Professional development

Degree vs. certification: Mid-career cybersecurity engineer

October 1, 2019 by Greg Belding


Everyone loves the versatility of a jack of all trades. Be it the functionality of a Swiss Army knife, the variety of an all-you-can-eat buffet or the flavor diversity of an “everything” bagel, the concept of one thing applying to the proverbial “all of the above” is an attractive option. This idea extends into cybersecurity careers and is perfectly embodied by the cybersecurity engineer role. 

This role wears many, if not all, of the hats on a security team and is currently a very in-demand job, to the point that it is hard to fill. Like many other cybersecurity roles, this one can be reached via two general paths — by earning a degree or earning certifications. This article will detail both paths and conclude with a well-founded recommendation for which path you should take.

What is a cybersecurity engineer?

Going back to that everything bagel I mentioned above — it is a truly appropriate comparison for the role of cybersecurity engineer. Just as the bagel has a taste of nearly every savory bagel flavor, the role of cybersecurity engineer touches on about every sub-discipline within the cybersecurity field. From network and system security to troubleshooting information security breaches and penetration testing, this role will require a well-rounded, comprehensive cybersecurity skill set. 

Some have held this role to be best placed in the advanced-career stage of the cybersecurity career path, but this is an inappropriate categorization and the numbers prove it. 24% of those in this role are at the mid-level of their career (which is the career level preceding advanced career).

Degree path

Let’s be up front about one thing: it would be almost unheard of to obtain this role without a degree of some kind. Below is a breakdown for which degrees are requested by hiring organizations. 

  • Sub-bachelor’s (AA) — 11%
  • Bachelor’s — 67%
  • Graduate — 23%

As with most other cybersecurity roles, there is no one major preferred over all others. With this said, if you can find a degree-issuing educational institution offers a cybersecurity degree, go for it. 

This specific degree is still not widespread, so you may have to improvise by obtaining a related degree. Some recurring degrees seen by hiring organizations include:

  • Computer science
  • Information security
  • Computer engineering
  • IT
  • Math

You can even go the extra mile by obtaining a graduate degree, and this specific decision may pay off. There are more graduate degree programs in cybersecurity than for bachelor’s degrees, and graduate degrees are within a realistic mid-career timeline. If you can find a suitable program, go for it!

Certification path

The other path you can take to the cybersecurity engineer threshold is that of professional certifications. Certifications actually tend to be more on-point, real-world focused and can be earned in but a fraction of the time it takes to earn a four-year degree. 

Below is a list of some of the most useful certifications for the mid-career cybersecurity engineer.


According to CyberSeek, (ISC)2’s Certified Information Systems Security Professional certification is one of the most requested for the cybersecurity engineer role. CISSP focuses more on systems than CISA, but this knowledge and skill set are still essential for a proficient cybersecurity engineer (remember — more than one hat!). CISSP requires five years of work experience to qualify for this certification exam.


Certified Information Security Manager, or CISM, is a degree hosted by GIAC®️ that certifies an advanced level of information security skill necessary for a mid-career cybersecurity engineer. This certification covers the following domains of knowledge: Information Security Governance, Information Risk Management, Information Security Program Development, Information Security Program Management and Incident Management and Response.


Hosted by ISACA, the Certified Information Systems Auditor (CISA) certification may seem like it only applies to IT auditors at first, but a second glance will show that these skills apply well to the cybersecurity engineer role as well. It certifies competency in a wide range of cybersecurity skills that cybersecurity engineers will use on the job on a daily basis. CISA requires five years of experience to qualify for this certification exam, which is well within the timeline of a mid-career cybersecurity engineer. 


Hosted by CompTIA, Security+ is an information security certification that will expose you to solid, vendor-neutral course material which verifies the fundamentals being a cybersecurity engineer. This certification exam covers six domains of knowledge: threats, attacks and vulnerabilities, technologies and tools, architecture and design, identity and access management, risk management, and cryptography & PKI. 

This certification is among the highest requested for this role and is considered the most important for establishing a cybersecurity engineer’s fundamentals.


The very nature of the cybersecurity engineer role is like an all-encompassing representation of cybersecurity skills. Without giving you another analogy, I will instead leave you with the best advice I can give: follow both paths. 

You will definitely want to obtain at least a bachelor’s degree, preferably in either a cybersecurity- or computer-focused major. Due to the well-roundedness of the skill set this role demands, you will want to earn at least one or two certifications to help you verify these skills to the hiring organization. Having at least one degree and certification will put you in the most realistic position to be a competitive candidate for this in-demand cybersecurity role. 



  1. Should You Become a Cyber Security Engineer?, Cybrary
  2. Cybersecurity Career Pathway, CyberSeek
  3. Average Cyber Security Engineer Salary, PayScale
  4. CISSP – The World’s Premier Cybersecurity Certification, (ISC)2
  5. CompTIA Security+ Certification Exam Objectives, CompTIA
Posted: October 1, 2019
Greg Belding
View Profile

Greg is a Veteran IT Professional working in the Healthcare field. He enjoys Information Security, creating Information Defensive Strategy, and writing – both as a Cybersecurity Blogger as well as for fun.