I know I’ve talked about this before – most recently in the “architecture wasteland” email the other day – but based on 3 different conversations I had over the last 2 days with experienced, SABSA-certified architects (including a SABSA Master), I think it’s time to take off the kid gloves and do everything I possibly can to address the issue.
The issue is that far too many people don’t understand what a security architect – and especially an Enterprise Security Architect – is supposed to actually do. It’s far too technically focused in most cases, and, as a result, the people we’re granting the “architect” title to simply aren’t capable of getting past the technical detail and thinking beyond ports, protocols…
…and the propeller-caps they’ve worn for most of their careers.
Having a technology background is an asset for sure. Hell, I still write code on a regular basis, so I’m not standing on the outside of the tent pissing in it by any means.
The difference is whether it’s something you have, and therefore it’s a tool you can use at the right time…
…or whether it’s something you are, and it’s something that defines your view of the world and your solutions to the problems you see.
If your propeller-cap is welded to your head, then that’s great. The world needs you, and I’m glad you’re around.
But don’t make the mistake – or let others make the mistake – of thinking you’re an architect when you’re actually a technologist, a specialist or an engineer.
That’s not being an architect—even if people let you define solutions.
A architect is a generalist. And if you want to be a great one, you really need to be a polymath (or at least aspire to be one).
So since we’re in the home stretch before the deadline for registration in the next cohort of Building Effective Security Architectures closes in 7 days, I’m going to do everything I can to try and grow the community of real architects, and that means I’m going to be sending a lot more emails—possibly more than I’ve ever sent before.
And if this is going to bother you, well, you can do one of two things:
- delete them on sight without bothering to open them, or
- simply unsubscribe from the list.
But if you want to help, then please feel free to forward any of them to anyone else you believe might get value out of the program. I would really appreciate it (and I know some of you already do, because you’ve told me so in person, so thank you).
Because the program is for people who are proud of their propellers, but who are ready to frame them, put them on the wall, and use that knowledge (and the ability to expand it on demand and as required) as a tool to build better architectures.
We don’t cover things at the detail of specific technical controls except in passing. The ultimate focus of the work we’ll do as a cohort over the 7 weeks of the course is to help you build (or polish) skills for thinking logically, in the appropriate levels of abstraction…
…and within the entire context of the problem you’re trying to solve.
That means that the majority of the program stays within the top 3 layers of the SABSA architecture model: the Contextual, Conceptual and Logical layers. Of course, we talk about the details some too—but that’s relatively the easy bit, and it’s the land of the propeller-heads, so, even if you aren’t up to speed, it’s easy enough to find people who are.
The rare ones…and this implies by the basic laws of economics, the most valuable ones…
…are the architects who can truly do architecture.
And that means they’re the ones who can easily interact and communicate effectively with anyone from the Chairman of the Board to the junior Threat Analyst. Because that’s what it takes to understand the problem you’re trying to solve…
…and ensure that the solution and approach you have in mind is actually going to be viable and practical to implement.
If you haven’t yet put your propeller in a glass frame on the wall or on stand on the mantle – but you’re willing to do it – then maybe this program can open your eyes and show you a whole new, much more influential world where you can make a real difference to the way your organization functions.
If you’re already in the club, then, based on the feedback, comments and observations I get when speaking with clients, colleagues and potential customers, I’m pretty sure at least some of what I’ll teach will be new and beneficial for you too.
But if you’re in neither of those camps, have only a technical view of security, are close-minded about what security architecture may mean…or are unwilling to explore ideas of how to untie your own hands and start making a difference as an individual—despite whatever the rest of the organization may think…
…then I have to wonder why you’re reading this email at all, let alone why you’re still on the list.
Of course, I hope you join the cohort, and if you’re at the mercy of the speed of the bureaucratic machinery – like some of you I’ve spoken to directly – that fortune smiles on you and your approval arrives before Friday.
To do it, here’s the link: https://archistry.com/besa
And remember, next Friday’s deadline is a comin’ round the bend lickety-split.
Stay safe,
ast
—
Andrew S. Townley
Archistry Chief Executive
