🛡️ Paladin → Security Architect
“Security isn’t a product you buy. It’s an architecture you design.”
Your Role in the Party
You’re the one who sees the complete picture. While others focus on specific threats or technologies, you design the security architecture that protects the entire organization. You translate business requirements into security controls, create frameworks that scale, and ensure that security is built into systems from the ground up—not bolted on afterward.
Security Architects operate at the intersection of technical depth and strategic vision. You need to understand how attacks work, how defenses fail, and how to design systems that are secure by default. Your work influences every other security role—the controls you design become the rules SOC analysts monitor, the policies GRC teams audit, and the infrastructure engineers deploy.
This role rewards principled thinking. The best security architects have strong frameworks for making decisions—Zero Trust, defense in depth, least privilege—and apply them consistently. If you’ve ever looked at a system design and immediately spotted the security flaws, you’re built for this.
📊 Your Stat Spread
| Stat | Score | What It Means for You |
|---|---|---|
| INT | ⭐⭐⭐⭐⭐ | Deep technical knowledge across security domains. You understand networking, identity, encryption, and cloud architecture. |
| WIS | ⭐⭐⭐⭐ | Pattern recognition for architectural flaws. You see the attack path in the design before it’s built. |
| CHA | ⭐⭐⭐⭐ | Communicate designs to stakeholders. Translate security requirements into language executives understand. |
| CON | ⭐⭐⭐ | Sustained design work. Large architecture efforts require persistent focus over weeks or months. |
| DEX | ⭐⭐⭐ | Adapt designs to different contexts. Enterprise, cloud, startup—each requires different approaches. |
| STR | ⭐⭐⭐ | Hands-on implementation when needed. Prototype designs, validate controls, prove concepts. |
🎭 Neurodivergent Advantages
Your traits are class features, not bugs:
-
Framework Mastery as Special Interest: When Zero Trust, NIST CSF, or SABSA becomes your hyperfocus, you develop depth that generalists can’t match. Security architecture rewards deep framework knowledge.
-
Systems Thinking (INT + WIS): Autistic pattern recognition excels at seeing how complex systems interact. You spot the dependency chain, the single point of failure, the trust boundary violation that others miss.
-
Principled Decision-Making: Security architecture requires consistent application of principles. If your brain naturally operates from frameworks and rules, you’ll make better architectural decisions.
-
Long-term Thinking: Many security architectures take months to design and years to implement. If you can hold complex systems in your head over extended periods, this plays to your strength.
-
Written Communication: Architecture documentation, design documents, security requirements—much of the work is written. If you prefer writing to presenting, you can still succeed.
-
Direct Communication: When you see a security flaw in a design, you say so clearly. Stakeholders need this directness, even if it’s uncomfortable.
🗺️ Career Path
Security Engineer → Senior Engineer → Security Architect → Principal Architect → CISO
↓ ↓ ↓ ↓
(Technical (Leadership (Enterprise (Executive
Foundation) Track) Scope) Leadership)Alternative Entry Points:
- Network Architect → Security Architect (infrastructure background)
- Software Architect → Security Architect (application security focus)
- Cloud Architect → Security Architect (cloud-native security)
Common Paladin Multiclasses:
- Paladin/Cleric: Security Architect → GRC Leader (design meets compliance)
- Paladin/Artificer: Security Architect → Engineering Leader (design AND build)
- Paladin/Warlock: Security Architect with offensive expertise (understand attacks to design defenses)
📜 Certification Pathway
Level 1-5: Foundation (0-2 years)
| Certification | Org | Type | Cost | Why It Fits |
|---|---|---|---|---|
| CompTIA Security+ | CompTIA | Multiple Choice | ~$425 | Foundation. Understand security before you architect it. |
| CompTIA Network+ | CompTIA | Multiple Choice | ~$369 | Network fundamentals. Architecture requires deep networking knowledge. |
| AWS Cloud Practitioner | AWS | Multiple Choice | ~$100 | Cloud basics. Most modern architecture is cloud-native. |
Neurodivergent Note: Build broad foundations first. Architecture requires understanding multiple domains—networking, identity, data protection, cloud. Security+ and Network+ together cover essential ground.
