Security Architect - Job Description?

Hello,

Can someone describe the Security Architect job
description/responsibilities?

In some instances, I am finding Security Architect jobs with configuring
firewalls/ids etc. In other instances, I am seeing on an enterprise
scale which falls into the management (almost) category. Is there any
standard organizational chart that shows the status of Security
Architect in the food chain?

I know this is a very (very) broad question.

Any information is appreciated.

Thank you in advance.

NJ

Re: Security Architect - Job Description?

Neil Jones wrote:
> Hello,
>
> Can someone describe the Security Architect job
> description/responsibilities?

You may get several answers, all different.

> In some instances, I am finding Security Architect jobs with configuring
> firewalls/ids etc. In other instances, I am seeing on an enterprise
> scale which falls into the management (almost) category. Is there any
> standard organizational chart that shows the status of Security
> Architect in the food chain?

A Security Architect doesn't touch firewalls. The SA can describe what
pinholes are needed for a service to work, but the rest should be left
to the netadmin.

IMHO a Security Architect is an expert who consults management, i.e.
produces only slideware. The job is on the engineering ladder, not
management.

-- Lassi

Re: Security Architect - Job Description?

Neil Jones wrote:
> Hello,
>
> Can someone describe the Security Architect job
> description/responsibilities?

You may get several answers, all different.

> In some instances, I am finding Security Architect jobs with configuring
> firewalls/ids etc. In other instances, I am seeing on an enterprise
> scale which falls into the management (almost) category. Is there any
> standard organizational chart that shows the status of Security
> Architect in the food chain?

A Security Architect doesn't touch firewalls. The SA can describe what
pinholes are needed for a service to work, but the rest should be left
to the netadmin.

IMHO a Security Architect is an expert who consults management, i.e.
produces only slideware. The job is on the engineering ladder, not
management.

-- Lassi

Re: Security Architect - Job Description?

Lassi Hippeläinen wrote:
> Neil Jones wrote:
>> Hello,
>>
>> Can someone describe the Security Architect job
>> description/responsibilities?
>
> You may get several answers, all different.
>
>> In some instances, I am finding Security Architect jobs with configuring
>> firewalls/ids etc. In other instances, I am seeing on an enterprise
>> scale which falls into the management (almost) category. Is there any
>> standard organizational chart that shows the status of Security
>> Architect in the food chain?
>
> A Security Architect doesn't touch firewalls. The SA can describe what
> pinholes are needed for a service to work, but the rest should be left
> to the netadmin.
>
> IMHO a Security Architect is an expert who consults management, i.e.
> produces only slideware. The job is on the engineering ladder, not
> management.
>

Thank you for your input. It does make a lot of sense.

NJ

Re: Security Architect - Job Description?

Lassi Hippeläinen wrote:
> Neil Jones wrote:
>> Hello,
>>
>> Can someone describe the Security Architect job
>> description/responsibilities?
>
> You may get several answers, all different.
>
>> In some instances, I am finding Security Architect jobs with configuring
>> firewalls/ids etc. In other instances, I am seeing on an enterprise
>> scale which falls into the management (almost) category. Is there any
>> standard organizational chart that shows the status of Security
>> Architect in the food chain?
>
> A Security Architect doesn't touch firewalls. The SA can describe what
> pinholes are needed for a service to work, but the rest should be left
> to the netadmin.
>
> IMHO a Security Architect is an expert who consults management, i.e.
> produces only slideware. The job is on the engineering ladder, not
> management.
>

Thank you for your input. It does make a lot of sense.

NJ

Re: Security Architect - Job Description?

"Lassi Hippeläinen" wrote in message
news:VgB9h.43399$Nb2.821756@news1.nokia.com...

> IMHO a Security Architect is an expert who consults management, i.e.
> produces only slideware. The job is on the engineering ladder, not
> management.

I would color that a little. A security architect needs to understand the
corporation's stategies and objectives, and as such, has to be fluent in
management-speak. In many companies, the architect may well supervise a
staff of security specialists. So the line between management and
engineeering can get a little blurred at the architect level. While a
security architect does need to stay well grounded in engineering
principles, it wouldn't be all that surprising for him to be accused of
being part of "management". Particularly since, as you say, he mainly
produces slideware, goes to meetings, talks on the telephone, and does all
those things managers do.

...

Re: Security Architect - Job Description?

"Lassi Hippeläinen" wrote in message
news:VgB9h.43399$Nb2.821756@news1.nokia.com...

> IMHO a Security Architect is an expert who consults management, i.e.
> produces only slideware. The job is on the engineering ladder, not
> management.

I would color that a little. A security architect needs to understand the
corporation's stategies and objectives, and as such, has to be fluent in
management-speak. In many companies, the architect may well supervise a
staff of security specialists. So the line between management and
engineeering can get a little blurred at the architect level. While a
security architect does need to stay well grounded in engineering
principles, it wouldn't be all that surprising for him to be accused of
being part of "management". Particularly since, as you say, he mainly
produces slideware, goes to meetings, talks on the telephone, and does all
those things managers do.

...

Re: Security Architect - Job Description?

Hello Neil,

> Can someone describe the Security Architect job
> description/responsibilities?

In what area? development, technical or what?

For me this job description is not enough to tell what you you'll do.

If you work with the management then this job probably will include
1) writing policies, and make sure they are followed.
2) work with the management to identify cost (and value!) of such policies

If you work with the networking department this job would be something like:
1) design a secure network
2) implement it
3) manage it

But whatever job that involves security there is both the technical aspect
and the user aspect. If you make a password policy that requires at least
10 digit password you have a good password, right? But what is the use when
half of the users write it on a post-it note at their keyboard? :)

> In some instances, I am finding Security Architect jobs with
> configuring firewalls/ids etc. In other instances, I am seeing on an
> enterprise scale which falls into the management (almost) category.
> Is there any standard organizational chart that shows the status of
> Security Architect in the food chain?

Don't know. Since I'm from Norway, any chart I show you is probably of no
use for you.
---
Helge Olav Helgesen
http://www.helge.net

Re: Security Architect - Job Description?

Hello Neil,

> Can someone describe the Security Architect job
> description/responsibilities?

In what area? development, technical or what?

For me this job description is not enough to tell what you you'll do.

If you work with the management then this job probably will include
1) writing policies, and make sure they are followed.
2) work with the management to identify cost (and value!) of such policies

If you work with the networking department this job would be something like:
1) design a secure network
2) implement it
3) manage it

But whatever job that involves security there is both the technical aspect
and the user aspect. If you make a password policy that requires at least
10 digit password you have a good password, right? But what is the use when
half of the users write it on a post-it note at their keyboard? :)

> In some instances, I am finding Security Architect jobs with
> configuring firewalls/ids etc. In other instances, I am seeing on an
> enterprise scale which falls into the management (almost) category.
> Is there any standard organizational chart that shows the status of
> Security Architect in the food chain?

Don't know. Since I'm from Norway, any chart I show you is probably of no
use for you.
---
Helge Olav Helgesen
http://www.helge.net