Archistry

Survivability by Design™ since 2006

  • Home
  • About
    • Who Is Andrew?
    • C2T System™
    • The Agile Security System™
  • Contact
You are here: Home / Archistry Daily / Eating some “pause and reflect” dogfood

August 24, 2019

Eating some “pause and reflect” dogfood

One thing that occurred to me this morning as I was working on something else I’ll share with you in a few weeks is that perhaps some of my last few emails have come across a little hard-assed. And if that’s the way you’ve felt, I’m not apologizing, but I am acknowledging that perhaps it’s time for a little bit of a break from that particular tack.

The thing is, if you’re getting this email, I know you want to do better as a security leader, CISO, architect, security manager or whatever role you have. If you didn’t, you wouldn’t be on the list, and you wouldn’t be trying to figure out ways to solve your problems on your own.

And I’m very aware of this fact.

And I know you’re capable of doing more than you’re able to do right now.

And I also know that it can be pretty hard going at times.

So today, this particular insight was a result of applying practice #14, pause and reflect, of The Agile Security System™ in my own work.

While it’s the “last” of the practices I’m advocating you work to install as habits in your own work as a security professional, it’s certainly one of the most important ones. Because if we never stop…if we never actually pause, catch our breath and appreciate that, we’ll, at least we’re still breathing…or if we never actually see what we drive past every day on the way to work, or the store, or wherever…

…then we’re actually preventing our brains from doing some of their best work. The psychology is some of what’s behind the Pomodoro timer method and its variants, it’s the basis of the practice of meditation—or even the recommendations to go for daily walks and take frequent breaks.

They’re not just for your body, they’re for your mind as well.

And if there’s a profession that needs those kinds of breaks as much as anyone, it’s the modern security professionals!

So, yes, I’ve been harping pretty hard on what the consequences of not doing a better job creating and maintaining professional relationships outside of security, and I’ve also been admonishing you not expect “the business” to learn the subtitles of cybersecurity risk so they “get” what it is we’re trying to do for them.

Guilty as charged.

The reason it might have seemed that I was getting a bit carried away is simply because this is something I literally see every…single…day.

Every time I talk to security people, if it’s not the leaders – the CISOs or the CSOs or the Heads of Information Security – then it’s individual members of the team who are actually in the meetings with the business and technology people who are trying to solve the problems and “deliver the business.”

And if it’s not that, I regularly see this theme coming up in the press, blogs and other articles. In fact, I found about 6 today when I was looking for something else (bless my Google-fu).

So yeah, I get frustrated.

I get frustrated at our attitude as an industry—and one of the biggest reasons I get so frustrated about the lack of importance or dedication or time made to address this problem is that…

I’ve done it too. In fact, I did it for a very long time.

But then, I realized that this is really the thing that was holding me back—to getting more respect from the people on the projects I was on, from the leaders of the organizations I was working with, and it was just basically me getting in my own way.

…and I really don’t want you to have to struggle as long as I did to figure this out.

Because it’s a bitch. And it’s slow…and it’s really annoying and, frankly, it “wears a feller out,” as my Dad used to say.

So yes, I know you can do better.

And I know you recognize this problem,

and I also know that trying to force a horse to drink just leads to a drown, dead and still thirsty horse.

So….

There are some practical thoughts and ideas I’m confident you can use to improve the way you engage and interact with the non-security people you’re supporting so that they will be more appreciative, be more open to listening, and may even buy you drinks without the additives I mentioned yesterday.

But it won’t just happen.

It takes work, and that work and commitment to be better has to come at the expense of something else. You have to carve out the time.

So if you’re willing to make that commitment, then what you’ll find in the upcoming September issue of the Security Sanity™ newsletter is going to be full of some ideas that you can use the very next day – or even the same day – to start being more effective.

And if you have trouble, as a subscriber, you also get to ask me any questions I’m qualified to answer. That’s part of the deal as well.

But if you can’t, won’t or just aren’t able to right now, then, hey, I understand. That’s cool, and we can’t always do everything we know we should when we want.

As I’ve said more than a few times before, I’m good either way. The newsletter isn’t for people who won’t get value out of it, or who aren’t able to implement.

So, if it’s for you, and you’re not already subscribed, then you can make sure you get it here before it goes to the printer in a few days:

https://securitysanity.com

Either way, you’ve got this.

Stay safe,

ast
—
Andrew S. Townley
Archistry Chief Executive

Article by Andrew Townley / Archistry Daily / Agile Security, Pause and Reflect, Practice 14, Stakeholder Relationships

  • Email
  • LinkedIn
  • Twitter
  • YouTube

EMAIL NEWSLETTER

Want to get DAILY email tips on how to build a more effective security program so you can prove your security investments deliver value to the business?

You can always unsubscribe at any time, and we won't sell your data to third parties.

About Us

Archistry works with you to ensure what you want to achieve actually gets done, linking strategy, risk, governance and compliance to enable sustained exceptional performance Read More…

Testimonials

Andrew is a highly skilled and experienced information systems architect and consultant, which in my view is a rare thing. He is innovative in his thinking and merits the title of 'thought leader' in his specialist domains of knowledge—in particular the management of risk. Andrew has embraced SABSA as a framework and, in doing so, has been a significant contributor to extending the SABSA body of knowledge."

— John Sherwood, Chief SABSA Architect

"Fabulous person to work with. Very engaging and insightful. Extremely good technical knowledge with ability to relate concepts together and overcome differing opinions. Makes things work."

— Kevin Howe-Patterson, Chief Architect, Nortel - Wireless Data Services

"Andrew was able to bring clarity and great depth of knowledge to the table. His breadth of thinking and understanding of the business and technical issues along with a clear and effective communication style were of great benefit in moving the process forward towards a successful conclusion."

— Doug Reynolds, Product Manager, MobileAware

"Andrew is a fabulous consultant and presenter that you simply enjoy listening to, as he manages to develop highly sophisticated subjects in very understandable way. His experience is actually surprising and his thoughts leave you without considerable arguments for any doubts in the subjects he covers."

— Biljana Cerin, Director, Information Security and Compliance

Recent Posts

  • If you want better security, you’d better have a better security architecture
  • The ultimate security song to keep you focused on what you’re doing
  • Security heroes
  • There’s always a people problem
  • Putting your data flow diagrams out to pasture…for good

Looking for something else?

  • Home
  • About
  • Contact

  • Terms of Service
  • Privacy Policy
  • Cookie Policy
  • Copyright © 2006-2025 Archistry Incorporated or its affiliates

"Archistry", the stained glass window logo, "Pragmantix" and the Pragmantix™ logo, "Archistry Execution Framework (AEF)", "Archistry Execution Framework, Cybersecurity Edition (ACS)", "The Agile Security System", "The Agile Business System", "Baseline Perspectives", "Architecture Wall", "Archistry Execution Engine", "Renegade Security", "Renegade Security System", "Security Value Delivery System (SVDS)" "Collapse-to-Traction", "Collapse-to-Traction System", "Adaptive Trust & Governance Model (ATGM)", and "Adaptive Trust & Governance Model for Organizations (ATGM4O)" are trademarks of Archistry Incorporated or its affiliates.