15th to 17th October 2025
Greetings from The SABSA Institute!
As we get ready to welcome you to COSAC 2025, here are some updates for the month of September.
CyberCon Melbourne – The Largest Cyber Security Conference in the Southern Hemisphere
AISA CyberCon Melbourne
15th to 17th October 2025
Our Accredited Education Partner, David Lynas Consulting, will be exhibiting at AISA CyberCon Melbourne from 15th to 17th October 2025 at the Melbourne Convention and Exhibition Centre, and there will be staff on stand to discuss SABSA Official and Approved Training.
The Australian Information Security Association (AISA) works to advance the digital security and safety of Australians and Australia. Dedicated to industry capacity building and providing a national voice about what is needed in policy and law, including ways to improve digital privacy to effectively defend Australians from cyberattacks, AISA is Australia’s largest and most trusted cyber security peak body with a membership of over 13,000 people.
For more details on CyberCon Melbourne, please go to https://melbourne2025.cyberconference.com.au/ or visit our Accredited Education Partner, David Lynas Consulting, at Stand Number 88 to find out more.
Webinar – AI Security Architecture
By David Lynas Consulting
Dr. Malcolm Shore’s recent webinar on AI Security Architecture with SABSA is now available on YouTube.
Learn how to architect security solutions to manage the risk from cyber attacks and malfunctioning AI.
- The Basics of Architecting with the SABSA ESA
- The Technology Used to Build and Operate AI systems
- Aligning AI with the Business
- An Understanding of AI Threats and Opportunities
- How to Manage AI Risk with SABSA
- AI Governance and Lifecycle
- The SABSA Approach to AI System and Information Architectures
- Understanding the Security Services Needed to Protect AI Solutions
- Understanding the Safety Services Needed to Protect the Business from AI Solutions
SABSA World
SABSA World is the banner under which SABSA community members and practitioners can organise events and gatherings to connect with one another. SABSA World can be an evening talk, a weekday lunch, a study group or a casual social networking event and may be regularly scheduled or spontaneous and occasional.
All SABSA World activities are intended to be a welcoming space for everyone – and all are welcome – seasoned SABSA practitioners or just the SABSA-curious alike.
Review of SABSA World UK – London Event on 9th September
By Simon Cross
What a great evening! Despite train strikes and sky-high hotel prices, a committed group of attendees made it into central London to see David Lynas present.
David’s work, shaped during the pandemic, has brought Enterprise Security Architecture to life—transforming theory into practice and showing how real-world problems can be solved with both transparency and structure. The session was insightful and inspiring, leaving many of us wanting to learn more.
Many thanks to David for his excellent presentation, to Oy for capturing the evening in photos, to everyone who made the effort to attend, and to Infoblox for kindly hosting us.
It was also encouraging to see new faces in the room, alongside discussions of possible alternative venues for future events.
If you would like to present at a future SABSA World UK event or have a space that could host our meetings, please do get in touch.
Do keep an eye out for updates on the next event, likely scheduled for 11th November.
– Simon
SABSA London Study Group
Working on a SABSA paper? Stuck on a security architecture challenge? Or just need a few smart minds to bounce ideas off?
Join us for an informal SABSA Study Session in central London. Whether you’re refining an exam submission, tackling a tricky security architecture project at work, or looking for some fresh perspective, this is a potential chance to connect with others doing just the same.
No slides, no pressure – just support, shared thinking, and a bit of good old-fashioned nerdy chat. One may not have all the answers – but with a few of us in the room, we just might!
Register your interest with Simon Cross today.
SABSA World Australia
SABSA World Brisbane – A monthly casual networking lunch for the local security architect community in Brisbane – for both the SABSA-curious and the SABSA enthusiast.
Upcoming event in Brisbane – Attributes Deep Dive Lunch
Brisbane, Australia
Wednesday 1st October
SABSA World Groups
The following are pages for SABSA World community groups which organise events and provide resources to security architects around the world. For more information on how to join, help, host or participate in SABSA World community groups, please visit:
SABSA World Australia
SABSA World Australia is a community project focused on the Australian SABSA Community, but is open to all.
Links to SABSA World Australia pages, events, and resources can be found via the Linktree: https://linktr.ee/sabsaworldaustralia
Europe
Visit the LinkedIn page SABSA World Belgium for more information.
UK Community Support
To keep SABSA World UK thriving, we do need your support. We’re actively looking for event sponsors and presenters to help us grow and sustain this unique space for architectural thinking. If you have access to a conference venue and would be happy to host an upcoming event, we’d love to hear from you. Likewise, if you have a SABSA or cybersecurity-themed presentation that you’d like to share with the community, please get in touch.
Together, let’s keep building the future of security architecture—one conversation at a time.
SABSA World UK contact: Simon Cross
Looking to connect with the SABSA community?
Check out the SABSA Speakeasy Discord
The SABSA Speakeasy is a community-driven Discord server with a growing membership of over 100 architects. It includes:
· Architects sharing resources, ideas and advice with each other
· Channels for connecting with other architects in your area
· Study group channels for SABSA A1 & A3 Practitioner examinations
· SABSA World community organisers ready to help you
You can join the server by following this link.
Interested to join a Liaison Group?
Both EMEA-NA and APAC LGs are always happy to welcome expressions of interest from community members who are keen to join.