Level 6-10: Specialization (2-5 years)
| Certification | Org | Type | Cost | Why It Fits |
|---|---|---|---|---|
| CISSP (Certified Information Systems Security Professional) | ISC² | Multiple Choice (CAT) | ~$749 | The architect cert. Broad security knowledge across 8 domains. Required for most architect roles. |
| AWS Security Specialty | AWS | Multiple Choice | ~$300 | Cloud security architecture. Deep AWS security services knowledge. |
| Azure Security Engineer (AZ-500) | Microsoft | Multiple Choice | ~$165 | Azure security architecture. Essential for Microsoft environments. |
| CCSP (Certified Cloud Security Professional) | ISC² | Multiple Choice | ~$599 | Vendor-neutral cloud security. Bridges CISSP to cloud architecture. |
Neurodivergent Note: CISSP is “think like a manager” but essential for credibility. The CAT format adapts to your level—it ends when it’s confident in your score (100-150 questions). CCSP is CISSP for cloud, excellent if cloud is your focus.
Level 11-15: Advanced (5-8 years)
| Certification | Org | Type | Cost | Why It Fits |
|---|---|---|---|---|
| ISSAP (Information Systems Security Architecture Professional) | ISC² | Multiple Choice | ~$599 | CISSP concentration in architecture. The dedicated security architecture certification. |
| SABSA Chartered Security Architect | SABSA Institute | Course + Exam | ~$4,000-6,000 | Enterprise security architecture framework. Used by 73% of Fortune 500. Business-driven design. |
| TOGAF (The Open Group Architecture Framework) | The Open Group | Multiple Choice | ~$550-650 | Enterprise architecture. Not security-specific but essential for enterprise roles. |
| GDSA (GIAC Defensible Security Architecture) | SANS/GIAC | Practical | ~$999 (exam) + ~$8,500 (SEC530) | Hands-on security architecture. Network, cloud, Zero Trust design. |
Neurodivergent Note: SABSA is the gold standard for security architecture methodology—business-driven, comprehensive, and highly structured. TOGAF adds enterprise architecture context. ISSAP validates CISSP-level architecture expertise.
Level 16-20: Mastery (8+ years)
| Certification | Org | Type | Cost | Why It Fits |
|---|---|---|---|---|
| CISM (Certified Information Security Manager) | ISACA | Multiple Choice | ~$575 (member) | Security management. Bridge to CISO track. |
| CCISO (Certified Chief Information Security Officer) | EC-Council | Multiple Choice + Practical | ~$2,500 | CISO-focused. If executive leadership is your goal. |
| SABSA Master | SABSA Institute | Course + Thesis | ~$6,000+ | Advanced SABSA. Enterprise security architecture mastery. |
🛠️ Your Toolkit
Primary Weapons
| Tool | Type | What It Does | Link |
|---|---|---|---|
| Threat Modeling Tools | Design | STRIDE, PASTA, Attack Trees. Identify threats during design phase. | Various |
| Microsoft Threat Modeling Tool | Free Tool | Microsoft’s threat modeling application. STRIDE methodology built in. | Microsoft |
| Lucidchart / draw.io | Diagramming | Architecture diagrams. Essential for communicating designs. | lucidchart.com / draw.io |
Architecture Frameworks
| Framework | Purpose | Link |
|---|---|---|
| NIST Cybersecurity Framework | Risk-based security program structure | NIST |
| SABSA | Business-driven security architecture | sabsa.org |
| TOGAF | Enterprise architecture framework | opengroup.org |
| Zero Trust Architecture (NIST SP 800-207) | Modern perimeter-less security design | NIST |
| CIS Controls | Prioritized security controls | cisecurity.org |
Cloud Security Architecture
| Tool | Purpose | Link |
|---|---|---|
| AWS Well-Architected Framework | AWS security architecture principles | AWS |
| Azure Security Benchmark | Azure security architecture guidance | Microsoft |
| Google Cloud Security Foundations | GCP security architecture | Google Cloud |
| Prowler | Cloud security posture assessment | GitHub |
| ScoutSuite | Multi-cloud security auditing | GitHub |
Fun Tools from Awesome Lists
Source: cybersecurity-architecture
| Tool | What It Does |
|---|---|
| OWASP Threat Dragon | Open-source threat modeling |
| IriusRisk | Automated threat modeling platform |
| Threagile | Agile threat modeling as code |
| Security Compass SD Elements | Automated security requirements |
| PlexTrac | Security assessment and reporting platform |
📚 Learning Resources
Free Resources
YouTube Channels:
- SANS Technology Institute - Security architecture concepts
- Cloud Security Alliance - Cloud architecture guidance
- Microsoft Security - Azure security architecture
Practice & Learning:
- NIST SP 800-53 - Security control catalog. Know this deeply.
