Archistry

Survivability by Design™ since 2006

  • Home
  • About
    • Who Is Andrew?
    • C2T System™
    • The Agile Security System™
  • Contact
You are here: Home / Archistry Daily / Unhappy security customers

August 11, 2019

Unhappy security customers

I know that a lot of people just don’t get the whole “customers of security” vibe I keep yapping on about, and some people still say the primary job of security is the enforcer not the advisor—including a rather long and otherwise well-written LinkedIn post I read last night.

The thing is, I just don’t agree. When you’re programmed to be an enforcer, it’s quite often far too easy to start to enjoy the daily judgement calls as to the meaning of what you’re trying to enforce, and then when that happens, you’re not really adding value—you’re just a security bully who gets off on being right and justifies your endorphin rush in the name of policy and protecting the organization.

But of course…this doesn’t really happen in the “real world.” I mean, just look at the ne—

Neeeevvvvveeeerrrrrrrmind.

After as many years as I’ve been doing this – and especially as I’ve worn more and more hats in the business world – I do truly believe that one of the biggest failings in most security programs is that they don’t realize that you need to treat security a lot more like a business than a kingdom.

In a kingdom, you have subjects. And those subjects pretty-much need to do what the leader says. The King sets the laws, and the subjects obey—even when tomorrow the law may be different than it was yesterday.

However, in business, you don’t survive unless you have customers. And just “having customers” isn’t really enough. If you want to be truly successful, you need to have *repeat* customers. Customers who buy from you because they believe in what you do…who believe that you can help them solve their problems…who believe that you can help them achieve what they’re trying to achieve.

Now, which one of those sounds more like what you believe security should be?

Really, you can have any opinion you want. It’s perfectly your right, and I’m sure you’re going to do the most with that opinion you can possibly can.

Personally, I’m obviously going to come down on the “security as a business” side of the argument vs. the “security as a kingdom” side. If you don’t, you might want to really question why you’re getting my emails…

In the August issue, I talked about the types of security customers, and I’ve already talked in the last couple of emails about how the customers are different with different needs, and that’s something we can’t ignore if we want to have a successful security program.

However, today, I want to harp on this “customer vibe” a bit more with a quote from someone I never, ever really thought I would quote in a positive way. But here – along with the requisite monkeys flying out of my butt – is something Bill Gates said about customers:

“Your most unhappy customers are your greatest source of learning.”

So why are we talking to our stakeholders? Why are we really trying to get some of their time – their most valuable resource – and have them decide to spend some of that time with us talking about security?

Because if we want to be a successful security program, we have to learn—always. We have to learn about their world (Principle #2), we have to learn about what they want, what they’re afraid of, what will happen if they don’t get it or it takes longer than they want.

But most importantly, we need to learn more about why they do or don’t like us as security. It needs to go far beyond “Well, because you kill or delay all my projects.” Being the Department of No is a problem, but we need to understand how that causes problems for them.

Because if we understand the problems we’re causing, then we understand how we’re not delivering our mission and purpose of security to help the organization be successful, safe and responsive.

So don’t fear the stakeholder who doesn’t like you. Make them coffee. Boldly face and proactively admit the reasons they might  not want to talk to you or that you’ve made their life difficult in the past—and honestly and openly demonstrate that you’d really like to change that dynamic.

Remember, it’s all about earning the trust and support of the people in our organizations. And we’re not doing that because we want to be a spineless snake who can’t keep the organization safe because they agree to everything the customer wants. That’s not how you build trust.

You build that trust by helping people get what they want—and keeping them out of trouble while they get it.

So think about which side of the Security Kingdom vs. Security Business debate you’re going to be on the next time you’re talking to one of your security customers. And if you want to know more about how to more easily, quickly and reliably build that trust and support…

…then make sure you’re subscribed to the Security Sanity print newsletter before the September issue goes to the printer at the end of the month using this link right here:

https://securitysanity.com

Stay safe,

ast
—
Andrew S. Townley
Archistry Chief Executive

Article by Andrew Townley / Archistry Daily / Agile Security, Customer Loyalty, Customer Trust, Stakeholder Credibility, Stakeholder Engagement, Stakeholder Interviewing

  • Email
  • LinkedIn
  • Twitter
  • YouTube

EMAIL NEWSLETTER

Want to get DAILY email tips on how to build a more effective security program so you can prove your security investments deliver value to the business?

You can always unsubscribe at any time, and we won't sell your data to third parties.

About Us

Archistry works with you to ensure what you want to achieve actually gets done, linking strategy, risk, governance and compliance to enable sustained exceptional performance Read More…

Testimonials

Andrew is a highly skilled and experienced information systems architect and consultant, which in my view is a rare thing. He is innovative in his thinking and merits the title of 'thought leader' in his specialist domains of knowledge—in particular the management of risk. Andrew has embraced SABSA as a framework and, in doing so, has been a significant contributor to extending the SABSA body of knowledge."

— John Sherwood, Chief SABSA Architect

"Fabulous person to work with. Very engaging and insightful. Extremely good technical knowledge with ability to relate concepts together and overcome differing opinions. Makes things work."

— Kevin Howe-Patterson, Chief Architect, Nortel - Wireless Data Services

"Andrew was able to bring clarity and great depth of knowledge to the table. His breadth of thinking and understanding of the business and technical issues along with a clear and effective communication style were of great benefit in moving the process forward towards a successful conclusion."

— Doug Reynolds, Product Manager, MobileAware

"Andrew is a fabulous consultant and presenter that you simply enjoy listening to, as he manages to develop highly sophisticated subjects in very understandable way. His experience is actually surprising and his thoughts leave you without considerable arguments for any doubts in the subjects he covers."

— Biljana Cerin, Director, Information Security and Compliance

Recent Posts

  • If you want better security, you’d better have a better security architecture
  • The ultimate security song to keep you focused on what you’re doing
  • Security heroes
  • There’s always a people problem
  • Putting your data flow diagrams out to pasture…for good

Looking for something else?

  • Home
  • About
  • Contact

  • Terms of Service
  • Privacy Policy
  • Cookie Policy
  • Copyright © 2006-2025 Archistry Incorporated or its affiliates

"Archistry", the stained glass window logo, "Pragmantix" and the Pragmantix™ logo, "Archistry Execution Framework (AEF)", "Archistry Execution Framework, Cybersecurity Edition (ACS)", "The Agile Security System", "The Agile Business System", "Baseline Perspectives", "Architecture Wall", "Archistry Execution Engine", "Renegade Security", "Renegade Security System", "Security Value Delivery System (SVDS)" "Collapse-to-Traction", "Collapse-to-Traction System", "Adaptive Trust & Governance Model (ATGM)", and "Adaptive Trust & Governance Model for Organizations (ATGM4O)" are trademarks of Archistry Incorporated or its affiliates.