Archistry

Survivability by Design™ since 2006

  • Home
  • About
    • Who Is Andrew?
    • C2T System™
    • The Agile Security System™
  • Contact
You are here: Home / Archistry Daily / The one critical security skill you can never stop practicing

May 3, 2020

The one critical security skill you can never stop practicing

Photo by Paulo Infante on Unsplash

A very Happy Easter to you! I’m sure it’s quite different than your last one. So, for something to think about when either:

  1. your small children are bouncing off the walls more than usual thanks to the OD on Easter candy, or
  2. you’re able to just sit in your solitude and let yourself reflect on where you are in your security career and where you want to go next,

In today’s email, I want to talk about what I think is probably one of the most important, but which is, unfortunately, the most isolating skill successful security professionals have:

Staying out of the way.

Yesterday afternoon, I was listening to Ken McCarthy talk about breathing and how most people tend to do it all wrong. He also talked about the relationship between our breathing and our mental and physical states, and how this is one of the best ways we can get ourselves under control when the proverbial shite hits the fan and our fight-or-flight response has kicked into double-overdrive, making it difficult to focus, to think and to make decisions.

Now, I have to say that I knew a lot of it already, because in the dim and distant past, I used to sing…a lot. And, for a while, I even got paid for it, so, by the rules of the Olympic Committee, I’m a “professional”. Or, at least, I was. And the truth is, if you can’t breathe properly, you can’t sing properly either. It’s just impossible.

What Ken was explaining was that our breathing is actually most effective when we’re not thinking about it. Far too often, we’re told – and we tell ourselves to:

“Take a deep breath.”

And we make this huge, noisy effort of sucking air into our bodies, generally puffing out our lungs, and then, when it feels like we just can’t take any more, we relax and let the air blast out through our mouths.

The thing is…that’s not it. It’s not what we need to do.

We’re forcing it.

Now, sometimes this is necessary—like when we just can’t get our breath, or we’ve just run a marathon or something.

But, if we were to just get out of the way and let our breathing system do what it was designed to do, we ultimately get a lot more oxygen….

Not to mention, it’s a whole lot more efficient.

The principle to remember in this case is that air will rush in to fill a vacuum. If we do a good job building the vacuum, all we have to do is open the valve, and the physics will do the rest. We don’t have to do anything ourselves.

That’s why babies, puppies…and professional singers…all breathe from “their belly”, making their bellies puff out as they exhale…

…instead of forcing their lungs to puff out as we inhale.

Sure, it’s still work either way. But one way is integrated into the way the system works, and the other way is trying to make the system actually work in reverse.

It’s no wonder that the first one works better than the second.

Oh, and I should also point out that babies and puppies don’t think about their breathing, they just do it, and they do it right. The rest of us have “learned” how to breathe, but we’ve actually learned the wrong technique, and it ends up tripping us up when we really need it the most.

So, that critical security skill of staying out of the way ends up being very similar.

The ultimate way security can “stay out of the way” is by being as integrated and aligned with the organization you’re trying to protect as you possibly can. You literally “know it like the back of your hand,” and that’s why the 2nd Principle of The Agile Security System™ is “understand your customer’s world.”

And it’s only the 2nd one because the first one says: “Every decision we make, every day, is intended to deliver the mission and purpose of security,” where the mission and purpose of security is to keep the organization as safe as possible while we enable it to do whatever it’s trying to do.

It’s a lot more words than “staying out of the way”…

…but it ultimately means the same thing.

Because if we’ve done our job right…if we establish trusting and credible relationships with our security customers…if we intimately understand their world and what they’re truly trying to accomplish at a deep level…

…they really don’t have to tell us much.

All they need to say is where they want to go, and we’re there, dressed up in the butler suit, handing them their keys, and saying…

“Enjoy your trip, Madam.”

But…that’s not normally how we tend to approach the problem. The more standard approach to security kinda resembles crashing in the middle of the jungle with our security customer, hearing the growls and shrieks of the animals around us, adjusting our safari hat, tightly gripping the handle of our razor-sharp machete, and saying:

“Wait here, sir. I’ll cut us a path outta here.”

Only to leave them on their own, wondering where the hell we’ve gone as they get more and more anxious the louder the growls around them tend to get…

…sometimes never to return and actually deliver on our promises.

Now, as someone who’s been “doing security” for a very long time, and applying SABSA for almost 15 years now, I still work every day on learning more about the organizations, businesses and people I need to support…

…so I can help them the most…

…by staying out of their way.

Because when I do that, they’re able to focus on what they’re trying to accomplish—not the things I’m doing – or worse yet, asking them to do – to help them get there.

While it’s certainly possible to learn this skill and end up being “business aware” so you can ultimately deliver “business driven” security programs, it’s not generally very easy—nor is it something that “the experts” do much but tell you is important, and then tend to leave the “implementation details” for you to figure out on your own.

