Cyber Work podcast: How to become a security architect


The guest of this episode of Cyber Work is Leighton Johnson, CTO and founder of ISFMT (Information Security Forensics Management Team). Chris Sienko, the host of Cyber Work, spoke with him about how to become a security architect. Leighton has 40 (yes, 40!) years of experience working in information security and 20 years of experience working as a security architect. 

Without further ado, get ready for top-flight tips from one of the world’s top security architect experts about how to move from being a security newcomer to a security architect.

How do you become a security architect?

To become a security architect, you first need a firm security footing. Earning a certification is a good idea, and Leighton suggests you start with an introductory certification like CompTIA Security+. 

Aspiring security architects should start by working a few years in the field and learning what you will be performing daily, eventually moving toward understanding the technology behind it and gaining some additional education. 

The next step is to become a security engineer, doing things like installing systems and hardening them. Then comes security architect, which is a culmination of all the experience that came before it: security architects need to understand everything as opposed to having compartmentalized expertise. 

What types of jobs and responsibilities is a security architect part of on a daily basis?

Security architects have several high-level responsibilities they perform daily. These include:

  • Reviewing enterprise architecture from an IT perspective to ensure proper placement of security components
  • Looking at where best to place authentication mechanisms
  • Keeping an overarching view of IT, security and network
  • Risk and risk advisory — giving recommendations for options of dealing with risk in both the IT and the business side of things
  • Reviewing technology policies and procedures

What (Read more...)

*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Greg Belding. Read the original post at: