Training Programs for Security Architect Aspirants (5 Options)
For individuals aiming to become certified security architects, obtaining relevant certifications is crucial in enhancing their skills and knowledge in security architecture. Here's a breakdown of some prominent certifications, their prerequisites, costs, and key focuses.
The Certified Information Systems Security Professional (CISSP) is a widely recognised certification for information security professionals. It covers topics such as security for software development, asset security, and security and risk management. To qualify, applicants must have at least five years of full-time, paid work experience in two or more CISSP CBK domains, with a one-year waiver possible for those holding a four-year college degree or an approved credential. The CISSP exam costs $749 USD, and there is an annual maintenance fee of $135 USD to keep the certification active. Recertification requires 120 Continuing Professional Education (CPE) credits every three years.
Sherwood Applied Business Security Architecture (SABSA) is a method and framework for developing risk-based enterprise security architectures, focusing on business requirements and aligning security design with organisational objectives. Unlike other certifications, SABSA does not require specific work experience but emphasises knowledge of the SABSA framework. The costs for SABSA certifications can vary, with exam fees and training costs typically involved.
The AWS Certified Security - Specialty certification addresses cloud environment security, covering incident response, monitoring and logging, infrastructure security, and identity and access management. Candidates must have at least two years of hands-on experience in implementing security solutions using AWS services and a strong understanding of AWS security features and best practices. The exam fee for AWS Certified Security - Specialty is approximately $300 USD.
The Certified Cloud Security Professional (CCSP) is developed by (ISC)² and focuses specifically on cloud-specific security architecture, design, operations, and compliance. The requirements for the CCSP include at least five years' experience in IT, three years' experience in information security, and one year's experience in cloud computing. The CCSP exam costs $549 USD for non-members and $449 USD for members, with an annual fee of $50 USD for members and $130 for non-members. Recertification requires 30 CPEs annually.
Finally, The Open Group Architecture Framework (TOGAF) is not specifically security-oriented but teaches enterprise architecture from a broad viewpoint, which can be beneficial to security professionals in large organisations. No specific work experience is required for TOGAF, but having a background in IT or architecture is beneficial. The TOGAF Foundation exam costs approximately $320 USD, and the combined Level 1 & 2 exam costs about $550 USD. There are no annual fees, but recertification is required every two years for TOGAF Practitioners.
Each certification has its unique focus and requirements, making them valuable for different aspects of security architecture. Understanding how IT systems are structured at the business level gives security architects the context they need to design scalable, secure solutions. Furthermore, being a security architect is about designing proactive systems for an organisation's digital security, incorporating firewalls, identity systems, access controls, cloud security, and more. As more organisations become cloud-first, the ability to design secure solutions in the cloud is a major value add.
In conclusion, becoming a security architect is about designing systems that make threats harder to exploit. This involves learning cloud platforms, developing business-alignment frameworks, and leading enterprise-wide security initiatives. Obtaining the right certifications can significantly enhance your career as a security architect by demonstrating expertise in various security domains.
Individuals interested in a career as security architects can explore certification paths that align with their goals, such as the Certified Information Systems Security Professional (CISSP) which focuses on security architecture and requires work experience, or the Certified Cloud Security Professional (CCSP) which specializes in cloud-specific security architecture. Additionally, obtaining certifications like The Open Group Architecture Framework (TOGAF) can provide a broad understanding of enterprise architecture, beneficial for security professionals in large organizations.
){kind=link}