Monday, March 09, 2009
Enterprise Architecture: The Human Value Proposition...
The hardest part of enterprise architecture is balancing doing the right thing even when it flies in the face of perception management...
Today, I was at the car dealership and ran across someone I worked with in the past and have the utmost respect for. In inquiring about his new employer, he indicated that there were certain aspects of his past employers he actually missed. One of the most telling comments he shared with me was how his organization's culture avoided confrontation and made it more difficult to do the right thing.
So, how do enterprise architects get measured at annual review time and is this different than how they should be measured? As a member of the most vibrant OWASP community, I have observed a pattern that somewhat explains why pretty much every IT security professional I respect is a consultant and not a full-time employee of any enterprise. Being a security professional, you have to be the bearer of bad news. Sure, you can always improve your delivery but over time this works against you as an employee. If you are in a perception-oriented culture and not one that respects technical excellence and demonstrated ability, why would you want to be labeled as the bearer of bad news?
Security consultants unlike their brethren in large enterprises get to isolate themselves from the perception aspects and in fact are embraced for bringing bad news. We all know that the compensation between independent consultants and employees of large enterprises is out of balance, but in the security space it is more skewed than any other domain.
Ever notice how many enterprise architects just hang back just a little and aren't fully engaged? While the business observes lack of alignment, IT observes the survival instinct kicking in. Enterprise architecture has so much potential but it is being stifled in many shops based on how they measure their employees...
| | View blog reactionsToday, I was at the car dealership and ran across someone I worked with in the past and have the utmost respect for. In inquiring about his new employer, he indicated that there were certain aspects of his past employers he actually missed. One of the most telling comments he shared with me was how his organization's culture avoided confrontation and made it more difficult to do the right thing.
So, how do enterprise architects get measured at annual review time and is this different than how they should be measured? As a member of the most vibrant OWASP community, I have observed a pattern that somewhat explains why pretty much every IT security professional I respect is a consultant and not a full-time employee of any enterprise. Being a security professional, you have to be the bearer of bad news. Sure, you can always improve your delivery but over time this works against you as an employee. If you are in a perception-oriented culture and not one that respects technical excellence and demonstrated ability, why would you want to be labeled as the bearer of bad news?
Security consultants unlike their brethren in large enterprises get to isolate themselves from the perception aspects and in fact are embraced for bringing bad news. We all know that the compensation between independent consultants and employees of large enterprises is out of balance, but in the security space it is more skewed than any other domain.
Ever notice how many enterprise architects just hang back just a little and aren't fully engaged? While the business observes lack of alignment, IT observes the survival instinct kicking in. Enterprise architecture has so much potential but it is being stifled in many shops based on how they measure their employees...
