Archistry

Survivability by Design™ since 2006

  • Home
  • About
    • Who Is Andrew?
    • C2T System™
    • The Agile Security System™
  • Contact
You are here: Home / Archistry Daily / It’s ok, I know you don’t really care about architecture

August 1, 2019

It’s ok, I know you don’t really care about architecture

I’m serious. And actually, you’re right not to care about it.

Let’s face it, it’s not like we’re building La Sagrada Familia or something that grandiose. While the idea is that if we do our job right, lots of people will benefit. It’s neigh-on impossible for anyone to come along 100+ years later and wander through our collection of attributes, domains, services and the things that implement them to appreciate the intricacy of the traceability links we have or the artfully appropriate and succinct language we used for our control objectives and security policies.

Nope. None of that’s gonna happen.

And let’s face it, to do architecture right is a skill that takes time to develop—especially when you don’t have much guidance, much time or much support. And it’s just one more thing we’re supposed to do, that nobody else cares about…

…or thinks is important

…or, frankly, can even consistently define.

So, I get it that it’s not a priority.

The more people I’ve talked to, both SABSA and non-SABSA people, there’s about 1-2% that are actively practicing any kind of security architecture.

Which is also not so crazy, because the majority of organizations I know don’t really have very mature IT architecture either, so trying to do something in security is kinda seen as either a) not their job or b) a Sisyphean task.

In fact, what we want is to not go insane

…or end up with a heart attack from the stress

…or just pick the top item off the Urgent and Important pile and hope we can get it done before today becomes the day of “the big one.” The breach that would end your career in some organizations.

You just want to get stuff done, cover your backside and hope that’s good enough to keep your organization safe.

And if you know SABSA, there’s a good chance you think it’s great. But there’s also a good chance that you think there’s no way you can do it at the same time you’re doing anything else.

And up till now, you’d have been effectively correct. That first step on the SABSA path is often somewhat vertical, or even 120º, meaning that you feel a lot like you’re trying to climb upside down with tools you’re not sure about and minimal confidence you’re using them in a way that’s actually going to work.

Well, I have news for you. While I can’t make you care about architecture, what I can do for you is at least make it easier to do—and do well. And after 25 years working with technology and business, I truly don’t know how it could be easier.

And when you apply the 7 principles to every decision you need to make, and you apply the 14 practices enough that they become second nature – habits you don’t need to think about – what you’re going to end up with is some business-driven and risk-proportional architecture that lives and breathes everything SABSA promises, but without the majority of the start-up costs in terms of time and investment. And it does that because it IS a SABSA security architecture.

So what you’ll end up with is a view of what really matters to the business and how those things are protected that’s accessible to the whole security team. It’s something that’ll even be accessible to everyone—business and technology alike. And it doesn’t matter if you’re SDLC, Agile, DevOps, DevSecOps or any other kind of critter.

I’m confident it’ll work for you.

And I’m confident it’s a complete system that will help you do what you need to do to keep your organization as safe as it needs to be.

It’s *almost* a way to build architecture without “doing” architecture, meaning you don’t have to care about the architecture per se. All you need to care about is the value it can give you and your team in helping to make better security decisions.

But you’ll only get it if you subscribe to the print Security Sanity newsletter before Wed, July 31st at 11:59pm US/Eastern. And you can only do that with this link:

https://securitysanity.com

However…a word of caution, before you get too excited. You need to read the sales letter very carefully, and you also need to be committed to doing rather than just accumulating knowledge. Because as amazing and game-changing as I think it is personally, like anything else, it’s only going to do you any good if you actually do the work of trying it out.

So if you’re not an “operator” as they say. If you’re not someone who actually wants to find a better way of working so they do more with less effort and stop answering the same questions over and over again, then

…save your money.

The August edition isn’t meant to be collected. It’s meant to be used. It’s the Volvo, not the Pagani.

So grab the kids, strap ‘em into the car seats, take your Volvo-Driving Soccer Moms (or Dads) by the hand, and let’s go buy some groceries so we can get to work!

https://securitysanity.com

Tick-tock. Less than 3 days left, and I wouldn’t wait till the last minute.

Stay safe,

ast
—
Andrew S. Townley
Archistry Chief Executive

Article by Andrew Townley / Archistry Daily / Agile SABSA, Agile Security, SABSA, Security Architecture

  • Email
  • LinkedIn
  • Twitter
  • YouTube

EMAIL NEWSLETTER

Want to get DAILY email tips on how to build a more effective security program so you can prove your security investments deliver value to the business?

You can always unsubscribe at any time, and we won't sell your data to third parties.

About Us

Archistry works with you to ensure what you want to achieve actually gets done, linking strategy, risk, governance and compliance to enable sustained exceptional performance Read More…

Testimonials

Andrew is a highly skilled and experienced information systems architect and consultant, which in my view is a rare thing. He is innovative in his thinking and merits the title of 'thought leader' in his specialist domains of knowledge—in particular the management of risk. Andrew has embraced SABSA as a framework and, in doing so, has been a significant contributor to extending the SABSA body of knowledge."

— John Sherwood, Chief SABSA Architect

"Fabulous person to work with. Very engaging and insightful. Extremely good technical knowledge with ability to relate concepts together and overcome differing opinions. Makes things work."

— Kevin Howe-Patterson, Chief Architect, Nortel - Wireless Data Services

"Andrew was able to bring clarity and great depth of knowledge to the table. His breadth of thinking and understanding of the business and technical issues along with a clear and effective communication style were of great benefit in moving the process forward towards a successful conclusion."

— Doug Reynolds, Product Manager, MobileAware

"Andrew is a fabulous consultant and presenter that you simply enjoy listening to, as he manages to develop highly sophisticated subjects in very understandable way. His experience is actually surprising and his thoughts leave you without considerable arguments for any doubts in the subjects he covers."

— Biljana Cerin, Director, Information Security and Compliance

Recent Posts

  • If you want better security, you’d better have a better security architecture
  • The ultimate security song to keep you focused on what you’re doing
  • Security heroes
  • There’s always a people problem
  • Putting your data flow diagrams out to pasture…for good

Looking for something else?

  • Home
  • About
  • Contact

  • Terms of Service
  • Privacy Policy
  • Cookie Policy
  • Copyright © 2006-2025 Archistry Incorporated or its affiliates

"Archistry", the stained glass window logo, "Pragmantix" and the Pragmantix™ logo, "Archistry Execution Framework (AEF)", "Archistry Execution Framework, Cybersecurity Edition (ACS)", "The Agile Security System", "The Agile Business System", "Baseline Perspectives", "Architecture Wall", "Archistry Execution Engine", "Renegade Security", "Renegade Security System", "Security Value Delivery System (SVDS)" "Collapse-to-Traction", "Collapse-to-Traction System", "Adaptive Trust & Governance Model (ATGM)", and "Adaptive Trust & Governance Model for Organizations (ATGM4O)" are trademarks of Archistry Incorporated or its affiliates.