I have to admit that “wrapped around the axle” was a phrase I hadn’t heard until almost two years ago, but since then, I’ve found it a pretty good metaphor to describe what can happen if we get lost in the turbulent waters of our own, overly-emotional thinking.
Now, if you’re new – and a few of you are – you might be wondering why I’m talking about “emotions” and “security” in the same email. Bear with me, because I hope this all comes together for you soon. You’re tuned to the right channel though, I can assure you.
You see, my thing isn’t really security architecture per se. My thing is really helping develop security professionals…
…and to do that, it takes a pretty broad brush, because “security” is a small part of what it really takes to make you effective. And if you’re not effective, how can your team be effective?
And, much more importantly, how can “security” – however you define that term – have a proverbial snowball’s chance in Hell of being effective…if the individual pieces of the puzzle aren’t individually effective too?
In my experience, that generally doesn’t work out so well.
And by “individual pieces” I mean the people, the things the people create and the things people manage as part of whatever it is the scope of “security” actually entails in your organization.
One of the things I saw this evening (my time here in locked-down CPT anyway), was someone on social media who was in a relatively bad way dealing with the loss of someone they knew in the profession. Any way you slice it, this is hard.
We all know this, because we’ve all lost people. And, unfortunately, some of us either have lost – or are likely to lose – someone we know as part of this pan-global pantomime of lackadaisical leadership being spotlighted in so many parts of the world.
In this particular case, the individual was a bit overwhelmed at the overall dismal state of the world, and, as a result, they were blaming themselves for being a less than shining example of humanity.
Now, given the circumstances…the isolation, the social distancing, the uncertainty, the downright fear, the forced confinement with people you’ve not really been 24x7x4+ weeks with for some time—or even…ever.
The whole thing can add up pretty quick. And, in some cases, it can make you question yourself and your potential lack of ability to deal with things.
This is pretty tough.
I said something to them that long-time readers of these emails have heard before. Specifically, that it’s perfectly ok to feel overwhelmed from time to time. But the thing you need to remember is that your ability to control – on your own – most of the things that might be getting you down right now is…
So, when faced with the overwhelming weight of the world, the only recourse we really have is to focus on the things that we can actually control. Now, I’ve mentioned two of these before, namely your activity and your behavior.
But there’s a third one, and sometimes this can be the most critical of all. And that third one is:
Despite what you might believe, you do ultimately have control over your thoughts—or at the very least, how you react to them. And, fundamentally, the reaction to a thought (your behavior) is most often…
So, if you’re in control of your responses to your thoughts, then you’re effectively in control of your thoughts too—at least at some level.
Ok, so what’s this got to do with security?
Well, one of the things I’ve seen over and over again in security teams – especially those who are in constant firefighting mode and who really don’t get the chance to do what they know what they need to do (for many reasons we’re not going to cover today) – is that they get sucked in to worrying about problems they can’t solve.
And, let’s face it, in security, the things we can control are a lot fewer than the things we can’t.
We can’t control what the bad guys do.
We can’t control the number of vulnerabilities baked into the software we deploy—no matter whether it comes from us or our third parties…
…and before you take that big breath to disagree with me, just take note that I worked in software quality assurance for about 7 years—apparently as penance for some sin I still haven’t quite figured out in the last 40+ years.
Yes, you can try and minimize them, but they’re never really under your control. Thinking you have control over what you don’t is the surest way to fall into the deepest pit of despair that I know…
…which brings me back to the point.
With all that we can’t control…and how easy it is to get sucked into someone else’s problem that happens to be dressed up like “security”…
…if we’re going to get through this still being able to remember our own name – let alone the names of our spouses, girlfriends, parents, kids and pets (how many of those you have is totally up to you, BTW) –
…the most fundamental skill we can learn is how to focus on the right problems. Those problems closest to us that we can either directly control…or that we can at least influence.
So, the $64,000,000,000 question (there’s been a lot of inflation since 1958) is…
…how do you know which ones those are out of all the ones potentially screaming in your ear for attention?
And, I hate to say it, but quite often…it’s the ones that whisper, not scream, that we should be most worried about.
Well, I have an answer for you, and it may be a pretty bold claim. But my answer is that it’s quite simply architecture, and, in our case, I’m talking about security architecture.
Because, seriously…what else do you know of that can help you filter, prioritize and analyze –and do it all at the same time – other than architecture?
And if you don’t believe me, I’m going to make another pretty bold claim. And that claim is that if you don’t believe that a proper security architecture can help you cut through the noise of all the symptoms people may be experiencing and focus on finding – and solving – the true, underlying problem…
…then I’m guessing you’ve never really seen real architecture before.
If this resonates…if you feel like you’ve been wandering around trying to find the right lens to make sense of the state of the world in which you operate, but you just haven’t figured out how to do it…
…then might I even more boldly suggest that you consider joining the July cohort of the Building Effective Security Architecture program where you’ll be introduced, not only to what a proper security architecture looks like…where you’ll also be introduced to a simple, straightforward way to create the damn things so you can quit getting overwhelmed, distracted and led astray of the real problems you need to solve.
So, while it might not help you deal with the angst of the current global meltdown we’re all experiencing right now, it might at least help bring some sanity and order to the work you do every day.
And, let’s face it, every little piece of our world we can somehow effectively manage is going to make it possible to experience just a little bit more peace than we have right now.
To see if I’m a raving lunatic and don’t know what I’m talking about, by all means, head over to this link for a description of the program:
And, if you decide to join us within the next 24 hours and 42 minutes, as I write this email, you’ll still score a cool $2,000 discount off the regular price of the enrollment in the cohort. At midnight, Monday morning, this princess starts turning into a pumpkin, and it’ll cost $1,000 more to get in than it does right now.
If it matters, then time is running out. If it doesn’t, that’s perfectly fine too. Nobody’s better positioned to decide what’s the best way to spend your time and your money than you are.
Andrew S. Townley
Archistry Chief Executive