Updated April 8th, 2020
What does it mean to be a Cybersecurity Architect?
In cybersecurity, many roles are definitively specialized. Individuals often are labeled subject matter experts (SMEs) on certain aspects of platforms, threats, vulnerabilities, operations, or procedures. Yet, an organization cannot function effectively unless there is a way to tie all security efforts together. What kind of genius can mastermind such an effort, you ask? That’s the role of a Cybersecurity Architect.
A Cybersecurity Architect plans, builds, and manages complex information security systems within an organization in order to meet its security requirements. Certainly skilled as a deeply technical problem solver, a Cybersecurity Architect extends his or her skills into other areas including management and “soft” skills such as teaching, communication, and persuasion.
As a senior position with several years of experience in other security roles, a Cybersecurity Architect will need to be able to effectively communicate his or her vision and delegate others appropriately in supporting that vision. Often times, a Cybersecurity Architect will need to speak on his or her initiatives to a non-technical audience. Of course, it is important that the relevance and clear-thinking that went into the implementation seems benefit-focused to stakeholders despite a lack of deeper technical understanding.
Employers are also looking for candidates who are inspiring leaders and strategic problem-solvers. Throughout the year, the architect will be responsible for managing a wide variety of projects and team members. Lastly, he or she will likely need to work closely with and often report directly to the CISO in order to achieve organizational security goals.
Day in the Life
Since the Cybersecurity Architect is a senior-level role and includes a broad scope, the daily activities from one architect to the next may be quite different. However, there are some daily responsibilities that nearly all Cybersecurity Architects will encounter.
For one, Cybersecurity Architects, similar to conventional architects or computer programmers, must build their complex operational structures by clearly defining the requirements of their organization. It is paramount that any system erected is designed to appropriately meet deliberate goals and KPIs. Prior to building those requirements, the Cybersecurity Architect must develop an intimate understanding of all of the company’s information systems and technology.
Next, he or she must be able to determine the necessary integrations between multiple systems and determine those requirements as well. Clearly some elements in the system will need to be linked in order to function or to appropriately share data, but when one is responsible for dealing with VPNs, firewalls, public key infrastructures (KPIs), cloud services, and wireless networks – just to name a few – this is not necessarily a walk in the park. This is why a Cybersecurity Architect is considered a “big picture” role; he or she must be able to check all of the details or at least provide technical supervision to the tactical practitioners he or she is managing.
Once the system has been designed and built, the work of the Cybersecurity Architect focuses on testing, monitoring, and assessments. Is the structure functioning as it should? Are there any risks or vulnerabilities that haven’t been addressed within this system? It is important to constantly revisit these questions and update and upgrade the system as time passes in order to stay up-to-date in defending against the latest threats.
It takes a unique and skilled individual to be able to effectively combine multiple systems – like a mastermind chemist expertly crafting an experiment – to enhance an organization’s security posture and the Cybersecurity Architect is perfectly suited for the role.
Most Valued Skills
According to CyberSeek, these are the top 5 most requested skills for this position:
- Information Security
- Network Security
- Information Systems
In order to make it as a Cybersecurity Architect, you’re going to need to have a broad understanding of a variety of concepts and structures across all areas of security, from network security to encryption. With this in mind, it is helpful (and often required) that architects earn one or more managerial, advanced cybersecurity certifications including:
- Security Architect
- Information Security Architect
- Information Systems Security Architect
According to Salary.com, the average earnings for Cybersecurity Architects is $124k per year. Glassdoor provides a wide range of currently available positions in the U.S. paying from $112k-$137k per year. On LinkedIn, you can find approximately 7,000 job openings across industries.
Doesn’t Sound Like You?
If cybersecurity architecture doesn’t seem to speak to your career interests, then please check out our previous blog posts for our Cybersecurity Roles Series here:
- Incident Responder
- Malware Analyst
- Penetration Tester
- SOC Analyst
- Cybersecurity Auditor
- Threat Hunter
- Threat Intel Analyst
- Vulnerability Management Analyst
- Network Administrator