Cybersecurity Roles and titles are ever evolving. This is good in a way where cybersecurity professionals can actually start focusing on their expertise.

Let us discuss about "Information Security Architect"

Any cybersecurity role, must have a basic skill "Think like a Hacker". It is no different for Information security architects and in-fact it is extremely important if you are able to cover the 360 degrees of "Think like a Hacker" when you deal with this role.

What are the skills required to be an Information Security Architect?

Its a mixed bag of skills,
  • Leadership
  • Administrative
  • Budgeting
  • Hiring Security Professionals
  • Wired and Wireless Security
  • System and Network architectures
  • General information technology
  • Risk Management and Assessment
  • Cybersecurity Laws and guidelines in their region
  • Know how of when and where to apply security concepts and controls
  • Knowledge on standards and frameworks like COBIT/ITIL/ISO27001/PCI DSS/ Privacy Law
  • Familiarity with Organization policies
  • Familiarity with Government regulations
  • Strong IT and security ethics
  • Team management to guide the security analysts
  • Soft skills on verbal and communication
  • Incident Management

What are the certifications that an information security architect can do?

There could be many opinions on different security certification that could be done and there is no substitute for experience , i do believe it is good have one of the below certificate as bare minimum for an security architect.
  • CISSP/CISM/ CASP+
  • ITIL/COBIT/ISO27001 LA or LI
  • Or any Masters degree on cybersecurity field

What would be the experience of Information Security Architect?

On my personal opinion, a minimum of 12 to 15 years is required for an architect to get into this leadership position. However, there could be really young talented people who break barriers and display their grit in this challenging domain.

What is the the seniority level of an Information Security Architect and whom do they report too?

A Security Architect will be on the leadership level reporting to the management and must be working closely with the C level team. They are the key members on the security team who can work with the CISO and the business stakeholders. Depending on the size of the organization it may change on the seniority level. A CISO can also play the role of a security architect if the organization is small.

Conclusion

These are my opinion on the Information Security Architect Role. If you are passionate about the role and have just started, please keep a tab of knowing all security matters and keep developing your skills. It is absolutely ok to upskill or reskill as per the needs of the situation and it is neccesary to constantly update yourself.

If there are any comments to add on please feel free to write below.