In my inbox this morning was from a fellow email subscriber and buyer of the upcoming Definitive Guide to The Agile Security System™ where he was talking about experiencing first hand the value of using SABSA attributes tailored to your stakeholders.
However, he also mentioned the quite common challenge of getting people to listen to you long enough to get it done. Of course, they’ve already got a million things on their plates, so getting a slice of their time is generally harder than trying to coax a pesky phantom over an open ghost trap.
And, unfortunately for us, there’s many the wailing spirit of former security professionals still haunting many of our business customer’s project delivery nightmares, so they’d probably much rather be slimed than sit across from a security professional.
The thing is, we’ve done this to ourselves, and it’s going to be a lot of work to change those attitudes. A lot of work, and there’s also, unfortunately, no shortcuts.
But…the good news is, there are ways to overcome this diabolical dilemma by applying the 7 Principles, 14 Practices and 3 Baseline Perspectives. Existing subscribers of the Security Sanity™ print newsletter were treated to over 22,000 words on the topic between the September and October editions of the newsletter, and all the good bits of that guidance will be included – and expanded – as part of the Definitive Guide.
Stuff like:
- How to make sure you’re going to get the stakeholder to meet with you
- Techniques to use the relationships of the Baseline Perspectives to make sure you’re asking the right questions
- What to do to avoid getting lost in our world of security and drive your customers away screaming
- How to negotiate the priorities and ownership of the right requirements and organizational risks
- Techniques you can use to deal with problem stakeholders who think you’re jus a PITA
- And a whole bunch of other things…
…specifically on how you stay focused on the mission and purpose of security by being relentlessly focused on the worlds of your customers and what they care about…
…instead of asking them would they like to have a firewall with red or pink flashing lights filling their inbox with event log messages.
It’s all about having a system, building new habits and using those habits to make changes in your behavior as security, because changing your behavior and responses to events is really what it takes to change the effectiveness of yourself as a security professional and the overall security team itself.
Ultimately, that’s what the Definitive Guide is all about: helping you learn the skills and behavior you can use to ultimately build a more allgned, business driven – and therefore, more effective – security program in your organization
…whether you’ve been given the explicit permission or approval to do it or not.
The rest of the stuff you get if you order the book, including the architected and engineered control libraries of the CIS20 and the NIST CSF, the architecture modeling stencils for ASML™ and the reference attributes (and the last ones I’ll talk about in the next email)…
All that stuff is really there to save you time as you apply the principles and the practices and give you references you can use to “gut check” your own architecture practice against what I do after 14 years of teaching SABSA, building security architectures and transforming security programs.
All week, I’ve been talking about the target of 10 pre-orders for the book, and that the $247 price tag until 11:59pm US/Eastern today is the lowest it’ll ever be. So far, lots of people raised their hands (and credit cards) to say the book would help them.
And yet, we’re still just short of the 10 orders I need to justify taking all of what I have laying around that’s never been published, all of what I’ve developed for clients, all the course materials and transcripts and the key information extracted from the newsletters to package it together in one place, accessible to just about everyone who’s really interested in enhancing their security leadership and, in particular, their security architecture skills.
If we fall short of the finish line, everyone who’s ordered so far will get a refund in November, and we’ll put the idea back on the shelf for a while.
At this stage, I don’t want that to happen, and many of your fellow readers clearly don’t either. If you’re one of the ones already on the list, I thank you again for your support.
If you’re not, and you ever want this kind of information to help you and your team, now’s the time.
At 11:59pm US/Eastern, the $247 price will disappear like a Halloween mist, and either
- the price will go up by at least $100, or
- the only other ways to get this kind of support start at at least 10x the price
If you’re thinking the value just isn’t there or you don’t trust I’ll deliver what I’ve said, then that’s fine. I’m not here to please everyone.
I’m here to help people who want to grow their security skills and make a step-change in the way they enable and protect their organizations.
If that’s you, get thee to this here link posthaste:
In it, you’ll find the answers, tools and techniques you need to never again haunt the nightmares of your customers as the ghostly Department of No.
Stay safe,
ast
—
Andrew S. Townley
Archistry Chief Executive
P..S. And if you’re interested in subscribing to the monthly print Security Sanity™ newsletter where The Agile Security System™ first appeared, you can start with the next issue here: https://securitysanity.com
