Archistry

Survivability by Design™ since 2006

  • Home
  • About
    • Who Is Andrew?
    • C2T System™
    • The Agile Security System™
  • Contact
You are here: Home / Archistry Daily / Would you like fries with that?

April 24, 2023

Would you like fries with that?

Image of Pexels on Pixabay

May 22, 2020

Today on a call, I heard a story I’ve heard many times before. And the issue crystalizes the difference between security being seen as an order-taker vs. a trusted partner.

What they’re trying to do is define a specific strategy associated with a very high-profile problem within their organization. However, I just found out that they’ve been having trouble getting a meeting to validate some of the work they’ve been doing with the owner of the problem. You see, from his perspective, he’s had a team of people (not security) document the requirements from “the business”, he reviewed it, and he signed it off, before presenting it to security with the wave of a white-gloved hand followed, presumably, by a Picard-like:

“Make it so.”

And when someone from security had the audacity to reach out and want to confirm their understanding was correct, he was, of course…busy.

Now, as you well know, the work of a security program isn’t quite the same as bellying up to the counter in your local McDonald’s and asking for 3 fried chickens and dry white toast. Not the least because I doubt any of us have customers wearing black suits, black sunglasses, black fedoras and answering to the names of Jake and Elwood.

But far too often, thanks in part to our own common approach to delivering security by stopping project after project, our security customers want as little to do with us as possible. In fact, some of them would probably willingly eat McDonalds 3 times a day for a year rather than sit in the same room with “some crazy security guy” or gal who wanted to ask them questions about their requirements for port filtering, phishing worms and deep packet inspection.

So, security ends up being treated like that freckled kid with the braces and coke-bottle glasses behind the counter, slinging fast food and forced to ask, with every order, would you like fries with that because it doubles the annual revenue (which it did, actually).

As a plucky, young security architect infused with the knowledge that there’s more to security – and security architecture – than just wiring diagrams and packet flows, it can be a pretty big slap in the face to have the people who have the answers…

…not return your calls…

…ignore your emails…

…and sprint the opposite direction when they glimpse you about to exit the elevator.

Thankfully, it’s not your fault. You have a lotta history working against you that probably did its damage well before you ever put your head through the lanyard of your very own security keycard. And, also thankfully, it’s a situation that you can reverse…

…but only if you’re prepared to be the bigger person, not hold a grudge and be willing to do your homework.

Because generally, all it takes is learning what’s most important to the person you’re trying to connect with, be it to get a meeting…or even get a bunch of likes on Zoom Bachelorette. You’ve gotta do your homework, you have to make some educated guesses about what’s important…

…and you need to somehow learn to be genuinely interested in whatever it is that matters to them.

If you can figure all this out, then it’s often pretty straightforward to discover how whatever it is you’re trying to do gives you a chance to start a conversation—like helping them deliver their project on time and without security issues, for example.

Unfortunately, getting that background to be able to understand – broadly speaking – what matters most to your business security customers can be quite tricky. And it’s not something that many security people are willing to invest the time and effort required to absorb it by direct immersion and osmosis over years of reading HBR, the Economist, FT and the Wall Street Journal.

But…it is essential in our business – if we’re going to be successful in enabling “the business” – for us to know something about the business.

That’s precisely why Module 2 of the Building Effective Security Architectures program is focused on getting you as familiar as possible with the motivations, language and priorities of the business…

…and to enable you to do it as quickly as possible—all while at the same time making it abundantly clear why and how it matters to the work we’re trying to do as security architects.

Funnily enough, Module 2 often turns out to be the part many people who’ve already been through the program found the most valuable, in part because many security people have never really been exposed to this stuff before.

So, if you’ve ever struggled getting a meeting, making a connection with your business customers, or being able to understand why an experienced, highly-paid business professional would prefer to deploy a service today with known security issues vs. wait 3-6 weeks (or months) until they’re all hopefully addressed…

(hint: it’s not because they’re greedy bastards, either)

…then TODAY is the last working day to register for the July cohort of the program and still get $1,000 off the regular registration fee. Sure, the price doesn’t go up until Sunday morning, but that’s just mostly to give people enough time for the world to spin through quittin’ time in the event they’re waiting for that last-minute, managerial approval.

