Average ISSAP Salary in 2021
Those who want to become an information security architect or chief security analyst will want to earn an (ISC)² certification called Information Systems Security Architecture Professional, or ISSAP. This certification is a member of the CISSP certification family and certifies a broad spectrum of security architect knowledge and skills. This certification verifies high-level mastery of these skills.
ISSAP certification holders also earn a high salary. Read more to learn what the ISSAP is, who it is intended for, what the average salary is, the domains of knowledge that the certification exam covers and what the pre-requirements are for the 2021 ISSAP certification.
Earn your CISSP, guaranteed!
What is the ISSAP?
ISSAP is a certification that is part of the CISSP suite of information security certifications and is currently one of the most in-demand information security certifications. This certification verifies that the holder has the required information security architecture knowledge and skill related to the development, design and analysis of information security solutions.
It also verifies mastery in giving guidance to key organizational decision-makers to help them enable the goals of the organization.
Who should earn the ISSAP certification?
The ISSAP certification is intended for information security architecture professionals at all levels of their careers. Security analysts, security architects, mid-level security analysts and mid-level security analysts, as well as senior security architects and senior security analysts alike, can all benefit from the critical knowledge and skill verification that this certification offers.
Additionally, C-level executives such as chief security architects and information security architecture consultants are the right fit for this cert as well.
Average ISSAP salary
As you can see above, the spectrum of information security architecture roles that are the right fit for this certification span the entire career path of information security architecture — from entry-level right through senior-level roles. This could bring about a wild swing in pay numbers, so it is best to deal with the average for these numbers. With that said, the average ISSAP salary for all ISSAP certification holders is $131,720.
Since this average is across all career levels, it may be more useful to look at numbers relevant to the specific career levels.
Entry-level
The average pay for an entry-level ISSP certification holder is $71,500.
Mid-level
By the time the ISSAP certification holder reaches the mid-level of their career, they have likely had a substantial pay increase. The average pay for the mid-level ISAAP certification holder is $124,000.
Senior-level
Pay for ISSAP certification holders reaches a crescendo with the senior-level roles. The average pay for a senior-level ISSAP holder is $185,000.
ISSAP domains of knowledge
To start earning these relatively high salaries, you will have to first earn the ISSAP certification, which entails passing the ISSAP certification exam. The domains have changed for the most recent ISSAP exam (see ISSAP exam outline), so previous exam outlines and study aids are out of date. The revised domains of knowledge for the updated exam are presented below, along with their respective weights.
Domain 1.0 – architect for governance, compliance and risk management (17%)
- 1.1 Determine legal, regulatory, organizational and industry requirements
- 1.2 Manage risk
Domain 2.0 – security architecture modeling (15%)
- 2.1 Identify security architecture approach
- 2.2 Verify and validate design (functional acceptance testing (FAT) and regression)
Domain 3.0 – infrastructure security architecture (21%)
- 3.1 Develop infrastructure security requirements
- 3.2 Design defense-in-depth architecture
- 3.3 Secure shared services
- 3.4 Integrate technical security controls
- 3.5 Design and integrate infrastructure monitoring
- 3.6 Design infrastructure cryptographic solutions
- 3.7 Design secure network and communication infrastructure
- 3.8 Evaluate physical and environmental security requirements
Domain 4.0 – identity and access management (IAM) architecture (16%)
- 4.1 Design identity management and lifecycle
- 4.2 Design access control management and lifecycle
- 4.3 Design identity and access solutions
Domain 5.0 – architect for application security (13%)
- 5.1 Integrate software development life cycle (SDLC) with application security architecture
- 5.2 Determine application security capability requirements and strategy
- 5.3 Identify common proactive controls for applications
Domain 6.0 – security operations architecture (18%)
- 6.1 Gather security operations requirements
- 6.2 Design information security monitoring
- 6.3 Design business continuity (BC) and resiliency solutions
- 6.4 Validate business continuity plan (BCP)/disaster recovery plan (DRP) architecture
- 6.5 Design incident response (IR) management
ISSAP prerequisites
To sit for the ISSAP certification exam, candidates need to satisfy the following prerequisites:
- Candidates need to have earned the CISSP certification and be in good standing. See our CISSP salary data here.
