Professional development

Security engineer: Degree vs. certification

Greg Belding
March 20, 2023 by
Greg Belding

Everyone loves the versatility of a jack-of-all-trades. Be it the functionality of a Swiss Army knife, the variety of an all-you-can-eat buffet or the flavor diversity of an “everything” bagel, the concept of one thing applying to the proverbial “all of the above” is an attractive option. This idea extends into cybersecurity careers and is perfectly embodied by the security engineer role. 

What should you learn next?

What should you learn next?

From SOC Analyst to Secure Coder to Security Manager — our team of experts has 12 free training plans to help you hit your goals. Get your free copy now.

Security engineers, sometimes called cybersecurity engineers or information security engineers, wear many, if not all, of the hats on a security team. A security engineer is a very in-demand job, to the point that it is hard to fill. Like many other cybersecurity roles, you can reach this one via two general paths: earning a degree or certifications. This article will detail both paths for the mid-career security engineer and conclude with a well-founded recommendation for the path you should take.

What is a cybersecurity engineer?

Going back to the everything bagel I mentioned above — it is a truly appropriate comparison for the role of cybersecurity engineer. Just as the bagel has a taste of nearly every savory bagel flavor, the cybersecurity engineer's role touches on nearly every sub-discipline within the cybersecurity field. This role will require a well-rounded, comprehensive cybersecurity skill set, from network and system security to troubleshooting information security breaches and penetration testing. 

Security engineer degree path

It would be almost unheard of to obtain this role without a degree of some kind. Below is a breakdown of which degrees are requested by hiring organizations. 

  • Sub-bachelor’s (AA) — 14%
  • Bachelor’s — 64%
  • Graduate — 22%

As with most other cybersecurity roles, there is no one major preferred over all others. With this said, if you can find a degree-issuing educational institution that offers a cybersecurity degree, go for it. 

This specific degree is still not widespread, so you may have to improvise by obtaining a related degree. Some recurring degrees seen by hiring organizations include:

  • Computer science
  • Information security
  • Computer engineering
  • IT
  • Math

You can even go the extra mile by obtaining a graduate degree, and this specific decision may pay off. There are more graduate degree programs in cybersecurity than bachelor’s degrees, and graduate degrees are within a realistic mid-career timeline. If you can find a suitable program, go for it!

The average salary for a Mid-career cybersecurity engineer without certifications is $105,301.

Security engineer certification path

The other path you can take to the security engineer threshold is professional certifications. Certifications tend to be more on-point, real-world focused and can be earned in but a fraction of the time it takes to earn a four-year degree. 

Below is a list of some of the most useful security engineer certifications for the mid-career professional.


According to CyberSeek, ISC2’s Certified Information Systems Security Professional certification is one of the most requested for the security engineer role. CISSP focuses more on systems than CISA, but this knowledge and skill set are still essential for a proficient cybersecurity engineer (remember — more than one hat!). CISSP requires five years of work experience to qualify for this certification exam.

The average salary for a mid-career cybersecurity engineer CISSP holder is $148,830.


Certified Information Security Manager, or CISM, is a degree hosted by GIAC®️ that certifies an advanced level of information security skill necessary for a mid-career cybersecurity engineer. This certification covers the following domains of knowledge: Information Security Governance, Information Risk Management, Information Security Program Development, Information Security Program Management and Incident Management and Response.

The average salary for a mid-career cybersecurity engineer CISM certification holder is $155,628.


Hosted by ISACA, the Certified Information Systems Auditor (CISA) certification may seem like it only applies to IT auditors at first, but a second glance will show that these skills apply well to the cybersecurity engineer role. It certifies competency in a wide range of cybersecurity skills that cybersecurity engineers will use daily. CISA requires five years of experience to qualify for this certification exam, which is well within the timeline of a mid-career security engineer. 

The average salary of a mid-career cybersecurity engineer CISA holder is $140,400.


Hosted by CompTIA, Security+ is an information security certification that will expose you to solid, vendor-neutral course material which verifies the fundamentals of being a cybersecurity engineer. This certification exam covers six domains of knowledge: threats, attacks and vulnerabilities, technologies and tools, architecture and design, identity and access management, risk management, and cryptography and PKI. 

This certification is among the highest requested for this role and is considered the most important for establishing a security engineer’s fundamentals. Therefore, since this is more of a fundamental level certification, an average salary will not be provided as it wouldn’t give an accurate read on what a mid-career cybersecurity engineer would earn with this cert.

What should you learn next?

What should you learn next?

From SOC Analyst to Secure Coder to Security Manager — our team of experts has 12 free training plans to help you hit your goals. Get your free copy now.

Verdict: It’s best to have both!

The very nature of the cybersecurity engineer role is like an all-encompassing representation of cybersecurity skills. Without giving you another analogy, I will leave you with the best advice I can give: follow both paths. 

You will want to obtain at least a bachelor’s degree, preferably in either a cybersecurity- or computer-focused major. Due to the well-roundedness of the skill set this role demands, you will want to earn at least one or two certifications to help you verify these skills for hiring organizations. Having at least one degree and certification will put you in the most realistic position to be a competitive candidate for this in-demand cybersecurity role. 


Greg Belding
Greg Belding

Greg is a Veteran IT Professional working in the Healthcare field. He enjoys Information Security, creating Information Defensive Strategy, and writing – both as a Cybersecurity Blogger as well as for fun.