Ah, the ever-present business, technology and security divides.
It’s almost like that classic opening scene in any western: it’s a super-wide shot, the sun is baking down, there’s a few short, squat shrubs showing green defiance against the reddish-brown landscape, and there they are: 3 tall, slender pillars of rock, thrusting majestically upwards towards the Arizona sky…
…each with a billboard of blinking, pink neon perched on top emblazoned with: “The Business”, “IT” and “Security.”
The gulf between them is wide. That gulf that seems irritatingly resistant to 30+ years of prattling on about the necessity of “business and technology alignment.”
Yet that gulf persists.
And it doesn’t matter if “security” is supposed to be part of IT or if it wanders around the executive team like a homeless person, trying to find the right place to sleep for the night.
That divide still remains—as steadfast and defiant as the desolate buttes of the Arizona desert.
So what do you do?
If you want to be able to build a bridge between those dry, isolated pillars, then you need to stop talking about what to do and start doing it.
You need to do your best to not only understand the business, but to also turn that bridge you’re building into a tool that everyone can use to build shared understanding of what’s important.
The best bridge for security leaders to build between themselves and “the business” is something that I call a “Core Domain Model.” What a Core Domain Model does is gives you a single, consolidated picture of not only what the business is, but it also shows what the business cares about and how you’re tangibly supporting it.
And it works.
It works whether you call it a Core Domain Model, a Context Diagram, or a Core Diagram as made famous by the MIT research scientists who wrote Harvard Business School’s “Enterprise Architecture as Strategy” book.
If you do it right, everybody in the organization starts using it—even people outside of security.
They use it because it’s a great way to start conversations about priorities.
They use it because it’s a great way to talk about problems and solutions, and
They use it because it’s built in terms of what the business is and it echoes the language business people use every day.
Sometimes, it even works so well that the CEO has it printed and put up in his office.
And if the CEO puts it on his wall, he’ll start to use it himself because he sees it every day.
And if THAT happens, you know you’ve built a bridge that will really last.
So, if you’d like to do some bridge-building of your own, it’s one of the first things we often do as part of our Security Leadership Coaching Program: https://archistry.com/go/SecurityLeader.
Isn’t there’s an empty spot on the CEO’s wall just waiting for your picture?
Imagine how something like that could transform the relationship between business and security forever.
Here’s the link again: https://archistry.com/go/SecurityLeader
I’m ready when you are.
Andrew S. Townley
Archistry Chief Executive