1. undertake structured analysis of technical issues, translating this analysis into technical designs that describe a solution
2. be consulted about design and provide design patterns
3. identify deeper issues that need fixing
4. look for opportunities to collaborate and reuse components, communicating with both technical and non-technical stakeholders
5. align designs with Enterprise Architecture

Main Activities

1. Documenting service assets
2. Sourcing a threat assessment
3. Performing threat modelling
4. Performing a security risk assessment
5. Agreeing security controls set for your service
6. Responding to and mitigating security risks
7. Assessing the effectiveness of security controls
8. Implementing a vulnerability management process
9. Managing observability
10. Evaluating the security impact of changes