Security Architect - Job Description?

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View

Can someone describe the Security Architect job

In some instances, I am finding Security Architect jobs with configuring
firewalls/ids etc.  In other instances, I am seeing on an enterprise
scale which falls into the management (almost) category.  Is there any
standard organizational chart that shows the status of Security
Architect in the food chain?

I know this is a very (very) broad question.

Any information is appreciated.

Thank you in advance.


Re: Security Architect - Job Description?

Neil Jones wrote:
Quoted text here. Click to load it

You may get several answers, all different.

Quoted text here. Click to load it

A Security Architect doesn't touch firewalls. The SA can describe what
pinholes are needed for a service to work, but the rest should be left
to the netadmin.

IMHO a Security Architect is an expert who consults management, i.e.
produces only slideware. The job is on the engineering ladder, not

-- Lassi

Re: Security Architect - Job Description?

Lassi Hippeläinen wrote:
Quoted text here. Click to load it

Thank you for your input.  It does make a lot of sense.


Re: Security Architect - Job Description?

Quoted text here. Click to load it

I would color that a little.  A security architect needs to understand the
corporation's stategies and objectives, and as such, has to be fluent in
management-speak. In many companies, the architect may well supervise a
staff of security specialists.  So the line between management and
engineeering can get a little blurred at the architect level.  While a
security architect does need to stay well grounded in engineering
principles, it wouldn't be all that surprising for him to be accused of
being part of "management".  Particularly since, as you say, he mainly
produces slideware, goes to meetings, talks on the telephone, and does all
those things managers do.


Re: Security Architect - Job Description?

Hello Neil,

Quoted text here. Click to load it

In what area? development, technical or what?

For me this job description is not enough to tell what you you'll do.

If you work with the management then this job probably will include
1) writing policies, and make sure they are followed.
2) work with the management to identify cost (and value!) of such policies

If you work with the networking department this job would be something like:
1) design a secure network
2) implement it
3) manage it

But whatever job that involves security there is both the technical aspect
and the user aspect. If you make a password policy that requires at least
10 digit password you have a good password, right? But what is the use when
half of the users write it on a post-it note at their keyboard? :)

Quoted text here. Click to load it

Don't know. Since I'm from Norway, any chart I show you is probably of no
use for you.
Helge Olav Helgesen

Site Timeline