What was a capability? We are using the easy definition of a capability. We are just say a capability is the ability to do something. It may be with technology, people, a natural resource, or combinations of all or more of those things. For Information Security we are looking at the things we do for security and risk management. Or maybe more importantly the things we want to do. Abilities for InfoSec We can list out and group together all the behaviors we would expect for a particular domain.

On Flying Time It has been a busy year. A lot of time was spent actually working with AWS and a good many of their offerings. So much time that the whole year flew by and I almost didn’t have the time to take the certification I had been working on for so long. Another issue was that test centers were still not open in my area so the testing had to be proctored.

Certification Path Amazon has several paths for certification that target different job roles. Having an architecture and a security background I decided to move towards the full AWS Solution Architect first then pursue a security specialty later on if it seemed valuable. The first place to start is an overview for the learning paths After looking at the prerequisites my certification path looks like this: Cloud Practitioner -> Solution Architect-Associate -> Solution architecture

There is a new menu option dedicated to modeling called Models. The current model is in the Archi format and is easily downloadable. It covers all the capabilities we have discussed up to this point. As we move forward we will add more to this model and build out other artifacts that support our architecture vision. We may even get adventurous and include a PowerPoint or two. Up Next More architecture of course!

All the Way Down We continue our series on using capabilities to our advantage in creating design and architecture. We will cover how we can model information security all the way down. This section, like the section on Cloud Capabilities, begins with the layout of those abilities. We also have to remember that capabilities are the highest level or the highest description we will be using. The actual behaviors and implementations will be much more detailed.

Mapping If you are not familiar with Simon Wardley and his world of mapping you need to first jump over to his blog-book on mapping. It is a detailed set of pages that are well worth your time to read through and practice. Quality Attributes Quality Attributes (QAs) are those non-functional traits that we try to describe and require when designing processes, systems, and software. They describe a quality of the thing in question.

If you missed it, read the first post on Foundations for Cloud Capabilities. We will be building on that as we expand our design. Foundational Areas We covered these foundational areas in the first post. We will finish out our list so we can begin looking at architecture mapping processes. Governance Environments Request and Provisioning Backup and Recovery Disaster Recovery Cost Management We will finish the descriptions for the rest of the list.

A Survey If you missed it, read the post on Cloud Capabilities first. We will be building on that as we expand our design. This is a pretty long and involved topic so will be broken into a couple of posts. The first post or two will describe all the foundational elements that may be needed. Then we will move into more architectural direction and artifacts to use in the process.

Cloud Service Provider Capabilities What do we have the ability to do? Or even better, what do we want to be able to do? It sounds like an easy question and it is asked all the time for all domains. As we do any type of design it always helps to have definitions and groupings of your abilities. This allows you to compare, explain changes, and explain gaps in a consistent manner.

Security BSides You probably already know about Security BSides and how they came about. If not jump on over to BSides to get the scoop. There are many BSides events around the Chattanooga area. We have them in Knoxville, Nashville, Asheville, Atlanta, and Huntsville just to name the ones that come to mind. Chattanooga is a growing tech community and has many large and small businesses that have security concerns.