If you dig into psychology a bit – or read any “Rah, Rah, You’re Awesome!” blog post – one of the key things that keeps us sane is being able to manage the conversations we have with ourselves in our heads. Unfortunately, this is one of the things in the “easier to say than do” bucket, and it’s something that a lot of people don’t really think too much about.
So I want to talk about this today just a little bit based on an aggregate set of the comments and feedback I’ve gotten when I talk to people about what they’re doing, how they see architecture and the general effectiveness of their security program overall.
Some people really have things together, and they’re making great progress.
Some people are struggling, but they know where they want to go, what problems they need to solve, and they’re focused on getting there because they’re confident they can ultimately do a better job of security for their organizations.
And some people…well…
Some people launch into what the Transactional Analysis branch of psychology calls the game of “Ain’t it Awful,” and it’s when basically you talk about how inevitable, uncontrollable, unchangeable, unreasonable or, well, just plain FUBAR a situation is and why there’s nothing you can really do about it.
I mentioned some of these before, but I saw some more examples, and you don’t don’t really even have to try that hard to find them…
“We’re just not mature enough…”
“I don’t have time…”
“They just won’t give us the budget/resources/aardvarks we need…”
“With this much of a backlog, we can’t do real security architecture…”
“We can’t get involved any earlier in the process…”
“We can’t get our users to follow the security policies…”
…and yes, I’m not above doing this too. It’s ingrained enough in us as humans to do this as a way to form social bonds or it wouldn’t have made it into the psychology literature.
Almost all the time, what these are aren’t statements of fact carved in granite that are unending statements of the way the world is…
…what these really are, are examples of what my mother used to call “A cop out,” e.g.,:
Parent: Can you get your shoes on, please?
Toddler: I can’t, Mommy.
To which my mother used to have a pretty standard response:
“Can’t never did anything.”
The variation I use with my own children is: “can’t yet,” meaning that if you wanted to, or you tried, then you probably could.
Which brings me back to the subject of this email.
While there really are quite a number of things we can’t control, the number of those things we aren’t able to influence is much, much smaller.
Far too often, our use of “can’t” to describe the state of the world is really a shorthand for giving ourselves permission not to try to do something dressed up like a justification of why something isn’t possible to change.
When we realize what we’re doing, what we should try instead is to ask the question:
“What would it really take to do this?”
“What can I do to influence or start a change in this situation?”
Now, maybe we don’t like the answers we get. And that’s fine.
The thing it forces us to do, however, is to make a decision and then own that decision about the answer.
Maybe the decision we make is that the problem really isn’t that big of a deal – it’s not a priority – so we will ignore it.
Maybe we realize that the problem requires resources or skills we don’t have, and we decide that now isn’t the right time to work on those skills.
Maybe we realize that we’re not interacting with the right people, and we decide that we’re not willing to engage with them right now.
All these are perfectly valid decisions, and there’s no judgement with a decision. A decision results in facts…
…and that’s a whole lot better than being overwhelmed by a bunch of assumptions we’re intentionally or unintentionally treating as facts.
The reality is that we all only have a certain amount of time, resources and energy, and we need to make decisions every day as to where, when and how we invest them. This is life.
The thing I want you to think about is what decisions you’re avoiding to make when we engage in the games of Ain’t it Awful so that we can recognize when we’ve reached the point where we’re tired of complaining and ready to take action.
If you’re ready to take action to change the way security works in your organization through getting some focused help over the next 6 weeks with me, then I’d like you to take a moment and decide if scheduling a screening call about Archistry’s Effective Security Bootcamp is the right way to tackle some of those problems.
Here’s the link to book the call: https://archistry.com/go/SecurityBootcamp
If you do, then what’s going to happen next is that on the call, we’ll talk about skill gap – or a problem related to a skill gap – that fits within the scope of the program. The nature of what we’re going to do is identify what skills, activity and behavior changes are required to solve the problem and make you more effective in your role in security.
Once we agree a high-level plan, we’ll have a 30 minute call once a week for the next 6 weeks where we review your progress, talk about anything we need to talk about, validate our course and set the targets for the following week. In between, we’ll exchange a bunch of emails about the questions you have, the challenges you’re facing and reviewing the way your new practices are appearing in the work you do.
It’s all pretty straightforward, and it’s designed to give you the confidence of learning to apply new skills or getting better at the ones you already have and being able to fail safely—both because of the structure of The Agile Security System™ and also because I’ve got your back.
If you decide that you want to work on these things between now and the end of the year, I’m giving you an additional incentive of saving $900 off the normal cost of the program when you make a single payment of $2,497. You can also spread the cost over two smaller installments of $1,398 if that makes it easier for you to get started.
However, if you want the discount – and you want to complete the program before the holiday break, then you need to book the screening call TODAY OR TOMORROW so we can get started with the first session this week.
As always, it’s up to you, and I’m asking you to make a decision.
If now’s not the time, then that’s fine by me.
If now IS the time, then here’s the link to book the call:
https://archistry.com/go/SecurityBootcamp
What are you giving yourself permission to do for the rest of the year?
Stay safe,
ast
—
Andrew S. Townley
Archistry Chief Executive
P.S. A few people have asked if they can start the program later, and the answer is yes, you can start later—assuming there’s space available. You’ll pay the full price, and you’ll still have the option to do it in two installments, so the only difference in starting now or later is really the cost you’d like to pay.
