8 Books Every Security Architect Must Read


February 25, 2016 | DevOps | joanna mastrocola


We are always trying to get better at our jobs. Although we can’t put a price on the real, hands on experience of practice, implementation, and and conversations, sometimes we need to rely on additional perspectives to paint a more complete picture.

Experts in the field of security architecture have created some great resources based on their years of learning, calling on both their successes and mishaps in crafting these helpful narratives. Although we aren’t big on “hacks” here at Conjur, as we are firm believers that putting in more work on a project will produce better results, an easy way to “hack” learning so you don’t have to go back for another advanced degree, is to read books that others have spent lifetimes creating.

So, if you’re looking to expand your horizon, absorb some expert knowledge, and crack open a book (or at least skim it), here are 8 stellar picks that every security architect can appreciate.

1. Security Engineering by Ross Anderson

This book teaches readers how to create systems that remain dependable in the face of error or malice, especially in the wake of the latest, more advanced security threats.

2. Designing Security Architecture Solutions by Jay Ramachandran 

 This book dives into system security architecture from a software engineering point of view. The author explains that strong security must be a major principle, and have great impact, in the development cycle. Must Reads for Security Architects

3. Security Metrics: Replacing Fear, Uncertainty, and Doubt by Andrew Jaquith

A Yankee Group Security Expert, Andrew Jaquith teaches readers how to craft proper security metrics based on their organization’s distinctive requirements. The piece is filled with the best practices  to help security architects define, create, and utilize security metrics in the enterprise.

4. Software Systems Architecture: Working With Stakeholders Using Viewpoints and Perspectives by Nick Rozanski and Edin Woods:

Focused on the practitioner and ideal for beginners, this guide helps readers compose and administer effective architectures for information systems. 

5. Working Effectively with Legacy Code by  Michael Feathers

Using relevant and realistic examples, this book helps practitioners to work through the messy problems that accompany legacy code.

6. Beyond Software Architecture: Creating and Sustaining Winning Solutions By Luke Hohmann

Unlike other books on the shelves, this piece deals with the business and project management aspects of software architecture.

7. Software Architecture in Practice by Len Bass, Paul Clements, and Rick Kazman

Structured around the idea of a architecture influence cycle, this book shows the different contexts (such as technical environment, the life cycle of a project, an organization’s business profile, or the architect’s professional practices) in which architecture is influenced or is the influencer.

8. Security Risk Management: Building an Information Security Risk Management Program from the Ground Up by Evan Wheeler

This book focuses on real world, practical information and techniques that can be applied on a daily basis in managing security risks. 

Read any of these books or have another that you recommend? Let us know! 





Keep up-to-date on security best practices, events and webinars.

Share This