Architecture is a hard sell in some organizations but Security Architecture is doubly hard. Everyone would agree that the idea of addressing concerns systemically is desirable but the challenge is understanding and communicating the benefits of front loaded project thinking. The sentiment in today’s DevOpsy Agile world is that design documents are a impediment to good progress. I can understand how overthinking and over documenting hurts a project. However, no documentation at all is like trying to find worms without a flashlight. I think the real truth is somewhere in between.