Professional profile of the IT security architect
By Ben Kröger, Technical Head of Cyber Security at Axians IT Security
Technical Head of Cyber Security at Axians IT Security (Source: Axians)
In the course of digitization, companies are opening up numerous data interfaces, for example to customers, partners and suppliers. This increases the security risk of falling victim to cyber attacks. It is high time for IT departments to upgrade their specialist staff and get help from experts. IT security architects (IT-SA) can play an essential role here, because they analyze the individual circumstances and requirements and develop tailor-made security concepts based on them.
With the increasing networking of companies, criminals are also increasingly finding points of attack to penetrate the IT infrastructure of companies. Today, it is therefore more urgent than ever to develop security models and architectures that protect corporate networks from hacker attacks and take into account the individual requirements of the IT infrastructure. IT specialists often have only limited resources, so that IT security architects can remedy this situation. You have many years of expertise and know-how in cyber security and have a broad skill set.
What role do IT security architects play?
Comparable to architects for building planning, IT security architects take over the technical and design planning of the IT security infrastructure, the security network and the processes in the company. In addition, you are responsible for all questions relating to the functionality and economic planning of an IT architecture. You should also have commercial skills, because part of the task area includes evaluating the costs of services and products. Usually, IT-SA have completed a degree in the IT field and may have additional subject-specific training. It is particularly recommended to acquire ISO 27001 certified specialist knowledge, which is the standard for information security management systems in Germany. The usual career begins with an activity as an administrator, who initially only serves and manages a security architecture. With increasing experience, the professional level follows as a security expert, who can: install and configure the functionalities and, in addition, also manage conversions in the architecture. Subsequently, and with extensive experience, the professional level of the consultant follows and then finally of the:the security architect:in.
It all depends on the right skillset
IT security architects should generally have a broad level of knowledge, although specific detailed knowledge is less important here. You must also be informed about which firewalls are in circulation and have basic programming skills. It is important in the profession to be able to assess the needs and challenges of the customers well. This is the only way security architects can derive a suitable solution, such as a zero trust architecture, but also more pragmatic, less complex constructs. In principle, it is essential for an IT-SA to constantly stay up to date with the latest cyber security and common network technologies. This applies to both IT security and organizational security. Institutions such as the National Institute of Standards and Technology (NIST), Open Security Collaborative Development or The Internet Engineering Task Force are among the usual sources for IT security architects when it comes to finding out about the current protocol standards, tools and products.
But IT-SA should not lack the right soft skills either. This is how he should:in any case, you should have diplomatic consulting skills and empathic empathy. After all, only security architects who have access to people and can convince their team of content are ultimately successful.
Usual procedure for a customer
If an IT security architect is appointed to a company, this:r begins with an analysis of the current state. He usually uses the Testing Maturity Model (TMM). Together with the CSO, the main contact for cyber security in the company, the status quo is first checked and examined where the company currently stands in terms of cybersecurity. Based on this, goals and priorities are defined. Overall, the IT-SA must keep an overview of everything and derive an overall structure from it and be responsible for it.
As soon as all the essentials have been sighted and the research has been completed, the security architect begins with test buildings and then with the development of the design. Above all, creativity is required here, as well as the ability to develop an individual, tailor-made architecture. The big challenge is always to keep an eye on all requirements and circumstances and to respond to them – because the required security architecture differs completely from industry to industry.
Outlook: What role IT security architects will play in the future
Today, in most cases, companies seek advice from external service providers such as Axians IT Security. But cyber and data security will play an increasingly decisive and larger role for companies in the future. Institutions in the healthcare sector or even banks and insurance companies have long had to have a robust safety framework. The greater the demand, the sooner it is recommended that IT departments hire their own IT security architects. They can then adapt the security design to current requirements directly and at any time and are experts for their own company – due to their long experience in IT departments, they know the products and services of their company best and can make tailor-made changes.
About the author
Ben Kröger has been a Senior Security Consultant and Head of Support & Managed Service at Axians IT Security since 2002. Since 2014, he has been responsible for the entire technical area with a focus on firewalling, sandboxing, e-mail, proxy and surf security.