This role ensures that the stakeholder security requirements necessary to protect the organization’s mission and business processes are adequately addressed in all aspects of enterprise architecture including reference models, segment and solution architectures, and the resulting systems supporting those missions and business processes.
Knowledge of business continuity and disaster recovery continuity of operations plans. Knowledge of the application firewall concepts and functions (e.g., Single point of authentication/audit/policy enforcement, message scanning for malicious content, data anonymization for PCI and PII compliance, data loss protection scanning, accelerated cryptographic operations, SSL security, REST/JSON processing). Knowledge of electrical engineering as applied to computer architecture (e.g., circuit boards, processors, chips, and computer hardware). Knowledge of microprocessors. Knowledge of industry-standard and organizationally accepted analysis principles and methods. Knowledge of the enterprise information technology (IT) architectural concepts and patterns (e.g., baseline, validated design, and target architectures.) Knowledge of computer algorithms. Knowledge of program protection planning (e.g. information technology (IT) supply chain security/risk management policies, anti-tampering techniques, and requirements). Knowledge of installation, integration, and optimization of system components. Knowledge of human-computer interaction principles. Knowledge of remote access technology concepts. Knowledge of communication methods, principles, and concepts that support the network infrastructure.
Develop/integrate cybersecurity designs for systems and networks with multilevel security requirements or requirements for the processing of multiple classification levels of data primarily applicable to government organizations (e.g., UNCLASSIFIED, SECRET, and TOP SECRET). Document and address the organization's information security, cybersecurity architecture, and systems security engineering requirements throughout the acquisition life cycle. Employ secure configuration management processes. Ensure that acquired or developed system(s) and architecture(s) are consistent with the organization's cybersecurity architecture guidelines. Identify and prioritize critical business functions in collaboration with organizational stakeholders. Perform security reviews, identify gaps in security architecture, and develop a security risk management plan. Define and document how the implementation of a new system or new interfaces between systems impacts the security posture of the current environment. Evaluate security architectures and designs to determine the adequacy of security design and architecture proposed or provided in response to requirements contained in acquisition documents. Determine the protection needs (i.e., security controls) for the information system(s) and network(s) and document appropriately.
Certifications play a vitally important role in the cybersecurity industry; they teach new skills, enable IT, professionals, to build upon their existing experience and expertise, and certify levels of competency to prospective employers. Several of the most notable certifications for cybersecurity architects and related professions include: Certified Information Systems Security Professional – Information Systems Security Architecture Professional (CISSP-ISSAP) Certified Information Systems Security Professional (CISSP) Certified Information Security Manager (CISM) Certified Information Systems Auditor (CISA) SANS-related certifications such as GIAC Defensible Security Architecture (GDSA)
It takes some work and dedication to become a cybersecurity architect. This is a prestigious, well-paying career with lots of potential, but you need to put in the time and effort to get there. Fortunately, we’ll show you how to do this!
First of all, you need some academic acumen. Conventional wisdom says you need a degree (Bachelor’s or Masters) in cybersecurity, computer science, information technology, or some other related major. If you don’t have this kind of educational background, you may be able to squeak by taking some classes that focus on IT.
Moving away from academia to actual work experience, most businesses and organizations look for candidates with five to 10 years of IT experience in the workplace, including some work with systems analysis, application development, and business planning. Three to five of those years of IT experience should focus on security matters.
