Part VII: Advanced and Emerging Topics

"The perimeter failed years ago. The only honest question left is whether your architecture has admitted it yet."

By now you can defend a network, harden systems, govern identity, run a SOC, and stand up a compliance program. Part VII is where a competent defender becomes a forward-looking one. These chapters take the foundations you have built and apply them to the hardest and newest problems in the field — the ones that don't have settled playbooks yet, where the answers are still being written, and where the senior practitioner earns their seat. This is the most advanced part of the book, and deliberately so: it assumes you can already do the fundamentals, and asks what you do at the frontier.

A single thread runs through all five chapters: the old assumptions have expired, and security has to be redesigned around their absence. The development pipeline used to be trusted infrastructure — until SolarWinds weaponized it, so we secure the pipeline itself (Chapter 31). The network perimeter used to define trust — until it dissolved, so we move to never trust, always verify (Chapter 32). IT security practices used to be assumed to apply everywhere — until they met operational technology, where downtime can kill and you cannot just patch (Chapter 33). Detection used to be purely rule-based — until machine learning offered both new defenses and new attack surfaces (Chapter 34). And the threats themselves keep evolving, on a clock that includes the eventual arrival of cryptographically relevant quantum computers (Chapter 35). Each chapter is an exercise in updating a stale assumption before an attacker forces you to.

All three sophisticated anchors come due here as "what's next." SolarWinds returns in Chapter 31 as the canonical build-pipeline compromise. Colonial Pipeline and the broader ransomware-on-critical-infrastructure story anchor Chapter 33's OT discussion and reappear in Chapter 35's treatment of ransomware evolution. And the supply-chain and dependency lessons of the whole book — including Log4Shell — feed Chapter 35's horizon scan. This is the part where the recurring cases stop being history and become forecasting.

What you will learn

Chapter 31 — DevSecOps. Shift security left across the SDLC, build security gates into CI/CD (SAST/DAST/SCA, secrets, and IaC scanning), secure the pipeline itself, and balance speed with assurance using policy-as-code.
Chapter 32 — Zero Trust Architecture. Explain the zero-trust tenets (NIST SP 800-207), design around identity, device, and context, implement policy decision/enforcement and microsegmentation, and build a pragmatic migration roadmap.
Chapter 33 — Securing Operational Technology. Contrast OT and IT priorities (safety and availability first), explain ICS/SCADA and the Purdue model, apply OT-appropriate controls and passive monitoring, and learn from real OT incidents.
Chapter 34 — AI and Machine Learning in Security. Apply ML to anomaly detection and UEBA (and know its limits), defend ML systems from adversarial and poisoning attacks, assess AI-enabled attacks like deepfakes and LLM-aided phishing, and use LLMs safely in the SOC.
Chapter 35 — Emerging Threats. Track how threats evolve (RaaS, double extortion, supply chain), explain the quantum threat and post-quantum migration (crypto-agility), assess deepfake and synthetic-identity risk, and build a horizon-scanning habit.

Advancing the Meridian program

Part VII future-proofs Meridian's program. Chapter 31 secures the bank's development pipeline and writes a secure-pipeline standard — directly applying the SolarWinds lesson. Chapter 32 produces Meridian's zero-trust target architecture and a realistic, phased migration roadmap. Chapter 33 addresses the bank's facilities and physical-OT systems with a Purdue-model segmentation plan. Chapter 34 runs an anomaly-detection pilot on Meridian's authentication logs and drafts a UEBA plan. Chapter 35 establishes an emerging-threat watch and a crypto-agility note that prepares the bank for post-quantum migration. The bluekit toolkit gains its advanced modules: pipeline.py (ci_gate), zerotrust.py (policy_decision), otsec.py (purdue_zone), mlsec.py (zscore_anomaly), and an extension to cryptutil.py (crypto_inventory for PQC readiness).

Prerequisites

These chapters draw on the full book and demand it. Chapter 31 builds on Chapters 12, 13, 15, 20, and 29; Chapter 32 on Chapters 3, 6, 7, and 16–18; Chapter 33 on Chapters 6 and 11; Chapter 34 on Chapters 21–22; Chapter 35 on Chapters 2, 4, and 29. Unlike earlier parts, the chapters here are relatively independent of one another — you can read them in any order based on your role — but each assumes solid command of its named prerequisites. Do not approach Part VII until Parts I–VI are comfortable.

Time investment

Chapter	Title	Estimated hours
31	DevSecOps	6
32	Zero Trust Architecture	6
33	Securing Operational Technology	6
34	AI and Machine Learning in Security	6
35	Emerging Threats	5–6
Part VII total		29–30

Engineering-track readers will spend the most time in Chapters 31–33 (all build- and architecture-heavy). SOC-track readers should prioritize Chapters 34 and 35 (detection futures and threat evolution). GRC-track readers will want Chapters 33 and 35 for the critical-infrastructure and emerging-risk dimensions. Every chapter here is advanced — pace yourself accordingly.

Where this leads

You have now defended the present and prepared for the future. What remains is to bring it all together — to measure the program, lead the team that runs it, assemble everything into a board-ready whole, and reflect on what the field's landmark breaches teach. Part VIII is the synthesis, where the components you built across thirty-five chapters become a single, coherent security program — and a career.