A security architect is a computing professional who focuses on maintaining security in a computer system. Security architects work in a variety of settings, securing corporate networks, government computer systems, and websites, and they are part of an overall information technology staff which is designed to keep a computer system relevant, current, and useful. To work as a security architect, it is usually necessary to have a bachelor's degree in computer science or computer engineering, along with specific training and certification in security architecture.
There are a number of aspects to a security architect's job. He or she must first review the system, gaining an understanding of how the system is used, who is using it, and where the weak points in the system may be located. The security architect thinks about how to improve an outdated system after reviewing it, or makes recommendations to toughen security on a relatively new system. These recommendations can include hardware and software upgrades as well as new protocols for the system's users.
Security architects set policies and enforce them, regularly checking for compliance. These policies can range from never leaving a workstation unattended while someone is logged into the computer system to always using an encryption protocol to collect sensitive information from customers over the Internet. The security architect wants basic security measures in place at all times and wants people to observe the protocols he or she establishes, and the system also has countermeasures in place which can become active when someone attempts to breach the system.
A good security architect is able to think like an attacker. He or she can look at a system and not only see conventional weak points, but potential areas which someone thinking outside the box can exploit. He or she also knows that the work of developing a good security architecture is never finished, because security needs are constantly evolving and changing, and it is necessary to be highly adaptable, and to avoid getting attached to particular approaches.
Every computer system and website has unique security needs which must be addressed. While some software suites provide basic security, for large or sensitive systems, it is necessary to hire a security architect to protect the system. As a member of the permanent staff of an organization, the security architect keeps the organization strong by keeping up with changes and trends in the security and computing fields.