- AWS Security Reference Architecture - Example cloud security design
- Microsoft Cloud Adoption Framework - Enterprise cloud architecture
- Google Cloud Security Best Practices - GCP security architecture
Essential Reading:
- Zero Trust Architecture (NIST SP 800-207)
- OWASP Application Security Architecture
- CIS Benchmarks - Secure configuration baselines
Books for Paladins
| Book | Author | Why Read It |
|---|---|---|
| Enterprise Security Architecture | Nicholas A. Sherwood | SABSA methodology explained. Business-driven security design. |
| Zero Trust Networks | Evan Gilman & Doug Barth | Modern security architecture principles. O’Reilly essential. |
| Security Engineering | Ross Anderson | Classic security design principles. Free online. |
| Designing Secure Software | Loren Kohnfelder | Application security architecture from Google. |
| Threat Modeling: Designing for Security | Adam Shostack | Microsoft’s threat modeling methodology. Essential reading. |
| Building Secure and Reliable Systems | Heather Adkins et al. | Google’s approach to security architecture. Free from Google. |
Podcasts
| Podcast | Why Listen |
|---|---|
| CISO Series | Security leadership perspectives |
| Security Architecture Podcast | Dedicated architecture discussions |
| Risky Business | Weekly security news with strategic depth |
| Cloud Security Podcast | Cloud architecture focus |
🎓 SANS Courses for Paladins
| Course | Cert | Focus | Best For |
|---|---|---|---|
| SEC530: Defensible Security Architecture | GDSA | Network, cloud, Zero Trust design | Core architecture skills |
| SEC510: Public Cloud Security | GPCS | AWS, Azure, GCP architecture | Cloud architects |
| SEC540: Cloud Security and DevSecOps | GCSA | Secure cloud development | DevSecOps architecture |
| MGT512: Security Leadership Essentials | GSLC | Security program leadership | Architecture + leadership |
| SEC566: Implementing and Auditing CIS Controls | GCCC | CIS Controls implementation | Control-based architecture |
🏆 Building Your Magic Items
Early Career Achievements:
- Create a threat model for a system you work with
- Document the security architecture of your current environment
- Complete NIST CSF self-assessment for your organization
- Earn CISSP certification
- Present a security architecture recommendation to leadership
Mid-Career Achievements:
- Lead security architecture for a major project
- Earn CCSP or cloud security specialty certification
- Design and implement Zero Trust controls
- Build security architecture documentation standards
- Mentor engineers on secure design principles
Senior Achievements:
- Own enterprise security architecture
- Earn SABSA or ISSAP certification
- Speak at a security conference on architecture topics
- Influence organizational security strategy at executive level
- Build security architecture practice or team
🧭 Multiclassing Guide
Adding Cleric Levels (GRC)
Combine architecture with compliance:
- CISM for governance focus
- Learn framework mapping (NIST to ISO to SOC 2)
- Design controls that satisfy multiple frameworks
“My architectures are compliant by design—not retrofitted for auditors.”
Adding Artificer Levels (Engineering)
Build what you design:
- Deep infrastructure-as-code skills (Terraform, CloudFormation)
- Security automation and pipeline integration
- SEC540 for DevSecOps architecture
“I don’t just design secure systems—I build the infrastructure that makes them real.”
Adding Warlock Levels (Offensive Knowledge)
Understand attacks to design better defenses:
- Study offensive techniques through SANS SEC560 or TCM Security
- Learn attack paths to design controls against them
- Red team perspective improves architecture decisions
“I design defenses that work because I know exactly how attackers try to break them.”
💡 Neurodivergent Learning Strategies
For ADHD:
- Architecture’s variety helps—design, review, communicate, iterate
- Use threat modeling as active engagement with designs
- Break large architecture efforts into smaller, completable milestones
- Leverage hyperfocus for deep design sessions
For Autism:
- Frameworks provide the systematic structure you crave
- Build comprehensive architecture documentation templates
- Deep-dive on specific architecture domains (identity, network, cloud) as special interests
- Use visual diagrams to organize complex relationships
For Both:
- Systems thinking is your unfair advantage
- Pattern recognition catches architectural flaws
- Principled frameworks give consistent decision-making
- Written documentation plays to common strengths
🎯 Not Sure If You’re a Paladin?
Take the Character Creation Quiz to discover your cybersecurity class and get personalized recommendations!
📖 Continue Your Journey
- View All Classes
- Blue Team: Cleric - If GRC and compliance call to you
- Purple Team: Artificer - If you want to build what you design
- Blue Team: Fighter - Build operational experience first
“A well-designed architecture makes security the path of least resistance.”