We see headlines day after day reporting security breaches to major companies like Target, Chase, Yahoo, and Equifax, often impacting hundreds of millions of customers. Information like drivers’ licenses, home addresses, phone numbers, and even credit card and Social Security numbers have been found vulnerable to malicious hackers time and again, shaking consumer confidence in organizations big and small.
Today, companies in every industry are taking notice, and realizing the importance of cyber security. Indeed, the field is booming, with no signs of slowing down soon.
A cyber security architect is a senior-level engineer responsible for strategizing, designing, and building the security structures of an organization’s computer system. Once the structure is built, the cyber security architect may be personally responsible for maintaining and updating the system, or may supervise other employees in doing so. Some of these lower-level employees may have titles such as cyber security engineer, or cyber security analyst. While these titles all sound similar, in larger organizations each plays a distinct role; the cyber security architect is exactly that: the designer, or architect, of a cyber security system.
The security architect is required to develop a comprehensive and detailed picture of an organization’s technology needs and risks; it is a "big picture" position, in that the individual in this role is responsible for the overall strategy that guides all cyber security operations within a company. Security architects should be knowledgeable and experienced in a diverse set of technical and security skills. They must also be able to think like malicious hackers, in order to anticipate and prevent any security breaches.
The cyber security architect’s role will evolve over time as the company grows and matures. In the early stages, the security architect acts as a project leader in researching, planning, and designing a cyber security strategy. The architect will then delegate tasks to members of a dedicated team, who will develop the necessary code and other elements of the planned system. The cyber security architect is then responsible for developing organizational policy and procedure around cyber security, and for training (or delegating others to train) company staff in best practices.
As a company matures, the cyber security architect must stay on the cutting-edge of emerging technologies. He or she must respond to growth and change by iterating and improving upon existing systems, always keeping the company watertight and secure. Tasks generally include regular vulnerability testing and assessments, as well as post-event analyses in the event of any actual security breaches. If there is a breach, it falls on the cyber security architect to explain to stakeholders how a the security failure occurred, and what measures have been taken — or will be taken — to prevent similar events in the future. Experienced hackers are constantly improving their methods and looking for new and different weak spots, so the cyber security architect must endeavor to stay one step ahead of them.
Generally the cyber security architect is a senior-level role, reporting directly to the Chief Information Security Officer (CISO) or possibly to a Cyber Security Director. Usually, the security architect will have several direct reports or will serve as lead over a technical security team.
Like any senior role, becoming a cyber security architect includes a combination of education and experience. Typically, you will need a bachelor’s degree to attain this status in your career. A degree in Computer Science, Cyber Security, or a related field will best prepare you to meet your goal of becoming a security architect.
In addition, you will need anywhere from three to 10 years of IT experience — preferably in cyber security — before you will be considered qualified to advance to the role of security architect. Read on for more tips about training, education, and experience.
As mentioned, the majority of cyber security architect job postings require a bachelor’s degree in Computer Science, Cyber Security, or a related field, and at least three years of experience. Some cyber security roles require as many as ten years’ experience. Approximately 35% of cyber security architect jobs require some industry certification (compared to only 23% of IT jobs overall). The cyber security workforce is highly educated and highly experienced; while the number of open positions is expected to outstrip the number of qualified workers in the years to come, this doesn’t mean companies will be handing their cyber security reins to people who aren’t fully qualified. Cyber security is a serious field with far-reaching consequences, and smart organizations know that proper training and experience are vital to finding security engineers and architects.
The good news is that there are a number of pathways to becoming a security architect. In fact, the demand for qualified incumbents is such that employers are increasingly working with training providers to create clear pipelines for professional development and credentialing, and are opening opportunities to current students as well as to those farther into their careers.
Many IT roles can be considered "feeder" positions, roles that naturally progress towards jobs in cyber security. Additionally, industry certifications can be added to bachelor’s degrees and work experience, making candidates more appealing to those hiring cyber security personnel. As cyber security continues to grow in importance, expect to see more entry-level IT roles specific to security concerns. Any of these roles would be an excellent place to begin a career with the goal of ultimately becoming a cyber security architect. Proving yourself in these lower-level roles, and supplementing your work experience with education and certifications, will prepare you for this upper-level management position.
There are thousands of IT certifications available, and it can be difficult to determine which ones are truly valuable to becoming a cyber security architect. Below are some of the most well-known and respected certifications. These will show employers that you’re serious about building your cyber security skills.
A CISSP certification exam covers access control, cryptography, operations security, and more. It is the most widely known and respected cyber security certification. From their website: "Earning the CISSP proves you have what it takes to effectively design, implement, and manage a best-in-class cybersecurity program." Learn more about CISSP certification.
This certification is focused on security architecture, so is of particular interest to those interested in cyber security architecture careers. This certification will combine the core competencies of the CISSP with skills specific to security architects, including management and big-picture analytical processes. Learn more about the CISSP-ISSAP certification.
According to PayScale, cyber security architects make a median salary of $120,491. Glassdoor puts this figure even higher, at $124,637. Even on the low end, cyber security architects are relatively well paid, at a range of $85,017-$169,780.
Job outlook in the cyber security field is also excellent; in fact, everyday businesses are increasingly realizing the vital importance of cyber security, and, in most cases, how far behind they are in meeting standard best practices. As business rush to catch up, demand for qualified talent in this field is expected to continue to rise. A 2017 study by the Center for Cyber Safety and Education predicted a talent gap of 1.8 million jobs in the next five years. Demand will far outpace supply for some time, making cyber security a hot industry for those entering the workforce and for IT professionals in search of career advancement.