Archistry

Survivability by Design™ since 2006

  • Home
  • About
    • Who Is Andrew?
    • C2T System™
    • The Agile Security System™
  • Contact
You are here: Home / Archistry Daily / Lazy? Effective? Or something in between?

January 22, 2020

Lazy? Effective? Or something in between?

It’s been a while since I answered any questions about BESA, so I thought I’d respond to one of the concerns that’s been popping up since I’ve been talking about how the delivery of Building Effective Security Architectures actually works. In particular, it seems people are a bit skeptical about the learning potential of the peer reviewed homework, so let’s talk about that just a bit.

I remember back when I was in Jr. High and High School, and from time to time, the teacher would make us pass our papers to the person in front of us so that we could grade each other’s assignment. Back then, there were a lot of complaints, groans and the teenage refrain of:

“Why do we need to do this? Isn’t this your job? After all, you’re the teacher.”

And I have to admit that the first time I signed up for a program that used peer reviews among the cohort as the primary feedback mechanism—sometimes in cohorts of up to 70 people…

I was skeptical too.

I mean, I wanted to learn from the person running the course. I just wasn’t sure what value someone else looking at any of the work I did would actually have.

What if they gave me some bad advice?

So let me explain a little bit more about how and why this approach actually does you a lot more good than simply submitting your assignments to me for my direct feedback.

First off, the point of the exercises is that there aren’t any right answers. Sure, some answers will be better than others, and I know how I have completed all these exercises (we’ll come back to that in just a minute).

But the bias of the “bad advice” is pretty hard—unless there’s a low number of people in the cohort, and they’re all really lost. Each assignment is reviewed by up to 3 of your peers  (depending on the ultimate size of the cohort), and they are asked some questions about your work so that you get their perspectives and insights which differed from yours.

Sure, sometimes, people get into arguments about “being right,” but we have some mechanisms in place to make sure those get addressed.

The main thing is that you get a much broader perspective than just from me. In fact, the more diverse the cohort is, the better. When we’ve done these with closed groups all from the same place, everyone kinda tends to follow the organizational line. This doesn’t really help get a diversity of opinions, and, actually, running those courses is much harder.

The second thing is that the nature of the feedback questions are about exploring other options than what you see. You’re trying to not only understand your peer’s answers and their perspective, but you’re also trying to share areas where they might improve or where you’ve thought of something that wasn’t part of their answers or solution.

What I found myself in participating in this exercise was something I’ve learned when I first ran a course on operating systems at a local, for-profit school in Kansas City a long time ago:

If you really want to really learn something, then try and teach it.

When you’re trying to explain something to someone else – effectively helping them with their homework – you need to validate your own understanding of the material too. And doing this is a lot more powerful than you might think, because it’s a safe environment, and there’s no pressure to get it “right.”

That’s what being able to “fail safe” really means.

And the last thing I want to say about how the peer reviews work is that I do actually personally review all of the assignment submissions myself. This is where I use my own answers as a guide so I’m not randomly making things up.

While I don’t give direct feedback to everyone, if there are recurring themes or particular issues that I think are worth mentioning, then this is part of what we talk about on the weekly Q&A call. And if I think it’s truly necessary, I will reach out directly to individuals who are  having troubles or seem to need additional help.

The Q&A calls are also an important source of feedback on the quality and content of the peer reviews since they’re held after the peer reviews have been completed and everyone has had a chance to see and digest the comments they received.

Any issues or questions with the feedback can be raised, and particular areas where people have questions are then discussed with me, as well as with an open floor for the entire cohort in attendance. If you can’t make it, the calls are recorded, and any followups or things that might’ve been missed are then addressed asynchronously via the dedicated Slack workspace.

I have no idea if this all makes any difference to you or not. However, I hope that at least this addresses any concerns or questions you might have about how the cohort peer reviews work and what level of direct, live input you can expect as part of the cohort.

If it hasn’t, then please feel free to reply to this email with any other questions or concerns you might have. I will always do my best to reply, and, don’t forget that if you’re reading this and you’re also a subscriber to the Security Sanity print newsletter, you can ask me anything about anything I’m qualified to answer. It’s one of the perks of being a subscriber.

Or, if none of this makes any difference to you – or if learning how to easily build SABSA security architectures isn’t one of your goals – then that’s fine too.

But as far as the course goes, the clock is starting to tick. There’s just a few more weeks to get in to the next cohort and have live access to me for significantly less than any other offer we have.

If the above sounds like something that will help give you the skills and confidence to be a better security architect, then head over to this link and join the cohort:

https://archsitry.com/besa

Stay safe,

ast
—
Andrew S. Townley
Archistry Chief Executive

Article by Andrew Townley / Archistry Daily / Agile Security, BESA, Cohort, Peer Reviews, SABSA, Security Architecture

  • Email
  • LinkedIn
  • Twitter
  • YouTube

EMAIL NEWSLETTER

Want to get DAILY email tips on how to build a more effective security program so you can prove your security investments deliver value to the business?

You can always unsubscribe at any time, and we won't sell your data to third parties.

About Us

Archistry works with you to ensure what you want to achieve actually gets done, linking strategy, risk, governance and compliance to enable sustained exceptional performance Read More…

Testimonials

Andrew is a highly skilled and experienced information systems architect and consultant, which in my view is a rare thing. He is innovative in his thinking and merits the title of 'thought leader' in his specialist domains of knowledge—in particular the management of risk. Andrew has embraced SABSA as a framework and, in doing so, has been a significant contributor to extending the SABSA body of knowledge."

— John Sherwood, Chief SABSA Architect

"Fabulous person to work with. Very engaging and insightful. Extremely good technical knowledge with ability to relate concepts together and overcome differing opinions. Makes things work."

— Kevin Howe-Patterson, Chief Architect, Nortel - Wireless Data Services

"Andrew was able to bring clarity and great depth of knowledge to the table. His breadth of thinking and understanding of the business and technical issues along with a clear and effective communication style were of great benefit in moving the process forward towards a successful conclusion."

— Doug Reynolds, Product Manager, MobileAware

"Andrew is a fabulous consultant and presenter that you simply enjoy listening to, as he manages to develop highly sophisticated subjects in very understandable way. His experience is actually surprising and his thoughts leave you without considerable arguments for any doubts in the subjects he covers."

— Biljana Cerin, Director, Information Security and Compliance

Recent Posts

  • If you want better security, you’d better have a better security architecture
  • The ultimate security song to keep you focused on what you’re doing
  • Security heroes
  • There’s always a people problem
  • Putting your data flow diagrams out to pasture…for good

Looking for something else?

  • Home
  • About
  • Contact

  • Terms of Service
  • Privacy Policy
  • Cookie Policy
  • Copyright © 2006-2025 Archistry Incorporated or its affiliates

"Archistry", the stained glass window logo, "Pragmantix" and the Pragmantix™ logo, "Archistry Execution Framework (AEF)", "Archistry Execution Framework, Cybersecurity Edition (ACS)", "The Agile Security System", "The Agile Business System", "Baseline Perspectives", "Architecture Wall", "Archistry Execution Engine", "Renegade Security", "Renegade Security System", "Security Value Delivery System (SVDS)" "Collapse-to-Traction", "Collapse-to-Traction System", "Adaptive Trust & Governance Model (ATGM)", and "Adaptive Trust & Governance Model for Organizations (ATGM4O)" are trademarks of Archistry Incorporated or its affiliates.