3 Ways Enterprise Architects Can Bridge the Socio-Technical Gap
09 August 2023
Request your demo of the Sigrid® | Software Assurance Platform:
02 July 2020
4 min read
Recently, I’ve been wondering about a topic in my field that doesn’t get much attention. I work in software security, and there, we’re excellent in models and frameworks. My colleagues and I carry out security assessments for global organizations, for which we have several well-thought-through models that we at SIG have defined. We also use many standards or frameworks that are well known in our world, like ISO27001/2, OWASP, PCI-DSS, NIST, HIPAA, etc. We also assess nearly 300 programming languages. These both are all very factual, specific and clear. But assessing against many standards and/or languages requires knowledge of each and every one of them – which usually means many people as well.
People and their knowledge can be a limiting factor in being able to provide a good assessment for a customer. You always want to have a “right-size organization” and stay agile. I’m blessed to work alongside the brightest minds in our field, but even they can’t master everything. It’s impossible. How can you still provide specific, relevant and actionable recommendations if you don’t have the right knowledge? And how do you ensure that your recommendations are of the highest value to your customer?
Here’s one definition of knowledge: The fact or condition of knowing something with familiarity gained through experience or association. So, knowledge is obtained by doing. And gaining knowledge about technology can also be obtained by working on similar models and technology. You can learn through association. From this, you can conclude that if many people do the work, you obtain enough knowledge to provide the best advice. Or do you?
The ability to absorb knowledge varies from person to person. And so do the areas in which people can absorb knowledge. So, there’s no simple, black-and-white knowledge management model to apply. But one thing is clear: to be able to provide good assessments, knowledge is key.
The most common way is to have many people covering small areas. And it’s easy to attain and maintain knowledge levels with more and different people. But how is the knowledge then obtained, and doesn’t this make you less scalable and efficient? Who can ensure that the experience and association can be obtained? And how do you account for churn of people and thus knowledge? To obtain a high level of knowledge, you need many people.
A commonly-used phrase is “Stand on the shoulders of giants.” And yes, this is a good concept. It means you learn from the best, so you can obtain the experience and association in the best possible manner. But this also requires you to have giants, something that’s often scarce, and that the giants can take the time to provide you with the experience and association. It also requires that the giants can continue to expand on their own knowledge.
I think knowledge is, like most things in life, best achieved and maintained by combining both worlds, applying a hybrid approach. So, use the giants, and also let them learn from the many. That will leave you less dependent on your giants as the knowledge is spread across more people. Also, the knowledge of the others is still relevant for the giants to learn from, albeit a bit more fragmented. Knowledge management then becomes key to achieving an optimal balance between effort and effect. Do, however, make sure that people are able to evolve into a giant. This way, your breadth and depth of knowledge is optimal for your organization:
So what about that knowledge management model I referred to in the beginning of this blog? Well, defining your knowledge management makes it easier to obtain and attain experience and association. That’s vital to making the best use of your giants, but also allows the others to benefit most from the giants’ knowledge. For this, define your key knowledge areas, define your current and required future knowledge levels, and make a plan on how to obtain and maintain it. This way, customers still get the best possible advice with specific, relevant and actionable recommendations, without the need to have the giants be part of all assessments.
It’s important to stand on the shoulders of giants, but make sure you leverage the strength of all of your people. There’s a saying in Dutch that nicely captures the best approach to knowledge management, “Het meervoud van kennis is kennissen.” The English equivalent would be:
“Stand on the shoulders of the many.”
Team Lead, Security and Guidance Consultancy
We'll keep you posted on the latest news, events, and publications.