How to systematically secure anything: a repository about security engineering

• UpdatedMar 7, 2023

《数据安全架构设计与实战》：本书系统性地介绍数据安全架构的设计与实践，融入了作者多年在安全领域积累的实践经验。全书分四大部分，共20章。 第一部分介绍安全架构的基础知识，内容包括安全、数据安全、安全架构、5A方法论、CIA等基本概念,为后续论述奠定基础。 第二部分介绍产品安全架构，内容包括：身份认证、授权、访问控制、审计、资产保护等，讲解如何从源头设计来保障数据安全和隐私安全，防患于未然。 第三部分介绍安全技术体系架构，内容包括：安全技术架构、网络和通信层安全架构、设备和主机层安全架构、应用和数据层安全架构、安全架构案例分析等。 第四部分介绍数据安全与隐私保护治理，内容包括：数据安全治理、数据安全政策文件体系、隐私保护基础与增强技术、GRC治理框架、数据安全与隐私保护的统一等。

• UpdatedApr 25, 2022
• Python

Your internal mediocrity is the moment when you lost the faith of being excellent. Just do it.

• UpdatedJan 17, 2026
• SCSS

Hack23 Public Information Security Management System:Security Through Transparency and Open Documentation Demonstrating Security Excellence Through Public ISMS Disclosure

• UpdatedJan 26, 2026

Security architecture patterns and NIST 800-53 controls from opensecurityarchitecture.org

• UpdatedFeb 20, 2026
• Python

• UpdatedFeb 13, 2026

A walkthrough of security controls for a serverless architecture via a demo application

• UpdatedMay 11, 2022
• HCL

Notes and practice exam analysis I completed when preparing for my CompTIA Security+ exam

• UpdatedNov 6, 2023

An attempt at creating a unifying Threat Model Definition Language using a declarative syntax with cuelang

• UpdatedSep 5, 2021

Common (and Advanced) Information Security Questions. Questions you should know the answer to for your information security career.

• UpdatedFeb 23, 2021

Certified Cybersecurity Consultant (CCC) Program - A comprehensive 4-month, 320-hour training curriculum for experienced cybersecurity professionals. Developed by Aminu Idris, AMCPN | International Cybersecurity and Digital Forensics Academy (ICDFA)

• UpdatedFeb 14, 2026

Excalidraw library for threat modeling diagrams

• UpdatedJun 30, 2023

An ongoing & curated collection of awesome software best practices and techniques, libraries and frameworks, E-books and videos, websites, blog posts, links to github Repositories, technical guidelines and important resources about The Open Group Architecture Framework (TOGAF) in Cybersecurity.

• UpdatedNov 8, 2022

ASTRA (Architecture and Security Threat Review and Analysis) is a collaborative, business-driven methodology for security architecture review and threat modeling. NOT an audit.

• UpdatedMay 22, 2025

Architecture and threat model for a post-quantum cryptography (PQC) key management system.

• UpdatedJan 16, 2026

Reusable STRIDE and PASTA threat modeling templates for Agile product teams. Standardize your DevSecOps security design reviews with Markdown and draw.io.

• UpdatedFeb 9, 2026

An ongoing & curated collection of awesome software best practices and techniques, libraries and frameworks, E-books and videos, websites, blog posts, links to github Repositories, technical guidelines and important resources about Security Assurance in Cybersecurity

• UpdatedOct 18, 2023

Medusa is a package that improves the overall security of the Linux OS by extending the standard Linux (Unix) security architecture while preserving backward compatibility.

• UpdatedJun 4, 2015
• C

Threat-oriented defensive frameworks reorganizing PCI DSS v4.0.1 requirements by attack type rather than compliance checklist. Educational guide for security professionals implementing strategic layered defense.

• UpdatedDec 16, 2025

Pragmatic security operating model for engineering-driven organizations. Strategic docs, governance templates, and decision frameworks for Security Directors and Architects.

• UpdatedJan 24, 2026