But if you’re just waiting and debating, and you can’t decide, time’s a wastin. You’re gonna need to decide to join the cohort and save $1,000 of someone’s money (maybe even yours), or your’e going to need to decide to procrastinate just a little bit longer, lose the $1,000 discount, and then hope that the winds of budgetary change blow through town sometime between now and when the final, drop-dead cutoff for joining the cohort will be towards the end of June.

Either way, a decision must be made. The question is will you make it, or will it be made for you. And, I get it, I really do if you personally see the value of the program, want to join, but The Powers That Be (TPTB) are as rigid about COVID-related budgetary constraints as the wooden stake that slayed 10,000 vampires in the 7 seasons of Buffy.

Them’s the breaks. We’ll run it again…eventually. But I can’t tell you for sure exactly when it’ll be. Maybe next year, or maybe not. I’ve a bunch of new stuff in the pipeline, and at least one of them is another, different, cohort-based program. Given I only have so much time  to run these per year, it is possible it’ll get bumped until 2022.

I just don’t know.

What I do know is that there’s still a few seats left in July’s cohort, so if you think the skills you’ll develop as part of it will make a real difference in the work you do in the next 12-24 months, then I think you know what you need to do.

Stay safe,

ast
—
Andrew S. Townley
Archistry Chief Executive

Article by Andrew Townley / Archistry Daily / Agile, Cybersecurity, Professional Development, Security Architecture, Software Architects, Software Engineer

  • Email
  • LinkedIn
  • Twitter
  • YouTube

EMAIL NEWSLETTER

Want to get DAILY email tips on how to build a more effective security program so you can prove your security investments deliver value to the business?

You can always unsubscribe at any time, and we won't sell your data to third parties.

About Us

Archistry works with you to ensure what you want to achieve actually gets done, linking strategy, risk, governance and compliance to enable sustained exceptional performance Read More…

Testimonials

Andrew is a highly skilled and experienced information systems architect and consultant, which in my view is a rare thing. He is innovative in his thinking and merits the title of 'thought leader' in his specialist domains of knowledge—in particular the management of risk. Andrew has embraced SABSA as a framework and, in doing so, has been a significant contributor to extending the SABSA body of knowledge."

— John Sherwood, Chief SABSA Architect

"Fabulous person to work with. Very engaging and insightful. Extremely good technical knowledge with ability to relate concepts together and overcome differing opinions. Makes things work."

— Kevin Howe-Patterson, Chief Architect, Nortel - Wireless Data Services

"Andrew was able to bring clarity and great depth of knowledge to the table. His breadth of thinking and understanding of the business and technical issues along with a clear and effective communication style were of great benefit in moving the process forward towards a successful conclusion."

— Doug Reynolds, Product Manager, MobileAware

"Andrew is a fabulous consultant and presenter that you simply enjoy listening to, as he manages to develop highly sophisticated subjects in very understandable way. His experience is actually surprising and his thoughts leave you without considerable arguments for any doubts in the subjects he covers."

— Biljana Cerin, Director, Information Security and Compliance

Recent Posts

  • If you want better security, you’d better have a better security architecture
  • The ultimate security song to keep you focused on what you’re doing
  • Security heroes
  • There’s always a people problem
  • Putting your data flow diagrams out to pasture…for good

Looking for something else?

  • Home
  • About
  • Contact

  • Terms of Service
  • Privacy Policy
  • Cookie Policy
  • Copyright © 2006-2025 Archistry Incorporated or its affiliates

"Archistry", the stained glass window logo, "Pragmantix" and the Pragmantix™ logo, "Archistry Execution Framework (AEF)", "Archistry Execution Framework, Cybersecurity Edition (ACS)", "The Agile Security System", "The Agile Business System", "Baseline Perspectives", "Architecture Wall", "Archistry Execution Engine", "Renegade Security", "Renegade Security System", "Security Value Delivery System (SVDS)" "Collapse-to-Traction", "Collapse-to-Traction System", "Adaptive Trust & Governance Model (ATGM)", and "Adaptive Trust & Governance Model for Organizations (ATGM4O)" are trademarks of Archistry Incorporated or its affiliates.