Archistry

Survivability by Design™ since 2006

  • Home
  • About
    • Who Is Andrew?
    • C2T System™
    • The Agile Security System™
  • Contact
You are here: Home / Archistry Daily / Some (longer) thoughts on ships, harbors, safety and saying “no”

February 17, 2019

Some (longer) thoughts on ships, harbors, safety and saying “no”

I’ve been having some conversations lately about safety. In this case, it’s about personal safety, but it really doesn’t matter, because it applies generally.

Oddly, just last night I was thinking about it again.

It was rather hot here, the family was asleep, but it was cool outside. I ended up sitting in the garden, watching the moon, and I remembered something from my childhood.

As you may know, I grew up on a farm in Illinois, 5 miles away from the nearest town in either direction. We had one “pole light” that was situated between the house, the machine shed and an old milk house that in my day served mostly as a collecting place for discarded parts. It also was where the switch was to turn on the water to the closest cows.

Naturally, it was called a “pole light” because it was a big light at the top of a tall pole. But the thing about it was that because it was the only light around, if you were outside the circle it covered, it was dark.

Very dark.

The kind of inky black dark that naturally – if you were outside as a small child, 5 miles from nowhere and about 500 feet from the glowing warmth and safety of the house – was home to all manner of monsters and things that would jump out at you and calmly eat you for breakfast, lunch or dinner.

Anyway, on a regular basis, I had to go out at night and turn off the water pump otherwise a) the well would run dry or b) the water tank would overflow, and the well would still run dry. In either case, my dad wouldn’t be very happy because it might burn up the pump.

So one particular night, as I was exiting the circle of light, again stepping into the inky blackness between me and the switch for the pump, my child brain came to a decision:

“It’s really stupid to be afraid. My dad does this all the time. I’ve done it a lot. It’s our farm, there’s nobody around, and it’s perfectly safe.”

And in the early ‘70s, all the above were 100% true.

So, I made a conscious decision that I wouldn’t be afraid of the dark anymore.

Last night, thinking about some recent conversations, I was reminded of that decision when I was a kid and the conscious decision I made then.

This morning, the famous John, A. Shedd quote sprang into my mind:

“A ship in the harbor is safe. But that’s not what ships are for.”

With that quote in mind, let’s talk about fear, purpose and making decisions.

As you already know, fear exists as a result of our ancient origins and to keep us from getting eaten by things. Now, we know it kicks in quite often when we don’t need it to. You’re not going to make fear go away.

But you can understand it, and you can think about why sometimes it keeps us from doing things.

Fear gets in our way because at some level, we don’t believe the value of what we’re doing, the environment we’re in or what we’re trying to achieve is worth the discomfort it takes to make a conscious decision to say, “Yes, I’m afraid. And I’m going to do this anyway.”

I don’t care whether it’s standing in front of a crowd, deciding the fate of an organization or turning off a water pump for some thirsty cows.

Fear stops us because we aren’t willing to make the conscious, informed decision to understand what we’re really afraid of, assess it rationally, and then decide whether something is really worth doing or not.

When you move this dynamic from an individual perspective to an organizational perspective, it automatically becomes much, much harder to manage. It’s harder because you’ve now physically separated the parts that feel “the fear” from the parts that want something.

If you think about it, isn’t that exactly the dynamic in most organizations today when you look at the relationship between “security” and “the business”?

FUD is a common tactic not only because it works (for a while), but also because it’s the gut reaction from the people with the awareness of the fear to try and convey their understanding of the fear they see and feel to those that don’t. They try and do it as quickly and dramatically as possible, because, after all, if it doesn’t work, you might get eaten by a lion or something.

But the real problem comes back to the hard disconnect between the people who want something and the people who are aware and “afraid” of all the things that might happen if you try and do it.

My dad wanted a) the cows to have water and b) to keep the pump in working order. So he occasionally gave me the nighttime task of going and shutting it off.

From my perspective, there were potentially a lot of things that might go bump in that inky blackness, and, if it wasn’t my dad, and someone else had asked me to do it, I might’ve actually said, “No. I’m not doing it.”

But it was my dad, I knew it had to be done, and I knew why.

So I did it. I did the immediate task so that my dad’s objectives could be met.

And I did it because I understood (and eventually consciously decided), that my fears were manageable, and that I was the one in control of doing that.

