This episode is dedicated to John Sherwood (1947-2025) who founded the SABSA Institute with David Lynas, where he was the Chief Architect of the SABSA methodology. A pioneer in his own right, John’s legacy will continue through the future efforts of the SABSA Institute. 

The path from code to comprehensive security architecture rarely follows a straight line. In this enlightening conversation, security architects Stephen Bradley and Bonnie Demeyer reveal how their diverse backgrounds—Stephen as an electronics engineer turned software developer, and Bonnie from sales to project management—converged to create innovative approaches to enterprise security.

When traditional security functions operated like "police raids" on projects, Stephen and Bonnie pioneered a collaborative approach that engaged teams during design phases rather than punishing them after implementation. This fundamental shift transformed security from an obstacle to a valuable service, seamlessly integrated into development processes.

Their breakthrough came through visualization. "Human comprehensibility works very well with visual media," Stephen explains, highlighting how diagram-based approaches dramatically outperform text-heavy documentation. By combining The Open Group ArchiMate® modeling language with SABSA (Sherwood Applied Business Security Architecture) methodology, they created a powerful framework that bridges technical and business perspectives.

This integration yields remarkable benefits for compliance challenges. Rather than wrestling with disconnected regulatory frameworks, their model-based approach normalizes requirements into a unified data structure, enabling organizations to identify gaps through automated queries rather than manual cross-referencing. The result? Consistent, traceable security implementations that support real business objectives.

For aspiring security architects, their advice emphasizes structured thinking, collaborative problem-solving, and confidence that persistence leads to solutions—even when the path isn't immediately clear. The most effective security professionals combine technical expertise with business acumen, communicating complex concepts clearly while demonstrating tangible value.

Want to explore these concepts further? Check out "Modeling Security with ArchiMate®" in The Open Group Library, or visit the SABSA Institute website to learn how visualization can transform your security practice.

Send us a text

Copyright © The Open Group 2023-2025. All rights reserved.