I was recently asked when I was talking to someone about the newsletter you hear about most days whether it was really worth it or not. The reality is that I can’t answer that question for you. You have to make your own value calculation, and then you have to decide if about $3/day is a worthwhile investment to have effectively a monthly training course you can immediately put to use delivered to your door.
It really all depends on what you’re trying to do, how happy you are with your ability to solve problems today, and, if you’re a SABSA practitioner, whether you want to do SABSA in what I’ve found is the best, fastest and most effective way I’ve found after 14 years of trying.
But it isn’t just SABSA.
I mean, I love SABSA, and I think it’s the most complete and comprehensive approach I’ve seen for security, for sure, and, when you step back and focus on the 3 core concepts of the Attributes, Domains and the Governance Model, you start to realize how truly powerful it is.
What you also start to discover is how easily and quickly you can apply it—even if you’re organization isn’t mature
…even if you think you don’t have time to do architecture
…and even if you think it won’t be used by anyone outside yourself.
I’ve talked about this before, but I’m pretty lazy. That means that if I can do my job simpler, more effectively and not have to solve the same problems more than once, then I’m going to figure out how to do that.
Not everyone will, and certainly, not everyone has the time to figure out how to apply SABSA or get as comfortable with it so you can read a sentence and, instead of visions of sugar plums dancing in your head on Christmas Eve while you’re waiting for Santa Claus…
…you see visions of domains, attributes and interdomain associations of the organization you’re trying to protect, the latest project that comes across your desk or the problem you’re trying to solve.
And you can map any framework to your environment as easily as looking at it.
This stuff takes time, but not only do you see the results of how to apply this level of thinking to the overall delivery of your security program every month, you also get walked through a lot of the thinking behind it.
Because my goal is to help you become the best security professional you can be, and if that isn’t worth the price of your favorite caffeinated beverage every day, then, the Security Sanity™ newsletter probably isn’t for you either.
If you want to be more-than-occasionally challenged about the way you think about delivering your security program, the purpose and ways to create security architecture and how to make sure that you can demonstrate the value of what you do as an individual – or a team – to anyone, anytime and anywhere in the organization…
…as easily as tripping over your untied shoelaces,
then here’s the link: https://securitysanity.com
There’s literally only a couple of days left before the October issue goes to the printer and arrives at your door—but only if you subscribe before the 30th.
Andrew S. Townley
Archistry Chief Executive