Security architect
The post below maps architect roles to ArchiMate layers. In that context the post describes the security architect. A relevant certification for a security architect is called CISSP (Certified Information Systems Security Professional). This post relates the domains used by the CISSP certification to the architect roles and ArchiMate layers.
- Jacco Meijer
- |
- May 1, 2025
Architect roles in the ArchiMate context
An ArchiMate model that maps architect roles to the ArchiMate framework layers.
Security architect
Security is a broad area. The CISSP Common Body of Knowledge (CBK) divides the profession into eight domains.
- Security and risk management
- Asset security
- Security architecture and engineering
- Communication and network security
- Identity and access management
- Security assessment and testing
- Security operations
- Software development security
The model
If there's one thing that the model makes clear, it is that security is relevant for all layers. From strategy to technology, security is a topic.
Cake analogy
The cake analogy is often used to explain that security should be a baked-in ingredient instead of an add-on.
The cake analogy works well for the technology and the application layer. The model makes clear that the analogy is relevant for the strategy and the business layers as well.
The full enterprise architecture being the cake here. Over time every architect should have security baked in. Until then, a separate security architect overseeing the full architecture on security remains relevant.
– Steve Jobs
"You've baked a really lovely cake, but then you've used dog shit for frosting"
