Security Architect
They need to be local and willing to convert perm
Notes for Architect:
Need to know these methodologies:
TOGAF, PASTA, STRIDE
Security architect –
- Architect has broad experience – big picture approach – every domain in sec
- Network
- IAM
- SecOps
- Incident response
- Asset management
- Lock management
- Threat modeling
- Enterprise architecture and threat modeling
- “have you done threat models” “what methodology have you used”
- What are the frameworks: Stride, pasta,
- Describe to me – acronyms : PASTA, STRIDE, TOGAF
- Deep dive tactic spoofing
- CISSP – gold standard, reps the broad knowledge
- Identify lack of security controls
- Security reviews (currently informal not following a threat model)
- They are formalized – building team of architects
- Resumes looking for threat modeling and sec architect in title or in their JD
- TOGAF mention
- Impressed when people list have risk assessment similar to threat modeling