Without a strong connection between “the business” and security, and establishing a reliable and credible way to understand both the objectives, the fears, and make a conscious decision about the best way to proceed, it’ll always turn into an argument of:

“Those damn security people are useless! They’re always slowing things down because they’re worried about things that could go wrong.”

vs.

“Those stupid business people just don’t get it! These threats are real. I have the stats to prove it, and we need to do X, Y and Z to keep the organization safe—even if that means we can’t do someone’s pet project!”

Impasse.

And one that MUST be solved because like ships, businesses weren’t built to sit around and be safe. They exist for some purpose, even if you think some of them are just about nothing but perpetuating “the evils capitalism” on the world.

Either way, they’re not going to be able to fulfill that purpose without taking risks that make us as security professionals “afraid” that we won’t be able to keep them safe.

Given the modern world, it’s impossible to be safe. Instead, we need to be prepared.

We need to be prepared in a way that we can communicate effectively to those we’re trying to support. And that message needs to inspire confidence that we can take the ship out of the dock and fulfill it’s purpose—and make it safely back again.

What did you do yesterday and today to inspire that confidence in your customers (“the business”), your team and yourself?

What are you going to do tomorrow?

If you aren’t sure, or you want some support along the way, let me know. I know I can help.

Here’s the link to get started: https://archistry.com/go/SecurityLeader

 

Happy Saturday,

 

ast
—
Andrew S. Townley
Archistry Chief Executive

Article by Andrew Townley / Archistry Daily / Alignment, Confidence, Leadership, Safety

  • Email
  • LinkedIn
  • Twitter
  • YouTube

EMAIL NEWSLETTER

Want to get DAILY email tips on how to build a more effective security program so you can prove your security investments deliver value to the business?

You can always unsubscribe at any time, and we won't sell your data to third parties.

About Us

Archistry works with you to ensure what you want to achieve actually gets done, linking strategy, risk, governance and compliance to enable sustained exceptional performance Read More…

Testimonials

Andrew is a highly skilled and experienced information systems architect and consultant, which in my view is a rare thing. He is innovative in his thinking and merits the title of 'thought leader' in his specialist domains of knowledge—in particular the management of risk. Andrew has embraced SABSA as a framework and, in doing so, has been a significant contributor to extending the SABSA body of knowledge."

— John Sherwood, Chief SABSA Architect

"Fabulous person to work with. Very engaging and insightful. Extremely good technical knowledge with ability to relate concepts together and overcome differing opinions. Makes things work."

— Kevin Howe-Patterson, Chief Architect, Nortel - Wireless Data Services

"Andrew was able to bring clarity and great depth of knowledge to the table. His breadth of thinking and understanding of the business and technical issues along with a clear and effective communication style were of great benefit in moving the process forward towards a successful conclusion."

— Doug Reynolds, Product Manager, MobileAware

"Andrew is a fabulous consultant and presenter that you simply enjoy listening to, as he manages to develop highly sophisticated subjects in very understandable way. His experience is actually surprising and his thoughts leave you without considerable arguments for any doubts in the subjects he covers."

— Biljana Cerin, Director, Information Security and Compliance

Recent Posts

  • If you want better security, you’d better have a better security architecture
  • The ultimate security song to keep you focused on what you’re doing
  • Security heroes
  • There’s always a people problem
  • Putting your data flow diagrams out to pasture…for good

Looking for something else?

  • Home
  • About
  • Contact

  • Terms of Service
  • Privacy Policy
  • Cookie Policy
  • Copyright © 2006-2025 Archistry Incorporated or its affiliates

"Archistry", the stained glass window logo, "Pragmantix" and the Pragmantix™ logo, "Archistry Execution Framework (AEF)", "Archistry Execution Framework, Cybersecurity Edition (ACS)", "The Agile Security System", "The Agile Business System", "Baseline Perspectives", "Architecture Wall", "Archistry Execution Engine", "Renegade Security", "Renegade Security System", "Security Value Delivery System (SVDS)" "Collapse-to-Traction", "Collapse-to-Traction System", "Adaptive Trust & Governance Model (ATGM)", and "Adaptive Trust & Governance Model for Organizations (ATGM4O)" are trademarks of Archistry Incorporated or its affiliates.