In the ever-changing field of cybersecurity, organizations need well-trained staff to help them keep up with their growing security needs. Security architects fill these roles. When a new network is being developed, a security architect is needed to oversee the network build and ensure that defensive measures are put in place right from the get-go. Having a network built without having considered what security measures need to be in place is simply setting the organization up for failure.
It’s often said that security is the death of efficiency. It’s up to security architects to ensure that this is not the case in their networks. Security measures must be put in place without causing a decrease in productivity and efficiently of the overall network.
Security architects will handle both defensive and offensive measures taken on the network. Knowledge of firewalls, penetration testing, and incident response if a must but it doesn’t stop there. Since security architects will be assisting in building networks, comprehensive knowledge of computer networking such as routing and switching will be necessary as well.
For individuals who are interested in a unique combination of networking, security, and a bit of management, pursuing a career as a security architect may the right fit.
6 steps to follow when pursuing a career as a security architect
1. Prepare Generally speaking, the role of a security architect is not an entry-level one. According to New Horizons Computer Learning Center, security architects are expected to have between 5 and 10 years of experience, with at least several of those years dedicated to cybersecurity.
This means that it is important for individuals to prepare for the long journey ahead when choosing this career path. To prepare for a career as a security architect, professionals should decide what type of degree they’d like to pursue. Generalized computer science degrees, as well as specialized cybersecurity degrees can both be beneficial in this field. Next, professionals should decide what type of steppingstone career would best fit them in order to gain the needed experience. All of this should be researched to create a personalized career plan.
2. Learn To begin pursuing a career as a security architect, students should start by obtaining, at the very least, a bachelor’s degree in a related field. It is up to the individual to choose a relevant program that will help them further their career. For example, either a bachelor’s degree in cybersecurity or a bachelor’s degree in computer science would be good option. However, since a security architect is considered to be a management-level role, professionals will likely be required to also obtain a master’s degree in cybersecurity or a related field. Occasionally experience in related fields can be substituted in place of a master’s degree.
3. Gain Experience As previously mentioned, a security architect role is not an entry-level one. This means that individuals who are pursuing their goal of becoming security architects will likely need to start their career in a different position. Since it is a management position, professionals will typically start in an entry-level role, move into a more intermediate role, and finally into the role of a security architect.
For example, an individual may begin their career as a system administrator, move into a more security-focused role as a security engineer, before finally being able to move into the role as a security architect. Other roles that could be good steppingstones to a security architect position include security administrator, network administrator, security specialist, security analyst, and security consultant.
4. Pursue Certifications As is the case with most cybersecurity positions, certifications can help professionals and students prove their skills and make their resume stand out from the crowd. The CompTIA Security+ certification is an excellent entry-level certification for anyone who is interested in cybersecurity. This certification covers both theoretical and practical cybersecurity scenarios.
For more advanced or expert-level certifications, professionals can work on obtaining their CISSP. Those wishing to become CISSP certified must have an in-depth and working knowledge of cybersecurity domains such as security and risk management, asset security, security architecture and engineering, IAM, security assessment and testing, security operations, and software development security. There are also plenty of intermediate certifications which fall somewhere in between the skill level of the Security+ and the CISSP such as the Certified Ethical Hacker (CEH), the Offensive Security Certified Professional (OSCP), and the Certified Cloud Security Professional (CCSP) just to name a few.
5. Apply After having researched the world of security architects, obtained the necessary degree and certifications, and gathered 5-10 years of experience in a related field – there is nothing left to do but apply. Much like any other position in cybersecurity, jobs can be found online by searching for keywords such as “security architect” on websites such as Indeed.com, Glassdoor.com, LinkedIn, and many others.
6. Keep Learning The education of a security architect is never-ending. Because this is a management role and because security is constantly changing, security architects must regularly stay up to date on new and emerging threats and security techniques. Attending trainings through organizations such as BlackHat and SANs may help to keep security architects up to date.
What is a security architect?
Security architects are management-level individuals who oversee the security of an organization’s network. These professionals are needed when the network is first designed, built, and implemented, as well throughout the entire life of the network. Security architects will oversee any changes that are to be made to the network so that they do not put the organization at risk.
It is not uncommon for security architects to handle both defensive measures such as implementing/configuring firewalls and anti-virus software, as well as handling offensive testing such as running penetration tests.
Security architect skills
Each organization will have its own skill requirements for security architects.
The following are examples of the types of skills that security architects should possess.
- Networking Security architects will play a major role in the building and maintenance of computer networks. For this reason, security architects must have an in-depth and advanced knowledge of computer networking principles. It should be a primary focus of anyone hoping to join the field to become an expert in computer networking.
- Malware analysis In order to be an effective security architect and protect the network against malware, general knowledge of malware and malware analysis is necessary.
- Management skills As this is a management role, it’s vital that those seeking a career as a security architect posse the skills to manage both a project and a team of employees.
- Risk management A large portion of a security architect’s job is risk management, therefore having a strong understanding of risk management fundamentals is key.
What do security architects do?
Security architects will be a major part of any IT projects and initiatives within an organization. This is because they will need to design, plan, and maintain the security architectures around these projects or initiatives. They will work to maintain the highest level of security for an organization and will perform regular testing which may include items such as penetration testing, vulnerability scanning, and risk analysis.
They will stay up to date on changing technologies and be aware of emerging threats so that they can implement safeguards against those threats. They will generally manage and oversee the security team within an organization. Often times, security architects will also be responsible for spearheading security awareness programs.
Security architect job description
Even though each job description will be unique to the hiring organization, the skills necessary and general requirements will often stay the same.
Security architects can expect to see the following types of items on their job descriptions:
- Managing and maintaining current system security measures as well as implementing new and improved systems.
- Ensure that the principle of least privilege is applied to all employees
- Execute and maintain Identity & Access Management (IAM) security architecture
- Perform security reviews of third-party software and services
- Manage and oversee security awareness training initiatives
- Performing on-going security tests such as vulnerability scanning and risk analysis
Outlook for security architects
As with most cybersecurity careers, the outlook for security architects is very good. Threats to computer systems and networks can’t be completely eliminated so the need for qualified security professionals is growing. However, because a security architect is a more advanced role than that of a lower level cybersecurity role such as a security analyst, fewer jobs are available.
Security architect salary
Being an advanced level position, security architects can expect to make a bit more than their cybersecurity counterparts.
According to Glassdoor.com, the average base salary of a security architect is $118,697 a year. This is about $25,000 more a year than the average for security analysts and $50,000 more than the average security administrator.
While the salary is certainly higher, it is still important however to take into consideration the necessary education and experience that one must have in order to obtain a role as a security architect.