Core ideas of Satir systems OD¶
Virginia Satir developed her work originally in family therapy. It was extended by Gerald Weinberg and others into organisational settings. The core observations hold across both contexts because they describe how people behave under stress, and stress is not unique to families.
The system shapes behaviour¶
Every person operates within a network of relationships, processes, and expectations. Behaviour emerges from that network, not only from individual character. This means that changing behaviour requires changing the conditions in which people operate.
In security this is an important correction to the framing that treats security failures as personal failures. A developer who took a shortcut was operating in a system that rewarded speed and obscured the consequences of shortcuts. An analyst who missed the alert was operating in a system that produced more alerts than any person could meaningfully triage. Trying to change individual behaviour without changing the system usually produces temporary improvement followed by regression.
Communication patterns under stress¶
Satir identified recurring patterns in how people communicate when they feel threatened or under pressure. These patterns are attempts to manage the stress, not character flaws, and they are consistent across different people and contexts.
Placating: agreeing, appeasing, avoiding conflict. In a security context this shows up as teams that tell auditors and security reviewers what they want to hear rather than what is accurate.
Blaming: directing fault outward, defending position. This shows up in post-incident reviews that identify a responsible individual rather than a systemic condition, and in the reluctance to report near-misses because someone will be held accountable.
Computing: retreating into logic and procedure, avoiding the emotional content of a situation. This shows up as security teams that respond to human problems with policies, and policy problems with more detailed policies.
Distracting: deflecting, changing the subject, disengaging. This shows up as an organisational tendency to treat security concerns as someone else’s problem until they become impossible to ignore.
Congruence¶
Congruence is alignment between what one says, what one feels, what one intends, and what the context requires. Many call that “authenticity” for short. It is both goal of healthy communication and diagnostic for its absence.
In an organisation, incongruence can show up in a gap between stated policy and actual practice, between incident response plan and what happens in an actual incident, between a security culture described in recruitment materials and the one experienced by people working in it.
Satir’s argument is that congruence is not a nice-to-have. It is the condition under which trust is possible, and without trust, information does not flow. In security, that means the things people know about the actual state of the environment do not reach the people who need to act on it.
Resistance as diagnostic¶
Satir’s approach treats resistance as information about the system rather than as obstruction to be overcome. When people resist a change, they are signalling something about their experience of the current situation and their expectations of the proposed one.
This overlaps directly with ChangeShop: the resistance is a map. The question is what it maps.