DF Kompetens has a prestigious twelve-day curriculum for IT Architects which has certified 1200+ students by now. I was privileged to guest lecture half a day about Information Security.
This was the first time we did my group exercise in identifying and categorising Security Mechanisms with generalist students - as opposed to InfoSec pros. We learned that every technical mechanism has a process aspect.
Modern IT Architects have a holistic view where tech is just an ingredient, albeit important.
(some of) my events
- 2019-05-15--17 Teknisk informationssäkerhet (teaching course, Stockholm)
- 2019-04-09--11 Operativ informationssäkerhet (teaching course, Stockholm)
- 2018-03-26 Beyond the Static InfoRisk Assessment (presenting at Åre Risk Event)
- 2019-03-06--08 Strategisk informationssäkerhet (teaching course, Stockholm)
- 2019-02-07 Säkerhetsarkitektur - ingenjörskonst eller hantverk? (hosting seminar in Falun)
Security Architecture implies plurality.
In our recent Operativ InfoSec course, my eminent colleague Sebastian Åkerman talked about nomenclature and a systemic approach with a toolbox of Security Mechanisms. If an organisation can agree on terminology, it can describe existing capabilities (as well as desired ones) with bidirectional traceability between business need and component.
When InfoSec deals with building systems one at a time, architecture can help security work mature from craft to engineering.