One of the biggest problems in security that comes up over and over again is trying to demonstrate the value of what we do. After all, to the majority of the people, we’re just a cost center. As the old saying goes, they’re giving us money…
…so that nothing bad happens.
As I’ve alluded to before, sometimes we forget that “bad” qualifier, and do our job so well that we effectively ensure that “nothing happens”, and that’s where we get all of the flack about Security being the Business Prevention Department, the Policy Police…and the object of many, many derogatory thoughts from our security customers.
Of course, then you need to define what “bad” is vs. “good”, and sometimes we’re not doing a very good job at that either.
That’s not what I’m talking about.
Instead, an inkling of what I’m talking about can be found in the very definition of “security”, thanks to my trusty, built-in copy of the Oxford New American Dictionary, it tells me that security is…
“The state of being free from danger or threat.”
While this sounds simple – I mean, it’s only 9 words, and they’re short ones at that – in practice, there’s quite a lot wrapped up in that definition. And the way we tend to interpret it is that “being free” means eradication, prevention or mitigation EVERY potential danger or threat out there…
…which brings us back to where I started. And that means, it’s not really what I want to talk about—even though it’s probably over 90% of what you spend your time doing every day as a security professional.
You might think I’m splitting hairs with the next thing I say, but I guarantee you that it’s the key to addressing our number one problem with demonstrating the value of what we do. But first, we need to understand what the hell value is in the first place.
The short version is: value – like beauty – is in the eye of the beholder.
The longer version is something we cover in-depth during Module 2 of the Building Effective Security Architectures program—which, incidentally, I’m going to be running a highly unusual “encore” cohort of the program kicking off on the 6th of July.
Back to our beholder, and no, I don’t mean the rather ugly, many-eyed, floating-head bad guy described on page 10 of the Classic, First Edition Advanced Dungeons & Dragons Monster Manual.
I mean our customers. Those people who “see or observe” something. That’s the definition of “behold” I actually mean.
So if our job is keeping them free from danger or threat, and we do it. It doesn’t really matter unless they see it. However, once they do this, there’s another, catchy little phrase that becomes relevant:
“Seeing is believing.”
And now, dear reader, is the point of today’s email. That belief.
Because until they actually believe it – because they’ve seen it in a way that’s meaningful to them – they’re not going to be willing to actually take action or make a decision.
We can create an environment that’s as “free from danger or threat” as we like, and, of course, we need to believe it too. However, what we believe doesn’t mean jack to our customers until we can help them see it too.
And to do that, we need to understand their world, and we need to paint them a picture of how we’re enabling and protecting them within their world so they can get what they want.
If this happens, they have…
So, actually, our real job is to not only sort out the mechanics of “doing security”, but it’s to be able to be able to effectively show them, on their own terms, so they believe it just as much as we do.
Because without belief, there’s no confidence. And, despite what you might’ve heard otherwise…
…without confidence, there’s no decisions.
People are paralyzed by our best buddy Fear—whether they admit it or not.
However, the more confidence we can give them, the more easily they’ll make the decisions they need to make. And they’ll be able to make even bigger and bigger decisions, the more confidence they have.
And be very careful here. I said “confidence”, not “arrogance”. There’s a difference that I’ve talked about in detail before. If you’ve forgotten, go search the archives of the blog.
But creating that vision, connecting to their worlds and inspiring the belief and confidence I just mentioned isn’t something that you generally just wake up being able to do one morning. It takes some focused skill development to do it, and, sometimes, that kind of skill development is kinda hard to find.
Fortunately, between now and Sunday night at 11:59pm US/Eastern, it isn’t. Finding a way to reliably and effectively connect with our customers so we have the ability to demonstrate and communicate the value of our security work, our security investments…and our entire security program is the ultimate aim of the Building Effective Security Architectures program. And that’s why, at the same time as I’m teaching you how to practically apply the mechanics of SABSA to the problems you often face…
…I’m also working to give you the tools you need to demonstrate value and inspire confidence in your own security customers.
If you want to pick those up, it’s as easy as visiting this link to join our July cohort:
And if you join before Sunday night, you’ll get a whopping $2,000 off the regular enrollment fees. So, you need to make a decision, and you need to take action quickly if you want the discount.
What are you going to do?
Andrew S. Townley
Archistry Chief Executive