Revision is the slower recap surface. Use it to reread, scan, or print the stage in one place after you have already worked through the module-first path.
How to use revision properly
Revision is not the default route through the course. It is the slower surface for recap, printing, annotation, or audit-friendly reading after the shorter module pages have already done the teaching work in smaller chunks.
I built this level for people who can write code but want to design systems that survive real use. We will work through the delivery lifecycle, from discovery to operations, with security treated as normal engineering work.
My aim is simple and practical, because if you can explain a system clearly, name the biggest risks, and choose trade offs you can defend, you can work with any architecture style without feeling lost.
This programme takes you through the complete software development lifecycle with security integrated as a normal engineering concern, not a late-stage afterthought.
Course structure
I organised Foundations around the delivery lifecycle. Each module builds one small artefact you can reuse in real reviews. If you are new, follow the modules in order and treat the tools as optional practice.
Key terms you will need
I keep these definitions plain on purpose. If a term feels like jargon later, come back here and ground it in an example.
Worked example. A feature that looks “done” until it meets reality
My opinion is that most “secure by design” is just “design like someone will actually use and abuse it”.
The earlier you write the failure modes down, the cheaper they are to fix.
Common mistakes (foundations tier)
Verification. What “good foundations” looks like in practice
CPD evidence (practical, defensible)
Discovery and requirements
Learning contract
Discovery and requirements
Learn to identify what you're building and what could go wrong. Covers user journeys, non-functional requirements, threat modelling fundamentals with STRIDE, and abuse cases mapped to OWASP Top 10.
We start with what the system is for and who it serves. Without that, every later decision is guesswork and your risks are invisible.
Optional tool
Discovery and Requirements
User journeys, NFRs, threat modelling, and abuse cases
Use the related workspace if you need the live interactive version.
Knowledge check
Quick check. Discovery and requirements
Use this prompt as a self-check before you move on.
Concept recap
This recap has been simplified for the document surface. Use the workspace if you need the expandable concept tool.
Architecture and design
Learning contract
Architecture and design
Document and communicate architectural decisions using C4 models, Architecture Decision Records, API contracts, and security by design principles.
This module turns decisions into artefacts you can defend and share. Good architecture is visible in the reasoning, not only the diagram.
Optional tool
Architecture and Design
C4 models, ADRs, API contracts, and security by design
Use the related workspace if you need the live interactive version.
Knowledge check
Quick check. Architecture and design
Use this prompt as a self-check before you move on.
Concept recap
This recap has been simplified for the document surface. Use the workspace if you need the expandable concept tool.
Implementation and build
Learning contract
Implementation and build
Write secure, maintainable code with proper input validation, output encoding, session management, error handling, and supply chain security.
This is about secure defaults and clean boundaries. We focus on the common failures that appear when code meets real users.
Optional tool
Implementation (Build)
Secure coding, session management, error handling, and supply chain security
Use the related workspace if you need the live interactive version.
Knowledge check
Quick check. Implementation and build
Use this prompt as a self-check before you move on.
Concept recap
This recap has been simplified for the document surface. Use the workspace if you need the expandable concept tool.
Verification and testing
Learning contract
Verification and testing
Ensure quality and security through comprehensive testing strategies, OWASP ASVS integration, accessibility testing with WCAG 2.2, and performance testing.
Verification shows whether your design survives reality. We test what matters, not only the happy paths.
Optional tool
Verification and Testing
Test strategies, OWASP ASVS, accessibility testing, and performance validation
Use the related workspace if you need the live interactive version.
Knowledge check
Quick check. Verification and testing
Use this prompt as a self-check before you move on.
Concept recap
This recap has been simplified for the document surface. Use the workspace if you need the expandable concept tool.
Deployment and CI and CD
Learning contract
Deployment and CI and CD
Automate secure deployments with CI/CD pipelines, DevSecOps integration, deployment strategies, and Infrastructure as Code basics.
Delivery is where good architecture can be damaged. This module keeps change safe, repeatable, and observable.
Optional tool
Deployment and CI/CD
CI/CD pipelines, DevSecOps, deployment strategies, and IaC basics
Use the related workspace if you need the live interactive version.
Knowledge check
Quick check. Deployment and CI and CD
Use this prompt as a self-check before you move on.
Concept recap
This recap has been simplified for the document surface. Use the workspace if you need the expandable concept tool.
Operations
Learning contract
Operations
Run systems reliably in production with Google SRE principles, four golden signals, observability triad, and effective incident response.
Operations are part of the architecture. We design for evidence, response, and learning, not only uptime.
Optional tool
Operations
SRE principles, golden signals, observability, and incident response
Use the related workspace if you need the live interactive version.
Knowledge check
Quick check. Operations
Use this prompt as a self-check before you move on.
Concept recap
This recap has been simplified for the document surface. Use the workspace if you need the expandable concept tool.
OSI model and diagnostics
Learning contract
OSI model and diagnostics
Master troubleshooting tools and techniques using OSI layers, browser DevTools, command-line diagnostics, and TLS certificate inspection.
A shared network model gives teams a calm order for troubleshooting. It replaces guesswork with evidence.
Optional tool
OSI Model and Diagnostics
Network fundamentals, browser DevTools, and command-line diagnostics
Use the related workspace if you need the live interactive version.
Knowledge check
Quick check. OSI model and diagnostics
Use this prompt as a self-check before you move on.
Concept recap
This recap has been simplified for the document surface. Use the workspace if you need the expandable concept tool.
The ilities framework
Learning contract
The ilities framework
Evaluate systems across quality attributes including security, privacy, accessibility, performance, reliability, scalability, maintainability, and more.
Quality attributes guide trade offs. This module keeps them explicit so teams do not argue about taste.
Optional tool
The 'Ilities' Framework
Comprehensive quality attributes for system evaluation
Use the related workspace if you need the live interactive version.
Knowledge check
Quick check. The ilities framework
Use this prompt as a self-check before you move on.
Concept recap
This recap has been simplified for the document surface. Use the workspace if you need the expandable concept tool.
Foundations assessment
Learning contract
Foundations assessment
Now that you have worked through all eight modules, it is time to test your understanding. This quiz covers the key concepts from the entire foundation tier.
Treat this as a practice for judgement, not a test of memory. The goal is to show how you would reason under pressure.
Knowledge check
Software Architecture Foundations Assessment
Use this prompt as a self-check before you move on.
Complete the assessment and a short reflection portfolio to consolidate your learning. Certificates (if provided) should be treated as evidence of participation, not as a guarantee of competence.
Concept recap
This recap has been simplified for the document surface. Use the workspace if you need the expandable concept tool.
Next steps
After completing this Foundation tier, progress to the Intermediate tier (30 CPD hours) for advanced topics in security architecture, cloud-native patterns, performance engineering, and more.
Total time guide: 24 hours (content) + 1.9 hours (assessment) + 0.9 hours (portfolio) = 26.8 hours
