I’m not sure if it’s been said before or not, but ultimately, life itself is essentially a classification problem. Every day we’re faced with many situations, people, actions, events and observations, and how we choose to interpret those is fundamentally based on how we classify them. Because if we can’t classify them effectively, then we simply don’t know how to act. We can’t respond to the situation in front of us without a lot of additional mental effort of the sort that I’ve mentioned before being covered in the books Thinking, Fast and Slow (where the comma is certainly a critical construct) and Blind Spots.
Is that animal approaching likely to eat me?
Was that comment really as accusatory as I think it sounded?
Is this the kind of person it would be fun to spend the afternoon with?
How we answer all those questions is going to drive our behavior in each of the given situations, and the answers to those questions are going to ultimately be based on what buckets we can put them in so that we can know what we should do.
How quickly we can make the decision is based on both how many possible buckets we have in front of us and how fast we can determine whether we have a bucket that fits or not.
That last bit is where the fast vs. slow thinking comes in.
And especially as security architects, we love to create buckets. In fact, give an architect a piece of paper or a whiteboard and something to draw with, it’s going to be the very first thing they’re likely to do.
In fact, all of our architecture models are simply collections of buckets we think might be relevant to help communicate or understand whatever problem it is we’re trying to solve.
And…if we’re of the software development persuasion in the last 30 years and cut our programming teeth on some kind of OOP, we’re likely to go overboard even more on this.
The problem is that a lot of the time, the buckets we need to define (and draw) to help us understand and solve any given problem aren’t necessarily the same buckets we need to communicate the problem, its impact and why our solution is the right one.
Somehow, the simple act of drawing that damn box…or circle…or hexagon…or whatever shape we haven’t yet logically associated with some concept we care about…
It’s the act of drawing that box that makes us feel attached. After all, we drew it for a reason, so that means it’s important.
However, a lot of times, it means that we think that box is important forever…for everyone…and, well…since we have it, then we might as well use it.
Or worse…we want everyone to know and appreciate how many boxes we were able to draw – and how clever our analysis was – often as some kind of warped proxy for the value of the work we’ve done.
I’m an * architect, and I know I do this, so I’m guessing that there’s possibly a good chance that you might do it too.
What I’ve learned over the last 25 years of my professional career is that this is something that’s killing us—and it’s one of the major reasons that we have so much trouble communicating across the “Great Business and Technology/Security/Insert-Other-Non-Business-Discipline-Here Divide.”
We get attached to our boxes, and our views of the world, and we have trouble filtering out the ones we don’t need and focusing on the ones we do.
We over-complicate things.
We over-egg the pudding.
And we end up with a complex, confusing and nearly impossible to explain mess we try and call architecture.
But it isn’t.
Architecture is knowing how to select what’s important from what isn’t for the specific problem we need to solve and for the specific people we need to influence.
SABSA helps us by formalizing a layer model and gives us some really excellent theoretical foundations that allow those boxes we draw to have specific semantics…
…however, it won’t help you decide what’s important—unless you know how to let it.
If you’re tired of over-complicated architecture models…
If you’re tired of building models people don’t actually use…
And if you’re repeatedly finding yourself struggling with untangling the complexity of our professional lives as security architects so you can focus on what’s important…
Then I’d strongly urge you to consider whether the next run of Building Effective Security Architectures is right for you. In it, you’ll understand some proven lenses you can use to focus and filter the complexity of our worlds, and you’ll also learn ways you can anchor the detailed analysis you need to do to the bigger picture…
Want to know more about how it all works?
Here’s the link: https://archistry.com/besa.
Andrew S. Townley
Archistry Chief Executive