While this is something I’ve written about before, it’s not normally something that comes up quite so strongly and quite so often in the same day. That “something” is the myth of some magical level of maturity in your security program when “things will happen.”
When we get [magical maturity level], then we can be more focused on the business.
When we get [magical maturity level], then we can adopt a framework.
When we get [magical maturity level], then we can be less focused on operations.
Unfortunately, like most myths, there’s some truth to them. For example, one of my favorite takes on the legend of King Arthur was a book I read when I was an exchange student in Clare, South Australia. It was written by Rosemary Sutcliff in 1963, and is called Sword at Sunset.
Unlike most of the stuff written about Arthur (another of hers was a more “traditional” take that was also quite excellent), she tried to imagine what kind of real-life events might have taken place in history to inspire the story that most people have encountered in some form many times during their life.
Instead of the whole sword, stone, Merlin and magic, she set the story in the time after the Roman occupation of Britain in the 5th Century, and Artos (“Arthur”) leads a pretty dramatically different life than he does most versions of the story. It was dark, it talked about the way live might’ve been at that time, and it talked about the gruesome realities of war and the impact a real leader on a superbly impressive horse can have when supported by a Company of dedicated men.
Of course, it was historical fiction, but it was GOOD historical fiction that really made a compelling case for some real origin to a popular myth most recently, for me at least, appearing in the latest HellBoy film.
In the case of the magical maturity level, there are some realities that do indeed make life difficult when you don’t really have your security program running like a finely tuned F1 racer.
One of those is that everyone tends to do their own thing, because there’s nobody available to tell them not to, and, people are still trying to figure out what works. And another of those things is that everyone’s pretty jumpy about…well…everything, because there’s no good way to prove with any certainty that you’re not suddenly going to be the victim of the next, high-profile cyber attack that makes front-page news.
Those are facts, and yes…they’re a pain in the arse.
But there’s another – often overlooked – fact about maturity.
Maturity isn’t some magic spell whispered on the mist by a mythical magician like Merlin.
Maturity is something that comes after…wait for it…
…a helluva lot of hard work.
But even before all that hard work, someone does something that actually IS kinda magical:
They make a decision.
They make a decision to change.
They make a decision to lead, and…not only that…
…they make a decision to lead by example.
One of the many things I liked about the founder of SEAL Team 6, the Rogue Warrior himself, “Demo” Dick Marcinko was his simplest expression of leadership—the mantra of:
And that’s the real secret to security maturity. Maturity results from a single person making the decision to do something better…more focused…more repeatable…and more effective.
It’s the decision that changes everything.
It’s the decision that can actually be made anywhere…
But if you’re sitting in a leadership role in your security team – and that includes you as a security architect – then it also means that not only can you make that decision…
…you also have the influence to make it stick.
Alternatively, you can just wait around until either:
- that magic maturity level finally does manifest, or
- you get tired of waiting and jump to your next position…
…unfortunately, often finding that the grass isn’t any greener on the maturity scale on that side of the fence than it was where you were.
How do you have the confidence to make that decision?
Well…I’m glad you asked. That’s where I might be able to help you—and, until the end of next week, I can potentially help you for a lot less dosh than it would ordinarily take to be part of the next cohort of our flagship, online training course, Building Effective Security Architectures.
Once you’ve gone through the course, you’ll be well versed – and have demonstrable security architecture skills – in using The Agile Security System™ to build real SABSA® security architectures. It’s deliberately engineered to make sure you don’t get lost, you don’t get overwhelmed, and you DO get the opportunity to actually develop practical skills you can use right away…
…to ignite a veritable security architecture revolution in your organization.
But only if you decide to do so.
Even though the next cohort of the course (where you go through the course along with up to 20 of your fellow security architects in real time) isn’t until February, that’s EXACTLY the reason that you can get a 60% discount if you register before the mystical, magical Friday the 13th of December DEADline.
If you’re feeling suitably magical…or even revolutionary, then here’s the link:
If you’re not, then you’re not. It’s always up to you.
Andrew S. Townley
Archistry Chief Executive