Security engineer: Degree vs. certification
Everyone loves the versatility of a jack-of-all-trades. Be it the functionality of a Swiss Army knife, the variety of an all-you-can-eat buffet or the flavor diversity of an “everything” bagel, the concept of one thing applying to the proverbial “all of the above” is an attractive option. This idea extends into cybersecurity careers and is perfectly embodied by the security engineer role.
FREE role-guided training plans
Security engineers, sometimes called cybersecurity engineers or information security engineers, wear many, if not all, of the hats on a security team. A security engineer is a very in-demand job, to the point that it is hard to fill. Like many other cybersecurity roles, you can reach this one via two general paths: earning a degree or certifications. This article will detail both paths for the mid-career security engineer and conclude with a well-founded recommendation for the path you should take.
What is a cybersecurity engineer?
Going back to the everything bagel I mentioned above — it is a truly appropriate comparison for the role of cybersecurity engineer. Just as the bagel has a taste of nearly every savory bagel flavor, the cybersecurity engineer's role touches on nearly every sub-discipline within the cybersecurity field. This role will require a well-rounded, comprehensive cybersecurity skill set, from network and system security to troubleshooting information security breaches and penetration testing.
Security engineer degree path
It would be almost unheard of to obtain this role without a degree of some kind. Below is a breakdown of which degrees are requested by hiring organizations.
- Sub-bachelor’s (AA) — 14%
- Bachelor’s — 64%
- Graduate — 22%
As with most other cybersecurity roles, there is no one major preferred over all others. With this said, if you can find a degree-issuing educational institution that offers a cybersecurity degree, go for it.
This specific degree is still not widespread, so you may have to improvise by obtaining a related degree. Some recurring degrees seen by hiring organizations include:
- Computer science
- Information security
- Computer engineering
- IT
- Math
You can even go the extra mile by obtaining a graduate degree, and this specific decision may pay off. There are more graduate degree programs in cybersecurity than bachelor’s degrees, and graduate degrees are within a realistic mid-career timeline. If you can find a suitable program, go for it!
The average salary for a Mid-career cybersecurity engineer without certifications is $105,301.
Security engineer certification path
The other path you can take to the security engineer threshold is professional certifications. Certifications tend to be more on-point, real-world focused and can be earned in but a fraction of the time it takes to earn a four-year degree.
Below is a list of some of the most useful security engineer certifications for the mid-career professional.
CISSP
According to CyberSeek, (ISC)2’s Certified Information Systems Security Professional certification is one of the most requested for the security engineer role. CISSP focuses more on systems than CISA, but this knowledge and skill set are still essential for a proficient cybersecurity engineer (remember — more than one hat!). CISSP requires five years of work experience to qualify for this certification exam.
The average salary for a mid-career cybersecurity engineer CISSP holder is $148,830.
CISM
Certified Information Security Manager, or CISM, is a degree hosted by GIAC®️ that certifies an advanced level of information security skill necessary for a mid-career cybersecurity engineer. This certification covers the following domains of knowledge: Information Security Governance, Information Risk Management, Information Security Program Development, Information Security Program Management and Incident Management and Response.
The average salary for a mid-career cybersecurity engineer CISM certification holder is $155,628.
CISA
Hosted by ISACA, the Certified Information Systems Auditor (CISA) certification may seem like it only applies to IT auditors at first, but a second glance will show that these skills apply well to the cybersecurity engineer role. It certifies competency in a wide range of cybersecurity skills that cybersecurity engineers will use daily. CISA requires five years of experience to qualify for this certification exam, which is well within the timeline of a mid-career security engineer.
The average salary of a mid-career cybersecurity engineer CISA holder is $140,400.
Security+
Hosted by CompTIA, Security+ is an information security certification that will expose you to solid, vendor-neutral course material which verifies the fundamentals of being a cybersecurity engineer. This certification exam covers six domains of knowledge: threats, attacks and vulnerabilities, technologies and tools, architecture and design, identity and access management, risk management, and cryptography and PKI.
This certification is among the highest requested for this role and is considered the most important for establishing a security engineer’s fundamentals. Therefore, since this is more of a fundamental level certification, an average salary will not be provided as it wouldn’t give an accurate read on what a mid-career cybersecurity engineer would earn with this cert.
What should you learn next?
Verdict: It’s best to have both!
