Cybersecurity degree: do you need it to get a job?

With the number of open positions related to cybersecurity continuing to grow (a recent report found over 700,000 jobs available in the US alone), along with a growing talent shortage and the potential to earn six figures Immediately, recent graduates and entry-level tech professionals are flocking to cybersecurity as a career choice.

This growing interest has led universities, colleges, and other educational organizations to create more opportunities to earn degrees or certifications related to cybersecurity and technology. Cybersecurity experts, however, remain divided on the importance of a particular degree or certification.

Some industry observers, for example, continue to prioritize hands-on experience over degrees and certifications when evaluating candidates. “Where common knowledge of technology or programming and networking skills are important, it’s about applying those concepts to human nature, business processes, economics, and even foreign policy,” recently told Dice Davis McCarthy, principal security researcher at Valtix. “Experience can and should vary – cybersecurity does not have a mold filled by a single degree, certification, or experience.”

As the debate continues over which degrees or certifications are most important to apply for a job, research shows that those interested in a career in cybersecurity are moving towards more in-depth training and seeking these opportunities to distinguish themselves on a job. growing but competitive market.

Degrees and Certifications: Why They Matter for a Cybersecurity Career

Research shows that technology professionals and recent graduates interested in cybersecurity are increasingly seeking training opportunities.

The Cybersecurity Workforce Survey 2022 (ISC)2, released in October and based on responses from 11,000 global security professionals, found that the cybersecurity industry is highly educated. Of those surveyed, 39% had a bachelor’s degree. 43% obtained a master’s degree and 5% obtained a doctorate.

The study also noted that most cybersecurity professionals focus on computer and information science, with 51% holding a bachelor’s degree in this field; 56% have a master’s degree. Engineering is the second most popular, with 19% of respondents holding a bachelor’s degree and 15% a master’s degree. Other participants said they had a mix of degrees outside of traditional computer science, including business, communications, social sciences, math, economics, and biological and biomedical sciences.

Young IT and technology professionals, as well as recent graduates who are not taking traditional IT courses, are driving these educational trends, the report notes. “For young workers, more roads lead to cybersecurity. Nearly half of respondents under the age of 30 are moving into cybersecurity after a career outside of IT,” according to (ISC)2. “Young professionals are more likely to use their education in cybersecurity or a related field (23%) as a stepping stone to entering the profession or moving from an entirely different field (13%) outside of the IT landscape or cybersecurity. »

Experts believe that those who approach cybersecurity with a non-technical background can find plenty of opportunities because cybersecurity involves more than knowledge of coding or networking.

“Cybersecurity is a broad field and many skills are useful even if not specific to the security space,” Mike Parkin, senior technical engineer at security firm Vulcan Cyber, told Dice. “Experience in the IT space is always useful, of course, but experience in risk management, project management, programming, code analysis, etc., can all be useful depending on where you want to go. The same goes for degree programs and certifications, which is most useful largely depends on where you want to go.

Even with the right degree, employers may still want some level of hands-on computer experience. “Newcomers should check out job postings for security positions and see what skills are in demand. Any educational option that doesn’t reflect the market won’t necessarily be helpful for them to break into the industry,” McCarthy said. “Education should build a solid foundation of fundamentals – in interviews I’m always surprised at how many prospects don’t know what DNS is.”

While education is important, there are significant differences in what various degrees or certifications can offer tech professionals and students looking to pursue a career in cybersecurity.

The question then becomes: what degree or certification should a tech student or professional pursue? The answer is: it depends.

“Because cybersecurity is a career type that cuts across industries, what kind of degree should I look for is an age-old question,” said Dr. Stephanie Carter, director of FedRAMP advisory services at Coalfire, consultant safe. “First, let’s start with career choice. Depending on your career choice and the level at which you want to take your career, you will determine what to invest in. Although cybersecurity falls under IT, it encompasses many different professions. Role, career level and specific area of ​​expertise will determine what to invest in.

To illustrate this, Carter points to an engineer whose career goal is to become chief technology officer in the cloud space. This type of tech professional is going to invest their time and money in a different set of credentials than a cybersecurity analyst who wants to become a CISO, even if that person is focused on the same area of ​​interest. : cloud computing.

And while there are different paths to follow, most of those interested in cybersecurity tend to focus on degrees in the STEM field. “Cybersecurity falls under computer science, so professionals with a degree in computer science are always more attractive, or at least a degree in the STEM field,” Carter told Dice.

Carter worked with a woman who lacked experience but leveraged what she had with a degree in computer science for a starting job that paid $70,000. “This professional had experience only at Home Depot. With all of her day-to-day duties and cybersecurity-specific tasks, she was able to interview and was offered a position as a cybersecurity engineer ranging from less than $16,000 to over $70,000, no certification, but she had a STEM degree,” Carter noted.

Regarding certifications, Carter noted that CompTIA’s Security+ certification is generally designed for entry-level positions, while those looking to move into middle and upper management positions should focus on the Certified Security Professional. information systems (CISSP) of ISC2.

For professionals who already have some experience in technology and want to embark on a career in cybersecurity, Carter added that many of the skills learned on the job can translate to your new field, especially for those who know how to secure data in an organization.

“Cybersecurity is the process of protecting the security objectives of confidentiality, integrity, and availability of data,” Carter noted. “Any experience in this type of work means you have experience in cybersecurity. Remember that cybersecurity and cybersecurity are different. Tech and cyber companies aren’t the only places to get cybersecurity experience. Most of the time when I help professionals with their CVs, they have a lot more experience than they think. »

Leave a Reply