We are cybersecurity strategists, architects, and writers.

SERVICES

Security Content Development

We are cybersecurity strategists, architects, and writers and can develop reports, white papers, or briefings including original research, expert insights, or recommendations for best practices and solutions.

  • Educational primers
  • Briefing backgrounders
  • Business cases
  • Architecture or risk reviews
  • Leadership advisories
  • Risk analyses
  • Marketing position papers
  • Internal or decision support tools

 

Our deliverables help organizations improve security strategies, clearly articulate architectures or requirements, educate their employees, or promote their products and services to potential customers.

Developing or Reviewing Architectures

We can help security leaders develop, review, or approve security or identity management architectures and align them with the business. Includes:

  • Providing workshops or position papers to align teams up front on business drivers, strategies, or architecture principles and methodologies to use
  • Facilitating or helping your team develop a “fast track” architecture and requirements specification for specific security projects or initiatives
  • Providing an independent third party review of current architecture specifications, or de facto conditions.

All architecture services generally include a form of rapid security and risk assessment of the in-scope business environment and security programs as well as written observations and recommendations.

Providing Leadership Coaching

Focuses on empowering organizations to build comprehensive and resilient security and programs to handle the complex landscape of modern cybersecurity threats, technologies, business, and compliance requirements. Includes advice and assistance with:

  • Security Assessment: Assist security leaders in continuously evaluating current state against business risks, requirements, capabilities and security or compliance standards.
  • Security Program Development: Help develop or manage an effective and resilient people, process, and technology program, including the creation of strategic charters and policy structures to maximize staff productivity and business alignment.
  • Tailored Risk Management: Help define and integrate the organization’s unique risk management program, from specifying a suitable risk taxonomy to conducting risk assessments, to prioritizing controls and investments while emphasizing clear risk communication and reporting structures.

ABOUT

Principal Consultants

dan blum headshot

Dan Blum

An internationally recognized cybersecurity strategist, author, and consulting analyst. Formerly, he was a Golden Quill award-winning VP and Distinguished Analyst at Gartner and one of the founding partners of Burton Group, he established Security Architects Partners in 2014 and has advised numerous clients on cybersecurity risk, architecture, and strategy.

With over 30 years experience in IT, security, risk, and privacy he has served as the security leader at several startups and advised 100s of large corporations, universities, and government organizations. He is a frequent speaker at industry events and has written countless research reports, blog posts, and byline articles. He recently developed the Multicloud Security Reference Architecture for Techvision Research and wrote the book “Rational Cybersecurity for Business,” which was published in 2020.

A Founding Member of the Kantara Initiative’s IDPro group and once honored as a “Privacy by Design Ambassador”, Mr. Blum has also authored two additional books, written for numerous publications, and participated in standards or industry groups such as ISACA, the FAIR Institute, IDPro, CSA, OASIS, Open ID Foundation and others. He earned CISSP and Open FAIR certifications in 2005 and 2017.

Doug Simmons

Doug brings more than 25 years of experience in IT security, risk management and identity and access management (IAM). He focuses on IT security, risk management and IAM.  Doug holds a double major in Computer Science and Business Administration.

 Doug has performed hundreds of engagements for large enterprise clients in multiple vertical industries including financial services, health care, higher education, federal and state government, manufacturing, aerospace, energy, utilities and critical infrastructure.

Core competency areas for these engagements include risk management, security governance, security assessments, identity lifecycle provision and workflow process automation, authentication, access management, PKI, role engineering, federated identity management, cloud security, mobile device security, data protection and privacy and network security zoning architectures and physical/logical convergence.

The Book: Rational Cybersecurity for Business: The Security Leaders’ Guide to Business Alignment

Download a high-fidelity electronic PDF or purchase the book here. Kindle version available from Amazon. rational cybersecurity book

Misalignment between security and your business can start at the top at the C-suite or happen at the line of business, IT, development, or user level. It has a corrosive effect on any security project it touches. But it does not have to be like this. Use the guidance in this comprehensive field guide to gain the support of your top executives for aligning a rational cybersecurity plan with your business. You will learn how to improve working relationships with stakeholders in complex digital businesses, IT, and development environments. You will know how to prioritize your security program and how motivate and retain your team. Author Dan Blum presents valuable lessons learned from interviews with over 70 security and business leaders. You will discover how to successfully solve issues related to cybersecurity risk, operational security, privacy protection, hybrid cloud management, security culture or user awareness, and communication challenges. This open access book presents six priority areas to focus on to maximize the effectiveness of your cybersecurity program: risk management, control baseline, security culture, IT rationalization, access control, and cyber-resilience. It identifies common challenges and recommends good practices for businesses of different types and sizes. It also includes more than 50 specific keys to alignment.

Who This Book Is For

Chief Information Security Officers (CISOs) and other heads of security as well as security directors or managers, security architects and project leads, and other team members providing security leadership to your business.

What You Will Learn

  • Improve your security culture: clarify security-related roles, communicate effectively to businesspeople, and hire, motivate, or retain outstanding security staff by creating a sense of efficacy
  • Develop a consistent accountability model, information risk taxonomy, and risk management framework
  • Adopt a security and risk governance model consistent with your business structure or culture, manage policy, and optimize security budgeting within the larger business unit and CIO organization IT spend
  • Tailor a control baseline to your organization’s maturity level, regulatory requirements, scale, circumstances, and critical assets
  • Help CIOs, Chief Digital Officers, and other executives to develop an IT strategy for curating cloud solutions and reducing shadow IT, building up DevSecOps and Disciplined Agile, and more
  • Balance access control and accountability approaches, leverage modern digital identity standards to improve digital relationships, and provide data governance and privacy-enhancing capabilities
  • Plan for cyber-resilience: work with the SOC, IT, business groups, and external sources to coordinate incident response and to recover from outages and come back stronger
  • Integrate your learnings from this book into a quick-hitting rational cybersecurity success plan

CONTACT US

Contact Us
First
Last
Skip to content