The Critical Role of a Security Architect in 2023

As data becomes increasingly critical to our daily lives, the roles of certain data professionals understandably come into question. For instance, what is the role of a so-called cybersecurity architect? Are they crafting blueprints and using draft boards? Not exactly.

Security architects are vital in a data-driven world because they are the ones who are in charge of designing and implementing the various cybersecurity solutions that protect an organization's computer networks and systems. They must be deeply versed in cybersecurity risks and vulnerabilities, as well as the latest trends and technologies. Cybersecurity architects often work with other IT professionals, such as network administrators and system engineers, to ensure that all cybersecurity solutions are properly implemented. In short, they make system-wide cybersecurity happen.

It’s not an easy role to inhabit. In fact, it’s never been more important to encourage the growth of security architects in every company as the one who understands elevated expectations, determines how products should fit together, and innovates ways to document the expected outcomes for cybersecurity solutions.  

A challenge for these professionals is the lack of standardized reference architectures and frameworks. While models from The Open Group Architecture Framework (TOGAF) and the Sherwood Applied Business Security Architecture (SABSA) are available, they are expensive to obtain and provide more of a methodology versus actual, applicable guidance. The term “reference architecture” only provides a single vendor product marketing slide rather than a methodology. Consulting firms have spent decades developing proprietary models, but nothing is standardized across the industry.    

After reviewing a current job opening for a cybersecurity architect, there are a number of demands in order to run and lead functional teams, develop incident response processes, and communicate effectively with executives. The job responsibilities for this role include:

• Participate in the development of cybersecurity strategy plans and roadmaps, as well as develop and maintain the cybersecurity architecture process.
• Track developments and changes in the digital business and threat landscape to ensure risks are addressed in security strategy plans and architecture artifacts.
• Develop and maintain cybersecurity architecture artifacts that can be used to leverage security capabilities in projects and operations.
• Ensure a complete, accurate, and valid inventory of all systems, infrastructure, and applications that should be logged by the security information and event management (SIEM) or log management tool.
• Review network segmentation to ensure the least privilege for network access.
• Establish security requirements for cloud-based, hybrid, and on-premise solutions.
• Develop and lead security assessments in key areas of cyber risks.
• Assess enterprise exposure to threats and vulnerabilities and advise on organizational actions based upon risk.
• Support the testing and validation of security controls, as directed by the chief information security officer (CISO).
• Draft security standards, procedures, specifications, and guidelines.
• Participate in application and infrastructure projects to provide security advice.
• Serve as an incident response commander, as required.

‍

And that’s only about half of the list of requirements. A key area that stands out is the development of the cybersecurity architecture process. This is missing in many organizations and underscores why this position is in such high demand. A cybersecurity architecture provides you with reduced risk of system breaches, increased compliance with regulatory standards, benefits in working with third-party suppliers, and more customer trust in the business. It provides the plan on how dozens of individual cybersecurity products will interact and collaborate, the expected protection capabilities, and the engineers and analysts required to maintain and monitor the solutions.

It’s a lot. Validation is another key aspect of the role and position. Possessing the knowledge to perform risk assessments, validate configurations, and run a vulnerability management program is crucial. Having the skill set and understanding of multiple corporate risks, prioritizing findings, and working with multiple teams to remediate the findings is a challenging job within itself. 

Organizations must take a proactive, holistic approach to cybersecurity in order to safeguard sensitive data and systems from increasingly sophisticated cyber threats. This is where security architects make all the difference in the world. A comprehensive cybersecurity architecture helps to ensure that an organization's cybersecurity posture is aligned with its business goals and objectives. The National Institute of Standards and Technology (NIST) framework provides guidance for developing and implementing a cybersecurity architecture. Key components of a cybersecurity architecture include managed detection and response (MDR), multi-factor authentication (MFA), backup and recovery, and incident response. By taking a proactive approach to cybersecurity and implementing the NIST framework, organizations can improve their cyber resilience and better protect their data and systems.

Ricky Allen is the Field CISO for CyberOne Security, an ISSA Fellow and Past-President of the South Texas ISSA chapter. He holds certifications such as SABSA Security Architecture, CISSP, CISA, and Six Sigma. At CyberOne, Ricky provides security architecture design and leadership management for customers across the country. Ricky previously held roles at Accenture as an executive in their strategic information security consulting practice and at HP Enterprise Security Products as the practice lead for developing Security Operations programs for ArcSight SIEM products. Ricky was focused on retail and manufacturing industries while at PwC where he managed penetration testing and risk assessments for companies across the US. Ricky has presented at conferences such as BSides, Black Hat, API Cybersecurity, HOU.SEC.CON, SANS, SecureWorld, and Data Connectors. Ricky is based in Houston, TX and has a degree in Management Information Systems from Texas A&M University.