About Saleem Yousaf | Cloud & Cyber Security Architect UK

Security architecture
built for the real world.

More than 20 years designing secure, scalable enterprise systems across UK government, Critical National Infrastructure, manufacturing, and global enterprise. The focus has always been on architecture that works in practice, not just on paper.

AWS Azure Zero Trust AI Governance OT Security SABSA MITRE ATT&CK

The approach behind the work.

Architecture grounded in real delivery, not theory. Tested across government, CNI, financial services, and manufacturing.

Saleem Yousaf is a senior Cloud and Cyber Security Architect with more than 20 years of experience across cloud transformation, cyber security, governance, and infrastructure modernisation. He has worked across some of the UK's most complex and regulated environments, delivering secure-by-design architectures, Zero Trust strategies, and AI governance capabilities for organisations where security cannot be an afterthought.

Having worked within sectors including UK central government, Critical National Infrastructure, automotive manufacturing, and financial services, the experience is grounded in environments where the stakes are high and the architecture decisions have lasting consequences. That background shapes an approach that is pragmatic, business-aligned, and always focused on what works in practice rather than what looks good in a diagram.

The work spans AWS and Azure cloud security architecture, Zero Trust design, OT security, threat modelling using STRIDE and MITRE ATT&CK, Breach Attack Simulation, AI governance frameworks, and enterprise architecture assurance. Alongside delivery work, Saleem contributes openly to the security community through GitHub repositories, published articles, and the Cyber Spartans security initiative.

The underlying belief is that security architecture works best when it is embedded from the start, aligned to business risk, and designed to be operationally sustainable. Not bolted on after the fact. Not driven by compliance checklists alone. Built to hold under real conditions.

Secure by design
Security decisions made at the same time as availability, scalability, and integration decisions. The secure path should be the easiest path for delivery teams.

Business-aligned architecture
Every control traceable to a business risk. Every design decision explainable to both technical teams and governance stakeholders.

Operationally sustainable
Architecture that works beyond the delivery phase. Designed to be monitored, maintained, and validated continuously rather than handed over and forgotten.

Open to the community
Frameworks, reference architectures, and design patterns published openly on GitHub and written up in articles for the wider security architecture community.

Six principles that shape the work.

These are not values written for a website. They are the principles that consistently come out in how architecture is designed and delivered.

Security is a design discipline

Security controls work best when they are designed in from the start, not layered on after deployment. The architecture should make secure behaviour the default.

Trust must be earned

Assume Breach is not just a detection philosophy. It is a design mindset. Architecture should remain observable and containable even when one layer fails.

Visibility is not optional

Architecture without observability is blind. Detection and logging requirements belong in the design from day one, not discovered when an incident occurs.

Stakeholders need explanations

Technical architecture must be communicable. STRIDE and SABSA provide a shared language that connects design decisions to business risk across all levels of an organisation.

AI needs governance from the start

AI adoption without architecture and governance is a risk. The same secure-by-design principles that apply to cloud architecture apply equally to AI pipelines, LLM systems, and data flows.

Open architecture benefits everyone

Security frameworks, reference architectures, and design patterns published in the open raise the floor for the whole community and create better outcomes across the profession.

What the work covers.

Applied, deep experience across the core disciplines of modern enterprise security architecture.

AWS and Azure Security Architecture

Designing secure landing zones, private networking, IAM governance, cloud-native security controls, and enterprise platform security across AWS and Azure.

Zero Trust and Identity Security

Applying Zero Trust principles across enterprise environments through identity-centric access control, segmentation, privileged access management, and continuous trust validation.

Threat Modelling and BAS

STRIDE-based threat modelling, Breach Attack Simulation integrated into CI/CD pipelines, and continuous security validation mapped to MITRE ATT&CK and SABSA.

AI Security and Governance

Governance frameworks for enterprise AI adoption, LLM security architecture, RAG pipeline security, prompt injection risk management, and responsible AI integration patterns.

OT Security and Network Segmentation

Secure OT and IT separation, IDMZ design, industrial network segmentation, and security architecture for Critical National Infrastructure and regulated industrial environments.

Security Architecture Assurance

Architecture risk reviews, SABSA-aligned security assurance, secure-by-design delivery, compliance governance, and design-phase security validation across enterprise transformation programmes.

Organisations and sectors.

A cross-section of enterprise and public sector engagements across cloud, security architecture, and regulated environments.

HM Land Registry

Cloud security architecture, secure platform design, AWS and Azure security assurance, STRIDE threat modelling, and enterprise security architecture across a major government transformation programme.

Ministry of Justice

Lead Cloud Security Architect within MOJ Digital and Technology. Security architecture and governance support across enterprise cloud transformation and secure digital service delivery.

Smart DCC

Security architecture activities supporting regulated Critical National Infrastructure systems, AWS-based PKI cloud architecture, and enterprise security governance.

Jaguar Land Rover

Cloud and enterprise security architecture support across large-scale automotive manufacturing environments, covering OT security, third-party access governance, and Shadow IT reduction.

AIG

Cloud security and solution architecture across enterprise platforms and transformation initiatives within a global financial services environment with complex regulatory obligations.

Amer Sports

Security architecture and OT security within enterprise distribution and logistics environments, covering network segmentation, infrastructure security design, and secure operational architecture.

Qualifications and continuous development.

Maintaining rigorous professional development across cloud security, enterprise architecture, and emerging security disciplines.

Microsoft

Azure Solutions Architect Expert

Azure · Expert

Microsoft

Azure Security Engineer Associate

Azure · Security

Microsoft

Azure Network Engineer Associate

Azure · Networking

Amazon Web Services

AWS Certified Cloud Practitioner

AWS

CompTIA

Advanced Security Practitioner (CASP+)

CASP+

EC-Council

Certified Ethical Hacker (CEH)

CEH

Security architecture
built for the real world.

The approach behind the work.

Six principles that shape the work.

What the work covers.

Organisations and sectors.

Qualifications and continuous development.

Published and shared openly.

Security architecturebuilt for the real world.

The approach behind the work.

Six principles that shape the work.

What the work covers.

Organisations and sectors.

Qualifications and continuous development.

Published and shared openly.

Security architecture
built for the real world.