Design comprehensive security architectures using defense-in-depth, zero trust principles, threat modeling (STRIDE, PASTA), and control frameworks (NIST CSF, CIS Controls, ISO 27001). Use when designing security for new systems, auditing existing architectures, or establishing security governance programs.
View on GitHubskills/architecting-security/SKILL.md
February 1, 2026
Select agents to install to:
npx add-skill https://github.com/ancoleman/ai-design-components/blob/main/skills/architecting-security/SKILL.md -a claude-code --skill architecting-securityInstallation paths:
.claude/skills/architecting-security/# Security Architecture Design and implement comprehensive security architectures that protect systems, data, and users through layered defense strategies, zero trust principles, and risk-based security controls. ## Purpose Security architecture provides the strategic foundation for building resilient, compliant, and trustworthy systems. This skill guides the design of defense-in-depth layers, zero trust implementations, threat modeling methodologies, and mapping to control frameworks (NIST CSF, CIS Controls, ISO 27001). Unlike tactical security skills (configuring firewalls, implementing authentication, scanning vulnerabilities), security architecture focuses on strategic planning, comprehensive defense strategies, and governance frameworks. ## When to Use This Skill Use security architecture when: - Designing security for greenfield systems (new applications, cloud migrations) - Conducting security audits or risk assessments of existing systems - Implementing zero trust architecture across enterprise environments - Establishing security governance programs and compliance frameworks - Threat modeling applications, APIs, or microservices architectures - Selecting and mapping security controls to regulatory requirements (SOC 2, HIPAA, PCI DSS) - Designing cloud security architectures (AWS, GCP, Azure multi-account strategies) - Addressing supply chain security (SLSA framework, SBOM implementation) ## Core Security Architecture Principles ### 1. Defense in Depth Implement multiple independent layers of security controls so that if one layer fails, others continue to protect critical assets. **9 Defense Layers (2025 Model):** 1. **Physical Security:** Data center access, environmental controls, hardware security modules (HSMs) 2. **Network Perimeter:** Next-gen firewalls (NGFW), DDoS protection, web application firewalls (WAF) 3. **Network Segmentation:** VLANs, VPCs, security groups, micro-segmentation 4. **Endpoint Protection:** EDR, antivirus, device enc