This morning, a lovely little promo “predictions” video from FireEye popped up in my LI feed whose basic premise was this:
“The job of a cybersecurity professional is getting more difficult due to the amount of cloud being used.”
“Woop…woop…woop…woop” is the sound of the BS detector going off, and it’s just one of the many ways we, as security professionals play the victim card of…
…it’s not my fault.
Cloud is the convenient excuse du jour, but that’s all it really is. It’s an excuse.
And it’s an excuse because it means that security finally has to focus on something other than technology to be effective. It needs to focus on the business and business relationships first…
…instead of getting lost in the maze of protocols, ports and plumbing.
The blatant secret laying buck-naked on the ground in the center of the city square is:
It’s the same job we’ve always had.
We were just trying to cheat, and now we’ve finally gotten caught with our pants down—literally at times.
And given the number of breaches we see in the news, you’d actually be hard pressed to say – as an industry-wide characterization – we were doing it right in the first place.
Why?
Because we’ve been able to be lazy for far too long about what the real role of “security” is in our organizations. We’ve been so bad at it, and it’s been so disorganized, that we could hide in the land of technology and infrastructure, deploy lots of technical security controls…
…and blame the business users for anything we couldn’t control in our world—like whether they choose to click that link or not…
…like not giving us the budget we asked for…
…and wanting to use technologies that were newer than we’ve been prepared to support.
Now, it’s not everyone in security that thinks this way—so all is not lost. And, chances are, you’re one of the enlightened ones who tries valiantly, every day, to offset this kind of vendor-driven, oh-its-not-your-fault variant of classic FUD bullshite so they can sell what?
Yep. More technical controls.
Technology isn’t the answer.
It’s people.
And, in particular, a large part of the ultimate success or failure of your own organization’s security program comes down to one particular type of person:
The security architect.
Because if that person understands and is in tune with the business…can engage effectively with people…and can translate business-level priorities for risk management into technical specifications and solution designs to be actually operated and delivered…
…easily, repeatably and quickly…
…then that’s clearly the person who’s the lynchpin of your security program.
But it takes a unique set of skills, and, frankly, most people just don’t have time. There’s even fewer who recognize what they are and value them.
My guess is that if you’re reading this email, you’re one of those people. The only question then is:
Are your security architecture and business awareness and “translation” skills at the level you’d like them to be so that you can build architecture that drives the effectiveness of security for your organization.
Real architecture, not just technology and infrastructure architecture.
If they are, then congratulations. As I’ve said elsewhere, you’re the 1%.
If they aren’t, then maybe I can help—but only if you’re prepared to act fast. This isn’t some fake scarcity. This is fact.
Because the registration for the next cohort of our program specifically designed to help you understand how to build architectures that enable effective security closes in exactly 3 hours and 59 minutes from when I send this email.
If you’d like personalized, guided help to enhance your practical security architecture skills, now’s your chance to start IMMEDIATELY with the cohort on Monday. I’d be more than happy to have you join the cohort and experience something literally only a handful of people have had the chance to do…
…while giving you a skills turbo-boost you probably also haven’t had before.
But if you want it, now’s the time to get it. And you can only get it by registering with this link:
Stay safe,
ast
—
Andrew S. Townley
Archistry Chief Executive
