Architect from Hole in the Ground

Well maybe that is a little extreme but sometimes titles do seem to get twisted up especially in our title-laden world. My title Security Architect has the word Architect in it but how closely related is that to an Enterprise Architect? Are we second-cousins three times removed or are we just not related at all?

The Roles

It might make more sense to work through the main types of roles you might see on a daily basis. This list is by no means comprehensive but it does try to cover the ones that seem to deliver the most amount of confusion.


In the security world these are the guys (girls, people) who traditionally have had their hands on the knobs and the switches. They are the ones who set the configurations, they write the rules, and they keep the machinery running. In recent times we have seen the security engineers expand their domain by including more than just firewall or IDS/IPS technologies. Their responsibilities are now including other areas such as the equivalent of information security data mining and data loss management.


This is where the confusion really sets in. An Architect is someone who looks for ways to deliver certain Quality Attributes for an environment. These attributes include things like performance, stability, security, flexibility, integrability, and many other “-ilities.” There are also different types of Architects so you may have more technical-oriented architects or more business-oriented architects.

Security Architects are responsible for ensuring that the design of systems and environments meet security and compliance mandates. Depending on the specific flavor they may be working with the overall security strategy, establishing policies and standards, or they may be more specific and only deliver application security architecture.

Solution Architect

Most of the time you do not have specific Solution Architects in the security world. Solution Architects are usually more general in nature. They help to deliver the optimal answer by selecting the best standards, technologies, and systems that are available in the current environment. The key is that they don’t pick any new technologies or standards but they use what has already been selected for normal use in the enterprise.

Enterprise Architect

Enterprise Architects are all about optimizing the whole or the business with their primary partners being on the business side. They speak of delivering business value in the most effective way possible so when they present options they gauge them by Risk, Cost and Benefit. Their job is to help set business strategy and then give the best options for making those strategies become reality. In the end the are the trusted partners giving advice on how to move the business forward in the most efficient way possible. They are not the guys you will call in to “fix your computer.”

The Point

The point to all of this division is that there are many different types of deliverables needed execute an optimized business.

Roles Matrix

Every role has a part to play or a piece to contribute. Architects keep Engineers out of business meetings. Engineers somehow still manage to keep things running in spite bad architecture decisions.

The most import action for you is to determine your role and make sure you are spending the time necessary to be the best you can be in that role. I would suggest SANS or (ISC)2 for ways to improve your security stature.

What have you been called lately?

comments powered by Disqus