Training and Education
The book's development originated from internal courses offered to employees of a global IT company and MSc degree modules assessed at two UK universities. We will discuss the book's history, course structure, and delivery below.
New Courses
If you have an interest in setting up a degree module, a training course or having a course run based on the content from the book, please contact Mark Buckwell for a discussion.
Training Structure¶
Across both universities and companies, the teaching of architectural thinking practices for secure design takes place in sequence for each stage of design. Each stage involves a lecture using the first case study, teams working together to develop artifacts (pictures and tables) using a second case study, and feedback sessions where learners can receive immediate suggestions for improvement. At the end of the training, they combine all the artifacts into a solution and present it to a "CIO and CISO."
University Courses¶
The book is currently used to support two MSc degree courses at:
- University of Warwick
- University of Surrey
University of Warwick¶
The course was originally developed in 2016 for the MSc in Cyber Security Engineering and MSc in Cyber Security Management at Warwick Manufacturing Group (WMG) at the University of Warwick. The idea was to teach students some practical skills used in industry to develop secure systems using architectural thinking techniques. The degree, including the module, was subsequently certified by the UK National Cyber Security Centre.
With WMG, an industry partner provides the course content and the assessments set by the university. When it started, the module was taught over one full week, with student team presentations at the end to show the architectural thinking that had taken place. The module now spans multiple weeks.
University of Surrey¶
Subsequently, the University of Surrey has adopted the course since 2019 for their MSc in Cyber Security The module is also part of a degree certified by the UK National Cyber Security Centre.
At the University of Surrey, an industry partner provides the course content and the assessments by industry associate tutors. Lecturers use ten weekly, 3-hour sessions to teach the module, culminating in team presentations that showcase applied architectural thinking in the final week. A case study serves as the basis for an individual written assignment.
Training Courses¶
Over 600 security architects, ranging from graduates to senior practicing professionals, have completed training using the principles documented in the book. We deliver a challenging, compressed three-day course via a face-to-face, virtual, and online learning platform. The learners receive lectures from practicing security architects, develop artifacts in teams, and present a final solution to the instructors.
Shorter Training¶
More recently where a full end-to-end course cannot be delivered, interactive two-hour virtual training sessions have been delivered to understand the principles of architectural thinking, including:
- Gathering Security Requirement
- Architectural Thinking for Security
- Architecting for Hybrid Cloud using IBM Cloud
- Architecting Security Operations
With these sessions, it provides a great starting point for learners before studying the method in depth.