Episode 31 – Security architecture: Rick Smith
Updating the “plumbing” is not sexy. Looking at measures being put in place to avoid the worst case or deal with it when it happens is not fancy. Educating people and reminding them on being alert is exhausting.
However, the topic of Security and Security Architecture is one of the most important things to do, now that we outgrow the industrial age and move into the information age. In this episode of the What’s Your Baseline Podcast we are talking with Rick Smith about Security Architecture.
Rick has over 18 years of experience in managing information systems to include, developing policies, portfolio management, writing programs and procedure development for information assurance programs. His various roles include a Network Administrator/Manager, Threat Analyst Subject Matter Expert, IA Strategic Planning and Database Manager. He is proficient in certification and accreditation policy and procedure including DoD policy, intelligence community policy, United States Postal Service (USPS) AS805, and NIST guidelines. He also has experience in cyber security architecture development for these same organizations.
Rick has developed and taught CISSP classes. He has developed his own curriculum and approach in helping candidates become a CISSP.
In this episode we are talking about:
- What is Security Architecture?
- Define mission, threat
- Policies and SOPs need accountability, the need for education
- Digital natives and their approach to security – leading to decentralized security architecture
- How to approach threats
- How to mature your organization’s security by using NIST’s Cyber Security Framework CMMC and security self assessments
- Implement the framework
Rick can be found on LinkedIn here: https://www.linkedin.com/in/ricksmth477.
Please reach out to us by either sending an email to hello@whatsyourbaseline.com or leaving us a voice message by clicking here.
Ep. 31 – Security Architecture: Rick Smith – What's Your Baseline? Enterprise Architecture & Business Process Management Demystified
Additional information
- We are referring to two other episodes of the podcast that you might want to listen to:
- CMMC maturity model: OUSD A&S – Cybersecurity Maturity Model Certification (CMMC) (osd.mil)
Rick’s daily reads:
- https://www.cisecurity.org/
- https://www.databreachtoday.com/
- https://resources.infosecinstitute.com/
- https://www.reddit.com/r/cyber/
- https://krebsonsecurity.com/
- https://www.sans.org/blog/
Credits
Music by Jeremy Voltz, www.jeremyvoltzmusic.com
- CP1 (Welcome)
- Airplane Seatbelt (Interlude 1)
- Wurly (Interlude 2)
- South Wing (Outro)
Roland Woldt is a well-rounded executive with 25+ years of Business Transformation consulting and software development/system implementation experience, in addition to leadership positions within the German Armed Forces (11 years).
He has worked as Team Lead, Engagement/Program Manager, and Enterprise/Solution Architect for many projects. Within these projects, he was responsible for the full project life cycle, from shaping a solution and selling it, to setting up a methodological approach through design, implementation, and testing, up to the rollout of solutions.
In addition to this, Roland has managed consulting offerings during their lifecycle from the definition, delivery to update, and had revenue responsibility for them.
Roland has had many roles: VP of Global Consulting at iGrafx, Head of Software AG’s Global Process Mining CoE, Director in KPMG’s Advisory (running the EA offering for the US firm), and other leadership positions at Software AG/IDS Scheer and Accenture. Before that, he served as an active-duty and reserve officer in the German Armed Forces.
