Security Brutalism
For over a decade, security has chased complexity with solutions such as AI-driven detection, third party tools sprawl, and layered playbooks, while attackers continue to succeed with basic tactics like phishing and exploiting unpatched flaws. Security Brutalism responds with a doctrine of raw function, structural clarity, and enforceable controls, built for resilience in a VUCA world and grounded in the core capabilities of the systems being used. It’s a reaction to the failures of over-engineered security programs, arguing that complexity often creates more risk than it removes. Instead, Security Brutalism calls for a return to fundamentals, focusing on what’s essential, removing what’s not, and strengthening protection through clarity, minimalism, and purpose-built design.
Core Principles
- Expose the Mechanics: Make how security works transparent to users and stakeholders.
- Enforce Functionality Over Frictionless Experience: Favor transparency and user control over aesthetics — rough edges are fine if it means security is clear and uncompromised.
- Simplify to the Core: Remove anything that isn’t essential, auditable, or explainable.
A Brutalist Security approach is explicit, open, and clear.
The Program
A Brutalist Security program follows the principles of Security Brutalism, built for function, grounded in fundamentals, and intentionally free of unnecessary or unproven complexity. It prioritizes strong, enforceable controls over layered abstractions.
Security Brutalism: An Introduction to the Program
Security Brutalist Checker Tool
The Security Brutalist Checker Tool is a straightforward, checkbox-style assessment designed to evaluate the current state of security through the lens of Security Brutalism, with a focus on whether foundational controls are fully and effectively implemented.
Refer to it as a guide for aligning work with core security principles.
From The Blog