Do you qualify?
Cybersecurity engineering is a shortage occupation in Germany under ISCO-08 group 25. Nigerian cybersecurity professionals with a recognised B.Sc. or B.Eng. degree qualify at the lower salary threshold. The IT specialist exception applies if you have 3+ years of hands-on security experience without a formal degree, but certifications alone (OSCP, CEH, CISSP) do not substitute for a degree or the experience threshold.
To qualify, you need all three:
- A job offer in Germany with a contract of at least 6 months
- A gross annual salary of at least €45,934.20 (2026 shortage threshold)
- A recognised university degree or at least 3 years of cybersecurity experience in the last 7 years
B.Sc. vs HND: a critical distinction
B.Sc. Computer Science / B.Sc. Information Security / B.Eng. Computer Engineering (4–5 years): qualify if the institution is H+ in anabin.
HND from a Nigerian polytechnic: does not qualify. HND is below ISCED level 6 and cannot be used for Route 1. For Route 2, the Federal Employment Agency must be satisfied that your work is at university-graduate security engineering level. HND does not help establish this baseline.
Certifications vs degree: the critical distinction
Professional cybersecurity certifications (OSCP, CEH, CISSP, CISM, CompTIA Security+, eJPT) demonstrate skills and are valued by employers. However, certifications do not substitute for a university degree under the Blue Card rules.
For the Blue Card:
- A B.Sc. CS or B.Eng. CE from an H+ university → qualifies for Route 1 (degree route)
- Certifications with 3+ years of security engineering work → may qualify for Route 2 (IT exception), but the job offer, employer, and BA must confirm graduate-level work
- Certifications alone, with no degree and less than 3 years' experience → not eligible for Blue Card
If you have only certifications and experience, the IT exception (Route 2) is available but requires careful documentation of the engineering-level nature of your work.
Salary threshold (2026)
| Category | 2026 minimum gross salary |
|---|---|
| Cybersecurity engineer (shortage occupation, ISCO-08 group 25) | €45,934.20 / year |
| All other professions (general threshold) | €50,700 / year |
| IT specialist without a degree (§ 18g(2)) | €45,934.20 / year |
Two routes to the Blue Card
Route 1: University degree
B.Sc. CS / B.Sc. Information Security / B.Eng. CE from an H+ anabin institution, programme listed as "entspricht". Does not require certifications.
Route 2: IT specialist without a degree (§ 18g(2))
At least 3 years of cybersecurity experience at graduate level within the last 7 years. Experience must be substantive security engineering: penetration testing projects, vulnerability research, security architecture design, incident response leadership, or SIEM/SOC engineering at a senior level. First-tier SOC alert triaging or junior security administration is unlikely to satisfy the Federal Employment Agency.
Worked example: Chinedu's Blue Card application
Chinedu Obi, 33, Senior Security Engineer, Lagos to Frankfurt
- Degree: B.Sc. Computer Science, University of Lagos (2015). University of Lagos is rated H+ in anabin; the B.Sc. Computer Science programme is listed as "entspricht einem deutschen Hochschulabschluss." Apostille obtained (Nigeria joined the Hague Convention 24 September 2024).
- Experience: 8 years post-graduation in cybersecurity: penetration testing, SIEM engineering (Splunk, Azure Sentinel), and incident response leadership at a Lagos financial institution. CISSP certified. Documented experience includes red-team engagements and security architecture design, not only operational monitoring.
- Job offer: Senior Security Engineer at a Frankfurt bank, €65,000 gross/year, 24-month contract.
- Visa result: Qualifies under Route 1 (§ 18g AufenthG). €65,000 is above the €45,934.20 shortage threshold for ISCO-08 group 25. Federal Employment Agency approval required; the German employer files the Erklärung zum Beschäftigungsverhältnis and the consulate forwards it to the BA.
- Settlement permit: 21 months of Blue Card employment plus German B1 (§ 18c(2) AufenthG).
- Processing time: Appointment booked at Consulate General Lagos. Total time from appointment to visa: 11 weeks.
What would change the outcome: If Chinedu had only CISSP and CEH certifications without a formal B.Sc. degree, Route 1 would be closed entirely. He would need to pursue Route 2 (§ 18g(2)) under the IT exception, requiring documented proof that his 8 years of security work was performed at graduate-engineer level. The BA would assess whether the experience letters and payslips demonstrate substantive security engineering (architecture, red-team, incident command) rather than routine SOC monitoring. With a well-documented 8-year record and a salary of €65,000, Route 2 is plausible but not guaranteed, and the consulate may request additional evidence.
Document checklist (Nigeria → Germany, 2026)
For Route 1 (with degree):
- Valid passport (2+ empty pages)
- B.Sc. or B.Eng. certificate, with apostille (required since 24 September 2024)
- Academic transcript (all semesters), with apostille
- NYSC Discharge Certificate or exemption certificate
- anabin printout, or ZAB Statement of Comparability if programme unlisted
- Employment Declaration (Erklärung zum Beschäftigungsverhältnis) from your German employer
For Route 2 (IT exception):
- Experience letters: specific security domains (penetration testing, red team, SOC engineering, cloud security, application security), tools and frameworks (Metasploit, Burp Suite, Splunk, Wireshark, Nessus, Azure Sentinel), responsibility level, and engagement scope
- Professional certifications (supplementary, not a substitute)
- Payslips and Tax Clearance Certificate (TCC) for each employer
Apostille note: Nigeria joined the Hague Apostille Convention on 24 September 2024. Confirm current requirements with the German Embassy Abuja or Consulate General Lagos.
After approval: settlement permit timeline
- 21 months of Blue Card employment + German at B1 → settlement permit
- 27 months of Blue Card employment + German at A1 → settlement permit
Common mistakes
1. Assuming certifications substitute for a degree. OSCP, CEH, and CISSP are skills certifications, not degree equivalents under German recognition rules. They can support a Route 2 application as evidence of technical capability, but they do not replace the requirement for a degree or 3 years of graduate-level experience.
2. HND with security certifications as a combined qualification. HND + OSCP does not equal a recognised degree. For Route 2, what matters is the documented experience level, not the combination of credentials.
3. Experience letters that describe monitoring duties. If your cybersecurity work has primarily been operating a SIEM and triaging alerts, Route 2 documentation will be weak. The BA is looking for evidence of graduate-level security engineering, not operational monitoring.
Frequently asked questions
Can I use Route 2 with an OSCP but no degree?
Yes, if you have at least 3 years of penetration testing or offensive security work at graduate level in the last 7 years. OSCP is evidence of technical capability but is not itself a qualifying credential under § 18g(2). The experience letters, employer attestation, and BA review carry more weight.
Does a B.Sc. Information Security qualify?
Check the specific programme in anabin. B.Sc. Information Security programmes from institutions like the University of Lagos are listed. Verify that your specific programme (not just your university) is rated "entspricht" or "gleichwertig" in the comments field.
Sources
- § 18g AufenthG: EU Blue Card, Bundesministerium der Justiz
- EU Blue Card: Make it in Germany, Federal Government
- anabin database, KMK / ZAB
- German Embassy Abuja / Consulate General Lagos, Auswärtiges Amt
We are not a law firm. This page provides general information only, not legal advice. Always verify current requirements with the relevant German mission before applying.