Last year, I was looking for a new job. Since I have been CISSP & HCISPP certified with ISC2.org, the security architect position was to my attention. I found most of the JD shared similar requirements. For instance,
In Florida, Solution Engineer JD shares the same requirements.
According to this article, to hire the best security architect, I will have to
- Define the Role Flexibly: Be adaptable in defining the roles and responsibilities of the security architect position. This can help me attract a wider range of candidates.
- Prioritize Requirements: Distinguish between must-have, nice-to-have, and wish-to-have skills, competencies, knowledge, and experience.
- Must-Have: It includes baseline competencies and knowledge needed to fulfill the security architect’s primary responsibilities.
- Nice-to-Have: These are desirable but not necessary qualifications. They often involve additional years of experience or certain certifications.
- Wish-to-Have: These are special qualifications that may justify a higher compensation package. It might include specific industry expertise, knowledge of certain regulations, or hands-on experience with specific security tools.
- Rethink Requirements: Avoid overly ambitious requirements that might be hard or impossible to meet.
In a conversation with a CISO of a healthcare service provider, he highlighted the difficulty in finding individuals with the courage to testify before FBI officials. The most challenging aspect isn’t always the threat itself, but ensuring the security and confidence of the people we protect, particularly when they start to feel insecure.