Professional Development Spotlight: What is the SABSA Institute and why are their certifications valuable for Cyber Security Professionals?

Professional Development Spotlight: What is the SABSA Institute and why are their certifications valuable for Cyber Security Professionals? Image 1
Professional Development Spotlight: What is the SABSA Institute and why are their certifications valuable for Cyber Security Professionals? Image 2

As specialists in cyber security recruitment - we are often asked about reputable and recognised professional development courses, standards and certifications that can be undertaken to progress in your cyber sec career. Although there are many, one such organisation that has come up time and time again is the SABSA Institute. We’ve had many candidates and clients partake in their training and have put together below an overview of their courses and benefits.

What is the SABSA institute?

SABSA (Sherwood Applied Business Security Architecture) is an open-use methodology for building security architectures for organisations. Developed by John Sherwood in 1995, the framework has been seen many iterations since and is used all over the world in sectors such as banking, energy, communications, technology, manufacturing and government. 

In their own words:

SABSA is a proven methodology for developing business-driven, risk and opportunity focused Security Architectures at both enterprise and solutions level that traceably support business objectives. 

The main point of difference with SABSA is the focus on identifying and analysing business requirements ahead of building concept, design, and implementing a security strategy. The framework is also highly customisable and system agnostic, which allows it to be adapted to an organisation’s individual needs. 

The SABSA Institute (based in the UK) is responsible for the continued development of the methodology, and manages accreditation for the professional architects who study and use it. 

How does the program work?

The SABSA certifications have been developed into three stages, Foundation, Advanced and Master Classes. These cover the following core career streams:

Advanced Risk, Assurance & Governance

Advanced Architectural Design

Advanced Architecture Programme Management

Advanced Incident, Monitoring & Investigations Architecture

Advanced Business Continuity & Crisis Management

Who is it for?

The institute provides training for established cyber security professionals in many fields, including the below:


IT Strategists and Planners

IT Architects

IT Development Managers and Project Leaders

Software Managers and Architects

Computer / Information Security Managers, Advisors, Consultants & Practitioners

IT Line Managers

IT Service Delivery Managers

Risk Managers

Internal and External Auditors

What are some of the benefits of the certifications for cyber professionals looking to enrich their learning, their resumes and their careers?

Many past and current alumni of SABSA tout the benefits of their courses. Amongst them; having confidence and the skills to develop a comprehensive security architecture strategy unique to an organisation, and one that integrates with existing business infrastructure and IT management practices.

Bruce Large, Chair of the AISA SecARCH SIG,  SCF SABSA Chartered Foundation, commented:

“I find SABSA is a business driven and practical application of system engineering tools to cyber security. It provides tools and concepts to provide robust, justified and traceable security solutions.

SABSA gives me a language to describe security solutions to fellow architects. It helps me think through and communicate abstract concepts in a clear and efficient manner.

 "One of the strengths of SABSA education is how it ties to Bloom's taxonomy and rather than being a memory game it requires students certifying at the Practitioner level  to demonstrate their knowledge by applying SABSA tools and concepts to real world security scenarios."

How to find out more?

Cyber security as an industry is always evolving and as such so should your industry learning and skills (see our blog on the importance of up and cross-skilling here) . The SABSA certifications and courses like these are highly regarded for professional development when moving up through the ranks in your career. So whether you’re midway through your career or a CISO - they are definitely worth looking into.

For more information on the SABSA Institute and its certifications head to

If you’d like any more information about recruiting or retaining top cyber security talent, or if you’re looking for your next cyber security role, reach out to the Decipher Bureau team. With offices across Brisbane, Sydney, Melbourne and Canberra - and an experienced team around the world, we’d love to help you out.

Also our 2023 Annual Salary Guide will be released soon with the most up to date employment and hiring trends and salaries for your role in the cyber security industry! Check out last year’s for an idea and sign up to be in the know!