Artwork for podcast Secured by Galah Cyber with Cole Cornford
The Architect’s Dilemma: Why Security Design Keeps Failing (and How to Fix It)
Episode 568th January 2026 • Secured by Galah Cyber with Cole Cornford • Galah Cyber
00:00:00 00:34:45

Share Episode

Shownotes

Episode Summary

Most security architects are not actually doing architecture. They are doing assurance work, following checklists, and hoping standards will save them. But as systems get more complex and attackers get faster, that approach is no longer good enough.

In this episode of Secured, Cole sits down with Ken Fitzpatrick, founder of Patterned Security and creator of securitypatterns.io, a resource built during the lockdown years that has since grown into one of the clearest frameworks for designing meaningful, context-aware security architecture.

Ken shares why so many architects fall into the trap of compliance thinking, how security design becomes a tick box exercise, and why threat modeling without understanding context is pointless. They unpack the four foundational steps every architect should follow, why traceability matters more than ever, and how modern teams can stop copying best practice and start solving the real problems in front of them.

The conversation also digs into secure by design in different industries, why the term has lost its meaning, and how modern defensible architecture is resetting expectations for what good looks like. Cole and Ken also dive into AI and its impact on the architecture function, separating hype from reality and exploring which roles are at risk as AI improves.

If you work in engineering, architecture, AppSec, risk, or are building a product and want a practical way to think about secure design, this is an episode you should not miss.

Timestamps

00:00 – Intro

00:48 – Chainguard Ad

01:20 – Meet Ken Fitzpatrick and Patterned Security

02:19 – How a cancelled Canada trip sparked securitypatterns.io

04:08 – Why architecture needs practical guidance, not more frameworks

05:18 – The four step method for real security architecture

07:23 – Moving beyond box ticking and why engineering experience matters

09:39 – Teaching architecture fundamentals and selecting the right controls

11:37 – Traceability and making defensible design decisions

13:14 – Architecture vs assurance and who securitypatterns.io is for

16:31 – Embedding secure by design into PMO processes and scale up use cases

19:58 – What secure by design means across different industries

23:05 – Inconsistent definitions in security and the need for clarity

23:50 – Modern defensible architecture and Zero Trust guidance

24:44 – AI’s role in architecture and which tasks get replaced

28:25 – AI in AppSec and reducing false positives with context

30:24 – AI sales bots, hype cycles, and the loss of human reciprocity

33:28 – Ken’s call for collaboration on repeatable architecture patterns

34:28 – Closing and how to connect with Galah Cyber

🐙 Secured is grateful to be sponsored and supported by Chainguard.

Chainguard is the trusted source for open source. Get hardened, secure, production-ready builds so your team can ship faster, stay compliant, and reduce risk. Download your free CVE Reduction Report at https://dayone.fm/chainguard

Mentioned in this episode:

Chainguard is the trusted source for open source.

Get hardened, secure, production-ready builds so your team can ship faster, stay compliant, and reduce risk. Download your free CVE Reduction Report now!

December 2025 - Chainguard



This podcast uses the following third-party services for analysis:

Podtrac - https://analytics.podtrac.com/privacy-policy-gdrp
Spotify Ad Analytics - https://www.spotify.com/us/legal/ad-analytics-privacy-policy/

