Nope? Well, neither do I, actually. But we all remember that in 1969 the United States put the first men on the moon. The name of the company was actually two different ones: the command module was built by North American Aviation of P-51, B-25 and F-86 fame, and the lunar module was built by Grumman Aircraft, probably most famous for the F-14 Tomcat thanks to Tom Cruise and the movie Top Gun.
But nobody remembers that little detail. They remember the result.
Which brings me back to a little something called value, and the role it plays every day in the work we do as security architects.
If we don’t deliver value, very little matters. And if we DO deliver value, how we do it also rarely matters that much, as long as it works, seems reasonable and somebody doesn’t decide it either takes too long or costs too much.
The problem we have is that as humans, we’re basically selfish creatures, and we look out for No. 1 before we think about anyone or anything else.
This isn’t bad. It’s called survival.
And anyone who listens to bleeding-heart people who think being selfish is all bad needs to go back to the drawing board and think about how much good they’ll really be able to do if they aren’t able to meet their own needs before they go out and try and help anyone else.
Short version: you can’t.
That’s the main reason for the “Put on your own oxygen mask before you help anyone else with theirs” line in the safety briefings you probably ignore (like I do, since I fly so much) when you get on an airplane.
What we tend to forget is that if we have a job to do, then what matters most is the value it creates to those we’re trying to do it for.
Why?
Because they’re going to be looking out for No. 1 from their perspective just like we do from ours.
And it’s the single biggest reason why nobody cares whether we build security architecture using SABSA, TOGAF, little green men from Mars, the NIST CSF or anything else—as long as they can deliver their projects.
Truth be known – as I said recently in a whole email – they don’t actually care about security architecture at all. Nor, actually, should they.
That’s our job. But the mechanics of how we do it – the mechanism – doesn’t matter. The only thing that matters is the value that architecture delivers to someone else in terms of faster, better, cheaper solutions.
So they don’t care about SABSA, so we shouldn’t be trying to sell it to them. But that’s what we often try to do – whether it’s SABSA or something else – and it almost always falls flat.
It’s a little thing in the marketing world summarized by the late Elmer Wheeler, dubbed “The World’s Greatest Salesman” in the phrase you may have heard before:
“Sell the sizzle, not the steak.”
And that was back in 1937…
…but the advice is just as true today – and in security – as it is in marketing (just one more reason I say you’re not in the security business as an architect, you’re in sales and marketing).
The question then comes down to what “sizzle” do you sell from a security perspective—and especially as far as security architecture.
Well, the answer comes back to value—that thing people will remember that is the primary driver of your credibility and trust within the organization.
Which is why Lessons 4, 6, 8 and 9 of Module 2 of Building Effective Security Architectures talk to you about how to identify the right value for the right people…
…and the entirety of Module 1 is set up to give you the mechanics and the skills you need to do it repeatably, reliably…
…and as fast as possible.
Because if you can’t demonstrate value – and do it quickly – it doesn’t matter if you have the best methodology, framework or control library in the world.
Nobody cares.
They only care that it’s your fault their project is late and over budget.
If you want to be able to kick this particular problem to the curb – forever – then you can learn exactly what you need to do as a member of the February 24th cohort of the program. But time is running out, because now you only have 5 days left before the registration closes and I start teaching those on the inside the real critical skills a successful security architect needs.
Will you be joining us?
Stay safe,
ast
—
Andrew S. Townley
Archistry Chief Executive
