May 22, 2020 Today on a call, I heard a story I’ve heard many times before. And the issue crystalizes the difference between security being seen as an order-taker vs. a trusted partner. What they’re trying to do is define a specific strategy associated with a very high-profile problem within their organization. However, I just […]
The correct response to “we don’t have time for security”
May 21, 2020 On a call today, I was reminded of one of the recent challenges facing security architects – or even security leaders (BISOs and CISOs) – who understand the value of architecture and know that it has an essential place in software development—no matter what approach you’re using. This challenge is most often […]
When your cherry picker gets stuck in the tree
May 20, 2020 Far too many people approach security architecture like Fred Flintstone—that is, if they worry about proper security architecture at all. Mind you, I’m not talking about this here new-fangled, live-action fiddle-dee-dee that most people might think of. I’m talking about the one I grew up with, in the real caveman days. The […]
Breaking through the “domain” barrier with security architecture
May 18, 2020 Let’s get straight to the point: if you approach security with a “domain” mindset, then you’re never actually going to be successful in protecting your organization—nor will you ever, not in a million-billion years, be able to demonstrate you’re actually helping them get things done they want to do. And, those quotes […]
Knowing yourself and your opponent—are you truly ready?
May 17, 2020 Email Did you know that the top two investment drivers for cybersecurity right now are still regulatory compliance and reducing incidents and breaches? Maybe you did. And, it shouldn’t really be too surprising, I guess. I mean, far too much of the work we do as security professionals is still way too […]