The architect has been doing their work from a whiteboard, whilst the engineer doing their work from a keyboard.
There is difference between normal IT architect and cybersecurity architect. The normal architect thinks about how a system will work together, whilst the cybersecurity architect thinks about how it will fail.
The cybersecurity architect has to first understand how the system is going to work, or they won’t know how it might fail.
They must have that level of understanding, then have to add on to it: what could be possible things that it could go wrong.
| IT Architect | Cybersecurity | |
|---|---|---|
| Mindset | Let’s build a castle! | Let’s build a moat and drawbridge |
| Problem-solving | How can we optimize this? | How can we break into this? |
| Tools | Hammer, nails, wood | Firewall, encryption, IDS |
| Outcome | User satisfaction | Zero vulnerabilities |