...only about 30% of the people holding those titles have substantial security architecture or engineering knowledge. The rest do not know the key questions that seasoned security architects and engineers ask, they cannot do quick and reliable risk assessments, they do not have models of successful designs nor do they have the examples of failures nor the rest of the body of knowledge that defines an engineer or architect.The summit is being organized by security leaders from SANS, Cisco, NSA, Eli Lilly, US Department of State, and Black Hills Information Security. With such a limited composition I am curious to see the approach they take and the scope. Though they use the term Enterprise Security Architecture three times in the summit overview, the very first panel debate is to discuss what exactly is meant by it. But that isn't stopping an effort to create a new credential:
The bar for holding those titles is now rising. A consortium of organizations where security architecture matters (you can guess which ones they are) is meeting the last week in May to provide a foundation for the missing body of knowledge and to begin the national consensus building project that will lead to a trusted designation as a security engineer or architect.
Will it be a new certification? A degree? Is SABSA participating?
Welcome to blogosphere sir. /subscribed
ReplyDeleteThanks! Most posts will just be links to information security news that I find remarkable in some way. Every other month I intend to post a whitepaper or essay of some sort on the topic of security architecture.
ReplyDelete