Now enrolling · 2026 cohort

Become a Security Architect.

Think like an attacker. Decide like a business leader.

A 90-day program for IT, dev, and security professionals stepping into the security architect role. Learn the offensive techniques and the defensive controls across the Microsoft stack. Translate technical risk into business risk. Then apply all of it by building the security program for your own company.

See the Plans → How It Works ↓
Fabien's students and alumni work at
VinciHermèsBNP ParibasThalesKPMGPwCSiemensAirbusSaint-GobainBouyguesEDFAccenture VinciHermèsBNP ParibasThalesKPMGPwCSiemensAirbusSaint-GobainBouyguesEDFAccenture
The architect's two mindsets

Two Heads. One Role.

A security architect lives in two heads at the same time. The attacker's head, to know what actually breaks. The business leader's head, to decide what is worth fixing first. Most training picks one and ignores the other. This program builds both.

Mindset 01

Think Like an Attacker

You cannot defend what you cannot break, in your head. The architect who has never walked an attack path designs controls that look right on paper and collapse in the first incident. We start here. Real chains, real techniques, on the stack you actually run.

Mindset 02

Decide Like a Business Leader

Every control has a cost. Every risk has a price. The architect who cannot translate a CVE into a business conversation gets overruled by the people writing the budget. We coach the language: risk registers, prioritization, memos, board-readable trade-offs.

Who this is for

This Is For You If...

✅ Yes, join if you:

  • Are an IT, dev, or security professional stepping into the security architect role
  • Are responsible for protecting a Microsoft environment (Windows, AD, Entra ID, Azure, M365)
  • Want to think both offensively and defensively, not pick one camp
  • Want to translate technical risk into a board-level conversation
  • Have a real environment to apply the work to (your employer, your client, or a structured case)
  • Are tired of vendor checklists and want to design the controls yourself
  • Will do the work between sessions

✗ Not for you if you:

  • Want a pure certification cram (AZ-500, SC-100)
  • Are looking for theory only, with no application
  • Want a managed-service "do it for me" engagement
  • Will not get hands-on with a real or representative environment
  • Already have 10+ years as a security architect (this is the formation, not the masterclass)
The 5 pillars

The Architect's Curriculum

Four pillars build the skills. The fifth applies them. By the end, you have both the mindset and a deliverable.

Pillar 01

The Attacker's Playbook

Real attack chains across the Microsoft stack. Active Directory: Kerberoasting, AS-REP roasting, ACL abuse, Pass-the-Hash, Golden and Silver tickets. Entra ID: token theft, consent phishing, illicit grant flows, abuse of service principals. Azure: managed identity pivoting, RBAC misconfigurations, lateral movement across subscriptions. M365: business email compromise patterns, OAuth app abuse, Teams and SharePoint exfiltration paths. You learn what attackers actually do, not what vendors warn about generically.

Offensive thinking
Pillar 02

The Defender's Architecture

Counter-measures designed at architectural level, not bolted on. The tier model and Privileged Access Workstations for AD. Conditional Access designs that survive both audit and attack. Hybrid identity hardening with Entra Connect. Azure landing zones, segmentation, and policy as code. Defender XDR for detection across endpoint, identity, email, and cloud apps. Microsoft Sentinel for response. The hardening references for each layer, and where they fall short.

Defensive design
Pillar 03

Risk Management & Business Alignment

The risk register that is actually used, not the one filed and forgotten. Threat modeling at scale: STRIDE, Pasta, MITRE ATT&CK, attack trees, and the questions that surface real risks during a design review. Prioritization frameworks that hold up: FAIR-style scoring, business impact analysis, control cost vs. risk reduction. The conversation with the CFO about why the budget is what it is. Memos and architecture decision records that turn opinions into decisions.

Risk + business language
Pillar 04

The Architect Skill Set

The mental model of the role. Reference architectures and how to read them: Microsoft Cloud Adoption Framework, NIST CSF, CIS controls. Identity-first design and zero trust beyond the marketing slide. Network segmentation for a real cloud, not the textbook one. Secure design reviews that produce decisions, not delays. Writing the design documents that get implemented because they are clear, not because they are long.

Architect mindset
Pillar 05 · Capstone

Apply It to Your Own Company

The four pillars build the skills. This pillar produces a deliverable. We work through your environment (or a sanitized representation if your context requires) and you build the security program for it: current-state assessment, target architecture, prioritized risk register, control set with rationale, 12-month roadmap, governance plan. You leave the program with a document you can hand to your manager, your CISO, or your board, and defend on the merits.

Real deliverable, your environment

What you walk out with

  • Documented attack paths against your environment
  • Target reference architecture (identity, network, data)
  • Prioritized risk register with scoring
  • Control set with cost vs. risk reduction notes
  • 12-month implementation roadmap
  • Governance plan (RACI, review cadence, KPIs)
  • Memo for executive stakeholders
  • The mental model to keep doing this on your own
Community & webinars

You Don't Do This Alone

A private community of architects-in-the-making and practitioners, plus monthly expert webinars on Microsoft security, architecture patterns, and risk.

💬

Private Discord Community

A focused group of professionals working on the same problems: identity hardening, design reviews, board memos, control trade-offs. People who will critique your architecture diagrams instead of liking them politely.

  • Architecture review threads with peer feedback
  • Real-world attack and defense write-ups from members
  • Job leads for security architect and senior security roles
  • Direct access to Fabien for quick questions
  • Accountability check-ins so the program work actually happens
Join the Discord →

Open to serious learners only. For experience sharing between professionals making the jump.

🎙️

Monthly Expert Webinars

Every month, a practitioner shares what you actually need to know to operate at architect level. No fluff, no vendor pitches. Topics rotate between attack and defense on the Microsoft stack, architecture patterns, and risk.

