Look at the plan of a seventeenth century fortress and you are looking at a security architecture diagram. The jagged points, the layered walls, the deliberate angles: none of it is decoration. Every line answers a question about where an attacker could approach and what would stop them. The engineer who refined that geometry into a discipline has a great deal to teach anyone designing a network that assumes the enemy is already inside.
Military foundation
Sebastien Le Prestre de Vauban was a French military engineer whose name became synonymous with fortification. His designs replaced the tall, flat walls of earlier strongholds with low, angled, star-shaped works built from projecting bastions. The shape was not aesthetic. The high walls of older castles offered defenders dead ground at their own feet, places an attacker at the base could not be fired upon. Vauban's geometry eliminated those blind spots. Each bastion projected outward so that the ground in front of every wall fell under fire from neighbouring positions.
Two ideas sit at the heart of this design. The first is overlapping coverage: every approach is watched by more than one position, so a force advancing toward one section is met by fire from the sections beside it. The second is layered depth with no single point of failure. A fortress was not one wall but a sequence of works, outer and inner, each independently defensible. Taking the first line did not hand the attacker the place. It dropped them into a new zone, already covered, with another barrier ahead and the cost of the assault mounting at every step.
Cyber application
Zero-trust architecture inherits Vauban's premises almost directly. The old network perimeter behaved like a high castle wall: hard on the outside, soft within, so that anyone past the gate could move freely. That model gave attackers the very dead ground Vauban designed away. Once inside, an intruder could traverse the interior unobserved and unchallenged, because trust was granted by location rather than verified at each step.
Micro-segmentation rebuilds the interior as a field of bastions. The environment is divided into small, independently defended zones, and movement between them is neither implicit nor free. Strict access control governs every request: identity and authorisation are checked at each boundary, so reaching one segment grants nothing automatically about the next. This is Vauban's layered depth expressed in policy. An attacker who compromises a single container or workload lands in one zone, covered by its own controls, with another barrier ahead rather than open ground.
The same geometry holds across AWS, Azure, and GCP, where workloads are spread over several providers and a flat trust model would be a gift to an intruder. Consistent segmentation and access control across all three keep a compromise contained to where it began. One breached container cannot move laterally into the next service, because the path between them is a checked boundary, not an open corridor, and the controls on either side overlap so that suspicious movement is observed from more than one vantage point. There is no single point of failure whose fall opens the rest, because each zone stands on its own and the loss of one does not surrender its neighbours.
What you practise
In the range, this is where defence-in-depth stops being a slogan and becomes a map you have to draw and defend. You practise mapping a multi-cloud estate into segments, deciding where the boundaries belong, and writing the access rules that let legitimate traffic through while denying the lateral paths an attacker needs. You learn to hunt for the dead ground in your own design: the over-trusted service account, the flat subnet that quietly connects two zones, the boundary that checks identity in one direction but not the other.
Working both sides sharpens the lesson. As the attacker, you probe for the single weak wall that opens everything behind it, and you feel directly how segmentation turns a quick traversal into a slow grind of separately defended zones. As the defender, you confirm that compromising one workload yields one zone and nothing more, and that overlapping controls catch the movement a single control would miss. The instinct you are building is Vauban's: never present a flat wall an attacker can walk past, and never let the fall of one position cost you the rest. Design so that getting in is only the beginning of the problem, not the end of your defence.