The IASA Architecture Competition – Entry #4
As you may (or may not) have read, I am (still) involved in the local (Seattle) chapter of Iasa first ever IT architecture competition. Team Skyscraper has delivered their second set of deliverables and are now in the home stretch. With the business requirements and conceptual architecture being the first set of deliverables, this past weekend they had to submit software, infrastructure and security architectures, and the technology stack they chose.
We are all coming back from holiday and starting a new quarter at university so the team is a bit busy, but we did have three team members in for the team meeting. The biggest concerns they had were: what needs to be in a security architecture and what is the reasoning for having a technology stack selected. For the security architecture concern, I gave them my opinion on what insight a security architecture needs to convey, specifically for the use case the competition is solving for. I also introduced them to Scott Paddock, a security architect with AWS who provides tons on insight and locations Team Skyscraper should be aware of. The first Scott’s resources was OWASP and the list of top 10 threats that is maintained there. Scott went over each of the items and gave an example and then suggested they need to understand how each would be mitigated by their architecture. Then we discussed NIST and SANS for security guidance and up-to-the-minute information on security attacks and breaches. We wrapped up the security discussion by talking about whether staying on a private network or making the solution Internet-enabled was a better approach, and the tradeoffs needed to make the decision.
Next, we tackled the technology stack concern. We had an interesting conversation on how you go about picking a technology stack and what considerations you want to use in the selection process. I described how Team Skyscraper would go about costing out solutions to include startup costs for implementing the solution as well as operational costs for maintaining the solution. We discussed considering the cost of talent, looking at the staff to see what skills the current staff has for creating and operating the solution, looking at the company and choosing between large and small companies that sell products, and whether or not vendor lock-in would be a concern.
While Team Skyscraper did give me access to their working repository I was a bit surprised at how confident they were in submitting documents without asking for a review by me. At the end of the month, the solutions will be judged and each team will do their presentation. I suggested they practice their presentation several times prior to the event and gave other tips of structuring a presentation. I also suggested that if they could prototype a solution it would provide them great value.
I cannot wait to have them deliver their presentation the next time we meet. It’s all coming down to the wire now!
Miss an IASA Architecture Competition update? View past blogs in this series below!