- Candidates need to have two years of paid, cumulative work experience in one or more of the six domains of the common body of knowledge (CBK) of the ISSAP exam
Earn your CISSP, guaranteed!
Pursuing the ISSAP certification
Those working in information security architecture (and those planning on information security architecture as a career) will find the ISSAP certification a powerful way to verify the knowledge and skill that hiring organizations are looking for. For those looking at the average ISSAP salary in 2021, they will find a comfortable salary.
- Exam Pass Guarantee
- Live expert CISSP instruction
- CISSP exam voucher
In this Series
- Average ISSAP Salary in 2021
- CISSP certification - The ultimate guide [updated 2021]
- The CISSP domains and CBK: An overview
- CISSP certification salary: A comprehensive 2024 salary guide
- Definition & types of access control models & methods (updated 2023)
- CISSP domain 4: Communications and network security — What you need to know for the exam [2022 update]
- CISSP domain 5: Identity and access management — What you need to know for the exam [Updated 2022]
- CISSP domain 7: Security operations — What you need to know for the exam [Updated 2022]
- CISSP domain 6: Security assessment and testing — What you need to know for the exam [Updated 2022]
- CISSP domain 8 overview: Software development security — What you need to know for the exam [Updated 2022]
- CISSP and DoD 8570/8140: What you need to know [Updated 2022]
- Top 10 CISSP interview questions [Updated 2022]
- CISSP domain 1: Security and risk management — What you need to know for the exam
- The ISC2 code of ethics: A binding requirement for certification
- The CISSP experience waiver [updated 2022]
- Earning CPE credits to maintain the CISSP
- Renewal requirements for the CISSP [updated 2022]
- CISSP computerized adaptive testing (CAT): 25 of your questions answered
- CISSP job outlook [updated 2022]
- CISSP resources: Books, practice exams and other study tools [updated 2022]
- CISSP exam questions: 5 drag & drop and hotspot questions
- Risk management concepts and the CISSP (Part 2) [Updated 2022]
- What is the CISSP-ISSAP? Information Systems Security Architecture Professional [updated 2021]
- Average ISSEP Salary in 2021
- Average ISSMP Salary [updated 2021]
- CISSP domain 3: Security engineering CISSP - What you need to know for the exam [2022 update]
- Understanding the CISSP exam schedule: Duration, format, scheduling and scoring [updated 2021]
- What is the CISSP-ISSEP? Information Systems Security Engineering Professional [updated 2021]
- Information and asset classification in the CISSP exam
- CISSP domain 2: Asset security - What you need to know for the Exam [updated 2021]
- 8 tips for CISSP exam success [updated 2021]
- Risk management concepts and the CISSP (part 1) [updated 2021]
- What is the CISSP-ISSMP? Information Security System Management Professional [updated 2021]
- CISSP concentrations (ISSAP, ISSMP & ISSEP) [updated 2021]
- Due care vs. due diligence and the CISSP
- CISSP prep: Security policies, standards, procedures and guidelines
- Vulnerability and patch management in the CISSP exam
- Data security controls and the CISSP exam
- Logging and monitoring: What you need to know for the CISSP
- Data and system ownership in the CISSP exam
- CISSP Prep: Mitigating access control attacks
- CISSP Domain 5 Refresh: Identity and Access Management
- Identity Governance and Administration (IGA) in IT Infrastructure of Today
- CISSP CAT Exam Deep Dive: Study Tips from InfoSec Institute Alum Joe Wauson
- CISSP: Incident management
- CISSP: Business continuity planning and exercises
- CISSP: Perimeter defenses
- CISSP: Secure communication channels
- Environmental controls and the CISSP
- CISSP: Disaster recovery processes and plans
- Change management and the CISSP
