Without a doubt, one of the biggest stumbling blocks for people attempting to create security architectures that align with the business, veritably scream the value they create and which underpin and drive the entirety of an effective security program that enables and protects the organization…
Is getting started.
Whatever your thoughts on religion might be, I’m guessing that you might be at least passingly familiar with the story of Genesis from the Bible. And, in this case, I’m talking about, like Genesis 1, page 1, story of creation type of stuff.
Now you might not remember it, but the story goes that God created the heavens and the earth, but the earth…well, let’s just say that the earth wasn’t yet exactly listed in Airbnb as the messy, politically charged place that’s teeming with life today. No, in the beginning, so the story goes…
It was formless. It was void. And it was full of darkness, so even if there were people wandering around, ready to argue until they passed out about one side of partisan politics or the other…they were kinda SOL, because they couldn’t see each other.
But there weren’t. Because it was void.
A blank slate.
A ball of malleable clay…waiting for someone to unleash its potential.
Now, in the story, of course, that “someone” was God, and on the first day, apparently…
“And God said, ‘Let there be light,’ and there was light. And God saw that the light was good, and He separated the light from the darkness.” (from some Google indexed version of some edition the Bible)
Whether you believe the story or not, or what your religion (if any) might be, is actually irrelevant to the discussion, and frankly, I don’t care either way. It doesn’t matter to me in the slightest.
The thing is…while there are certainly some people I’ve met in my life that call themselves “architects” who do certainly have delusions of grander of God-like proportions…
There’s no practical way that any of us – and I don’t care how good you are – can just click your fingers, wave your hand, or simply conjure up by sheer force of will and mental energy…
…a fully-formed, business-driven, all-singing, all-dancing, party-animal of a security architecture—at any level.
It. Just. Doesn’t. Happen.
Sure, it’d be nice. But, if it were possible, you’d probably end up with some sandy-haired kid with dreadlocks trying to put it on the end of a stick or something like the classic “Captain Walker” scene in the original, Mel Gibson Mad Max, Beyond Thunderdome film…
“We kept it straight, right? Everything marked. Everything ‘membered”
Everyone wants to see “tomorrow-morrow land”…but nobody knows what it is…and very few know how to build it.
Because security architects, no matter how wide the definition you choose to follow, aren’t gods—as much as we’d sometimes like to be, because, well…it’d sure be a lot easier, right?
Unfortunately, any way you slice it, that blank slate…that formless ball of architecture clay that faces every security architect at some point in their career is up to you – and you alone – to lead its transformation.
Sure, there’s a load of frameworks out there you can use to guide the work you do…including SABSA, of course…
…but you still need to find your own way. You need to create a vision in your mind clear enough…consistent enough…to drive every decision that you make, every day, so that you don’t end up spinning your wheels, going in circles…
…and sitting in a pile of cracked and shattered pottery that had aspirations of someday becoming your organization’s business-enabling security architecture.
You certainly can do it yourself, from scratch. Lots of people do.
But, you don’t have to. If you want to stand on the shoulders of someone standing on the shoulders of giants, then maybe not starting from a blank slate or completely formless mass of clay and commanding it to become architecture isn’t really the right way…
Or maybe it is. I’ve no way of telling.
However, if you would like to learn a focused, coherent system, guided by 7 principles, with 14 practices I recommend you make automatic habits – and 3 Baseline Perspectives™, initial models of your organization, it’s services and how it interacts with the world…firmly sitting on the shoulders, methods, concepts and value of SABSA itself…
Then run, don’t walk, to this link:
And register for the next cohort of Building Effective Security Architectures, Archistry’s 7-week, hands-on, security architecture skill development education program to make sure you’ve reserved your seat for February 24th.
It won’t make you a security architecture god by any means, but it just might help you get that business-enabling security architecture in place a whole lot faster and easier than you could knowing what you already know, right now, today.
Andrew S. Townley
Archistry Chief Executive