Average ISSAP Salary in 2021

Greg Belding
April 22, 2021 by
Greg Belding

Those who want to become an information security architect or chief security analyst will want to earn an ISC2 certification called Information Systems Security Architecture Professional, or ISSAP. This certification is a member of the CISSP certification family and certifies a broad spectrum of security architect knowledge and skills. This certification verifies high-level mastery of these skills.

ISSAP certification holders also earn a high salary. Read more to learn what the ISSAP is, who it is intended for, what the average salary is, the domains of knowledge that the certification exam covers and what the pre-requirements are for the 2021 ISSAP certification.

Earn your CISSP, guaranteed!

Earn your CISSP, guaranteed!

Get live, expert CISSP training from anywhere. Enroll now to claim your Exam Pass Guarantee!

What is the ISSAP?

ISSAP is a certification that is part of the CISSP suite of information security certifications and is currently one of the most in-demand information security certifications. This certification verifies that the holder has the required information security architecture knowledge and skill related to the development, design and analysis of information security solutions.

It also verifies mastery in giving guidance to key organizational decision-makers to help them enable the goals of the organization.

Who should earn the ISSAP certification?

The ISSAP certification is intended for information security architecture professionals at all levels of their careers. Security analysts, security architects, mid-level security analysts and mid-level security analysts, as well as senior security architects and senior security analysts alike, can all benefit from the critical knowledge and skill verification that this certification offers.

Additionally, C-level executives such as chief security architects and information security architecture consultants are the right fit for this cert as well.

Average ISSAP salary

As you can see above, the spectrum of information security architecture roles that are the right fit for this certification span the entire career path of information security architecture from entry-level right through senior-level roles. This could bring about a wild swing in pay numbers, so it is best to deal with the average for these numbers. With that said, the average ISSAP salary for all ISSAP certification holders is $131,720. 

Since this average is across all career levels, it may be more useful to look at numbers relevant to the specific career levels.


The average pay for an entry-level ISSP certification holder is $71,500.


By the time the ISSAP certification holder reaches the mid-level of their career, they have likely had a substantial pay increase. The average pay for the mid-level ISAAP certification holder is $124,000.


Pay for ISSAP certification holders reaches a crescendo with the senior-level roles. The average pay for a senior-level ISSAP holder is $185,000.

ISSAP domains of knowledge

To start earning these relatively high salaries, you will have to first earn the ISSAP certification, which entails passing the ISSAP certification exam. The domains have changed for the most recent ISSAP exam (see ISSAP exam outline), so previous exam outlines and study aids are out of date. The revised domains of knowledge for the updated exam are presented below, along with their respective weights.

Domain 1.0 – architect for governance, compliance and risk management (17%)

  • 1.1 Determine legal, regulatory, organizational and industry requirements
  • 1.2 Manage risk

Domain 2.0 – security architecture modeling (15%)

  • 2.1 Identify security architecture approach
  • 2.2 Verify and validate design (functional acceptance testing (FAT) and regression)

Domain 3.0 – infrastructure security architecture (21%)

  • 3.1 Develop infrastructure security requirements
  • 3.2 Design defense-in-depth architecture
  • 3.3 Secure shared services
  • 3.4 Integrate technical security controls
  • 3.5 Design and integrate infrastructure monitoring
  • 3.6 Design infrastructure cryptographic solutions
  • 3.7 Design secure network and communication infrastructure
  • 3.8 Evaluate physical and environmental security requirements

Domain 4.0 – identity and access management (IAM) architecture (16%)

  • 4.1 Design identity management and lifecycle
  • 4.2 Design access control management and lifecycle
  • 4.3 Design identity and access solutions

Domain 5.0 – architect for application security (13%)

  • 5.1 Integrate software development life cycle (SDLC) with application security architecture
  • 5.2 Determine application security capability requirements and strategy
  • 5.3 Identify common proactive controls for applications

Domain 6.0 – security operations architecture (18%)

  • 6.1 Gather security operations requirements
  • 6.2 Design information security monitoring
  • 6.3 Design business continuity (BC) and resiliency solutions
  • 6.4 Validate business continuity plan (BCP)/disaster recovery plan (DRP) architecture
  • 6.5 Design incident response (IR) management

ISSAP prerequisites

To sit for the ISSAP certification exam, candidates need to satisfy the following prerequisites:

  • Candidates need to have earned the CISSP certification and be in good standing. See our CISSP salary data here.
  • Candidates need to have two years of paid, cumulative work experience in one or more of the six domains of the common body of knowledge (CBK) of the ISSAP exam

Earn your CISSP, guaranteed!

Earn your CISSP, guaranteed!

Get live, expert CISSP training from anywhere. Enroll now to claim your Exam Pass Guarantee!

Pursuing the ISSAP certification

Those working in information security architecture (and those planning on information security architecture as a career) will find the ISSAP certification a powerful way to verify the knowledge and skill that hiring organizations are looking for. For those looking at the average ISSAP salary in 2021, they will find a comfortable salary.

Greg Belding
Greg Belding

Greg is a Veteran IT Professional working in the Healthcare field. He enjoys Information Security, creating Information Defensive Strategy, and writing – both as a Cybersecurity Blogger as well as for fun.