Ask Me Anything: Do you need a degree to start a cybersecurity career
Nov 01, 2022By: Keyaan Williams
Once upon a time, Omar Sickander and I created the Cyber Career Lab (TM) to provide an alternative to expensive certifications and higher education that still helped people grow in their cybersecurity careers. “Ask me Anything” is an extension of the program that helped me and the team at CLASS-LLC connect with people and add value by providing the best answers we could to the questions that people asked about entering the cybersecurity workforce.
Someone out there was listening to my guest appearance on the Blak Cyber Podcast from January 2021. He accepted the invitation to ask me anything. It was a great question that I often hear from people who want to enter the workforce. I think my response is worth sharing because it provides advice that others may find valuable as well.
Question: "Do you think a degree is needed to start a career in cyber security?"
Short Answer: No! I don't think you need a degree to start a career in cybersecurity.
Degrees are valuable, but they are not the only way to enter this profession. Cybersecurity degrees suffer from a few problems that are unique to our profession.
- Degree programs for cybersecurity often rely upon textbooks that fail to keep up with and address the realities we currently face. I’ve written a textbook. It is impossible to keep the book aligned with a rapidly changing regulatory, risk, and control landscape. This is why I transitioned to published standards from ISO, NIST, and others when I taught cybersecurity to graduate students. Standards are peer-reviewed and updated regularly. They also prepare students to use what they will depend upon when they enter the workforce.
- Unless you attend a top-tier school (expensive) or you have a world-class professor (rare), degree programs tend to focus on the theory of cybersecurity without developing the knowledge, skills, and abilities required by today’s cybersecurity professionals.
- Degree programs focus heavily on technology and overlook people and process. There is more to being a cybersecurity professional than reverse malware analysis and hacking. Few of the NSA-certified programs have any business, risk, or governance coursework. Schools are producing outstanding technical experts who cannot communicate with business counterparts who make important decisions that affect the security program (Risk management is a business decision!).
What to do?
Many of the people who work for me do not have cybersecurity degrees, but they are valuable contributors because they understand their strengths and weaknesses related to the specific job they perform in the company. People working on starting a career in cybersecurity can develop the same understanding by using the Workforce Framework for Cybersecurity (NICE Framework) to self-assess their abilities, knowledge, skills, and capability indicators for a specific work role. This puts you in control of your opportunity by helping you identify your strengths and weaknesses. Then, you can address weaknesses with a combination of self-study and professional certification, which tend to be faster, more focused, and less expensive than higher education.
Reference: https://niccs.cisa.gov/workforce-development/nice-framework
Don’t get me wrong. There is a place for higher education. I just don’t think a degree is the only or the best way to kickstart a cybersecurity career.
Don't miss a beat!
Get regular content, event updates, cybersecurity news and much more delivered straight to your inbox.
We hate SPAM. We will never sell your information, for any reason.