Have you ever been really focused on something, and no matter what you did, you didn’t seem to get any closer to it? I mean, damn it! It’s right…there. But I can’t get it.
I mean, I want it. I know I want it, but…nope. Maybe if I just tried this…
This scene was pretty-much what played out in a video I saw on LinkedIn not too long ago. There were these 3 puppies in a cage, and the owner had set 3 bowls of food out for them, but they were right beside the cage. The puppies were going crazy…
The bounced up and down.
They barked.
They gnawed at the cage.
The dug at the bars.
But nothing…and I mean nothing seemed to get them any closer to their goal of eating the doggie kibbles.
Then the camera zoomed back, and, of course, what was the REAL situation?
That’s right. The door of the cage was open, but it was on the side 90º away from the food. All they needed to do was stop, turn to their right, run out the door, and they’d be in full-tummy puppy heaven.
One of the biggest problems we often have in security, is that we’re pretty much one of those puppies. We’re focused on one thing, whether it’s threats, incidents, controls, a particular project or whatever…but we just don’t really see the full picture, because if we did, we’d realize that maybe there was an easier…or even better way…to get what we wanted.
In all of the 14 years that I’ve been using SABSA as a way to build security architecture, the thing I’ve found over and over again was that almost all the common problems in security ultimately come down to a lack of – or unused – architecture.
Now, you may be thinking that because I’m plugging a book about building security architectures, that I’m the kinda guy that has only a hammer and sees everything as a nail.
…and hey, you might be right.
But in my experience, the only thing that keeps you connected…that can help make sure you don’t lose sight of the big picture when your flailing away in the weeds, fighting to solve a really ornery problem…
…is architecture.
The problem is, most people don’t really know what it is, and if they do, they don’t build it in a way that really gives as much leverage and value to enhancing the overall effectiveness of their security programs.
Even if you have an approach, you might think it’s too hard to explain, it takes too long to do, or you just can’t figure out how to really leverage it to increase the speed you can work—so you can ultimately focus on other, bigger or more strategic problems.
All of those things were problems I faced in my own efforts too. And after getting sick and tired of being stuck, I decided to figure out a way to solve them. And that’s why I really created The Agile Security System™ in the first place.
Because I was tired of drawing basically the same diagrams over and over again, but not, because I’d miss something or it won’t work as well…or it just wasn’t as consistent as I knew it could be.
The reality is, I hate doing the same job over and over again, and you might too.
If you do, then you might find The Agile Security System a good way to increase your skills at developing security architecture, build more consistent and actionable security architectures and to be able to use those architectures more easily to engage the business customers, get the security budget you need, have fewer security gaps in your deployed security solutions, and, most importantly…
build and enhance your personal credibility and trust within the organization so you can do a better job keeping it safe.
If you want the full story on how to apply this method to build SABSA security architectures “by happy accident” and get a lot of the same kinds of practical, hands-on guidance that we offer in our coaching and training programs for $5,000+,
You can pre-order your very own copy of the Definitive Guide to The Agile Security System™ right here:
It’s not cheap, but at $247, it’s the cheapest it will ever be from today until Thursday at 11:59pm. After that, it goes up by at least $100, and then it’ll be almost $500 by the time I start shipping the book probably in mid-January.
And just in case you don’t think this is going to be worth $247, you also get a few extra goodies:
Bonus #1: A fully-engineered reference to integrating the CIS20 control library into the architectures you create with The Agile Security System. That means you get basically everything from the Logical and Physical architecture layers of SABSA in one reference. And even if you don’t use The Agile Security System to build your security architectures, it’ll still help you understand the control library better than you might today, because it’s expressed in terms of the attributes, domains, services, mechanisms and features that are actually involved for each of the 3 levels of implementation.
Bonus #2: A guide to the 55 attributes included in the AEF Reference Architecture, including the definitions, suggested metrics and candidate mappings to the domains of the Baseline Perspectives so you can build your own, fully-engineered trust relationships and security associations in your organizations based on the common aggregation patterns of the reference architecture.
Bonus #3: If you’ve ever struggled to build security architecture models and communicate them in the past, then this set of stencils provides all of the core elements of the Archistry Security Modeling Language™ (ASML) that you can use in OmniGraffle, Visio and draw.io so you can build consistent models with a common notation that was carefully curated to be used to focus on the security aspects that are most important.
Do you need the book, the 3 detailed, in-depth examples for building architecture from the business strategy, the security policies and a project charter, the CIS20 stand-alone security architecture, the collection of attributes and the modeling stencils?
Nope. You’re free to build your own. I mean, after all, that’s what I did.
But it’s not a task for the feint of heart—or one I’d recommend when you’re under pressure to deliver 1,000’s of projects a year and valiantly battle the reputation of the department of “There’s no way in hell you’re going to put that in production, Mr. or Ms. Project Owner.”
If you want it, and you want to make sure you get it in January when it comes out, and you want the best price you’ll ever get for it, here’s the link again:
https://archistry.com/go/dgpo.
Don’t dilly-dally, though…there’s only a few short days left at almost 50% what it’ll cost if you change your mind later.
If it’s not for you, then that’s cool too. Either way,
Stay safe,
ast
—
Andrew S. Townley
Archistry Chief Executive
P.S. And if you’re interested in subscribing to the monthly print Security Sanity™ newsletter where The Agile Security System™ first appeared, you can start with the next issue here: https://securitysanity.com