Links

Chapters

Video

More from YouTube

More Episodes
56. The Architect’s Dilemma: Why Security Design Keeps Failing (and How to Fix It)
00:34:45
54. Fix the Flag: Rethinking Secure Code Training with Pedram Hayati
00:39:20
53. ISM 2025 Explained: What CISOs, Devs and Security Leads Need to Know - with Toby Amodio
00:28:48
52. Securing the Gaps: M Brennan on Integration, Context and Developer Experience
00:39:36
51. From Cryptography to AppSec: Scott Contini on Building Practical Security
00:42:16
50. Engineering Security: Bridging DevOps and AppSec with Jon-Anthoney de Boer
00:43:12
49. Scaling Cyber at Fujitsu: Laura O'Neill on Strategy, Risk and Growth
00:44:14
48. Balancing Compliance and Risk: Kat McCrabb on Cybersecurity for Mission-Driven Organisations
00:33:20
47. Breaking into Cyber: Kiera Farrell on Growth, Networking & Early-Career Lessons
00:35:23
46. The Story So Far: Inside Secured’s Growth and What’s Coming Next
00:24:01
45. Gaming Her Way to the Top: Madhuri Nandi on Security & Diversity
00:37:03
44. Empowering Developers, Elevating Security: Neha Malik on Building an AppSec Culture
00:36:26
43. The Secured Christmas Special | Your Questions Answered
01:34:11
42. Leading the Digital Front: Military Lessons in Cybersecurity with Elizabeth Stephens
00:42:18
41. Navigating the PSPF 2024 Updates: Expert Insights with Kat McCrabb and Toby Amodio
00:21:58
40. Securing the API Frontier: Insights from Anand Rai on Modern Cybersecurity Challenges
00:40:41
39. Secure Robotics: Exploring Safety, Trust, and Cybersecurity with Prof. Damith Herath and Adam Haskard
00:46:38
38. Open-Source Software: Balancing Innovation and Security with Ilkka Turunen, CTO of Sonatype
00:46:56
37. Building Cybersecurity Culture: Marketing, Awareness, and Diversity with Daisy Wong
00:47:21
36. From Physics to Cybersecurity: Antonio Deliseo’s Journey from Goldmines to Telstra
00:46:17
35. Security Done Right: Ben Gittins on the Case for Generalists and Long-Term Solutions
00:47:09
34. AI-Driven AppSec: Shan Kulkarni on Nullify, Hiring Challenges, and the Future of Cybersecurity in Australia
00:38:08
33. Cryptography & Startups: Insights from CipherStash's Dan Draper
00:50:51
31. Behind Elttam: Matt Jones Discusses Infosec Innovations and Australia's Cybersecurity Landscape
00:55:37
29. Bruce Large discusses the importance of threat modelling in operational technology security
00:49:07
28. Australia's Cybersecurity Evolution: A Veteran's Perspective with Paul McCarty
00:35:29
27. Are You Speaking the Same Cybersecurity Language as Your CEO with Jay Hira?
00:36:16
26. Leading Change in Cybersecurity: Tara Whitehead’s Approach to Security Engagement
00:36:16
25. Cracking Cybersecurity Myths: A Candid Chat with Daniel Grzelak
00:25:39
24. Breaking the Code: Jacqui Loustau on Diversifying Australia's Cybersecurity
00:29:18
23. From Australia Post to Cynch Security: Susie Jones's Journey to Safeguard Small Businesses
00:29:08
22. Powering Resilience: Nathan Morelli on Securing South Australia's Electricity Grid
00:46:36
21. Building a Cybersecurity Team with a Difference with Mat Franklin
00:42:10
20. Systems Thinking in Cybersecurity: A Conversation with Michael Collins
00:48:58
19. Exploring AI's Impact on App Security with Seth Law
00:49:21
18. Bridging the Divide: How Communication Can Unite Developers and AppSec with Jeanette Gill
01:00:53
17. The Evolution of Cyber Defence: Edward Farrell's Journey from IT Ops to InfoSec
00:46:24
16. Tables Turned: Cole Cornford on the Hot Seat with Abhijeth Dugginapeddi
00:54:41
15. Podcasting and Cybersecurity: Karissa Breen's Insights and Advice
00:51:23
14. Whisky to Firewalls: Jason Murrell's Unconventional Path to Cybersecurity
00:53:09
13. How Sam Fariborz Navigated the Aussie Cybersecurity Landscape
00:38:11
12. From Mary Poppins of Security to Startup Founder: Laura Bell-Main's Journey
00:41:31
11. An Agnostic Approach to AppSec: Ken Johnson on Navigating the Future with AI
00:48:25
10. ComfyCon, Risk-Based Cybersecurity, and Reconsidering Breach Penalties with Iain Dickson
01:05:20
9. Unleashing the Power of Sales: A Must-Have Skill for Cybersecurity Pros
00:48:31
8. From Code to Cybersecurity: A Deep Dive into Open Source, Encryption, and Leadership with Edwin Kwan
00:40:06
7. bonus BONUS: 2023 Review of the Cyber Bible - The Australian Cyber Security Centre's (ACSC) Information Security Manual (ISM)
00:42:25
6. Balancing Act: Merging Cybersecurity and Business Strategies with Sheena Peeters
00:50:20
5. Hacking the Game of Life: From Gaming Exploits to Cybersecurity Giant with Shubham Shah of Assetnote
00:54:15
4. Decoding Cybersecurity Hiring: Riki Blok on Industry Trends, Key Skills, and the Future of Remote Work
00:47:02
3. Trevor Hancock on Bridging the Gap between Protection and Progress
00:42:55
2. From Software Developer to Cybersecurity Expert: Nina Juliadotter on the Importance of Application Security and Continuous Learning
00:33:41
1. The Human Side of Cybersecurity: Toby's Journey and Insight on Collaboration, Communication and Auditing
00:46:02
trailer It's time to get Secured by Galah Cyber
00:01:48