Study Path Agent
Copy link
X / Twitter
Facebook
LinkedIn
WhatsApp
Generate Your Own
Security Architect
82 topics across 7 chapters
Chapter 1
Role, scope & mindset
1
What security architects do (responsibilities & outcomes)
2
Core skills & ethics (judgment, pragmatism, confidentiality)
3
Stakeholder management (security, engineering, product, legal)
4
Career development & certifications strategy
Chapter 2
Security foundations
5
Security principles (CIA, least privilege, defense-in-depth)
6
Networking fundamentals for security
2 subtopics
7
TCP/IP, DNS, HTTP(S) and TLS flow (what actually happens on the wire)
8
Segmentation, firewalls, and network controls (allow-lists, egress)
9
Cryptography essentials
2 subtopics
10
Symmetric/asymmetric crypto, hashing, signatures (when to use what)
11
PKI, certificates, and key management basics (rotation, HSM/KMS)
12
Identity & access management (IAM) fundamentals
2 subtopics
13
AuthN vs AuthZ; RBAC/ABAC concepts (service-to-service too)
14
SSO & federation (SAML, OIDC/OAuth2) + MFA patterns
15
Application & API security basics
2 subtopics
16
OWASP Top 10 and common vulnerabilities (injection, XSS, SSRF, IDOR)
17
Secure SDLC overview and security requirements in development
Chapter 3
Security architecture & design
18
Requirements, constraints & threat landscape (NFRs, data sensitivity, trust)
19
Architecture frameworks & viewpoints (SABSA/TOGAF alignment)
20
Threat modeling
3 subtopics
21
Build data-flow diagrams (DFDs) & identify trust boundaries
22
STRIDE/LINDDUN-style analysis (pick a method and apply consistently)
23
Mitigation selection & risk-based prioritization (what to fix first)
24
Reference architectures (network/app/data)
2 subtopics
25
Secure application patterns (API gateway, authz layer, secrets)
26
Data protection architecture (classification, encryption, tokenization)
27
Zero Trust architecture
2 subtopics
28
Identity-centric access & policy enforcement points (PEPs)
29
Microsegmentation & continuous verification concepts
30
Design reviews, ADRs & governance (how decisions get made and recorded)
Chapter 4
Governance, risk & compliance (GRC)
31
Risk management
3 subtopics
32
Risk identification & assessment (qualitative + FAIR intro)
33
Risk treatment options (avoid/mitigate/transfer/accept)
34
Maintaining a risk register & tracking remediation to closure
35
Policies, standards, baselines & exceptions (how to make them usable)
36
Compliance & audit readiness
2 subtopics
37
Map controls to frameworks (NIST CSF/800-53, ISO 27001)
38
Evidence collection, audit artifacts & continuous compliance
39
Third-party & supply-chain risk (vendor due diligence, contracts)
40
Privacy by design basics (data minimization, purpose limitation)
41
Metrics, maturity models & reporting (KPIs/KRIs that drive action)
Chapter 5
Cloud & DevSecOps security
42
Cloud shared responsibility + landing zones
2 subtopics
43
Cloud IAM guardrails (org/accounts/projects, policies, break-glass)
44
Network & data guardrails (VPC/VNet, KMS, encryption defaults)
45
Infrastructure as Code (IaC) & configuration management (drift, guardrails)
46
DevSecOps pipeline security
3 subtopics
47
SAST/DAST/SCA selection and integration strategy (signal vs noise)
48
CI/CD hardening (secrets, runners, permissions) + artifact signing
49
Software supply chain basics (SBOM, provenance, SLSA concepts)
50
Container & Kubernetes security
2 subtopics
51
Kubernetes RBAC, admission control, and pod security concepts
52
Image scanning, runtime protection & network policies basics
↗
Zero Trust architecture
(see Chapter 3)
↗
Threat modeling
(see Chapter 3)
53
Telemetry, logging & detection engineering
2 subtopics
54
Logging strategy (what to log, normalization, retention)
55
Detection use-cases, alert tuning, and response playbooks
Chapter 6
Security operations & resilience
56
Incident response & forensics readiness
3 subtopics
57
IR lifecycle, runbooks, and communications plan
58
Tabletop exercises and simulations (how to practice effectively)
59
Evidence handling and forensic readiness basics (logs, access, chain of custody)
60
Vulnerability management program
2 subtopics
61
Asset inventory & attack surface management (you can’t patch what you don’t know)
62
Prioritization (CVSS + context), patch SLAs & verification
63
SOC operating model & integrations (escalation paths, ownership)
64
Resilience: BCDR, backups & recovery (RTO/RPO, testing restores)
65
Security testing & validation (pen test scoping, purple team basics)
↗
Telemetry, logging & detection engineering
(see Chapter 5)
66
Post-incident learning & continuous improvement (RCA, tracking actions)
Chapter 7
Communication & delivery
67
Documentation & diagramming
2 subtopics
68
C4 model / architecture diagram essentials for security communication
69
Write a security architecture document (assumptions, decisions, controls)
70
Decision-making: tradeoffs, risk narratives & recommendations
71
Roadmaps & prioritization (sequencing, dependencies, measurable milestones)
72
Working with product/engineering (Agile, platforms, shared ownership)
73
Budgeting, business cases & influencing (cost, risk reduction, ROI)
74
Workshops & facilitation (security reviews, threat modeling sessions)
Study Path Agent
Study Path Agent