Why and How to Become a Security Architect
The main function of a security architect within an organization is to design, build, and monitor the process of implementing the network and computer security for such company. If you are a senior security architect, then you will be required to design complex security structures and make sure they work greatly upon implementations.
This job is more related to dealing with the big picture of the organization’s networks and architectures. The following list gives an overview of the main responsibilities that one could expect when taking this position as a Security Architect.
- You are responsible to understand the organization’s technology and information systems.
- It is your responsibility to create a great design for the security architecture for any potential IT project to be undertaken within the organization.
- You should do some vulnerability testing, risk analysis and measure the security of the proposed architectures.
- You have to always be up to date when it comes to authentication protocols, standards for security and security systems.
- You should make and provide all the requirements for local area networks (LANs), wide area networks (WANs), virtual private networks (VPNs), routers, firewalls, and related network devices
- You are responsible for building up the public key infrastructures (PKIs). This actually includes certification authorities (CAs) and digital signatures which are the necessities to ensure integrity of data transmission.
- You should be able to calculate the estimated costs to implement your proposed architecture and also explain in details what issues could be associated with integrating the solutions with the current systems of the organization.
- Any installment of firewalls within the network should be approved by you as the Security Architect. Moreover, this extends to include also VPN, routers, IDS scanning technologies and servers.
- You should always perform your tests on the security structures such that you make sure that their behavior is accepted and there is nothing wrong about them.
- You should always be there to give advice and any technical guidance for security teams.
- You have to define the corporate security policies and procedures and further help with their implementations and ensure they are maintained within the organization.
- You should make sure that awareness is always raised amongst employees of the organization with regards to cybersecurity issues and practices. This could happen through scheduled trainings and educational programs.
- You should always be there for any potential security incidents. Your response should be immediate and you should analyze what happened and what caused such an incident to occur and make clear documentations about that.
- You should always make sure that all the security systems of the organization are kept updated and upgraded for the best security.
Final note is that this is a sort of managerial position where you have your programming team which you direct and manage, and you report your progress and advancements to the Chief Information Security Officer (CISO).
At the beginning of your cybersecurity career, I would recommend that you take an entry level position such that you can gain the necessary knowledge and experience for the upcoming years. Some of these jobs are:
- Security Administrator
- Network Administrator
- System Administrator
After getting sufficient base of knowledge in one of these jobs, you should take a step up into more specialized job. These jobs will be of an intermediate level according to the jobs hierarchy. Some of these jobs are given in the following list.
- Security Analyst
- Security Engineer
- Security Consultant
When you attain your target job and become a Security Architect, you may prefer to remain settled in your job. That is fine. You may further get promoted in the same job domain if you are working for a big organization. To elaborate, you may become a Senior Security Architect or even Chief Security Architect.
When you get enough experience in these senior level positions, you may consider the big boss position to become the first man of security within the organization as a CISO.
What are the similar jobs to a Security Architect?
Most of the job postings similar to a Security Architect position are mainly one of the jobs in the following list.
- Information Security Architect
- Information Systems Security Architect
It is worth noting to emphasize the difference between a Security Architect and an Information Security Architect. The former is more into technical tasks while the latter involves some directorial or managerial responsibilities.
The average salary for a Security Architect is actually quite high. According to PayScale, a security architect is paid $109,794 yearly on an average basis. The minimum payment to expect for this job according to the figures is around $84,237 per year while the highest payment you should expect is around $160,166 per year. It is needless to say that all pay figures include your base annual salary, bonuses, profit sharing, tips, commissions, overtime pay and other forms of cash earnings, as applicable. Higher figures do not include benefits.
Having a bachelor’s degree in Computer Science, Cyber Security or a related field is really recommended for this job. This is simply due to the great involvement in designing and creating security systems and procedures, which this job requires. In addition to that, getting a master’s degree in IT security to compensate for your non-technical background is always a valid option to go for as well. Above all, try to add to your skills through IT security trainings and professional certifications, which all make you a perfect candidate.
According to most of the job postings requirements, experience in the field of IT for a range between 5 years to 10 years is required. During these yours, you should get exposed to business planning, systems analysis and application development. Moreover, you should have from 3 to 5 years of these years dedicated for IT security matters only. This all what really makes a perfectly experienced Security Architect.
There are a bunch of technical skills that one should consider working on by the time he can apply for a job posting for a Security Architect position. The following list attempts to point out the main skills and points that you should have for this position.
- You should be aware of the methodologies used for role-based authorization and policy formation.
- You should have knowledge of procedures used for risk assessment.
- Your knowledge of authentication technologies and security attack pathologies is also necessary.
- You should also be of great knowledge about frameworks like ISO 27001/27002, ITIL and COBIT.
- It is definitely necessary that a security manager have comfort using both Windows and Unix like operating systems.
- You should be very comfortable dealing with various security controls such as firewall, IDS/IPS, network access control and network segmentation.
- You should have a solid knowledge about computer networking concepts from the perspective of security such as wireless security, DNS, routing, switching, and VLANs security.
- In addition, you should be aware of several security concepts such as authentication, VPN, proxy services and DDOS mitigation technologies.
- You should be aware of methodologies used for IT strategy, enterprise architecture and security architecture. In addition, you should always seek for the best practices in these aspects.
- You should know how to define a Network Security Architecture, and further develop it and maintain it.
You should be aware of the mythologies associated with third party auditing and cloud risk assessment management.
Since this job is considered as a management position, you should be a good negotiator with strong oral and communication skills. You should be patient and willing to teach and explain technical materials to audience coming from a non-technical background. In the same regard, leadership skills are required for this position, and in fact they are one of the most important soft skills that an employer will be curious to know whether you have them. This is simply attributed to the fact that you will be required to manage a lot of team members who may change and vary over time along with the tasks and projects. If you do not have the right leadership skills, how can you manage all of that then? Finally, problem solving skills are for sure important as well for this position.
In order for you to reach this managerial position, you should be carrying some attractive professional certificates from accredited bodies. This will make any employer excited to hire you as much as you are excited to get hired. The following list provides you with the essential certifications that you should think of for this job purposes. That said, you should always seek to get as much certifications in the field as you can and you should always check the certifications required by your desired employer as well.
- CISSP: Certified Information Systems Security Professional
- CISSP-ISSAP: Information Systems Security Architecture Professional
- CISM: Certified Information Security Manager
- CEH: Certified Ethical Hacker
- CSSA: Certified SCADA Security Architect
GSEC / GCIH / GCIA: GIAC Security Certifications