You might’ve heard me talk about this a bit in the past, but I grew up in East-Central Illinois on a farm in the ‘70s and ‘80s. And one of the things I grew up listening to on the radio – until I had one of my own – was Country & Western music. I was even on stage with Barbara Fairchild when I was 2 years old because I knew all the words to one of her songs, and she saw me singing along in the audience. In fact, my mother still has the faded photo from the newspaper somewhere.
I was reminded of this the other day when I was speaking with someone about their approach to security architecture. Now, I don’t think they’re getting these emails too, but if they are, then…well, that’s just too bad. They aren’t alone in having this kind of thought about the composition and structure of their security architecture framework.
In fact, it’s one of the few areas where I pretty-much flat-out disagree with my friend and mentor David Lynas about using SABSA. And the source of that disagreement is about how you’re supposed to actually apply SABSA in practice.
Since I’m not as PC as David, I don’t subscribe to the whole “SABSA is a pick-a-mix toolbox of problem-solving tactics”—at least when it comes to the 3 core concepts I know you’ve heard me talk about before. However, there’s a bunch of new people who’ve signed up recently, so I’ll remind you that – to me at least – the non-optional, essential core of SABSA consists of Attributes, Domains and the SABSA Governance Model—and how they’re used TOGETHER. Without those, and, in particular, the use of domains they way they’re defined in SABSA, you’re really not gaining much on any other approach out there.
Back to “The Man in Black,” Johnny Cash…
In the mid ‘70s he released a song called “One Piece at a Time,” and it’s about a guy who goes to work in a factory making cars. And over 31 years, he manages to sneak out pieces of various models because he had this brilliant idea of building himself a car…
…for free.
And, eventually, he succeeds. It’s actually a great song, but, as you might imagine, there were some problems. First, there was the fact that there were 20 years difference in the year of the engine and the transmission, so, there was some “mod-jo-fo-cation” required to make it actually work as a system.
Then there was a small issue with the headlights: there was an odd number, since they changed the number on the models between the time when he liberated the left front fender from the right.
In the song, it all kinda works out ok. He doesn’t get thrown in jail, and they manage to make the car run. And all is good, not to mention it being the talk of the town.
However, this kind of Franken-framework – a hodge-podge, mis-mash of a little bit someone liked 3 years ago from this book, plus a piece of this methodology from the next guy who came along…and then, sure…let’s sprinkle in some SABSA for a bit of spice – is actually worse than the scene in the original Alien movie when the young critter explodes out of the poor sod’s chest in a splash of human and alien goo…
…it’s just a big mess.
And it’s a big mess because, most likely, nobody can explain why it is what it is – beyond playing the “best practice” card – nobody really understands how to leverage it, most people try and ignore it…
…and when it comes to showing the value of the results it fosters, it takes all the dog-and-pony show, smoke and mirror tricks used by every vendor you’ve ever seen just to even survive the meeting.
Now, I don’t know about you, but that’s not the kind of monster I want as the foundation of keeping my job and growing my professional career…
…but…different strokes for different folks, as they say.
Note that this is 180º from my approach to “building architecture” which, most certainly, isn’t trying to build a single, coherent and integrated view…all at once…as part of a big-bang type of thing that has no immediate, tangible value to anyone but the architecture team. Piecemeal _architecture_ is one thing.
Piecemeal architecture frameworks are another, very smelly and vomit-inducing, kettle of fish altogether.
That’s why everything about The Agile Security System™ is built to fit together. It’s designed that way, and it’s built on a solid foundation of SABSA’s “Holy Trinity” of concepts – properly stitched together so the value of what you do every day nearly jumps off the screen and smacks you (or anyone else) across the face.
And if you follow the guidance of the system that I teach in the upcoming 7-week Building Effective Security Architectures online learning experience and use the supplied models and worksheets to build you very own Architecture Wall™…
…it’ll also whisper sweet value-nothings in your ear every time you walk past it to go and take a wee.
But, alas…none of this is possible if you don’t know the 7 principles and 14 practices of the system…or you don’t understand how to use the 3 Baseline Perspectives™ to turbo-charge your application of SABSA to enable fully-formed, business-driven security architectures to spring-forth with an absolute minimum of effort on your part.
If it’s not for you, then that’s cool. Thanks for making it this far.
If it is, you’d better get hoppin’ on over to this link, because we’ve already crossed the 2-week warning line until the cohort kicks off on the 24th of this very month:
You do actually have a choice of an integrated, sensible approach to business-driven security architecture that’s easier than you might’ve thought from reading about SABSA or taking the official courses…
…or you can remain stuck with the scourge of the Franken-framework you have today.
As always, it’s up to you.
You have 14 days left to decide.
Stay safe,
ast
—
Andrew S. Townley
Archistry Chief Executive
