Engineering the Future of Software
Feb 25–26, 2018: Training
Feb 26–28, 2018: Tutorials & Conference
New York, NY

How to address security as collective systems

James Stewart (
9:00am–12:30pm Monday, February 26, 2018
Secondary topics:  Hands-on
Average rating: ****.
(4.00, 5 ratings)

Who is this presentation for?

  • Technical architects, product managers, and security architects

Prerequisite knowledge

  • A basic understanding of the importance of security

Materials or downloads needed in advance

  • Paper and a pen

What you'll learn

  • Understand the importance of having clear models for capturing and communicating the high-level set of threats that security activities will be defending against, why effective security thinking must be part of the overall service design in an organization, and how a well-developed understanding of threat and risk can help teams think broadly about security issues and solutions
  • Learn how to articulate the types of threat actors relevant to your systems, their motivations, and their capabilities and use that articulation to inform all elements of business and system design, development, and operation
  • Discover how to maintain common understanding of the security landscape across a team


Architects are often the ones making the decisions about how to build in the right security for systems while making systems usable and delivering them on time. It can be tough to get buy-in to do the right thing, particularly as we increasingly recognize that security isn’t purely a technical consideration but is instead about systems as a whole: technology, human behaviors, and basic design decisions. Security needs to be everyone’s problem to solve and responsibility to understand. It’s vital that modern teams are able to understand the security issues affecting their work so that team members are aligned and can communicate their challenges clearly to the rest of their organization.

James Stewart shares techniques for considering security of whole systems and explores ways of bringing together cross-disciplinary teams to collectively own secure designs. You’ll learn strategies for understanding the various types of bad actors who want to break the systems and ways to help the whole team contribute to a conversation about how to address those issues and prioritize them against other user needs.

Photo of James Stewart

James Stewart

James Stewart is an independent consultant helping senior leaders embed modern technology and security in their strategies and lead transformational change. Previously, James was a cofounder of the UK Government Digital Service and served as deputy CTO of the UK government, where he was instrumental in the UK government’s use the public cloud, embrace of open source, and changing approach to security, all with the goal of increasing government’s ability to focus on user needs. James speaks regularly around the world on organizational transformation, technology strategy, and cybersecurity.

Comments on this page are now closed.


Picture of James Stewart
03/04/2018 7:49am EST

I’ve just uploaded the slides. Sorry for the delay.

Picture of Ruben Sousa
03/04/2018 5:20am EST

Hi, are there any slides available for this tutorial? Thanks.