May 30, 2020 Strategy, architecture, architecture/design, design, artifacts, elements, activities…the questions swirling around what each of them really is, where they start and stop, what purpose they’re supposed to serve and just how they all fit together can sometimes almost escalate to fisticuffs. And our human, psychological need to draw boundaries and establish our “territory” […]
Would you like fries with that?
May 22, 2020 Today on a call, I heard a story I’ve heard many times before. And the issue crystalizes the difference between security being seen as an order-taker vs. a trusted partner. What they’re trying to do is define a specific strategy associated with a very high-profile problem within their organization. However, I just […]
The correct response to “we don’t have time for security”
May 21, 2020 On a call today, I was reminded of one of the recent challenges facing security architects – or even security leaders (BISOs and CISOs) – who understand the value of architecture and know that it has an essential place in software development—no matter what approach you’re using. This challenge is most often […]
To re-architect or not to re-architect your security controls
It seems the above is very much “the question” on the minds of security teams looking to take the CI/CD plunge (or who’ve already jumped in, and are splashing with the sharks without their chain-mail wetsuits). But what does it mean? This “re-architecting” of which you speak? And, just when that young lad in the […]
Why worrying about “being slow” is shaking the wrong tree
No, I’m not talking about whether you may have two or three toes. I’m talking about the real issue behind the 7th, and actually the far deadliest of security architecture sins: sloth. Thanks to our toe-challenged friend, we tend to think of sloth as being simply slow. Sure, this is a problem—especially in security architecture. […]
