Degree vs. certification: Mid-level cybersecurity architect
Introduction
Those looking to combine top-flight cybersecurity skills and knowledge with information security design and building principles should consider becoming a cybersecurity architect. This role within an organization demands a coordination of high-level information security skills that include everything from penetration testing to management.
There are two general paths to earning this mid-level role — the degree path and the certification path. This article will detail both paths by exploring what you can expect going down each path and will conclude with a well-founded recommendation for which path you should choose.
What should you learn next?
A little about the role
The role of cybersecurity architect is a pivotal role within an organization. It is responsible for building, designing, testing and implementing information security systems. Being one of the “wearing more than one hat” roles in cybersecurity, this is just the start of typical responsibilities. Cybersecurity architects also supervise security teams, create security procedure and policy for the organization and even use pentesting and ethical hacking skills when needed to help shore up the organization’s information security environment.
This role has been previously described as being advanced-level in terms of career progression by some career authorities, but this classification is inappropriate. Most job descriptions require anywhere from three to 10 years of experience (with at least three to five years being in security), which is not technically an advanced level role. According to the United States Department of Personnel Management, a mid-level or mid-career role is one with 10 or more years of professional experience, making the cybersecurity architect role mid-level. With this minor argument quelled, let’s dive into the real argument — degree or certification.
Degree path
Earning a degree is the first path that may land you on the doorstep of your first mid-level cybersecurity architect role. Four-year college degrees (B.A. and B.S.) are some of the most commonly-requested requisite for this role — with 69% of organizations seeking candidates with a bachelor’s degree and 27% looking for graduate degree holders, it is going to be fairly difficult to earn this job without earning at least a bachelor’s degree.
There is no hard-and-fast rule about what major your degree should be in for this role. Rather, there is a general universe that your major should fall in. Below is a list of applicable majors that are best suited to the cybersecurity architect role:
- Cybersecurity
- Computer science
- Computer engineering
- Information systems
- Information technology
- Math
This list is not exhaustive, so if you have already earned a bachelor’s degree in another subject, don’t worry. If you have applicable experience in information security, the hiring organization is more likely to look past that Fine Arts degree you earned a few years back.
Certification path
The second distinct path to the mid-level cybersecurity architect role is that of professional certifications. In terms of being on point, certifications have degrees beat on some levels.
Certifications are more appropriate in terms of the knowledge and skills they verify and can also approach the subject matter from more than one angle. This means that several certifications will give you a better understanding (and subsequent verification) of the knowledge and skills the role requires. This is probably splitting hairs, though.
Below is a list of the most relevant certifications for this role.
CISSP
Hosted by (ISC)2, Certified Information Systems Security Professional (CISSP) certification is one of the most requested for the mid-level cybersecurity architect role. CISSP is a prerequisite for a very relevant cybersecurity architect certification explored below. This solid information security certification covers material in the following eight domains of knowledge.
- Security and risk management
- Asset security
- Security engineering
- Communications and network security
- Identity and access management
- Security assessment and testing
- Security operations
- Software development security
CISSP requires five years of work experience to qualify for this certification, exam which any mid-level cybersecurity architect will have by this point in their career.
CISM
Hosted by GIAC®️, the Certified Information Security Manager certifies the cybersecurity knowledge and skills necessary for a mid-career cybersecurity architect. The domains of knowledge this certification covers are:
- Information Security Governance
- Information Risk Management
- Information Security Program Development
- Information Security Program Management
- Incident Management and Response
CISSP-ISSAP
Another heavy hitter coming to us from (ISC)2 is the Certified Information Security Architect Professional certification, which fits this role like a glove. The CISSP-ISSAP certification exam covers six information security architecture-packed domains of knowledge, including:
- Identity and Access Management Architecture
- Security Operations Architecture
- Infrastructure Security
- Architect for Governance, Compliance and Risk Management
- Security Architecture Modeling
- Architect for Application Security
To earn this certification, candidates must have previously earned their CISSP certification (and be in good standing to boot). Two years of cumulative, full-time paid experience in at least one of the CISSP-ISSAP domains of knowledge is the experience requirement for this certification.
Conclusion
The mid-level cybersecurity architect is one of those interesting cybersecurity concentrations that does not fit neatly into one box. With this said, the best path to take is to earn both a degree and some certifications before you apply for this role.
