Security Engineering
Security engineering is the discipline of designing, building, and operating systems that remain secure in the presence of adversaries. It goes beyond compliance checkboxes — it’s about understanding attacker thinking and baking resilience into architecture from day one.
Topics covered
Section titled “Topics covered”| Topic | Description |
|---|---|
| Threat modelling | STRIDE, PASTA, and attack tree methodologies |
| MITRE ATT&CK | Mapping techniques to the ATT&CK framework |
| CVSS scoring | Reading and producing Common Vulnerability Scoring System scores |
| Incident response | Containment, eradication, recovery, and lessons-learned process |
| Cryptography basics | Symmetric, asymmetric, hashing — what to use and when |
| Zero Trust architecture | Principles and practical implementation patterns |
Foundational concepts
Section titled “Foundational concepts”The CIA Triad
Section titled “The CIA Triad”Every security control exists to protect at least one of:
- Confidentiality — only authorised parties can read the data
- Integrity — data is accurate and has not been tampered with
- Availability — authorised parties can access the data when needed
Defense in depth
Section titled “Defense in depth”No single control is sufficient. Layer controls so that a failure in one layer does not compromise the whole system:
Network perimeter (firewall, WAF) └── Host hardening (CIS benchmarks, patch management) └── Application security (input validation, output encoding) └── Data layer (encryption at rest, column-level access) └── Monitoring & detection (SIEM, alerting)Least privilege
Section titled “Least privilege”Grant the minimum permissions required, to the minimum number of identities, for the minimum duration. Review and revoke unused permissions on a schedule.
CVSS at a glance
Section titled “CVSS at a glance”CVSS v3.1 scores vulnerabilities 0–10:
| Score range | Severity |
|---|---|
| 9.0–10.0 | Critical |
| 7.0–8.9 | High |
| 4.0–6.9 | Medium |
| 0.1–3.9 | Low |
| 0.0 | None |
Key metrics: Attack Vector (Network beats Local), Privileges Required (None beats High), User Interaction (None beats Required), Scope (Changed beats Unchanged).
Where to go next
Section titled “Where to go next”Content for this section is actively being written. Check back regularly or subscribe to updates.
In the meantime, related reading:
Pipeline Security — security in CI/CD
Kubernetes Security Hardening — cluster hardening