Results. However, “results” implies a couple of things. First, it implies that you know what you’re after, and secondly, it implies that you know how to measure it.
Following on from the theme of “things I hear when speaking with people” from yesterday, I often come across people who’ve been exposed to SABSA in particular, who are struggling to “sell” the adoption of SABSA to the organization.
And in the absence of being able to make the case, people inevitably fall back to the same kind of thinking embodied in the “Nobody got fired for choosing IBM” refrain you may have heard before. Nobody gets fired for using NIST (pick a flavor)…or ISO…or COBIT…or Gartner’s framework of the week.
This is true.
However, the fallback position actually might mask a lack of clarity on what you’re really after. Sure, if you adopt a framework, you’re following it…and you’re doing “best practice” types of things. And when people get into the “I’ll show you mine if you show me yours” kinds of conversations over beers, you can trot out all the stories about how you’ve got Maturity level 2.9457218 in whatever it is.
And your counterparts will slowly nod in understanding and agreement, and you’ll all feel like you’re getting results—because, after all, you’re using the tools. You’re doing the “best practice,” and you’re certainly keeping busy.
But the kicker is really knowing what results actually matter—and to whom. And being able to connect a big fat line between those dots…
…reliably, repeatably and confidently…
Every. Single. Time.
Now…you might already know the answers to those questions, and you might already have a system in place that helps you do exactly what I described.
Or…you might not.
If you aren’t sure, then maybe Chapter 6 of the upcoming The Definitive Guide to The Agile Security System™ print tome you can now pre-order for a nice discount until the 15th of January might be worth a read. Because that’s the part where I talk about the tools and the techniques to understand the business customers we support…
…to actually understand what they care about…
…to be able to understand what drives their decisions…
…and to be able to find some credible and convincing ways to demonstrate you’re actually supporting them – or even anticipating where they’re likely to go – any given time you’re interacting with them.
Because its the results of using The Agile Security System – and the speed and consistency with which you’ll get them – that will do all the selling you need to tell the story of the value of building reusable, business-driven security architectures.
And while the book is going to be 9 chapters – give or take, and plus the appendices and the bonuses I’ve mentioned before – it’s going to give you access to a system that gets you going…that you, individually…getting visible results that will brick-by-brick demonstrate the value of a systematic approach to delivering security that isn’t focused on controls…and that isn’t focused on threats.
Instead, it’s focused on helping “the business” actually DO business as quickly and safely as possible.
But you can only do that if you, individually, make the decision that you can and must do something different if you want different results.
If that decision is to help build your organization a more effective security program through building architectures you can start using nearly immediately to make security decisions, then here’s the link to pre-order your print copy of the book…in advance…
…which means before it’s quite finished, and before it’s ready to ship to every one of you who’s already reserved your copy.
As always, the choice is yours. Here’s the link if you choose to use The Definitive Guide as your path to building better, more effective, more consistent security architectures:
Andrew S. Townley
Archistry Chief Executive