Becoming a cybersecurity architect

Infosec_Sam

Cyberseek is a website dedicated to helping IT professionals follow the right path to their target role in the industry. In this article posted last week, Cyberseek is used to break down the path to becoming a cybersecurity architect. This includes touching on the average salary, common role titles, education expectations, and certifications (Spoiler alert: (ISC)², ISACA, and ITIL are big players). You can check out the full article here »

Do we have any current or aspiring cybersecurity architects here? What did/does your career path look like?

chrisone

It is a good article with good insight into *helping* carve out a path or give those who have their sights on being a security architect some form of guidance. I did not get the impression of this article pressing any certification company. It clearly talks about CyberSeek and the NICE framework as a form guidance. 

That being said, if you think because you are an uber CTF hacker you deserve a security architect role you are highly mistaken. Trying to hear such a l337 uber talk to management or executives would be like someone scratching their nails across a chalkboard......

Infosec_Sam

I probably could have worded it a little better, but I did see the article briefly mention (ISC)² and the CISM/CISA in the Top Certificaitons section, so I figured I'd throw that in. By no means was I trying to instill the notion that only the l337est of haxxorz deserve to be architects! I mean obviously there's more than one path to success, but do you think there's anything the article didn't touch on in relation to becoming a security architect? 

chrisone

Hey Sam, sorry if it sounded like I was insinuating you were making those statements. Actually that wasn't my intention and I did not get that theory from your post. I was speaking in general, with regard to those in the security community that downplay ISC2 or ISACA certs because they feel they can BOF an app or pentest a webapp. In my second paragraph I should have rephrased my statement with "if one thinks" instead of "if you think" being that it does seem like I was talking directly to your post. Sorry about that.

Not the case here, I was just openly targeting the l337s out there who always seem to have some type of negative talk towards management or people who target those ISC2 /ISACA/etc certs. 

Hugs! High fives!

Edit: To answer your question: I am not a security Architect....yet. So it will be hard for me to interject on what is missing. Which is why I was open and appreciative of the attempt of the article to try and lend a helping hand by having some form of guidance. 

Infosec_Sam

chrisone said:

Hey Sam, sorry if it sounded like I was insinuating you were making those statements. Actually that wasn't my intention and I did not get that theory from your post. I was speaking in general, with regard to those in the security community that downplay ISC2 or ISACA certs because they feel they can BOF an app or pentest a webapp. In my second paragraph I should have rephrased my statement with "if one thinks" instead of "if you think" being that it does seem like I was talking directly to your post. Sorry about that.

Not the case here, I was just openly targeting the l337s out there who always seem to have some type of negative talk towards management or people who target those ISC2 /ISACA/etc certs. 

Hugs! High fives!

Edit: To answer your question: I am not a security Architect....yet. So it will be hard for me to interject on what is missing. Which is why I was open and appreciative of the attempt of the article to try and lend a helping hand by having some form of guidance. 

Ahh, no problem! Yeah, I'm in the same boat where I don't necessarily think the person with the highest technical skill level should always be promoted over, say, a decently technical, very personable candidate. Tech translation is a pretty big deal as you start collaborating with executives, so I'm sure they'd rather have someone they can have a conversation with rather than a fingerless glove firewall ninja.