In the top level we have Pillars. Which are the most abstract but sparse/broad topics, like Operational Security. TBH right now I'm not so sure about which others are that obvious like Opsec, we can take some examples from W3SAMM as well.
I’m momentarily defining the following ones:
In terms of contents, they will have an overview of the Pillar, and then just the relationship with the Pyramids. In the case of Opsec, requires Wallet security L1, Awareness L2, DNS Management L3…and so on. Why? Because not all Pillars will require or demand the same amount of knowledge from each Pyramid, given they have different levels of need. And since they don't have content on their own, they have to 'import it' from the most atomic levels, which will be through the Pyramids.
Example for Pillar Operational Security (People & Org)
Requires Pyramid level: Wallet Security 1, Awareness 3, Travel Security 2
Then we will have Pyramids. The Pillars will require different levels of needs/security profiles? from the Pyramids. Now, a Pyramid is a specific topic, like wallet security, secure software development, or key management. They are kind of broad, but their categorization should be done by relevance/importance rather than just based merely on the topic.
There shouldn’t be overlap between Pyramids. But there can be overlap between Pillars, since they reuse the same Pyramids.