Security architect: Is it the career for you?
Designing, implementing and maintaining an organization’s frontline cybersecurity system is the role of a security architect. These professionals are in high demand because, as the number of cyberattacks escalates around the globe, so does the need for cybersecurity experts who can defend against them.
This growing need translates into a multitude of security architect jobs. A quick search on LinkedIn returns more than 25,000 security architect jobs, and GlassDoor currently advertises 15,000 open positions. Security architects work within every industry, from financial service institutions to universities, healthcare to large enterprises, and career opportunities are found in every geography with a range of requirements for levels of experience.
Panshu Bajpai is a longtime security architect for Motorola who recently earned his Ph.D. in computer science with his research on one of today’s most pervasive and costly cyberattacks — ransomware. While traditionally considered more of a senior role, security architect jobs are available for people without formal education in the field and with less experience.
What does a cybersecurity architect do?
Just as cybercriminals rely on various exploits, security architects must protect a host of attack vectors, often using layers of defense measures. To accomplish this, they need to understand both the theoretical and practical applications of implementing protections. In his role at Motorola, Bajpai says he has strategic and tactical responsibilities, often to be carried out on the same day.
Bajpai describes what a security architect does by way of example. He and his team are bringing up a new instance of a next-generation firewall in the cloud that could reside on a virtual machine. They must also onboard new applications to this firewall and set up all the routing and logging procedures within the cloud environment. With this one project, “you can see how network knowledge in the context of cloud comes into play as does the latest cloud and firewall technology.” Security architects apply appropriated technology solutions across an organization’s entire defense system.
What skills should a cybersecurity architect have?
For smooth implementation of any project and successful security delivered on time and within budget, Bajpai says security architect skills should include the ability to not only create a compelling solution on paper but a functional system that doesn’t overly interrupt user productivity. Security architects must “not only talk the talk but walk the walk. You can’t just design a blueprint and then give it to somebody else to implement. You have to break it down and try to execute on it because when you do, you come across lots of little issues.”
Realizing the struggles engineers may face with the security approach you’ve designed is how flaws get solved before they become an issue.
Devising a security blueprint to adequately defend the organization against a barrage of hackers is a strategic, thoughtful process. Hammering away at the build you’ve designed gets very tactical, but both components are critically important for a robust security posture, Bajpai explains.
Also crucial for security architects to consider is the long-term impact of the architecture they propose. “It’s important not to get pigeonholed when considering a solution to a problem and not just think of your team and the problem at hand today. You also need to consider how the solution would affect other teams and the organization as a whole in the future.”
How to become a security architect
There isn’t a single pathway to becoming a security architect. A security architect’s skills should include a broad foundation of information security know-how.
Bajpai recently earned his Ph.D. in computer science, and the new knowledge his ransomware research created opened many doors for him professionally. But a Ph.D. isn’t a job requirement for all security architects. An educational background in computing is less important than an ability to hold a comprehensive understanding of many primary domains — rather than mastering every detail in one or two, according to Bajpai. It’s a lot like the Certified Information Systems Security Professional (CISSP) in that way, he says, which requires a broad range of information security knowledge.
To be successful in the role of a security architect, you first need an ability to think through problems and be a quick study with new technologies. “Intelligence is key,” he says. Going back to Bajpai’s firewall example, there are multiple technologies at play, and the security architect likely isn’t familiar with all of them. “How quickly you can learn them and implement them and determine if they are the right solution to go with is important,” he says.
A passion for fighting cybercrime with innovative, defensive approaches is another quality of successful security architects, says Bajpai. High volume, constantly changing attacks mean a lot will be thrown at you. “It’s like drinking from a fire hose; if you’re not passionate about it, you might fall behind.”
To learn more about what it takes to become a cybersecurity architect, watch our Cyber Work Podcast, Getting into security architecture: Careers, skills and ransomware with Pranshu Bajpai.