Archistry

Survivability by Design™ since 2006

You are here: Home / Archistry Daily / Eliminating the “Oh, s#$%! Now what?!!?” cybersecurity knotted stomach

Eliminating the “Oh, s#$%! Now what?!!?” cybersecurity knotted stomach

Imagine that you’re at your desk, minding your own business. You’re trying to wade your way through the latest mis-mash of power-point slides and partially-completed word documents, in a frustrating attempt to figure out exactly what the technology solution to the latest business initiative to land in your inbox is really supposed to be, and then…

You get an incoming video call from your boss. This is not good. He never calls you directly like this.

You answer the call, and your suspicions are confirmed: this isn’t a “How’s it going?” chat or even an arse-chewing…

It’s an incident—maybe even a breach. Nobody knows just yet, but as part of the security architecture team, you’ve been pulled in to the all-hands-on-deck call to figure out what to do next.

Now, the actual questions that are most important in this situation are:

  1. What are you going to do next?
  2. How will you add the most value?

In my experience working with organizations that’ve linked strategy to security operations using architecture, the answers all revolve around you being able to leverage your existing architecture models and what they tell you about your environment to help you figure out the type of response security should have in this situation.

What I also know is that even without formal architecture models, someone with the right security architecture skills will be able to quickly build enough of the picture to help guide the analysis and ensure the right questions are asked—

Even if they’re starting from a cocktail napkin sitting at the bar.

Your ability to act and quickly add value to scenarios like this depend on having a system that you know you can count on so you can focus your thinking skills in the right area.

You don’t want to be stumped trying to figure out what you should do.

You don’t want to feel hesitant to engage in understanding and solving the problem.

And, ideally, you don’t even want to be there in the first place…

…unless the stinky stuff has really hit the spinning steel.

You see, if you have a repeatable system for building security architectures that drive decisions and enable action…

…and if you know that those architectures and their models are aligned with the organization’s true objectives and priorities…

…then you’ve probably already done the work you would’ve otherwise had to do on the fly and under pressure to build the models and identify the questions the operations teams would need to ask to identify, prioritize and focus the incident response efforts in the first place.

But…in many organizations, a security architecture like this just doesn’t exist.

And two of the key reasons are that either

  1. the security team just doesn’t have the knowledge and skills they need, or
  2. they know what they should be doing, but they’re just not able to make it happen in a practical way.

If this is the case, then I’m pretty sure that the skills you’ll develop as part of the next cohort of Building Effective Security Architectures (BESA) will unlock the most critical barriers to your organization’s security architecture, because…

…contrary to what people often think, the biggest barriers aren’t budgets, staffing, management support, tooling or time.

The biggest barriers are most often a lack of confidence that you have the ability to work differently and truly make a difference.

Everything about the content, structure and delivery of BESA is set up to help you build – or enhance – that confidence and give you the ability to truly work differently than you are right now.

If you want to start building security architectures you can count on in situations like the above and you’ve struggled in the past to get started…

…or if you’re not quite satisfied with what you’ve been able to produce…

…then high-tail it over to this link and join the February cohort:

https://archistry.com/besa.

I know it might seem like you have loads of time before the program starts, but 5 weeks of organizational approval time can pass like 5 seconds for you and me. And if you’re interested, I’d hate to see you watch the deadline whoosh by without knowing you were onboard.

But it’s your decision about how to make the biggest impact to your skills, your career, your team…and ultimately your organization.

Whatever it is, I’m sure you’ll make the right one.

Stay safe,

ast

Andrew S. Townley
Archistry Chief Executive