This website is a resource for practical security architecture but contains information relevant to all security professionals, no matter where they are in their careers. This site is here to educate and make your work easier, whether you’re tackling complex challenges, designing secure systems, or aligning security with business goals.
You’ll find straightforward advice, actionable examples, and ready-to-use templates to help you deliver real results. Built with security architects in mind, everything here is designed to cut through the noise and focus on what works in the real world.
Explore, apply, and take your security practice to the next level—without the fluff.
I started this Controls Matrix in about 2005 as a sort of reference to add to design documents. It grew, and I found new ways to utilise it, and I still use it all the time. I offered this up for general use a number of years ago, and I know it has been downloaded, shared and used many times all over the world.
It isn't really aligned with any of the "standards" out there because, quite frankly, we have too many, and this is a tool, not something to comply with. Use it as intended and you will go some way towards being compliant with all of them. You can find downloadable versions of this in the "Models and Other Madness" page.
I’m Rob Campbell, an Enterprise Architect who happens to work in Security. I have over 30 years of experience spanning multiple sectors, including finance, insurance, government, energy, transport and technology. My career has taken me from hands-on technical roles in network and operating system support to strategic positions developing enterprise architecture and driving organisational transformation. With so many years in security there isn't much I haven't done something in.
I created this site to share the knowledge and insights I’ve gained over the years, providing actionable advice and practical tools for fellow security professionals. My passion lies in helping organisations bridge the gap between business needs and effective security solutions. I firmly believe in aligning security strategies with business objectives to ensure meaningful, sustainable outcomes.
Throughout my career, I’ve worked with industry frameworks like SABSA and TOGAF, as well as many other industry and government regulations and standards, to build security architectures that are robust, scalable, and aligned with compliance requirements. Whether it’s designing cloud security architectures or strategies, developing Security Operations Centre frameworks, or integrating DevSecOps practices, I strive to make security an enabler, not a blocker.
This site is a reflection of my commitment to the security community. It’s a free resource designed to empower professionals with the tools, templates, and guidance they need to navigate the ever-evolving cybersecurity landscape. Whether you’re just starting out or are a seasoned architect, I hope you’ll find value here.
Feel free to explore, learn, and connect. Together, we can make security simpler and stronger.
I enjoy teaching as well and have trained and mentored many during my career. I welcome approaches for mentoring, so whether the new kid on the block or a seasoned professional in need of some advice or guidance, reach out.
I don't capture anything or share, sell, or anything else to third parties.