This sorry state of affairs is one of the main reasons I developed The Agile Security System in the first place, and then figured out how to teach you to use it – quickly and easily – in just 7 weeks, working 5-10 hours each week along with a live cohort of your peers, wherever in the world that they happen to be.

Maybe it sounds far-fetched, or maybe you don’t agree that what I’m talking about is the “killer, lifetime success skill” for security professionals. If that’s the case, it’s probably better if you give this one a miss, because I’ll surely only end up pissing you off when I tell you – over and over again – how important this is…

…and when we dedicate a good portion of the program to things you’re probably going to feel have nothing to do with “security” because I’m trying to teach you how to become hyper-aware of what you read and how to get inside the minds of your business customers.

It’s all stuff that’s a long way from social engineering, exploiting systems or configuring technical security controls. I mean, after all, that’s what cybersecurity’s all about, right?

However, if you’d like to start learning how to build and practice the “secret” security success skill of protecting and enabling the business by staying out of the way – in plain, practical terms – then I’d urge you to consider joining the next cohort that’ll kick off on July 6th, because there’s no time like the present…

…and there’s a good chance that a lot of what you thought you knew about your organizations and the businesses they were in may have changed by the time this crisis is over. So you’re not going to have a lot of time to figure out where security really needs to go next if you don’t want to slow down not only the recovery of your organization, but whatever their contribution will be to the recovery of the global economy.

To see if it makes sense for you, go here:

https://archistry.com/besa

And, to make things easier for anyone ready to act or who’s seen their income as an individual contractor contract over the last couple of months and needs a bit of a break, if you register in the next 7 days, prior to 11:59pm US/Eastern on the 19th of April, you’ll get an extra $2,000 in your (or your organization’s) pocket vs. those that wait around, going back and forth and who are unable to make a definite decision, one way or another.

Either way works for me. I just want you to make the decision.

May the Easter Bunny deliver you smiles and happiness this year, because God knows, we need as many of those right now as we can get.

Stay safe,

ast
—
Andrew S. Townley
Archistry Chief Executive

Article by Andrew Townley / Archistry Daily / Agile Security, BESA, Business Alignment, Security Architecture, Stakeholder Engagement

  • Email
  • LinkedIn
  • Twitter
  • YouTube

EMAIL NEWSLETTER

Want to get DAILY email tips on how to build a more effective security program so you can prove your security investments deliver value to the business?

You can always unsubscribe at any time, and we won't sell your data to third parties.

About Us

Archistry works with you to ensure what you want to achieve actually gets done, linking strategy, risk, governance and compliance to enable sustained exceptional performance Read More…

Testimonials

Andrew is a highly skilled and experienced information systems architect and consultant, which in my view is a rare thing. He is innovative in his thinking and merits the title of 'thought leader' in his specialist domains of knowledge—in particular the management of risk. Andrew has embraced SABSA as a framework and, in doing so, has been a significant contributor to extending the SABSA body of knowledge."

— John Sherwood, Chief SABSA Architect

"Fabulous person to work with. Very engaging and insightful. Extremely good technical knowledge with ability to relate concepts together and overcome differing opinions. Makes things work."

— Kevin Howe-Patterson, Chief Architect, Nortel - Wireless Data Services

"Andrew was able to bring clarity and great depth of knowledge to the table. His breadth of thinking and understanding of the business and technical issues along with a clear and effective communication style were of great benefit in moving the process forward towards a successful conclusion."

— Doug Reynolds, Product Manager, MobileAware

"Andrew is a fabulous consultant and presenter that you simply enjoy listening to, as he manages to develop highly sophisticated subjects in very understandable way. His experience is actually surprising and his thoughts leave you without considerable arguments for any doubts in the subjects he covers."

— Biljana Cerin, Director, Information Security and Compliance

Recent Posts

  • If you want better security, you’d better have a better security architecture
  • The ultimate security song to keep you focused on what you’re doing
  • Security heroes
  • There’s always a people problem
  • Putting your data flow diagrams out to pasture…for good

Looking for something else?

  • Home
  • About
  • Contact

  • Terms of Service
  • Privacy Policy
  • Cookie Policy
  • Copyright © 2006-2025 Archistry Incorporated or its affiliates

"Archistry", the stained glass window logo, "Pragmantix" and the Pragmantix™ logo, "Archistry Execution Framework (AEF)", "Archistry Execution Framework, Cybersecurity Edition (ACS)", "The Agile Security System", "The Agile Business System", "Baseline Perspectives", "Architecture Wall", "Archistry Execution Engine", "Renegade Security", "Renegade Security System", "Security Value Delivery System (SVDS)" "Collapse-to-Traction", "Collapse-to-Traction System", "Adaptive Trust & Governance Model (ATGM)", and "Adaptive Trust & Governance Model for Organizations (ATGM4O)" are trademarks of Archistry Incorporated or its affiliates.