Becoming an IT Security Architect — Learning Paths Explored

Last updated on February 11, 2016

In the previous article, we talked about the learning path to becoming an Information Security Consultant. In this article, however, we will take up the learning path to becoming an Information Security Architect.
 
 Just to refresh what we touched upon in the last article, there are two recommended learning paths that you can take to become the IT security expert.
 
 1. Becoming an Information Security consultant
 2. Becoming an Information Security Architect

Information Security Architect

What do they do?
 
 The Security Architect is a senior level employee who will be responsible for the creation of complex security structures and ensuring that they work.
 
 These architects are trained to think like hackers since a main part of their job is to anticipate the moves of hackers trying to attain unauthorized access.
 
 Many a times they are required to work at odd hours, and it is important for them to stay up to date with all the latest and current developments in both the security end as well as the attacking end.
 
 IT experts state that the best security architects are those who were once hackers, which makes it adept for them to understand the ways in which a hackers mind may work.
 
 It is necessary for architects to understand the computer systems of the organization and its weak points.
 
 Accordingly, recommendations to improve and update the security of the computers needs to be given. Countermeasures need to also be developed to protect systems when an unauthorized user tries to gain access.
 
 The responsibilities of a security architect include:

  • Acquire a complete understanding of a company’s technology and information systems
  • Plan, research and design robust security architectures for any IT project
  • Perform vulnerability testing, risk analyses and security assessments
  • Research security standards, security systems and authentication protocols
  • Develop requirements for local area networks (LANs), wide area networks (WANs), virtual private networks (VPNs), routers, firewalls, and related network devices
  • Design public key infrastructures (PKIs), including use of certification authorities (CAs) and digital signatures
  • Prepare cost estimates and identify integration issues
  • Review and approve installation of firewall, VPN, routers, IDS scanning technologies and servers
  • Test final security structures to ensure they behave as expected
  • Provide technical supervision for (and guidance to) a security team
  • Define, implement and maintain corporate security policies and procedures
  • Oversee security awareness programs and educational efforts
  • Respond immediately to security-related incidents and provide a thorough post-event analysis
  • Update and upgrade security systems as needed

The recommended learning path to follow

1. CompTIA Security+

For an ideal starting point in a cyber-security certification path, a CompTIA Security+ certification does the job.

  • The certification cover both practical and theory applications in a wide range of security topics such as network attacks and counter measures, risk management, application security, operational security, and compliance.
  • This certification is set as a bench mark for entry level talent, by government organizations such as the US Dept. of Defense.
  • Thus, the door to a wide range of opportunities in the public sector are opened.
  • Leading certifying bodies like EC Council and enterprises like IBM use the Security+ certification as a prerequisite to their trainings and certification tracks.

The prerequisites to this exam are:
 
 There are no prerequisites for this exam.

2. Ethical Hacking

  • With this certification the network security specialists are taught how to think like malicious hackers.
  • With the techniques and tools used by hackers, professionals who are certified in ethical hacking are taught to proficiently identify any sort of system vulnerabilities and implement appropriate safeguard and counter measures.
  • While it is evident that CEH has its focus on the penetration testing, its usefulness and marketability transcends this niche.
  • Thus, making it the ideal intermediate credential.

The prerequisites to this exam are:
 
 For CEH (Certified Ethical Hacker) training and certification course, a candidate must have-

  • Information security related experience
  • Strong knowledge of TCP/ IP
  • An educational background that reflects specialization in information security

3. CISSP

This is certification is at an expert level.

  • Those professionals who are certified CISSPs possess in depth knowledge of real world tactics in ten of the vital cyber security domains including risk management, network security, business continuity, policy recreation, software development security, operations security, and regulatory compliance.
  • Those with 5+ years of experience in two or more of the 8 CISSP security domains can sit for this exam to get certified.

The prerequisites to this exam are:
 
 5 years of full time security work experience in 2 or more of these 8 domains of the (ISC)² CISSP CBK:

  • Asset Security (Protecting Security of Assets)
  • Security and Risk Management (Security, Risk, Compliance, Law, Regulations, and Business Continuity)
  • Communication and Network Security (Designing and Protecting Network Security)
  • Security Engineering (Engineering and Management of Security)
  • Security Operations (Foundational Concepts, Investigations, Incident Management, and Disaster Recovery)
  • Identity and Access Management (Controlling Access and Managing Identity)
  • Security Assessment and Testing (Designing, Performing, and Analyzing Security Testing)
  • Software Development Security (Understanding, Applying, and Enforcing Software Security)

The positions you should land to get to the top

The road to becoming a Security Architect often starts with entry-level security positions such as:

  • Security Administrator
  • Network Administrator
  • System Administrator

This is followed by intermediate-level positions such as:

  • Security Analyst
  • Security Engineer
  • Security Consultant

Once a professional has attained a title, it’s possible to then be promoted to Senior Security Architect or even Chief Security Architect.
 
 Or one could consider becoming a:

Salary Prospects

According to Payscale.com, the annual median salary of an IT security architect is $113,905. The total pay, however, is between $84,541 — $161,022, which includes a bonus, profit sharing, and a commission. 
 
 We have given you a path to follow. Now it is your turn to shine!
 
 Simplilearn offer training courses in CompTIA Security+, CISSP, CISA, CISM, and CEH. Get ahead in the world of IT security with Simplilearn’s world class training.

This article talks about the learning path to becoming an IT security architect.

Avantika Monnappa

Avantika holds a degree in Journalism, & writes on such topics of interest as PMP, Digital Marketing, Six Sigma, & Big Data. She also maintains a travelogue, blogs on media issues, and volunteers at a boarding home for stray dogs. She enjoys art & travelling, & loves outdoor activities like basketball, athletics, & swimming.


Originally published at www.simplilearn.com.

Show your support

Clapping shows how much you appreciated Simplilearn’s story.