Veterans Track
Introduction to Security Architectures
Security architecture from a software architect's lens — covering frameworks, Zero Trust, core security pillars, layered controls, threat modelling, governance, incident response and operational security.
Domain 01 · Foundations, Frameworks & Principles
SABSA
Sherwood Applied Business Security Architecture — a risk-driven framework for designing, delivering and operating enterprise security architectures.
TOGAF
Open Group Architecture Framework integrating security across enterprise architecture domains through the ADM cycle.
COBIT
Governance and management framework for IT with control objectives, metrics and maturity models.
NIST CSF & ISO 27001
Security architects should map controls to widely adopted standards such as NIST CSF, ISO 27001, CIS Controls and MITRE ATT&CK.
Secure Design Principles
Shift-left security integrated at every SDLC stage with secure coding, testing, hardened configuration and least privilege.
Zero Trust Architecture
Never trust, always verify. Zero Trust uses continuous authentication, micro-segmentation and least privilege access.
Domain 02 · Core Security Pillars
Confidentiality
Encryption at rest and in transit, data classification, DLP controls and information protection policies.
Integrity
Hashing, digital signatures, checksums, code signing and tamper-evident audit logs.
Availability
High availability, DDoS mitigation, redundancy, failover and RTO/RPO-aligned disaster recovery.
Authentication
MFA, passwordless login, FIDO2, SSO and adaptive authentication based on risk signals.
Authorisation & Least Privilege
RBAC, ABAC, PBAC, just-in-time access and IAM lifecycle management.
Non-Repudiation
Digital signatures and immutable audit trails ensure actions cannot be denied.
Privacy by Design
GDPR, CCPA and PDPA require consent, data minimisation, right-to-erasure and retention controls.
Supply Chain Security
SBOM, dependency scanning, vendor risk assessment and SLSA compliance.
Domain 03 · Security Controls by Architectural Layer
Network Security
Firewalls, WAF, IDS/IPS, segmentation, micro-segmentation and VPN/SD-WAN architecture.
Application Security
OWASP Top 10, SAST/DAST, secure API design, input validation and dependency scanning.
Data & Database Security
Encryption, column-level masking, database activity monitoring, backup encryption and DLP.
Endpoint Security
EDR/XDR, device compliance, MDM, patch management and privileged endpoint controls.
Certificate Management
PKI, internal CA hierarchy, certificate lifecycle automation, rotation and inventory tooling.
Cloud & Infrastructure Security
CSPM, CWPP, IaC scanning, IAM over-permission detection and shared-responsibility mapping.
Domain 04 · Risk, Threat Intelligence & Governance
Threat Landscape Analysis
Identify threats using STRIDE, PASTA, attack trees and MITRE ATT&CK mapping.
Architecture Risk Assessment
Evaluate asset criticality, vulnerability exposure and impact to produce a risk register.
Threat Modelling Cadence
Embed threat modelling into sprints and re-run full models on major architecture changes.
Security Governance
Policies, standards and procedures aligned to business risk appetite and regulatory obligations.
Regulatory Compliance
Map controls to GDPR, PCI-DSS, HIPAA, SOX and sector-specific mandates.
Security Metrics & KRIs
MTTD, MTTR, vulnerability SLAs and security debt metrics to govern maturity.
Domain 05 · Incident Response, Recovery & Operational Security
Incident Response
Formal IR plan covering prepare, detect, contain, eradicate, recover and lessons learned.
SOC & SIEM Architecture
SOC design, SIEM ingestion topology, alert triage and SOAR automation.
Forensic Readiness
Log retention, chain of custody, evidence preservation and forensic tooling.
Business Continuity & DR
BCP/DRP tied to RTO and RPO targets and validated through DR drills.
Security Chaos Engineering
Red team, blue team and purple team simulations using MITRE ATT&CK scenarios.
Secrets & Key Management
Centralised secret rotation and key custody using Vault, AWS KMS or Azure Key Vault.