The very nature of the cybersecurity engineer role is like an all-encompassing representation of cybersecurity skills. Without giving you another analogy, I will leave you with the best advice I can give: follow both paths.
You will want to obtain at least a bachelor’s degree, preferably in either a cybersecurity- or computer-focused major. Due to the well-roundedness of the skill set this role demands, you will want to earn at least one or two certifications to help you verify these skills for hiring organizations. Having at least one degree and certification will put you in the most realistic position to be a competitive candidate for this in-demand cybersecurity role.
Sources
- Cybersecurity career pathway. CyberSeek.
- Average mid-career cyber security engineer salary, Payscale
- CISSP Salary, Payscale
- CISM Salary, Payscale
In this Series
- Security engineer: Degree vs. certification
- Top-paying cybersecurity jobs and salary trends for 2024
- The importance of IT certifications in boosting your career
- Understanding the role of a network engineer in IT
- The role of the chief information officer (CIO) in cybersecurity
- What is a network engineer and how to become one?
- What does a system administrator do and how to become one?
- Cyber security hiring: Tips and best practices
- Cybersecurity soft skills: Career benefits of public speaking
- CompTIA Data+ certification: Opening doors to new careers
- Surviving cybersecurity burnout: Tips from industry experts
- How to make a mid-career change to cybersecurity
- 7 top security certifications you should have in 2024
- The Changing Role of the Modern SOC
- Discover the top 5 information security management certifications
- CySA+ versus CASP+: Is the CySA+ good enough for a career in cybersecurity?
- The best cybersecurity jobs in 2023: Trends, roles and salaries
- Top 10 penetration testing certifications for security professionals (2023)
- How to land an entry-level cybersecurity job: Essential skills and certifications
- 133 cyber security training courses you can take now — for free
- Breaking down barriers: How to make cybersecurity more inclusive and diverse
- Computer forensics interview questions
- The digital security forensic analyst salary guide
- Applying linguistics to cybersecurity: The journey of Jade Brown, a 2022 Infosec Scholarship winner
- The Path to “Career 4.0”: Amy Bonus leverages humanities, FinTech experience to bring Cybersecurity to the layperson
- Cybersecurity engineer: CyberSeek
- Infosec Accelerate Scholarship winner highlights essential qualities of a successful cybersecurity professional
- Career skills, imposter syndrome and intelligence-led pentesting | From the Cyber Work desk
- Cloud security engineer interview questions and answers
- Prior preparation results in a big payoff for Jason Mondragon, an Army veteran transitioning into cybersecurity
- Infosec scholarship winner Kandice Kucharczyk salutes her mentors as she sets her sights high
- Which CompTIA cert is right for you: Security+, PenTest+, CySA+ or CASP+? [updated 2023]
- How VetsInTech and Infosec Laid the Path to Gaurav Panta’s New IT Career
- Infosec 2022 scholarship winner Anthony Torres: Bringing the Marine Corps ethos to the cyber domain
- Infosec Scholarship winner Chris Chisholm knows the power of service and diversity in cybersecurity
- Betta Lyon Delsordo, Infosec scholarship 2022 winner, is a true life-long learner
- A veteran transitions from military medical logistics to multi-national security analyst
- An Army National Guard member fast tracks his cybersecurity career transition with VetsinTech
- How a career harnessing Navy nuclear energy can power a transition to a Security+ certification
- What is a cloud administrator? Essential roles and skills
- Security control mapping: Connecting MITRE ATT&CK to NIST 800-53
- Should you take the CCSP/SSCP before the CISSP? [updated 2022]
- (ISC)² certifications: The ultimate guide [updated 2022]
- CCSP vs. Cloud+ [updated 2022]
- Data architect: The ultimate career guide
- The ultimate guide to ISACA certifications: Overview & career paths [updated 2022]
- I failed IAPP’s CIPP/C certification. Here’s how I recovered
- How learning to be "Always Flexible" helped a Marine in earning the Security+ certification
- How to learn and pass your next certification exam
- Mission accomplished: How one army veteran turned neurobiologist moved into cybersecurity
- I failed my CREST Certified Infrastructure Tester exam: Here’s my story
Get certified and advance your career
- Exam Pass Guarantee
- Live instruction
- CompTIA, ISACA, (ISC)², Cisco, Microsoft and more!
Professional development
Professional development
Professional development
Professional development
The role of the chief information officer (CIO) in cybersecurity