETTER

Want to get DAILY email tips on how to build a more effective security program so you can prove your security investments deliver value to the business?

You can always unsubscribe at any time, and we won't sell your data to third parties.

About Us

Archistry works with you to ensure what you want to achieve actually gets done, linking strategy, risk, governance and compliance to enable sustained exceptional performance Read More…

Testimonials

Andrew is a highly skilled and experienced information systems architect and consultant, which in my view is a rare thing. He is innovative in his thinking and merits the title of 'thought leader' in his specialist domains of knowledge—in particular the management of risk. Andrew has embraced SABSA as a framework and, in doing so, has been a significant contributor to extending the SABSA body of knowledge."

— John Sherwood, Chief SABSA Architect

"Fabulous person to work with. Very engaging and insightful. Extremely good technical knowledge with ability to relate concepts together and overcome differing opinions. Makes things work."

— Kevin Howe-Patterson, Chief Architect, Nortel - Wireless Data Services

"Andrew was able to bring clarity and great depth of knowledge to the table. His breadth of thinking and understanding of the business and technical issues along with a clear and effective communication style were of great benefit in moving the process forward towards a successful conclusion."

— Doug Reynolds, Product Manager, MobileAware

"Andrew is a fabulous consultant and presenter that you simply enjoy listening to, as he manages to develop highly sophisticated subjects in very understandable way. His experience is actually surprising and his thoughts leave you without considerable arguments for any doubts in the subjects he covers."

— Biljana Cerin, Director, Information Security and Compliance

Recent Posts

  • If you want better security, you’d better have a better security architecture
  • The ultimate security song to keep you focused on what you’re doing
  • Security heroes
  • There’s always a people problem
  • Putting your data flow diagrams out to pasture…for good

Looking for something else?

  • Home
  • About
  • Contact

  • Terms of Service
  • Privacy Policy
  • Cookie Policy
  • Copyright © 2006-2025 Archistry Incorporated or its affiliates

"Archistry", the stained glass window logo, "Pragmantix" and the Pragmantix™ logo, "Archistry Execution Framework (AEF)", "Archistry Execution Framework, Cybersecurity Edition (ACS)", "The Agile Security System", "The Agile Business System", "Baseline Perspectives", "Architecture Wall", "Archistry Execution Engine", "Renegade Security", "Renegade Security System", "Security Value Delivery System (SVDS)" "Collapse-to-Traction", "Collapse-to-Traction System", "Adaptive Trust & Governance Model (ATGM)", and "Adaptive Trust & Governance Model for Organizations (ATGM4O)" are trademarks of Archistry Incorporated or its affiliates.