THE SECURITY BRUTALIST

Workflows

In Brutalist Security Meets Team Of Teams: Part 1, I mentioned that a Team of Teams, as described by Gen. McChrystal, creates a shared understanding, allowing quicker detection and coordinated response. In the third paragraph on that post, I wrote:

"For example, if threat intel spots a new tactic, vulnerability management can scan for exposures, incident response can prepare playbooks, and IT can rapidly deploy fixes or adjust controls. This distributed, real-time collaboration leads to faster, more effective defense."

This quote got me thinking about the types of workflows we can identify that support stronger security while also encouraging more proactive collaboration between technical and leadership teams.

I’ll leave this as an open question for everyone to explore, though a number of flows come to mind:

  1. Threat Intel spots a new tactic → Vulnerability Management scans for exposures → Incident Response prepares playbooks → IT deploys fixes or adjusts controls.
  2. Vulnerability Disclosure reported → Security Engineering assesses exploitability → Development prioritizes patching → Infra and Development deploys patches.
  3. Security Testing identifies a gap → Security Engineering designs a control → IT implements the control → Security validates the implementation.
  4. User Behavior Analytics flags anomaly → Security Operations Center investigates → Incident Response contains if malicious → IT remediates affected systems.
  5. Infrastructure Change planned → Security Architecture reviews for risks → Infrastructure Engineering builds securely → Security Testing validates.
  6. Security Testing finds flaw in a webapp / product → Development fixes the code → Security Testing verifies the fix → Development deploys the updated scripts to the CI/CD pipeline.
  7. Phishing Campaign detected → the Security Department updates training → Security Operations Center and Engineering blocks malicious infrastructure → IT reviews email controls.
  8. Data Loss Prevention system triggers → Security Operations Center investigates the incident → Data Governance reviews policies → IT refines DLP rules.
  9. Performance Monitoring shows unusual activity → IT Operations investigates system health → Security Operations checks for security implications → Infrastructure Engineering optimizes resources.
  10. New Regulatory Requirement emerges → Compliance defines standards → Security Engineering translates to technical controls → All Teams implement relevant aspects.

What other workflows exist? Which ones can we automate? How might we simplify and strengthen security by applying the principles of Security Brutalism based on these workflows?

Let me know.