SECURITY BRUTALISM

Security Brutalism

To strengthen and simplify security, we should adopt a brutalist approach—one that prioritizes raw functionality, structural honesty, and directness over unnecessary complexity or obscured processes. This means embracing systems that are clear in purpose, resilient by design, and grounded in the fundamental capabilities of the technologies they rely on.

This concept draws from brutalist architecture and web design, both of which favor unembellished, utilitarian structures that reveal rather than conceal their underlying materials and construction. Central to this philosophy is the principle of truth to materials—the idea that a system should express its true nature, not hide behind decorative abstractions.

Security Brutalism, then, is about being direct, uncompromising, and function-first. It emphasizes strong, enforceable controls and clear operational visibility, valuing these over user convenience or aesthetic appeal. Its designs are simple, honest, and intentionally rough-edged—engineered to endure in the unpredictable, volatile conditions of a VUCA world.

Security Brutalism Principles

  1. Expose the Mechanics: Make how security works transparent to users and stakeholders.
  2. Enforce Functionality Over Frictionless Experience: Favor transparency and user control over aesthetics — rough edges are fine if it means security is clear and uncompromised.
  3. Simplify to the Core: Remove anything that isn’t essential, auditable, or explainable.

A Brutalist Security approach is explicit, open, and clear.

Where Do We Go From Here?

The security world has become cluttered with complex strategies and tools that add to the complexity, often making it hard for security professionals, and the tech teams that work alongside them, to see what's truly important. Security Brutalism offers a contrasting philosophy: a return to fundamental security principles, emphasizing strong core controls, transparency, and practical efficiency.

To start implementing a Brutalist Security program in a modern organization, there are several approaches you can take. Here is an example of one method, along with a runbook to help you get started.