A Weekly Dose of Sanity and Insights Into The World Of The Enterprise Security Architect

If you're a security architect who's been struggling to get out of being stuck with sifting through an endless stream of security assurance work because you know there's a better way...

...then this is the podcast for you.

Each and every week, I share brief stories, insights, lessons and tips about how to be a more effective security architect so you can help your organization build a more effective security program.

I will warn you, however, that this show is intentionally contrarian and challenging to the established definitions and dogma of our profession—especially when it comes to security architecture. Because security architecture is a whole lot more than the infrastructure of your organization's technical security controls.

Security architecture is the entire system of people, processes and technologies that ensures value gets created, delivered and protected during the day-to-day operations of your organization.

Security architecture seen this way is really a risk management architecture, and that means you're likely to be both struggling with the structures of your organizations to do the job you need to do...

...and stepping on the toes of all the other "architects" too.

There is a better way, but you have to start to think differently about both security and security architecture. So, if you're ready to do that, then dive in, and let's get started building a more effective security program in your organization...

...with you, and the way you do the work you do.

Here's just a small sample of the types of things you can expect to here about on this show:

Why enterprise security architecture – and security architecture in general – is so different than what people understand it to be

How to get the maximum value and results from your investment in learning the SABSA® methodology

The reason many security architects struggle to "fit in" with the rest of their "domain architect" brethren in an enterprise architecture practice

How TOGAF® isn't all people think it is—and why it even gets in the way of doing security architecture properly if you let it

The main differences in thinking and skillsets between a security architect and a security engineer

How you can truly "shift left" your security program by integrating AppSec into the rest of your enterprise security architecture the right way

The critical differences between a risk-based and control-based approach to security architecture

Why you'll never really excel as a security architect until you're ready to understand both the business you're trying to protect and what your security customers care about

The "secret" to battling the ever-expanding complexity of the modern organization when you're trying to keep it "secure"

Why there can never be an abstract, all-encompassing definition of security (and what this means to you as a security architect)

...and much, much more!

The definition and value proposition of security architecture

January 15, 2023

Why most security architects aren’t really “architects” at all

January 8, 2023