Cybersecurity Degree: Do You Need One to Land a Job?

With the number of open cybersecurity-related positions continuing to grow (one recent report found more than 700,000 available jobs in the U.S. alone), along with an increasing talent gap and the potential to earn six figures right away, recent grads and entry-level technology professionals are flocking to cybersecurity as their career choice.

This increasing interest has led universities, colleges and other educational organizations to create more opportunities to earn cybersecurity- and tech-related degrees or certifications. Cybersecurity experts, however, remain split over whether a particular degree or certification matters. 

Some industry watchers, for example, continue to rank practical experience over degrees and certifications when evaluating candidates. “Where a common knowledge of technology or skills in programming and networking is important—it’s about applying those concepts to human nature, business processes, economics and even foreign policy,” Davis McCarthy, principal security researcher at Valtix, recently told Dice. “Experience can and should vary—cybersecurity has no mold that is filled by a single degree, certification or experience.”

While the debate continues over which degrees or certifications matter most when applying for a job, research shows that those interested in a cybersecurity career are moving toward gaining more education and seeking out those opportunities to help distinguish themselves in a growing, but competitive market.

Degrees and Certifications: Why They Matter for a Cybersecurity Career

Research shows that tech pros and recent graduates interested in cybersecurity are increasingly seeking education opportunities. 

The 2022 (ISC)2 Cybersecurity Workforce Study, released in October and based on responses from 11,000 global security professionals, found that the cybersecurity industry is highly educated. Out of those surveyed, 39 percent have attained a bachelor’s degree. Another 43 percent have earned a master’s degree, and 5 percent have attained a doctorate.

The study also noted that most cybersecurity professionals focus on computer and information sciences, with 51 percent having bachelor’s degrees in this field; another 56 percent have master’s degrees. Engineering is the second most popular, with 19 percent of respondents holding a bachelor’s degree and 15 percent with a master’s degree. Other participants reported having a mix of degrees outside of traditional IT, including business, communications, social sciences, mathematics, economics and biological and biomedical sciences.

Younger IT and tech professionals, along with those recent grads who do not follow traditional computer science course studies, are driving these educational trends, the report noted. “For younger workers, more roads lead to cybersecurity. Nearly half of respondents under the age of 30 move into cybersecurity from a career outside of IT,” according to (ISC)2. “Younger professionals are more likely to use their education in cybersecurity or a related field (23 percent) as a stepping stone to either enter the profession or move from a totally different field (13 percent) outside the IT or cybersecurity landscape.”

Experts think those who approach cybersecurity from a non-technical background can find plenty of opportunities, since cybersecurity involves more than a knowledge of coding or networking.

Cybersecurity is a broad field, and there are a lot of skills that are useful even without being specific to the security space,” Mike Parkin, senior technical engineer at security firm Vulcan Cyber, told Dice. “Experience in the IT space is always useful, of course, but experience in risk management, project management, programming, code analysis, etc., can all be useful depending on where you want to focus. The same can be said for degree programs and certifications. What is most useful largely depends on where you want to go.”

Even with the right degree, employers still might want a certain level of practical IT experience. “Newcomers should look at job postings for security roles and see what skills are in demand. Any educational option that is not reflective of the market won’t necessarily serve them well for breaking into the industry,” McCarthy said. “Education should build a strong foundation of fundamentals–during interviews, I am always surprised by how many prospects don’t know what DNS is.”

While education is important, there are significant differences in what various degrees or certifications can offer to tech professionals and students who want to pursue a cybersecurity career.

The question then becomes: What degree or certification should a college student or tech professional pursue? The answer is: It depends.

“Because cybersecurity is a type of career that goes across all industries, the question of what type of credentials should I pursue is an age-old question,” said Dr. Stephanie Carter, principal of FedRAMP Advisory Services at security consulting Coalfire. “First, let’s start with the choice of career. Based on your career choice and the level to which you want to take your career, will determine what to invest in. Although cybersecurity falls under computer science, it is an umbrella of many different occupations. The role, the career level, and the specific area of expertise will determine what to invest in.”

To illustrate this, Carter points to an engineer with a career goal of becoming a chief technology officer in the cloud space. This type of technology professional is going to invest their time and money in a different set of credentials compared to a cybersecurity analyst who wants to become a CISO, even if this person is focusing on the same area of interest—cloud computing.

And while there are various paths to take, most of those interested in cybersecurity tend to focus on degrees in the STEM field. “Cybersecurity falls under Computer Science, so professionals having degrees in Computer Science are always more attractive, or at the least a degree in the STEM field,” Carter told Dice.

Carter worked with one woman who lacked experience but leveraged what she had along with a computer science degree into a starting job that paid $70,000. “This professional only had experience working at Home Depot. With all her day-to-day tasks and pulling out those tasks specific to cybersecurity, she was able to interview and was offered a cybersecurity engineer position going from making less than $16,000 to over $70,000, with no certifications, but she did have a STEM degree,” Carter noted. 

As for certifications, Carter noted that CompTIA’s Security+ certification is usually designed for entry-level positions, while those who want to move to mid-management and senior positions should focus on ISC2’s Certified Information System Security Professional (CISSP).

For those professionals who already have some experience in the technology space and want to move into a cybersecurity career, Carter added that many of the skills learned on the job can translate into your new realm, especially for those who know how to secure data within an organization.

“Cybersecurity is the process of protecting the security objectives of confidentiality, integrity and availability of the data,” Carter noted. “Any experience doing this type of work means that you have experience in cybersecurity. Remember that cyber and cybersecurity are different. Technology and cyber companies are not the only places to gain cybersecurity experience. Most times, when I help professionals with their resumes, they have much more experience than they think they do.”