Technology management through enterprise architectures has already become a widespread practice across large enterprises. Modeling and evaluating the cybersecurity aspect of it, however, has just begun to get the needed attention. This paper presents a cybersecurity evaluation methodology developed for the reference architecture of the e-SENS project and derives a generic framework for cybersecurity evaluation of an enterprise architecture. The evaluation addresses both the high-level design artefacts (the reference architecture) and operational solutions. Therefore, both a conceptual and an empirical framework are developed as part of the methodology. The former extends a goal-based security model with a threat-view incorporating standardized guidelines on security measures, whereas the latter captures and systematizes implemented project-specific security practices. The resulting methodology effectively supports the evaluation and is easy to grasp by non-technical people. Moreover, it is lendable to formalization, supporting a semi-automatic process of solution architecture design.