*We know each team has their own needs and specifications. That is why we can modify the training outline per need.
Module 1: Security principles for architects
- Least privilege, fail safe defaults, separation of duties, defense in depth
- Reduce attack surface through simplification and safe defaults
- Threat modeling at a glance assets, actors, entry points, abuse cases
- Decision records to capture rationale and risk tradeoffs
Module 2: Trust boundaries and data flow
- Draw context diagrams and data flow maps that reveal controls
- Segmentation patterns network tiers, private endpoints, service meshes
- Handling third parties and SaaS with scoped access and contracts
- Data classification that drives storage, transit, and retention choices
Module 3: Identity, access, and secrets at scale
- Authentication patterns OIDC, OAuth2, mTLS, platform identities
- Authorization models role based, attribute based, and policy engines
- Session and token lifetimes, rotation, and revocation strategies
- Secrets in code pipelines, hosts, and cloud managers with audit
Module 4: Data protection and integrity
- Encryption in transit and at rest, key hierarchy, and rotation
- Protecting sensitive fields with tokenization and selective encryption
- Input validation and output encoding as architectural concerns
- Integrity checksums, signatures, and secure storage of artifacts
Module 5: API and microservice patterns
- Contract first design, schema validation, and positive allow lists
- Rate limits, quotas, and resource ceilings to contain abuse
- Safe serialization, pagination, and mass assignment controls
- Versioning, deprecation, and backward compatible security changes
Module 6: Cloud native security
- Baseline hardening for images, nodes, and runtimes
- Isolation patterns namespaces, accounts, and minimal permissions
- Network policies, private links, and egress control
- Supply chain basics signing, provenance, and dependency hygiene
Module 7: Resilience, monitoring, and incident readiness
- Design for failure timeouts, retries, circuit breakers, bulkheads
- Logging that supports detection while protecting privacy
- Telemetry and alerting for auth errors, policy denials, and exfil signs
- Secure runbooks, keys on call, and containment playbooks
Module 8: Verification and continuous assurance
- Security requirements in tests unit, integration, and fuzzing basics
- Policy as code guardrails in CI or CD and environments
- Lightweight risk reviews and exception handling with expirations
- Roadmapping improvements and measuring adoption
