Really interesting OSS cross-over role

I have a few automated job searches set up for OSS roles. Not because I’m looking for a job (just projects), but to keep an eye on what the markets are looking for and what’s trending that I might not be aware of yet.

A really interesting role popped up on one of these searches this morning:
https://www.seek.com.au/job/56858624

No idea which company it’s for, but it’s the first one of its kind that I’ve seen… yet I’ve long thought it is a really important intersection with OSS.

As you’ll notice if you click on the link, it’s for a Senior Security Architect/Designer that specialises in OSS.

Of course I’ve seen job ads for Security Architects and for OSS Architects, but never combined (although I have worked with SAs that have done a lot of telco work and have OSS familiarity, so there’s a few of them out there).

As we all know, OSS and BSS have their tentacles spread throughout a telco’s management stack. They cross all the traditional security trust zones such as:

  • Active Network
  • Corporate Network
  • Enterprise Services
  • Demilitarised Zone
  • Centralised Management and
  • Others

Everyone would already be aware that segmentation and interconnectivity between devices / services within each of these zones is strictly controlled. Security layering can be coarse (eg firewall segmentation) or more granular (service publishing / proxying, service chaining, host based firewalls / IPS, etc)

What fewer people would be aware of is the complex chatter that goes on between the various devices / services in each of the domains. There are:

  • Identity Services (eg directory services, privileged access management, user access management and the roles/privileges/governance that they assign)
  • Access Gateway / Services (eg role-based access, session management, password management, SSO / SAML, secure API gateways, proxies, 2FA)
  • Shared Services (eg NTP, DNS, IPAM, DHCP, SMTP – email, log management, config management, CI/CD solutions, patch management, etc)
  • Security Services

These services often require primary / secondary architectures and related data reconciliation to allow them to function correctly / securely across different domains. For example, some DNS records should be accessible from within the active network, allowing NOC users to resolve addresses within the active network as well as external, such as for downloading security patches. Conversely, machines inside the corporate domain might be able to resolve DNS records of the patch management server, but not any devices within the active network. There is a lot of complexity and inter-dependency involved in setting them all up correctly.

But then taking things out of the solution architecture space, I also envisage the possibilities of combining security and OSS data to improve threat detection and incident analysis. Coming back the other way, for security patterns to potentially signal to the traffic engineering our OSS do. Our OSS not only have detailed logs on everything that’s happening on the active network devices, but also have performance indicators and topology awareness (physical and logical) to better understand attack/kill chains.

I’d love to hear from any of the rare beasts that operate in this crossover security / OSS space. I feel like there are many fascinating discoveries to be made. I’d love to hear your thoughts about the possibilities. Please leave a comment below to discuss.

 

If this article was helpful, subscribe to the Passionate About OSS Blog to get each new post sent directly to your inbox. 100% free of charge and free of spam.

Our Solutions

Share:

Most Recent Articles

A million words about OSS

Whilst setting up for another new initiative this week I became aware that the PAOSS blog has just ticked past 1 million words.  And that’s

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.