Core ideas of Satir systems OD¶

Virginia Satir developed her work originally in family therapy and it was extended by Gerald Weinberg and others into organisational settings. The core observations hold across both contexts because they describe how people behave under stress, and stress is not unique to families.

The system shapes behaviour¶

Every person operates within a network of relationships, processes, and expectations. Behaviour emerges from that network, not from individual character. This means that changing behaviour requires changing the conditions in which people operate, not just instructing people to behave differently.

In security this is an important correction to the framing that treats security failures as personal failures. The developer who took a shortcut was operating in a system that rewarded speed and obscured the consequences of shortcuts. The analyst who missed the alert was operating in a system that produced more alerts than any person could meaningfully triage. Changing the individual without changing the system produces temporary improvement followed by regression.

Communication patterns under stress¶

Satir identified recurring patterns in how people communicate when they feel threatened or under pressure. These patterns are attempts to manage the stress, not character flaws, and they are extremely consistent across different people and contexts.

Placating: agreeing, appeasing, avoiding conflict. In a security context this shows up as teams that tell auditors and security reviewers what they want to hear rather than what is accurate.

Blaming: directing fault outward, defending position. This shows up in post-incident reviews that identify a responsible individual rather than a systemic condition, and in the reluctance to report near-misses because someone will be held accountable.

Computing: retreating into logic and procedure, avoiding the emotional content of a situation. This shows up as security teams that respond to human problems with policies, and policy problems with more detailed policies.

Distracting: deflecting, changing the subject, disengaging. This shows up as the organisational tendency to treat security concerns as someone else’s problem until they become impossible to ignore.

Congruence¶

Congruence is the alignment between what you say, what you feel, what you intend, and what the context requires. Many call that “authenticity” for short. It is both the goal of healthy communication and the diagnostic for its absence.

In an organisation, incongruence shows up in the gap between stated policy and actual practice, between the incident response plan and what happens in an actual incident, between the security culture described in recruitment materials and the one experienced by people working in it.

Satir’s argument is that congruence is not a nice-to-have. It is the condition under which trust is possible, and without trust, information does not flow. In security, that means the things people know about the actual state of the environment do not reach the people who need to act on them.

Resistance as diagnostic¶

Satir’s approach treats resistance as information about the system rather than as obstruction to be overcome. When people resist a change, they are signalling something about their experience of the current situation and their expectations of the proposed one.

This overlaps directly with ChangeShop: the resistance is a map. The question is what it maps.