Learn the Skills of a Cybersecurity Architect
After completing this unit, you’ll be able to:
- Describe the responsibilities of a cybersecurity architect.
- List key skills needed to become a cybersecurity architect.
Have You Considered a Career in Cybersecurity?
Do you like to build things and then take them apart to understand how they work? Do you enjoy constantly learning about new technologies and tools? Do you want to be involved in a career that touches many aspects of technology? Then cybersecurity architecture may be the career for you. Cybersecurity architects create enterprise cybersecurity architectures, which are like security roadmaps for the technology and business.
Cybersecurity Architect Responsibilities
Let’s meet Aria. She’s a cybersecurity architect at a government agency that provides assistance programs to the public. Her agency is building a customer-facing application that will be hosted in the cloud. She helps to ensure that the system will scale out for future projects, and helps the team understand how to develop the application using some technologies and techniques they may not have used before. She architects for tomorrow, not today, because the technology and threat landscape is constantly changing.
As a cybersecurity architect, Aria’s first responsibility is to identify business needs and ensure that business and cybersecurity strategies are aligned. She identifies the organization’s most precious assets, as well as threats against those assets. She then identifies specific controls to protect the assets from compromise.
Aria also protects the business’s technology by laying out where controls will be implemented through a layered security approach. She advises on the selection of new technologies, and supports development teams in designing, building, and applying security controls. She also develops plans to test new solutions before deploying them across the enterprise. These include test scenarios, and criteria for determining whether controls are working as expected.
Once Aria has designed and deployed security controls, she then turns her attention to detecting changes in the organization’s risk posture that require updates to the security controls or architecture. She tests systems for vulnerabilities and leads system security assessments to monitor the state of the organization's IT security. Finally, if a breach does occur, she helps deal with incidents and recover from security events.
Cybersecurity Architect Skills
If, like Aria, you’re excited by the tasks of identifying business needs and figuring out how to design and deploy secure technology solutions that protect the company’s systems and data, what skills do you need to pursue this career?
In terms of education, a bachelor’s degree in computer science, business information systems, or information technology is usually required, and in some cases, a graduate degree may also prove valuable. The role of cybersecurity architect is usually a senior position, typically requiring 6 to 9 years of IT experience across many different roles.
Employers seek candidates who have broad experience in core computer functionality, storage and file systems, coding, security operations, application development, systems analysis, penetration testing, vulnerability assessments, configuration reviews, threat modeling, and risk assessments. Many people start out working in one of these areas and then transition into architecture as they gain more experience. Typically cybersecurity architects start as enterprise architects first, and then add specializations in security.
This may sound overwhelming, but you don’t have to be an expert developer or a security guru to be a cybersecurity architect. It’s akin to the old adage that the best sports coaches are not the most gifted players. As a cybersecurity architect, you’re more often tasked with designing and deploying big picture ideas, not involved in the hands-on process of writing code or configuring firewalls. You’re expected to develop artifacts that are used to build secure systems to meet the company’s security goals. Just like Aria, you document where and how the organization deploys security controls to protect its most sensitive data.
To help you skill up, pursuing a certification is a great idea. Some common certifications for cybersecurity architects include the Certified Information Systems Security Professional (CISSP), Project Management Professional (PMP), and Certified Information System Auditor (CISA), to name a few. Technology-specific certifications, such as the Amazon Web Services (AWS) Certified Security Specialty are also valuable, especially if you are interested in working at a company that relies heavily on a specific technology.
As a cybersecurity architect, you should be familiar with common cybersecurity frameworks, such as the National Institute of Standards and Technology (NIST) Cybersecurity Framework. You should also understand security concepts such as cryptography, network security, and authentication, and have broad experience working with different operating systems. You should also be familiar with conducting vulnerability assessments and system security assessments.
In addition to these technical skills, it’s just as important to hone your business skills. A huge part of being successful as a cybersecurity architect is being able to communicate effectively with technical and nontechnical people alike. Cybersecurity architects are corporate leaders who have a hacker mindset. They love working on big problems and learning new things, and leading the organization to a more secure digital future. You should be comfortable advising on decisions, collaborating across teams, and problem solving. You should have strong research, writing, and presentation skills. You enjoy managing projects, are obsessed with attention to detail, and bring to the role a curiosity for new approaches.
Cybersecurity architects typically work in a fast-paced and rapidly changing environment, so they’re rarely bored. These jobs also command a high salary. There are many job openings, and the industry is growing. Sounds pretty great, right?
Ready to review what you’ve learned? The knowledge check below isn’t scored—it’s just an easy way to quiz yourself. To get started, select the appropriate word from the options provided in the dropdown within the paragraph. When you finish selecting all the words, click Submit to check your work. If you’d like to start over, click Restart.
Sum It Up
In this module, you’ve been introduced to the goals of cybersecurity architecture, learned more about the importance of designing and deploying a robust security roadmap, and discovered the responsibilities and skills of a cybersecurity architect.
In the next module, Cybersecurity Architect Responsibilities, you learn how to identify business needs and security threats, and protect the business and technology with layered security features. You also learn more about your role in detecting changes in the risk posture and responding and recovering from incidents. If you’re interested in learning more about cybersecurity and meeting practitioners in the field, visit the Cybersecurity Learning Hub.
- External Site: National Institute of Standards and Technology (NIST): National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework
- External Site: Fortinet: The Security Architect and Cybersecurity
- External Site: SANS: 20 Coolest Cyber Security Jobs
- Trailhead: Cybersecurity Learning Hub