  • Attack: walkthroughs of real chains, in environments that look like yours
  • Defense: control designs from architects who actually built them
  • Risk: how mature programs run their register and review cadence
  • Live Q&A with each expert
  • Full access to all past webinar recordings
The shift

Before and After

DAY 0: YOU NOW

  • Reactive, fighting fires, never in the design conversation early
  • Talking in CVEs and getting overruled by the people writing the budget
  • Following vendor checklists without understanding the trade-offs
  • Implementing controls someone else designed
  • Called "the security person" but never asked to architect
  • Knowing the Microsoft stack technically, but cannot defend a design choice in business language
  • No artifact to point to that proves you can architect a program

90 DAYS LATER: YOUR TRAJECTORY

  • In the design review at the start, not the audit at the end
  • Translating technical risk into board-readable trade-offs
  • Designing the controls, not implementing someone else's
  • Reading reference architectures critically, adapting them to your context
  • Speaking both languages: attacker and business leader
  • Operating with the mental model of an architect, not a technician
  • A documented security program for your environment that you authored and can defend
Your coach

Not a Guru. Someone Who Did the Work.

Fabien Soulis

Fabien Soulis. Multicloud security architect, pentester, incident responder. 15+ years securing global enterprises across North America and Europe.

Sorbonne instructor teaching security architecture at Paris 1 Panthéon-Sorbonne. Built a SaaS cybersecurity business with dozens of enterprise clients. Zero major incidents across 150K+ employee environments.

I have built attack chains and the defenses against them. I have written the risk memos and presented them to executives. I have designed the architectures and answered for them in audit. The program is the formation I wish I had had when I was making the jump.

15+
Years in the field
150K+
Users secured
0
Major incidents
Choose your plan

Two Ways to Start

Start with an Architect Readiness Assessment, or commit to the full 90-day program with the capstone deliverable.

Starter
Architect Readiness Assessment

A focused audit of where you are against the security architect role. Skill gap analysis across attack, defense, risk, and architecture. Honest read on your current environment. You leave with a 90-day learning plan and a clear next step.

€990
One-time · Delivered in 1 week
  • Intake call (45 min)
  • Skill gap analysis vs. the security architect role
  • Microsoft-stack readiness review (AD, Entra, Azure, M365)
  • Light review of your current environment or representative case
  • 90-day learning plan with prioritized topics
  • Restitution session (45 min)
  • Discord community + webinars (12 months)
Book a Free Call → or message me on LinkedIn →
Accelerator
The Full 90-Day Program

All 5 pillars delivered. Attack and defense across the Microsoft stack, risk management, architecture skills, and the capstone: the security program for your own environment. You leave with a deliverable, not just a certificate.

3,990€
Introductory pricing · 90 days · 8 sessions
  • Everything in Starter, plus:
  • Pillar 01: Attacker's Playbook (AD, Entra, Azure, M365 attack chains)
  • Pillar 02: Defender's Architecture (controls, hardening, XDR, Sentinel)
  • Pillar 03: Risk Management & Business Alignment
  • Risk register template tailored to your environment
  • Threat modeling practice on a real design
  • Pillar 04: Architect Skill Set (reference architectures, design reviews, decision writing)
  • Pillar 05 capstone: Security program for your company
  • Current-state assessment
  • Target architecture and prioritized risk register
  • Control set with rationale
  • 12-month roadmap and governance plan
  • Executive memo for your stakeholders
  • 8 weekly 1-on-1 sessions (45 min each)
  • For participants who complete the work:
  • Personal recommendation letter from Fabien
  • Course completion certificate
  • Discord community + webinars (12 months)
Apply Now → or message me on LinkedIn →

Not sure which plan? Book a free 15-min call or message me on LinkedIn. No pitch, just clarity.

Fabien leads the program and is supported by equally (or better) qualified coaches to adapt to your specific needs: industry context, language preference (English, French, Spanish), timezone, or specialized expertise.

FAQ

Before You Decide

Do I need to already be in cybersecurity?
Helpful, not required. IT pros, sysadmins, and developers running Microsoft environments often make excellent security architects because they already know how the system breaks under load. What matters is that you have hands-on experience with at least part of the stack, and a real environment to apply the work to.
Will I really build the security program for my company?
Yes. That is the capstone. By the end of the 90 days you have: a current-state assessment, target architecture, prioritized risk register, control set, 12-month roadmap, governance plan, and an executive memo. Real artifacts for your real environment. Defensible on the merits.
Is the work confidential?
Yes. A standard mutual NDA is available on request. When your environment is sensitive, we work from sanitized representations: same architecture shapes, anonymized identifiers. The deliverable is yours.
What if I do not have a "company" to apply this to?
We use a structured case based on a representative environment, sized to your target role. You still produce a full security program as the capstone. It becomes your portfolio piece, ready to walk into an interview with.
Is this an offensive security course?
No. It includes the attacker's mindset because no architect should design controls without it, but the goal is defensive architecture, not certification as a pentester. If you want a pure offensive program, look elsewhere. If you want to build defenses that hold up against real attackers, you are in the right place.
Can I upgrade from Starter to Accelerator?
Yes. If you start with Starter and decide you want the full program, the €990 credits toward the Accelerator fee.
What language are sessions in?
English by default. Fabien is supported by equally or better qualified coaches who can deliver sessions in French, Spanish, or English depending on your preference.

Ready to Architect, Not Just Implement?

Begin with an Architect Readiness Assessment, or commit to the full 90-day program.

See the Plans → Book a Free Call Message on LinkedIn

Not ready yet?

Read the free book, or join the Discord to learn from peers walking the same path.

Get the Free Book → Join the Discord →

Discord is open to serious learners only. For experience sharing between professionals making the jump.