Sophos Chief Architect and Rice University alumnus Kenneth Ray (B.A. in CS ’94, M.C.S. ’96) was initially majoring in Chemistry and spending his summers working on interesting research projects. He spent one summer as a visiting scholar at Carnegie Mellon University and another in the research lab of Richard Smalley.
“That was before Dr. Smalley was awarded a Nobel Prize in Chemistry for co-discovering buckyballs,” said Ray. “Those were interesting times. I was coding in my spare time, so I decided to take a computer science class. It turned out that CS was a better fit for my personality – I am innately curious and enjoy rapid experimentation. It felt more satisfying to make, break, and build things in code than with chemistry.”
His interest in tweaking, testing, and pushing all the buttons he could, led Ray to roles in security engineering, and then to positions where he could influence his organization’s architectural direction and product development.
Ray said, “In my experience folks that are really good in security are self-selected and naturally super curious. They are always asking questions like, ‘How does this work, what assumptions does it make, and what happens if I change those assumptions?’
“It drives my family crazy. We might be out shopping when I start scrutinizing the mall stores, wondering why some stores put the check-out counter at the very back of the store and if they’ve measured the risks correctly. What’s the gain for them, what’s the tradeoff? How can they tell, or do they even analyze, if they are getting the implied benefits?”
Curiosity led him further into the security industry. If he heard a statement indicating a product or system couldn’t possibly have a breach above a certain “robustness” level, then Ray wanted to know why and how, as well as how certain do they think they are, and how could this be proven. Curiosity involves a healthy dose of skepticism.
He turns that same scrutiny on Sophos products, helping to shape cybersecurity systems that are intuitively simple for their customers to use while ensuring robust protection against complex threats and data loss.
“Ken’s intellect and way of thinking is perfect for the security market,” said Dan Schiappa, SVP and GM of Products at Sophos. “He is always looking for the small technical details, and that is something very necessary in this market. What’s truly impressive is not only the depth of his thinking but the breadth. He has worked across the entire security market and the Sophos portfolio to bring very sophisticated technology to market, in a way that can be consumed by users of all levels of capability. Making the complex simple is truly hard and Ken has been a fantastic champion of this for Sophos.”
Most of Ray’s opportunities have arisen from following his interests and asking questions when he discovers people with similar passions. Connecting with faculty members and colleagues over a shared interest often led to new opportunities.
“Don’t hesitate to seek advice or opportunities when you discover people who share your passions,” he said.
After many years leading teams and building trust, Ray is now working as a chief architect — a role that focuses on influence, advocacy, and coaching, rather than direct management. “The classic cliche, all the responsibility with little direct authority,” says Ray. It is also a tricky path to navigate. “Titles never deem anyone an authority, it’s earned through influence and experience. Especially since the people with whom you work understand the problem, especially the details, far better than the architect ever will.”
Ray said, “An architect and the value they add is based on trust and relationships. People seek out our help when they value it, which involves deep understanding of technology and people. So keep your hands dirty, remain directly involved, and make sure you’re always adding direct value. The architect’s job is to ensure that the right ideas are had, not necessarily to have them; in other words, as a mentor of mine once said ‘the architect’s job is to harvest all the IQ out of the room’”.
The trick is to help manage and collect those ideas and carefully understand and organize them into tenets, requirements, and solutions. Ensuring that the requirements themselves are carefully separated between product (what gets sold) and engineering (what the total cost of maintenance will be). “The process involves lots of dead ends, bad design choices, politics, bruised egos, and wasted time, but persevere to find the best result. Some requirements are over-constraining, implying there isn’t a solution, or perhaps, one just hasn’t been created yet. An architect must envision a future state that can guide the results of those tradeoffs.
“Everyone draws a defense line based on resources, convenience, and risk. You lock your door when you leave for the day or on vacation, but perhaps not when you walk out to collect the mail. You might put deadbolts on your doors, but don’t put bars on your windows because you don’t want to live that way, or deal with the message that sends,” he said.
“The role of a security advocate involves discovering when and where your systems are not optimized. Then you either fix the vulnerabilities, or you mitigate them by optimizing your systems differently.”
Ray said would-be architects must first establish themselves as a high-quality engineer, then progress through several stages of learner, facilitator, mentor, and finally architect.
“The real architects live the role long before management gets around to bestowing the title,” said Ray.
“If you already find yourself seeing the forest for the trees, stepping back to look at the project or product as a whole and how it fits in with other projects, the business you are in, and even the industry; if you are keenly invested in ensuring that the right long-term tradeoffs are well understood and optimized; if such things fascinate you to the point of spending your time constantly learning how to become better at that; if you are still deeply grounded in the actual work itself, then this is likely a good path for you.”
He joked that some people think the architect just draws pretty pictures on the whiteboard and then sits in the shade with a beer while others slog through the real work. But for Ray, it’s more about observing the whole system and taking care of whatever needs to be done.
“I think of my job as if I’m working on the deck of a sailing ship. I don’t just help steer the ship; if I need to grab a broom and sweep the floor, that’s what I’ll do.”