How to Work with Brutalist Security: A Guide for Engineering and Product Leaders
Brutalist Security teams don’t exist to block you. They exist to build with you. They are structural partners in product velocity, customer trust, and platform resilience.
This guide is for engineering and product leaders who want to collaborate effectively with Security in a Brutalist model—one that is fast, useful, and embedded in the business.
What is Security Brutalism?
Brutalist Security is:
- Architectural, not an addition after.
- Embedded, not reactive.
- Focused on clarity, not on complexity.
- Designed to accelerate good decisions.
In this model, security shows up early, works in your environment, and helps you build faster, cleaner systems—not just check boxes at the end.
Principles for Effective Collaboration
1. Involve Security Early—As a Co-Designer
Early collaboration prevents last-minute rewrites and builds resilience into the architecture. So invite security leads to kickoff and discovery phases and ask them to co-author threat models and abuse case assumptions.
Example: During ideation for a new export feature, you bring in AppSec to help think through data minimization and token access patterns.
2. Use Security as a Clarity Engine
Security Brutalists specialize in risk framing. They can help you prioritize clearly in ambiguous spaces. Give security open-ended design challenges, not just finished specs. They will give you questions that clarify.
Example: You’re debating where to host customer logs. Security helps articulate legal exposure, access patterns, and redundancy options—enabling better decisions.
3. Ask for Patterns, Not Policies
Brutalist Security provides battle-tested building blocks. Make sure you ask for reusable patterns or templates. Don’t try to find answers on a compliance policy, drop a Slack message asking for a quick example and ask questons.
Example: You need a secure CI/CD pipeline. Security provides a GitHub Actions template that includes SLSA compliance, artifact signing, and policy-as-code examples. All efficiently handled through automation scripts.
4. Expect Speed and Utility
Brutalist Security aims to be the most useful org in the company. Use the Security Architecture team for high-velocity design support, and help them measure their value by unblock rate, not ticket count.
Example: You’re blocked on a data classification issue. You reach out in Slack and get a usable response with examples in under one hour.
5. Join Rituals That Respect Your Craft
Security Brutalism rejects bureaucracy. It co-creates lightweight rituals that honor your time and knowledge. Security participates in weekly Security Design brainstorms and fast architecture reviews, and co-host postmortems to extract reusable design insights.
Example: After a failed deployment, you and security co-author a short story of what failed and what new design patterns emerged. That story is published internally to improve company-wide resilience.
Push Back When Security Isn’t Useful
Brutalist Security thrives on feedback. If it's not helping, it should evolve. Call out when a process is redundant, confusing, or too slow, and help refine guidance so it works better in your environment.
Example: You flag that a threat modeling form is out of sync with your architecture diagrams. Security responds by co-building a new lightweight automated model that works as an addition in Jira.
Shared Outcomes We Care About
Brutalist Security is here to:
- Protect customer trust.
- Make product delivery faster, not slower.
- Reduce fragility across systems.
- Codify risk into knowledge, not fear.
Your role is critical. You are not just a security stakeholder—you are a security multiplier.
Final Note
Working with Brutalist Security means choosing clarity over confusion, speed over theater, and design over static efforts. When we work together this way, we don’t just ship features—we build institutions that endure.
Security is not just a gate. It’s a beam. A frame. A partner in structural integrity.
Let's get it done.