About Security Brutalism
We live in an increasingly complex and noisy tech world, organizations often get bogged down in a proliferation of security tools and overly complicated strategies. Security Brutalism offers a contrasting philosophy: a return to the fundamental principles of security, prioritizing robust core controls, transparency and openness, and functional efficiency over complexity. This approach aims to build a resilient and understandable security foundation that effectively mitigates key risks without the unnecessary overhead and opacity that can plague modern security programs.
Security Brutalism helps focusing on what truly matters and ensuring everyone understands the "why" behind the security measures, leading to a stronger security culture and a more defensible organization.
In short: What you see is what's enforced; what breaks doesn't collapse the system; and what remains is strong and recoverable.
The Why Behind Security Brutalism
I’ve been in the security field for over 20 years, working across nearly every aspect of it. However, in the past decade, I’ve seen how security has become flooded with vendors offering random solutions, each claiming to solve problems we didn’t even know we had. Meanwhile, regulations continue to pile on new requirements, only adding to the complexity. This has made it increasingly difficult to prioritize what actually needs attention, especially when it comes to identifying the real gaps and issues that need fixing.
We’re facing a growing need for resources, yet budgets keep shrinking. Alerts are flooding our monitoring systems, but we have no clear understanding of their root causes. New controls are being implemented, but they often fail when put to the test.
And the people who should be benefiting from security still don’t fully understand it.
This is the reason behind Security Brutalism. It's a return to a no-nonsense, transparent, and robust approach to security, prioritizing effectiveness, simplicity, clarity, and resilience over superficial aesthetics.
My goal was to develop a security program centered around simplicity and strong fundamental protections. Similar to its architectural style counterpart, it focuses on a raw, functional, unadorned, and genuinely straightforward approach to security. You can read more on the Security Brutalist Blog.
If you need to contact me, please send a message to info @ security brutalist dot com.
Disclaimer
Important Note: The opinions expressed in this site are mine, and are not official statements of my current or past employer, current or past team, current or past customers, or anyone else but mine.
The information and suggestions in this site are provided as is, and without a warranty of any kind. You assume all risks that might come from following or using anything on this website. I am not responsible if things don't work, things get broken, or security gets bypassed or compromised. You are the only responsible party here. If you don't agree, do not read this website, and do not apply anything depicted here.