CADMUS Bootcamp Course

Secure-by-Design Architecture & Cloud Sovereignty

A theory-focused, LMS-based bootcamp for security architects and cloud engineers

Design Secure Architectures Before the Blueprint Becomes a Liability

,  ,  ,

Reviewing a finished blueprint is not the same as designing one with security and sovereignty baked in from the first decision. CADMUS-BTCMP-20 is built on a single conviction: defensible architecture is the cheapest control you can buy, but only if it is enforced at design time, not after the breach.

The EU-funded CADMUS project (https://cadmus-project.eu/), aiming to address the cybersecurity expertise shortage in Europe, organizes a Bootcamp course on architectural theory, design patterns, and compliance requirements for secure-by-design systems and cloud sovereignty. The course targets the Cybersecurity Architect profile of the EU Cybersecurity Skills Framework (ECSF) and is structured around LOS 13 (Secure Architecture & Cloud Sovereignty) and LOS 16 (Secure Coding & Design).https://cadmus-project.eu/

Who can attend?

- Security Architects and System Architects: professionals designing or reviewing enterprise and cloud-native architectures.

- Cloud Infrastructure and DevSecOps Engineers: practitioners working with at least one major CSP (AWS, Azure, GCP) seeking architectural depth.

- Public Sector and Critical Infrastructure IT: staff responsible for sovereign cloud deployments and NIS2-scoped infrastructure. - IT Security Staff: personnel involved in architectural reviews, threat modelling, and security assurance activities.

Why participate?

By joining this Bootcamp, you will have the opportunity to:

•    Apply Security-by-Design and Privacy-by-Default Principles

,

Translate defense-in-depth, least privilege, fail-safe defaults, and GDPR Article 25 obligations into concrete architectural specifications across enterprise and cloud-native environments, mapped to TOGAF and SABSA.

•    Master Zero-Trust Architecture Frameworks

,

Evaluate NIST SP 800-207 reference architecture and CISA Zero Trust Maturity Model (ZTMM) pillars, then select appropriate identity-centric versus network-centric controls for on-premises, hybrid, and multi-cloud deployment scenarios.

•    Map Cloud Sovereignty Obligations to Design Decisions

,

Translate NIS2, EU Cybersecurity Certification Scheme (EUCS), and national sovereignty frameworks into concrete data-residency, key-management, and access-control decisions, and design multi-cloud landing zones with documented data flows and micro-segmentation.

Conduct Architectural Threat Modelling

Apply STRIDE, PASTA, and LINDDUN to infrastructure blueprints. Quantify risk with FAIR fundamentals, identify common architectural anti-patterns (overprivileged IAM, flat networks, unencrypted flows), and produce risk-prioritized remediation roadmaps.

How to participate?

Participation is free of charge. Places are available on a rolling basis.

Register your participation through the designated link by 29 April 2026.

Detailed information about the course will be sent after registration.

The course follows a fully asynchronous structure with a total duration of approximately 8 hours, organised in six self-paced modules of about 1.5 hours each, complemented by a capstone blueprint review and a final knowledge-check assessment delivered through the CADMUS LMS.

What to bring?

•    Your curiosity

A solid understanding of enterprise networking and cloud computing fundamentals (IaaS, PaaS, SaaS) is recommended; no hands-on lab skills are required.

•    No device needed beyond a standard browser

All reference architectures, blueprints, and threat-modelling templates are delivered through the CADMUS LMS.

•    Optional preparation

A short pre-session baseline quiz is available. Completing it helps tailor the experience to the participant’s level.