Security Architecture Language
6 exercise sets — develop the English vocabulary for security architecture conversations: threat modelling with STRIDE and PASTA, attack surface reduction, trust boundaries, defence-in-depth layering, zero-trust design principles, and security design review process language.
-
Threat Modeling
STRIDE framework, PASTA methodology, DFD threat analysis, threat actor profiles, and risk rating with DREAD/CVSS.
-
Attack Surface
Attack surface reduction, exposed endpoints, entry/exit points, privilege minimisation, and blast radius containment.
-
Trust Boundaries
Trust boundary definition, Data Flow Diagram zones, privilege levels, context switches, and cross-boundary validation.
-
Defence in Depth
Layered security controls, preventive / detective / corrective / deterrent controls, least privilege, and perimeter vs zero trust.
-
Zero Trust Design
"Never trust, always verify" architecture, micro-segmentation, identity-centric access, BeyondCorp, and ZTNA vs VPN.
-
Security Design Review
Security review process, OWASP ASVS, threat modelling integration, security requirements, and risk acceptance criteria.