Pathway to CyberSecurity Architect

Hi everyone,

I'm putting all my focus into security. I've been in IT for about 20 years now in various technical positions, going to senior levels in each (desktop, server, network). The only security related certs I have now are CCNA Security and Palo Alto's PCNSE 7. As of now, I've been focusing only on network security. I was studying for CCNP Security but with the goal of cybersecurity architect, I feel I need to put that on the back-burner and expand to other areas. Plus, I don't want to be limited to only network security.

I've been looking at various job CyberSecurity Architect postings and as expected, the requirements are pretty long. Anything from network security, IDS/IPS, IAM, PAM, DLP, MFA, SIEM, public cloud.

The great thing is, it's a lot to learn, and that's what interests me the most. The question is what's the best way to learn some of these things? Do I contact various companies to give me trials of their products?

From the certification side of things, what are the best options for this path? Should I continue with various vendor specific certs or go vendor neutral?

I know I'm going to begin looking at the CySA+ topics, but not sure if I'll sit the exam. I guess it can't hurt. CISSP is always an option, since it's on almost every job posting, but I want the knowledge and skills to perform the job duties. I don't feel CISSP will give me that

FWIW...My training is all self-funded and right now my budget is limited

Find more posts tagged with

Comments

636-555-3226

I vote for vendor neutral certs like CompTIA or eLearnSecurity until you can get an employer to pay for SANS.

From a technical angle, your best all-in-one shot would be to download security onion & get it up & running in your house and then maintain it daily as you would in an enterprise.

overall i'd also say download the CIS Top 20 Critical Security Controls and read through and learn about everything they preach, both from the technical & administrative/process side.

Do all that and I'll give you a job!

JoJoCal19

Great advice from 636. I'd also add that you SHOULD do the CISSP. It's pretty much the HR gatekeeper for security positions. Get it done and out of the way and then you can delve into the technical side of things. It honestly should not take anyone more than a month of study for the CISSP.

Blucodex

JoJoCal19 wrote: »

It honestly should not take anyone more than a month of study for the CISSP.

But, but, but, it's the "gold standard"!

joneno

As an architect and a previously a security analyst, the gap I see from attending meetups and working with folks is inadequate or the lack of knowledge about web technologies and cloud.

Some experienced architect don't really understand the cloud and they try to design using the old knowledge or whatever they're comfortable with...I guess it's human nature.

To me, I didn't get my job because of a cert...I don't even have an Azure or AWS cert, but I can talk the talk and walk the walk when it comes to cloud technologies (I sleep in the console

). I simply kept learning and it became second nature to question a design during meetings...one day the VP asked if I wanted to join his team. And I said yes.

Financially it was a lateral move because I was a security analyst/manager; but I was ready for a new challenge and ready to fix the BS designs I was seeing.

chrisone

I guess it depends on the job description. Cyber Security Architecture can be a broad term. If the job is more high level enterprise management, then CISSP, CISSP-ISSAP, SABSA Enterprise Security Architecture, ISACA, CIS CSC, GDPR, ISO, types of skill knowledge will work to your benefit.

If it is an Architecture role where it is more hands on design and configuration, then technical skill level is more of the idea here which will need various vendor and non vendor technical skills. In the end a CISSP will make a technical engineer even better.

Most Architecture roles I see require both technical skills and enterprise management. A Security Architecture role is such a high level position, you should be required to do both.

So regardless, CISSP is a good start or measurement of skills you should have at a minimum for either type of Architecture role.

Being a Security Architect is one of my goals in the near future, I am working on the technical hands on skills as you can see. However, eventually I want to obtain the ISSAP and the SABSA Architect certifications mainly the SCF(foundation) and the SCP(practitioner). I heard the SABSA is considered one of the best enterprise security architecture certifications.

After taking the foundation courses/exam the SCP looks like a beast.

It is not possible to assess Advanced competency using multiple-choice testing techniques so Advanced module examinations take the form of demonstrable assignments. Examination papers contain 5 questions from which candidates must choose 2 to answer. Using examples from real working environments, or by creating a case study, or a combination of both, candidates are required to assess issues, evaluate solution approaches, and customise and apply the SABSA method and framework to create and populate appropriate SABSA work-products (techniques, tools, templates, models, frameworks, etc.).

http://www.sabsa.org/certification-levels

As mentioned above the CIS CSC top 20 is also heavily needed, it is something we are working on at my current employer as well as GDPR.

SANS has a good course on the CIS CSC, I am set to attend later this year.

MitM

Appreciate all the replies. I will check out security onion and also the CIS Top 20

My current position entails network security and vulnerability management. By vulnerability management I mean, I'm responsible for our scanners, I resolve my network vulnerabilities and then discuss all the others with the appropriate teams. If time permits, I'm going to look into the other teams vulnerabilities more and help them research/resolve them

@ChrisOne, I'm currently more interested in Architect roles that are hands on (for now). Thanks for the links

JoJoCal19 wrote: »

I'd also add that you SHOULD do the CISSP. It's pretty much the HR gatekeeper for security positions. Get it done and out of the way and then you can delve into the technical side of things.

This is a very good point. I think it would take me longer than a month though. I believe the new exam comes out in April. Maybe I'll work on CySA+ and follow it up with CISSP.

UnixGuy

Excellent replies in this thread

gespenstern

I'm a security architect in an enterprise grade business. I think what brought me here is getting things done better, faster and simply done on all levels than anyone else on any security team I've worked in, both technical and managerial. I got my ISSAP primarily just to feel myself more confident as I struggle with this "impostor syndrome" thing and having a piece of paper helps to feel bold, to feel like I was endorsed by an independent trusted entity and therefore I'm good enough and deserve it.

But while it may get you the interviews, ultimately you get there by your ability to deliver.

yoba222

It's a few weight classes above me, but now this thread has me curious about the CISSP-ISSAP.

MitM

gespenstern wrote: »

I'm a security architect in an enterprise grade business. I think what brought me here is getting things done better, faster and simply done on all levels than anyone else on any security team I've worked in, both technical and managerial. I got my ISSAP primarily just to feel myself more confident as I struggle with this "impostor syndrome" thing and having a piece of paper helps to feel bold, to feel like I was endorsed by an independent trusted entity and therefore I'm good enough and deserve it.

But while it may get you the interviews, ultimately you get there by your ability to deliver.

Thanks for the reply. Very true, you have to put in the work to get it.

scasc

Having worked with and as an architect for quite some time the one core skill that you need to develop is the ability to “design.” Literally, when you create current or future target states or referencial architecture or even domain architecture you create artefacts or patterns which are reusable in a business and align to the enterprise, Any methodology like Togaf or zachman or Sabsa will teach you these stakeholder viewpoints that ultimately allow you to design based on that viewpoint.

The Cissp is a good start but ultimately experience is king / because only then can you incorporate principles such as defence in depth/fail secure/open design etc into your work. As far as I know Sans don’t have a course that teaches “design” per se and I’ve asked them this before though many people have different terminology regarding what a security architect actually is depending how you look at it