Notes in the margin¶
The ways security programmes fail tend to rhyme, and few of them are technical. A finding lands as blame, so the report gets softened. No one in the room has the authority to act on it. A threat model describes the network as it was assumed to be eighteen months ago, and the same class of incident arrives on a quarterly cycle. None of that is a tooling gap.
Gerald Weinberg spent decades watching software teams work under pressure. Virginia Satir spent hers on how people communicate when they feel threatened. The adult Montessori framing turns both into a way of designing places where people actually learn. Read together, they change what gets looked at, what gets asked, and what counts as a finding.
Last updated: 1 July 2026