Home Computer Science Securing Systems Applied Security Architecture and Threat Models
Invitations Are Good!
My first measurement for the program itself, and for each security architect, is whether the architect is being included in the relevant architectural discussions? In short, are architects being invited back repeatedly by the teams? Are security architects sought after? Do people call them when there are issues to solve? When they have security questions?
In my experience, project teams are very good at disinviting people and functions from whom they derive no value. Most project teams (development teams, implementation teams, whatever they’re called) are typically incentivized through delivery. Delivery within OR under budget. Delivery on time. Delivery, delivery, delivery.
The focus on delivery implies that anything excess that doesn’t contribute to delivery is an impediment. If your architects are not being invited to meetings, are not being included in problem-solving discussions, this is actually exquisitely focused feedback. The first measurement for my program always is, are we being invited in and then asked to return?
|< Prev||CONTENTS||Next >|