Over the last few years I have seen many security professionals split into 2 main categories:
Security operations (at fixed levels)
I do feel that there are far too few folks moving to security architecture. I am not sure if it is because of a lack of opportunity or interest.
For those who are interested and are looking to venture into this space, I am trying to create a class and (hopefully) write a book on this topic.
I think the security space need more people with deeper background in system architecture and engineering, of coz we will always need specific specialist like the crypto guy but in general we need more people who can relate to our colleagues in infrastructure, development and especially operations.
I will be starting a series of class at the SUTD Academy in Singapore on the "Fundamentals of Cybersecurity Architecture" where I hope to get more folks interested in pursuing this as a career aspiration.
the course will cover architecture considerations across all phases of a system lifecycle from requirements and build to operations and decommission.
The short 2 day introduction class is not to make anyone an architect but to introduce the discipline of security architecture to a wider audience, to demystify the role and to spark more interest in the topic.
Here is the agenda of the class :
Hope to see more people taking this up!