Competencies: Security > Security Architecture

Security Architecture

Body of Knowledge

Topic	Description	Relevance	Career Tracks
Defense in Depth	Layered security controls, redundancy, fail-secure design, multiple control types (preventive, detective, corrective).	Critical	Security Architect, Security Engineer
Zero Trust Architecture	Never trust/always verify, identity-centric, micro-segmentation, least privilege, continuous verification, BeyondCorp model.	Critical	Security Architect, Network Architect
Network Segmentation	VLAN-based, firewall-based, SDN-based, micro-segmentation, compliance zones, PCI scope reduction.	Critical	Security Architect, Network Architect
Secure Design Principles	Least privilege, separation of duties, defense in depth, fail-secure, economy of mechanism, complete mediation.	Critical	Security Architect, Application Security
Enterprise Security Architecture	SABSA, TOGAF security, security domains, capability mapping, security controls catalog, maturity models.	High	Security Architect, Enterprise Architect
Firewall Architecture	Zone design, rule base management, policy optimization, next-gen firewall features, east-west vs north-south.	High	Security Architect, Network Security Engineer
Identity Architecture	Identity fabric, federation design, authentication flows, authorization models (RBAC, ABAC), directory services.	High	Security Architect, IAM Engineer
Data Security Architecture	Classification, encryption at rest/transit, DLP, data masking, tokenization, key management architecture.	High	Security Architect, Data Security Engineer
Cloud Security Architecture	Landing zones, account structure, network topology, centralized security services, multi-cloud considerations.	High	Cloud Security Architect, Security Architect
Security Monitoring Architecture	Log collection, SIEM placement, network taps, visibility gaps, retention requirements, correlation strategies.	High	Security Architect, SOC Architect
Resilience and Recovery	HA design, failover, backup architecture, DR sites, recovery testing, RTO/RPO alignment.	High	Security Architect, Infrastructure Architect
Secure DevOps Architecture	Pipeline security, secrets management integration, policy as code, automated compliance, shift-left controls.	High	Security Architect, DevSecOps Lead

Topic

Description

Relevance

Career Tracks

Defense in Depth

Layered security controls, redundancy, fail-secure design, multiple control types (preventive, detective, corrective).

Critical

Security Architect, Security Engineer

Zero Trust Architecture

Never trust/always verify, identity-centric, micro-segmentation, least privilege, continuous verification, BeyondCorp model.

Critical

Security Architect, Network Architect

Network Segmentation

VLAN-based, firewall-based, SDN-based, micro-segmentation, compliance zones, PCI scope reduction.

Critical

Security Architect, Network Architect

Secure Design Principles

Least privilege, separation of duties, defense in depth, fail-secure, economy of mechanism, complete mediation.

Critical

Security Architect, Application Security

Enterprise Security Architecture

SABSA, TOGAF security, security domains, capability mapping, security controls catalog, maturity models.

High

Security Architect, Enterprise Architect

Firewall Architecture

Zone design, rule base management, policy optimization, next-gen firewall features, east-west vs north-south.

High

Security Architect, Network Security Engineer

Identity Architecture

Identity fabric, federation design, authentication flows, authorization models (RBAC, ABAC), directory services.

High

Security Architect, IAM Engineer

Data Security Architecture

Classification, encryption at rest/transit, DLP, data masking, tokenization, key management architecture.

High

Security Architect, Data Security Engineer

Cloud Security Architecture

Landing zones, account structure, network topology, centralized security services, multi-cloud considerations.

High

Cloud Security Architect, Security Architect

Security Monitoring Architecture

Log collection, SIEM placement, network taps, visibility gaps, retention requirements, correlation strategies.

High

Security Architect, SOC Architect

Resilience and Recovery

HA design, failover, backup architecture, DR sites, recovery testing, RTO/RPO alignment.

High

Security Architect, Infrastructure Architect

Secure DevOps Architecture

Pipeline security, secrets management integration, policy as code, automated compliance, shift-left controls.

High

Security Architect, DevSecOps Lead

Personal Status

Topic	Level	Evidence	Active Projects	Gaps
Firewall Rules & Policy	Advanced	VyOS zone-based firewall, pfSense rules, Catalyst ACLs, ISE dACLs; defense-in-depth layering across network segments	Infrastructure Operations	No next-gen firewall (Palo Alto, Fortinet) policy management

Topic

Level

Evidence

Active Projects

Gaps

Firewall Rules & Policy

Advanced

VyOS zone-based firewall, pfSense rules, Catalyst ACLs, ISE dACLs; defense-in-depth layering across network segments

Infrastructure Operations

No next-gen firewall (Palo Alto, Fortinet) policy management