Members who would like to participate in the LGs in any way are warmly encouraged to write in to:
EMEA LG
LG-emea@sabsainstitute.org
APAC LG
LG-apac@sabsainstitute.org
SABSA Certified Practitioner Exam and Thesis Artificial Intelligence (AI) Policy
By Glen Bruce
Updated September 2025
To qualify as a SABSA Certified Practitioner (SCP), an Architect is required to demonstrate, through original work, their broad collection of skills, abilities, and knowledge to successfully perform the SABSA Architect’s role in the context of Risk, Assurance & Governance or Architecture Design & Development. A SABSA Certified Master (SCM) requires a submitted thesis of original work performed by the specific candidate using the SABSA framework.
The use of Artificial Intelligence (AI) to help produce content for a SABSA Chartered Security Architect Practitioner Certificate Exam Question or content for a Master Thesis would contravene the requirement for a candidate to provide original work as their submission. There is a beneficial role that AI support tools can play in submissions, such as improvements to grammar or assistance with language translation, if the contributions from the AI tools do not include exam or thesis specific content.
TSI now has the SABSA Certified Practitioner Exam and Thesis Artificial Intelligence (AI) Policy to identify the prohibitions and permissible use of all forms of Generative AI that can be leveraged when composing answers to SABSA certification level exams or a Master Thesis. The Exam AI Policy stipulates that any use of AI-generated exam content material submitted for SABSA certification contravenes the requirement for a candidate to provide original work as their submission and is prohibited. Candidates shall not misrepresent as their own original work any output generated by or derived from generative AI.
In principle, Candidates can only use GenAI-sourced content as they would any content derived and appropriately referenced from other sources. GenAI-sourced content, whether quoted or paraphrased, shall be appropriately identified (with quotation marks or indentation) with a traceable citation. Limited permitted use can be extended for correcting grammar, improving language and structure that is general in nature and not specific to the exam content. Certain AI-based tools may be used in limited and controlled circumstances to provide writing assistance for improvements in spelling, grammar, language, or general structure and readability of the candidate’s original work.
Exam Candidates must be the authors of their own work. Content produced by AI platforms, such as ChatGPT, does not represent the candidate’s own original work and so would be considered a form of professional misconduct. Submitting work or work components created by someone or something else (including AI-generated content), as if it was your own, is plagiarism and false authorship. Candidates must not misrepresent, as their own work, any output generated by or derived from generative AI.
SABSA Advance Exam and Master Thesis submissions must demonstrate independent judgment in developing a problem from primary sources, and represent originality in research, independent thinking, scholarly ability, and technical mastery of a field of study. GenAI Tools are predictive and do not produce original content.
This policy applies to the SABSA Certified Practitioner (SCP) level exam submissions and SABSA Certified Master (SCM) Thesis submissions. The Policy applies to SABSA Foundation Exams where logistically appropriate, depending on the prohibition of the use of supporting devices such as smart phones during the exam.
SABSA Chartered Practitioner (SCP) Updated Exam Instructions
By Glen Bruce
Updated September 2025
The purpose of the practitioner exam is to assess the candidates’ understanding of the SABSA method and demonstrate their proficiency in applying SABSA using practical scenarios. An underlying question to be asked and answered for all parts of the answer to the exam question is “How would SABSA be applied to answer the question”? The SABSA-specific content is required to provide insight into how well the candidate understands and can effectively apply the SABSA method. Demonstrating a practitioner level of SABSA understanding and proficiency is necessary for TSI to justify conferring “certified” as a security architecture designation.
The Question Paper for SABSA Chartered Security Architect Advanced Level Modules A1 and A3 has been modified to include updated Instructions, a new section on the requirements of compliance with the TSI Exam Artificial Intelligence (AI) Policy, a new section on Submission Requirements, and updates to the Advanced Exam Answer Writing Guide section.
The TSI Exam Artificial Intelligence (AI) Policy stipulates that any use of AI-generated exam content material submitted for SABSA certification contravenes the requirement for a candidate to provide original work as their submission and is prohibited. Candidates shall not misrepresent as their own original work any output generated by or derived from generative AI (Gen-AI).
In principle, Candidates can only use GenAI-sourced content as they would any content derived from other sources and appropriately referenced. GenAI-sourced content, whether quoted or paraphrased, shall be appropriately identified (with quotation marks or indentation) with a traceable citation. Limited permitted use can be extended to using AI features of tools for correcting spelling, grammar, improving language and structure that is general in nature and not specific to the exam content.
The new Submission Requirements section provides an Exam Submission Requirements table to outline the need for consistent identification, structure and content expectations to help candidates organize their answers and provide a more consistent foundation for grading the exams. The table includes all the previous instructions as well as a few new requirements for consistency of content for identification, organization and size of the answer and when using figures, tables and references. The table should be used by exam candidates to check their response and is not required for submission. A well-crafted answer should be able to check all the points in the table.
TSI Training and Certification
SABSA training is available through the TSI network of Accredited Education Partners (AEPs). Our training covers all levels in the SABSA training continuum from Foundation to Practitioner.
Certification by TSI is competency-based and requires candidates to demonstrate the knowledge, skills and abilities required to use the SABSA method in the real world. SABSA Certification Examinations can only be taken after completion of training provided by a TSI AEP.
For more details, please refer to the TSI AEP website.
Upcoming Courses
A schedule of all upcoming SABSA-approved (non-certification based) and SABSA official (certification-based) courses can be found on our website here.
We look forward to welcoming you to COSAC 2025.
See you soon.
The SABSA Institute