How to systematically secure anything: a repository about security engineering

《数据安全架构设计与实战》：本书系统性地介绍数据安全架构的设计与实践，融入了作者多年在安全领域积累的实践经验。全书分四大部分，共20章。 第一部分介绍安全架构的基础知识，内容包括安全、数据安全、安全架构、5A方法论、CIA等基本概念,为后续论述奠定基础。 第二部分介绍产品安全架构，内容包括：身份认证、授权、访问控制、审计、资产保护等，讲解如何从源头设计来保障数据安全和隐私安全，防患于未然。 第三部分介绍安全技术体系架构，内容包括：安全技术架构、网络和通信层安全架构、设备和主机层安全架构、应用和数据层安全架构、安全架构案例分析等。 第四部分介绍数据安全与隐私保护治理，内容包括：数据安全治理、数据安全政策文件体系、隐私保护基础与增强技术、GRC治理框架、数据安全与隐私保护的统一等。

Your internal mediocrity is the moment when you lost the faith of being excellent. Just do it.

Hack23 Public Information Security Management System:Security Through Transparency and Open Documentation Demonstrating Security Excellence Through Public ISMS Disclosure

Security architecture patterns and NIST 800-53 controls from opensecurityarchitecture.org

A walkthrough of security controls for a serverless architecture via a demo application

Notes and practice exam analysis I completed when preparing for my CompTIA Security+ exam

Common (and Advanced) Information Security Questions. Questions you should know the answer to for your information security career.

An attempt at creating a unifying Threat Model Definition Language using a declarative syntax with cuelang

Certified Cybersecurity Consultant (CCC) Program - A comprehensive 4-month, 320-hour training curriculum for experienced cybersecurity professionals. Developed by Aminu Idris, AMCPN | International Cybersecurity and Digital Forensics Academy (ICDFA)

Excalidraw library for threat modeling diagrams

An ongoing & curated collection of awesome software best practices and techniques, libraries and frameworks, E-books and videos, websites, blog posts, links to github Repositories, technical guidelines and important resources about The Open Group Architecture Framework (TOGAF) in Cybersecurity.

Offline-first threat modeling and architecture diagram editor with AI-powered security analysis, MITRE ATT&CK/NIST mapping, local Ollama support, and integrated GRC attack-path workflows.

Reusable STRIDE and PASTA threat modeling templates for Agile product teams. Standardize your DevSecOps security design reviews with Markdown and draw.io.

Architecture and threat model for a post-quantum cryptography (PQC) key management system.

ASTRA (Architecture and Security Threat Review and Analysis) is a collaborative, business-driven methodology for security architecture review and threat modeling. NOT an audit.

An ongoing & curated collection of awesome software best practices and techniques, libraries and frameworks, E-books and videos, websites, blog posts, links to github Repositories, technical guidelines and important resources about Security Assurance in Cybersecurity

Radium corpus — Execution Governance for Complex Automated Systems

Threat-oriented defensive frameworks reorganizing PCI DSS v4.0.1 requirements by attack type rather than compliance checklist. Educational guide for security professionals implementing strategic layered defense.