An effective security architecture program must establish a framework to correlate security between operations, development, and the business. It must be agile to support devops, visionary to support strategy, and reasonable to support adoption. This talk will detail the building blocks required to develop and implement an architecture program that will output artifacts for technical engineers through executive leadership. The automated framework will identify technology overlap, highlight unbalanced spend, and measure the maturity of security control domains. Upon completion of the talk, an architecture tool will be released to support and automate the correlation of the architectural components, leading to continual security program maturity.