Policy Architecture Archives

May 12, 2020

How to turn 53,426 words of security policy into usable security architecture

Here’s an interesting question for you to think about: What’s the relationship between security policy and security architecture in your organization? I mean, how related and/or connected do you think they are? True story: In one of the organizations I work with, they actually had a fairly good structure and scope to their information security […]

November 3, 2019

The two key dimensions of Agile Security

Some people think agile is about going fast and being unconstrained by processes. That’s part of it, but that aspect alone is also not that far from the definition of anarchy: a state of disorder to due the absence of authority. What agile is really about is being able to make effective decisions, and that […]

Want to get DAILY email tips on how to build a more effective security program so you can prove your security investments deliver value to the business?

Andrew is a highly skilled and experienced information systems architect and consultant, which in my view is a rare thing. He is innovative in his thinking and merits the title of 'thought leader' in his specialist domains of knowledge—in particular the management of risk. Andrew has embraced SABSA as a framework and, in doing so, has been a significant contributor to extending the SABSA body of knowledge."

— John Sherwood, Chief SABSA Architect

"Fabulous person to work with. Very engaging and insightful. Extremely good technical knowledge with ability to relate concepts together and overcome differing opinions. Makes things work."

— Kevin Howe-Patterson, Chief Architect, Nortel - Wireless Data Services

"Andrew was able to bring clarity and great depth of knowledge to the table. His breadth of thinking and understanding of the business and technical issues along with a clear and effective communication style were of great benefit in moving the process forward towards a successful conclusion."

— Doug Reynolds, Product Manager, MobileAware

"Andrew is a fabulous consultant and presenter that you simply enjoy listening to, as he manages to develop highly sophisticated subjects in very understandable way. His experience is actually surprising and his thoughts leave you without considerable arguments for any doubts in the subjects he covers."

— Biljana Cerin, Director, Information Security and Compliance

Practice Areas