Architecture Insights

Weekly information and insights to help you think about security architecture from a business perspective--and a whole lot differently than you probably do now! Are you a security architect looking to find a way to provide better security for your organization by doing a whole lot less work than you're doing today? Are you an enterprise, solution or application architect that wants to effectively embed security controls and countermeasures into the architecture work you do? Or are you a CISO looking to get more value out of the security architecture work your team is already doing? If you are, then you've found the right podcast, because each week, I talk about security architecture a whole lot differently than most people in order to: * get more leverage from the work you do; * work smarter and not harder; and * emphasize the conceptual architecture and design aspects of security architecture that are normally lost or overlooked by many people. To do this, I leverage the entire breadth of skills I've developed in business, marketing, psychology, management, leadership, communications and negotiation over the last 20 years of my professional career. And I integrate all of these areas from a systems thinking perspective with my background in Computer Science, software delivery, quality assurance and developing software and solution architectures for multi-million dollar projects around the world using SABSA® as the common basis to hold it all together. Each episode gives you a condensed, highly-focused tip, insight or idea about applying and integrating security into the very fabric of your organization. There's no technology. There's no product reviews. It's just all about the practice of real architecture and design necessary to help keep your organization safe. How can I do this? Because I've had a lot of practice. And over the course of using, refining and even extending the SABSA approach to enterprise security architecture, I've come up with a simple and straightforward way to help business and technology people understand not only their organizations, but the way risk and security helps people do the work they need to do. And it works no matter if you're using TOGAF®, SAFe®, Agile, DevOps, DevSecOps or even stage-gate based security reviews. In this podcast, you'll learn how to simplify the complexity normally associated with security architecture based on starting with a formalized conceptual approach. Once you have this, you'll then understand how to get real leverage in your security program by only doing the security work once--no matter what environment you re in... ...how often the technology landscape changes... ...the number of new vulnerabilities cataloged each day... ...or the newest and scariest bad guy that comes on the scene. My mantra is do the work once, and then use that work over and over again as much as you can. This approach gives you the ability to easily adapt to change, evaluate and adopt new security technologies... ...and still keep things focused on helping the organization do the work it needs to do, as quickly and safely as possible. Doing that is what being a business-driven security program is all about. But you re not going to be able to deliver it without changing the way you think about security. And you're certainly not going to do it without changing the way you think about security architecture. So, if you're ready to challenge your assumptions about what security is, how it works, and, perhaps most importantly... ...how hard it is to do... ...then have a listen to any single short episode and see what you think. And if you like it, don't forget to subscribe, so you get new tips and insights in your ears each and every single week. Stay safe, ast -- Andrew S. Townley Archistry Chief Executive