A college degree is required by nearly every organization hiring for this role, but this is just the beginning. Since most degrees do not cover all of the material that needs to be mastered before taking on the role, certifications are the best way to plug up any knowledge and skills holes that your degree did not cover. For this role, the degree and certification paths go hand in hand.
What should you learn next?
Sources
- Cybersecurity Career Pathway, CyberSeek
- Security Architect Job Description Guide, Robert Half
- CISSP-ISSAP Experience Requirements, (ISC)2
- Average Security Architect, IT Salary, PayScale
Get unlimited and self-paced training for you or teams in your organization with Infosec Skills.
- 190+ role-guided learning paths
- 100s of hands-on labs & cyber ranges
- Custom certification practice exams
In this Series
- Degree vs. certification: Mid-level cybersecurity architect
- Top-paying cybersecurity jobs and salary trends for 2024
- The importance of IT certifications in boosting your career
- Understanding the role of a network engineer in IT
- The role of the chief information officer (CIO) in cybersecurity
- What is a network engineer and how to become one?
- What does a system administrator do and how to become one?
- Cyber security hiring: Tips and best practices
- Cybersecurity soft skills: Career benefits of public speaking
- CompTIA Data+ certification: Opening doors to new careers
- Surviving cybersecurity burnout: Tips from industry experts
- How to make a mid-career change to cybersecurity
- 7 top security certifications you should have in 2024
- The Changing Role of the Modern SOC
- Discover the top 5 information security management certifications
- CySA+ versus CASP+: Is the CySA+ good enough for a career in cybersecurity?
- The best cybersecurity jobs in 2023: Trends, roles and salaries
- Top 10 penetration testing certifications for security professionals (2023)
- How to land an entry-level cybersecurity job: Essential skills and certifications
- 133 cyber security training courses you can take now — for free
- Breaking down barriers: How to make cybersecurity more inclusive and diverse
- Computer forensics interview questions
- The digital security forensic analyst salary guide
- Applying linguistics to cybersecurity: The journey of Jade Brown, a 2022 Infosec Scholarship winner
- The Path to “Career 4.0”: Amy Bonus leverages humanities, FinTech experience to bring Cybersecurity to the layperson
- Security engineer: Degree vs. certification
- Cybersecurity engineer: CyberSeek
- Infosec Accelerate Scholarship winner highlights essential qualities of a successful cybersecurity professional
- Career skills, imposter syndrome and intelligence-led pentesting | From the Cyber Work desk
- Cloud security engineer interview questions and answers
- Prior preparation results in a big payoff for Jason Mondragon, an Army veteran transitioning into cybersecurity
- Infosec scholarship winner Kandice Kucharczyk salutes her mentors as she sets her sights high
- Which CompTIA cert is right for you: Security+, PenTest+, CySA+ or CASP+? [updated 2023]
- How VetsInTech and Infosec Laid the Path to Gaurav Panta’s New IT Career
- Infosec 2022 scholarship winner Anthony Torres: Bringing the Marine Corps ethos to the cyber domain
- Infosec Scholarship winner Chris Chisholm knows the power of service and diversity in cybersecurity
- Betta Lyon Delsordo, Infosec scholarship 2022 winner, is a true life-long learner
- A veteran transitions from military medical logistics to multi-national security analyst
- An Army National Guard member fast tracks his cybersecurity career transition with VetsinTech
- How a career harnessing Navy nuclear energy can power a transition to a Security+ certification
- What is a cloud administrator? Essential roles and skills
- Security control mapping: Connecting MITRE ATT&CK to NIST 800-53
- Should you take the CCSP/SSCP before the CISSP? [updated 2022]
- (ISC)² certifications: The ultimate guide [updated 2022]
- CCSP vs. Cloud+ [updated 2022]
- Data architect: The ultimate career guide
- The ultimate guide to ISACA certifications: Overview & career paths [updated 2022]
- I failed IAPP’s CIPP/C certification. Here’s how I recovered
- How learning to be "Always Flexible" helped a Marine in earning the Security+ certification
- How to learn and pass your next certification exam
- Mission accomplished: How one army veteran turned neurobiologist moved into cybersecurity
Get certified and advance your career
- Exam Pass Guarantee
- Live instruction
- CompTIA, ISACA, (ISC)², Cisco, Microsoft and more!
Professional development
Professional development
Professional development
Professional development
The role of the chief information officer (CIO) in cybersecurity