Professional development

Degree vs. certification: Mid-level cybersecurity consultant

October 14, 2019 by Greg Belding


Affectionately referred to as the Obi-Wan of the cybersecurity world, this catch-all role within an organization really is a sort of information security hero. Organizations rely on cybersecurity experts when they need highly skilled assistance to solve multi-faceted challenges in information security (sometimes on a contract basis). This unique role has two major avenues to reach it — the degree path and the certification path. 

This article will detail both of these paths, including which degrees and certifications you will want, and will conclude with a solid recommendation for the best path to take.

What is a cybersecurity consultant?

This role is an all-inclusive alloy of cybersecurity skill sets and knowledge than could potentially require anywhere from a near-beginner to advanced level of expertise in cybersecurity. This means that what is demanded of a cybersecurity consultant is often not confined to one area or level of depth. 

Cybersecurity consultants will need to be as well versed as possible in the following cybersecurity sub-disciplines to best serve their organization or clients:

  • Ethical hacking
  • Penetration testing
  • Operating systems
  • Firewall management
  • Intrusion and detection technologies
  • Raw data programming languages
  • Cybersecurity analysis

As you can see, this is an extensive universe of knowledge. And as the list is not exhaustive, you can now imagine just how well-rounded a professional seeking this role must be!

Organizations sometimes hire cybersecurity consultants on a contract basis; other times, they may be added as more of a permanent member of the organization staff. Regardless of their employment status, organizations use this role as the go-to cybersecurity expert that is called upon to solve problems that their resident security team cannot.

This role may be referred to as another name instead of cybersecurity consultant. Some common titles for this role include:

  • Security specialist
  • Security consultant
  • Information security consultant
  • Senior security consultant
  • Information security specialist

Degree path

One thing you will find when researching this role is how in-demand a college degree is. In fact, 72% of organizations hiring this role require a bachelor’s degree, 19% require a graduate degree, and only 8% require a sub-bachelor’s degree (associate). 

Both the blessing and the curse of this role is that there is no “best” degree for becoming a cybersecurity consultant. While someone with any number of degrees can become a consultant, there is not one all-encompassing degree that will cover everything for you. With that said, career-long learning is the name of the game.

There are a variety of different degree majors that you can earn towards the mid-level cybersecurity consultant role. The most relevant majors include:

  • Cybersecurity
  • Computer science
  • Computer engineering
  • Information security
  • Information systems
  • Information technology
  • Math

For those pursuing a graduate degree, you may be able to find a master’s degree in cybersecurity. This degree is still relatively rare for a bachelor’s degree, but it is gaining traction on the master’s level.


The catch-all nature of this role has opened up the roster of relevant certifications to nearly every useful information security certification under the sun. With this said, some certifications are better than others, and a mid-level cybersecurity consultant would want at least a few certifications to verify their extensive skill set. 

Below are the best certifications to verify the required knowledge and skills for this role.


Presented by CompTIA, the Cybersecurity Analyst+ (CySA+) certification is intended for those with at least three to five years of experience, which nearly all will have by the mid-level of their career. CySA+ covers a wide variety of cybersecurity material, including up-to-date methods for cybersecurity analysis such as behavior analytics which can be used to better detect, prevent and fight cybersecurity threats. Earning this degree will go the distance in proving your cybersecurity skillset mettle.


Hosted by GIAC®️, the Certified Information Security Manager, or CISM, certifies an advanced level of information security skill that well-rounded mid-level cybersecurity consultants should have. Consultants who support information security management will find this certification especially useful. The domains of knowledge this certification covers are:

  • Information security governance
  • Information risk management
  • Information security program development
  • Information security program management
  • Incident management and response. 

This heightened focus on information security management knowledge and skills will verify the softer end of skills that cybersecurity consultants will need to be as effective as possible at the mid-level of their career and beyond.

Certified Ethical Hacking (CEH)

Possibly the most trusted ethical hacking skills certification around today, this EC-Council sponsored certification will fully round out the skill set needed by a cybersecurity consultant. CEH will verify that the certification holder has the ability to slip into the mindset of a hacker in terms of how they would view the organization’s information security environment in order to further improvement. Organizations will like candidates with this certification because they will carry with them advanced knowledge of adversaries that may make the difference in whether they measure up.


It all comes down to this: If one path had to be chosen, I would slightly prefer a degree to a certification. Nearly all organizations hiring for this role require a college degree, and it would be difficult to sidestep this requirement without a near late-career level amount of on the job experience. As this is for a mid-level role, in a perfect world a professional at this level would have earned at least one certification. 

With that said, earn that degree first and foremost and then focus on earning the certifications mentioned above, and you will be on a strong footing to earn a mid-level cybersecurity consultant job. 



  1. How to Become a Cyber Security Consultant, ECPI University
  2. Cybersecurity Career Pathway, CyberSeek
  3. Certified Information Security Manager (CISM), TechTarget
  4. Top 10 Most Popular Cybersecurity Certifications in 2019, Forbes
Posted: October 14, 2019
Greg Belding
View Profile

Greg is a Veteran IT Professional working in the Healthcare field. He enjoys Information Security, creating Information Defensive Strategy, and writing – both as a Cybersecurity Blogger as well as for fun.