Category Archives: Quotes

Architecture vs engineering – Good quote

You need both architecture and engineering to ultimately deliver and maintain value for the customer. This is an obvious statement but these two practices are often confused or used interchangeably. I found this definition / statement from Andrew Townley helpful in terms of keeping the “lines” less blurry

If you’re implementing someone else’s design or creating the design of something mentioned in someone else’s design…you’re an engineer..if you’re the one doing the design…or, in most of the cases we find ourselves trying to surface, document and communicate the structure and interconnections of the way our organizations work, identifying critical functions in the context of delivering some kind of thing that ultimately will be recognized by someone as being of “value”..you’re an architect~ Andrew Townley (2023).

Quote of the day – 5/17/2021

Leave a reply

…we should always keep top of mind when we’re neck-deep in cyber threat intelligence, control libraries and vendor technology presentations is simply this:

“How does the decision I’m about to make help my security customers accomplish what they’re trying to do?” Followed closely by the corollary: “How are they really going to recognize that what I’m doing is helping them rather than just getting in their way?” ~ Andrew S. Townley

Quote of the day – 3/30/2021

Leave a reply

One of the biggest barriers to security automation isn’t the technology but rather figuring out where to start. Getting to a starting point requires prioritizing the processes that cause the most bottlenecks to security service delivery.

Here, I would recommend CISOs look at value-stream mapping. Value-stream mapping is a visual exercise that helps align workflows to business outcomesand identifies issues related to performance and quality.

From there, you’ll want to explore which technology solutions have integrations built in and which will need custom programming. Invest in solutions that work well together. Then, fill in any automation gaps with strategic programming.~ Kent Noyes

Quote of the day – 3/24/2021

Leave a reply

The primary purpose of creating an enterprise security architecture is to ensure that business strategy and IT security are aligned. As such, enterprise security architecture allows traceability from the business strategy down to the underlying technology. However, many IT organizations have moved away from formal security architecture governance in favor of rapid deployment cycles and tactical changes which over time risk diverging into complexity and fragmentation – with unresolved security exceptions. Complexity not only leads to insecurity and the increasing potential for human error but also increased cost of operations. (Nige the Security Guy, https://nigesecurityguy.wordpress.com/tag/security-architecture/)

Quote of the day – 3/20/2021

Leave a reply

The world really needs to take security architecture more seriously! If physical buildings were anything like security systems (experiencing a major breach practically every month), the news would be full of collapsing buildings and crumbling bridges… Dan Blum (https://security-architect.com/working-together-to-create-the-future-of-security-architecture/)

Quote of the day – 3/19/2021

Leave a reply

If you can’t measure it, you can’t improve it. ~ Peter Drucker

Quote of the day – 3/17/2021

Leave a reply

Only give them pain in terms of time and cost if the application does not comply with standards. Clean and easy if the application complies with standards outlined in a reference architecture or solution building blocks ~ Anonymous

Quote of the day – 3/16/2021

Leave a reply

You never change things by fighting the existing reality. To change something, build a new model which makes the existing model obsolete ~ Buckminster Fuller

How do pandemics relate to cybersecurity?

Leave a reply

Traditionally, when we think about security and protecting ourselves, we think in terms of armor or walls. Increasingly, I find myself looking to medicine and thinking about viruses, antibodies. Part of the reason why cybersecurity continues to be so hard is because the threat is not a bunch of tanks rolling at you but a whole bunch of systems that may be vulnerable to a worm getting in there. It means that we’ve got to think differently about our security, make different investments that may not be as sexy but may actually end up being as important as anything.

What I spend a lot of time worrying about are things like pandemics. You can’t build walls in order to prevent the next airborne lethal flu from landing on our shores. Instead, what we need to be able to do is set up systems to create public health systems in all parts of the world, click triggers that tell us when we see something emerging, and make sure we’ve got quick protocols and systems that allow us to make vaccines a lot smarter. So if you take a public health model, and you think about how we can deal with, you know, the problems of cybersecurity, a lot may end up being really helpful in thinking about the AI threats (President Obama, Oct. 2016)

What is a great quote on cooperation?

Leave a reply

..the story of passengers and crew revolting and trying to take control of the plane back from the terrorists. They came together in about 20 minutes, they came up with a plan, they voted on that plan, and took action. I would hope that message of cooperation would live on today. 15 years later it hard to see that message living on, but, you know these were folks from all over world that came together and did something great. Gave the country something bright on a dark day ~ Tim Lambert (2016, Interview Heard on NPR’s Morning Edition)