Archistry

Survivability by Design™ since 2006

  • Home
  • About
    • Who Is Andrew?
    • C2T System™
    • The Agile Security System™
  • Contact
You are here: Home / Archistry Daily / Nobody cares you don’t have a “real” security architecture

January 29, 2020

Nobody cares you don’t have a “real” security architecture

If you’re reading this email, I’m pretty sure I don’t have to tell you about the merits of business-driven security architectures. And, even if, for some reason, you’re not entirely convinced that there’s more to “security architecture” than infrastructure diagrams, that’s not what I’m here to talk to you about today.

Today, we’re going to talk about something else that comes up from time to time when I speak with other security architects, but it might not be something you’re going to think of right away.

That something is having access to people who “get it.” The people who are there, in the trenches every day…just like you…and who are trying to carry the flag for architecture in an organization that just doesn’t care.

The business doesn’t care. They just want you to get out of their way and approve their projects.

The IT people don’t really care. After all, in many organizations, they don’t even have any kind of architecture anyway…

…and even if they do have some kind of IT Architecture or Enterprise Architecture…or even an Enterprise IT Strategy group…

…they’re probably walking around with their heads so far up in the clouds, safely squirreled away in they ivory towers that they don’t really even know what the developer and operations peasants are actually doing on a daily basis anyway.

The security operations people don’t care, because, let’s face it. They’re so overloaded…so overwhelmed…and so buried in the barrage of threat and potential security incident reports they get every day, it’s like the whole team are extras in the next Zombie Apocalypse movie.

And, probably most unfortunately, the risk team doesn’t care about your security architecture at all, because they’re probably stuck entering data into some technical monolithic monstrosity that crunches that information, spits out a mitigation and then gives the business some unjustifiable warm fuzzies that, “We’re ok, Jack,” in the form of convoluted and confusing dashboards with pretty, yet ultimately meaningless, charts and graphs.

…when you, on the ground, probably sitting smack in the middle of the Security Engineering team or whatever it’s called – where nobody thinks much about architecture – know for a fact that there’s very little correlation between what the vendor preloaded in the system for risk appetite and “best practice” mitigations…

…and what you’re actually seeing on the ground with the gaping holes you see in the project designs you have no choice but to send back with their tails between their legs.

Nobody cares at all, it seems.

From the conversations I’ve had, and in the face of all this ambivalence about something you might be trying to do yourself, it’s the lack of being able to reach out to other people who are trying to solve the same problems—or who maybe have already solved them – that is one of the big things holding people back from making progress on their security architecture.

And it’s not just being able to mingle with people and swap business cards and email addresses like you can at security conferences. It’s knowing that you have access to people who are not only trying to do what you’re trying to do…

…but who are trying to do it the EXACT same way you are…

So that when you’re truly stuck – or when you’re reeling from waves of organizational apathy – you have someone to reach out to for help.

Of course, I’ve been through all this before too, but for whatever reason, maybe you don’t feel comfortable reaching out to me. Maybe you feel more comfortable reaching out to people who you know have been able to help you in the past.

People who have already given you new insights…pointers to new solutions…

…suggestions of new stories to tell…

…that might break through the ambivalence and apathy…

…and finally allow you to get on with doing your job.

Those very same people are the people who you will likely find as part of your cohort during the 7 weeks of Building Effective Security Architectures—and some of them are people who you might still be exchanging ideas and suggestions with 6 or 12 months and even 2+ years after you’ve been through the program.

I know that’s how it’s worked for me when I’ve been part of similar programs in the past.

But to get that kind of support, from people who’ve gone through the same things you have…who’ve learned the same methods…and who may have already tried and succeeded…or failed and learned from their own efforts…

You’ve first gotta be part of the cohort, and to do that, it means registering for the program to make sure you have reserved your spot before everything kicks off on the 24th of February.

To do that, you’ll need this link:

https://archistry.com/besa

Stay safe,

ast
—
Andrew S. Townley
Archistry Chief Executive

Article by Andrew Townley / Archistry Daily / Agile Security, BESA, Peers, Security Architecture

  • Email
  • LinkedIn
  • Twitter
  • YouTube

EMAIL NEWSLETTER

Want to get DAILY email tips on how to build a more effective security program so you can prove your security investments deliver value to the business?

You can always unsubscribe at any time, and we won't sell your data to third parties.

About Us

Archistry works with you to ensure what you want to achieve actually gets done, linking strategy, risk, governance and compliance to enable sustained exceptional performance Read More…

Testimonials

Andrew is a highly skilled and experienced information systems architect and consultant, which in my view is a rare thing. He is innovative in his thinking and merits the title of 'thought leader' in his specialist domains of knowledge—in particular the management of risk. Andrew has embraced SABSA as a framework and, in doing so, has been a significant contributor to extending the SABSA body of knowledge."

— John Sherwood, Chief SABSA Architect

"Fabulous person to work with. Very engaging and insightful. Extremely good technical knowledge with ability to relate concepts together and overcome differing opinions. Makes things work."

— Kevin Howe-Patterson, Chief Architect, Nortel - Wireless Data Services

"Andrew was able to bring clarity and great depth of knowledge to the table. His breadth of thinking and understanding of the business and technical issues along with a clear and effective communication style were of great benefit in moving the process forward towards a successful conclusion."

— Doug Reynolds, Product Manager, MobileAware

"Andrew is a fabulous consultant and presenter that you simply enjoy listening to, as he manages to develop highly sophisticated subjects in very understandable way. His experience is actually surprising and his thoughts leave you without considerable arguments for any doubts in the subjects he covers."

— Biljana Cerin, Director, Information Security and Compliance

Recent Posts

  • If you want better security, you’d better have a better security architecture
  • The ultimate security song to keep you focused on what you’re doing
  • Security heroes
  • There’s always a people problem
  • Putting your data flow diagrams out to pasture…for good

Looking for something else?

  • Home
  • About
  • Contact

  • Terms of Service
  • Privacy Policy
  • Cookie Policy
  • Copyright © 2006-2025 Archistry Incorporated or its affiliates

"Archistry", the stained glass window logo, "Pragmantix" and the Pragmantix™ logo, "Archistry Execution Framework (AEF)", "Archistry Execution Framework, Cybersecurity Edition (ACS)", "The Agile Security System", "The Agile Business System", "Baseline Perspectives", "Architecture Wall", "Archistry Execution Engine", "Renegade Security", "Renegade Security System", "Security Value Delivery System (SVDS)" "Collapse-to-Traction", "Collapse-to-Traction System", "Adaptive Trust & Governance Model (ATGM)", and "Adaptive Trust & Governance Model for Organizations (ATGM4O)" are trademarks of Archistry Incorporated or its affiliates.