Security Architect - Job Description?

You may get several answers, all different.

A Security Architect doesn't touch firewalls. The SA can describe what pinholes are needed for a service to work, but the rest should be left to the netadmin.

IMHO a Security Architect is an expert who consults management, i.e. produces only slideware. The job is on the engineering ladder, not management.

-- Lassi

Thank you for your input. It does make a lot of sense.

NJ

I would color that a little. A security architect needs to understand the corporation's stategies and objectives, and as such, has to be fluent in management-speak. In many companies, the architect may well supervise a staff of security specialists. So the line between management and engineeering can get a little blurred at the architect level. While a security architect does need to stay well grounded in engineering principles, it wouldn't be all that surprising for him to be accused of being part of "management". Particularly since, as you say, he mainly produces slideware, goes to meetings, talks on the telephone, and does all those things managers do.

..

Hello Neil,

In what area? development, technical or what?

For me this job description is not enough to tell what you you'll do.

If you work with the management then this job probably will include

1) writing policies, and make sure they are followed. 2) work with the management to identify cost (and value!) of such policies

If you work with the networking department this job would be something like:

1) design a secure network 2) implement it 3) manage it

But whatever job that involves security there is both the technical aspect and the user aspect. If you make a password policy that requires at least

10 digit password you have a good password, right? But what is the use when half of the users write it on a post-it note at their keyboard? :)

Don't know. Since I'm from Norway, any chart I show you is probably of no use for you.