I am having nearly 9 years experience and need to make some decision about my career.
I want to try something before settling down.
My exp is in Java development and test automation. Now I am planning my way to become Java architect + security expert
My current plan is:
SCWCD, SCEA (maybe TOGAF) and Certified Ethical Hacker (C|EH).
Can anyone please suggest me if the path I’ve chosen is good. Is there any value addition if an architect knows about security as well?
Thanks in advance.
Is there any value addition if an architect knows about security as well?
I dont think this is a choice. If you are an architect you need to know how to secure applications. You need to clarify what you mean by security
Can anyone please suggest me if the path I’ve chosen is good
No one can say it is good / bad. You have to decide if you are good at doing what you propose you want to do. Certifications help you get theoretical knowledge on these subjects. Arguable SCEA is not all theory but you are not designing a real project either. You will have to leverage your experience and back it up with the certification if you choose to take it.
I guess even ethical hacking is illegal in some countries.
Joined: Sep 19, 2005
Thanks for all the replies.
I'm also new to security testing. In my current project I was asked to take care of information security (meaning making sure all the s/w, applications, building etc is secure from external threats like hacking, unauthorized access etc). That is when I came across this certificate (CEH) and my current role requires this one.
So this made me think if I can leverage this with my existing Java skills to have a package deal for my employer.
Like: Java architect with software security knowledge.
I never ever saw in my career a J2EE architect doing penetration testing for a firms network infrastructure. Any ideas guys?
An architect must have knowledge of security and networking technologies. He/she should be able to sufficiently discuss these aspects and delegate the responsibilites to the appropriate individuals and/or departments.
His/her focus should be on overall architectural design and managing the technical implemenation. This includes managing groups of systems engineers, software engineers, testers, and junior programmers. If "penetration testing" is required, someone on his/her team should be able to execute the task. The architect himself/herself does not execute the task.