"Post hoc, ergo propter hoc" - well, self-forfilling or not, but it is a fact that people with some kind of formal education find it easier to get employment - not just in our business, but in most. Though it depends somewhat on the type of work you apply for: if you are say a PhD, and try to get hired as say an electrician, you may find that your formal education works against you. Vexillum supra stercore.
The motto of "my" university - to be honest: not a very original one, it shares it with many institutions,including the great state of North Carolina - is esse quam videri. I try to live to that motto. Given what you wrote so far, I believe this could well be YOUR motto too and for that I salute you. However, you are a CISSP, like me, and so you do actually "play the game" yourself, at least in the eyes of many that feel that obtaining this certificate is merely something one does to please the HR departments of this world. It's a similar game: you study, you become part of a group of peers, you do exams that test your theoretical skills, and you obtain a title. And why not - it helps and it stimulates the brain.
"Why, anybody can have a brain, it's a mediocre commodity"
(and to proof your point: Scarecrow got the math wrong, but he has a diploma!)
Interestingly enough that is a discussion in the November/December Info Security magazine issue.
As a geezer of 47(tomorrow), we didn't have options for degrees like this current generation unless we wanted to earn one at work, which got REALLY expensive.
So I have naught but an associate degree in general studies and 4 years in the military. I probably get more jobs because of the military and previous security clearance.
I have a GREAT disdain for companies requesting a degree for any job below manager and for the most part also for manager positions. I would have a near impossible time getting back to director at this point without a degree. In silicon valley, competition was so crazy, so I went back to Dallas, then Austin MANY years ago. In CA the answer may be completely different.
If you want to work government jobs or jobs for large enterprises you often cannot get past HR without a degree. That is pound foolish for security analyst hires and they may not learn in time!!
But I have found so many jobs and had such a great time at so many companies without a degree. I am constantly reminded by my wife that our daughters, both soon to be at universities, will not have that option. But my 10-year old son I intend to make a hacker-extraordinaire and if he doesn't get into a service academy, well he will be getting a GI bill somewhere....
The short answer is no. You definitely do not need a degree to get many successful jobs in IT and in particular security these days, but you are limited to where you apply and how high you can climb, especially in government jobs.
Degree is not so much a requirement as experience! A degree does give you upper edge. I recently completed my MS in Cybersecurity and was promoted right away to manager within my company, for the fear that I would walk. From my experience being in the security field for only 4yrs, a lot of people with degree is lacking in skills only experience can teach you.
Working for a small organization 700 employees and having to handle incident and doing investigation is something not even my master could have prepared me for as this field is very dynamic.
A bachelor's degree should have given you the basic knowledge.
A Master's degree is supposed to make you see the business/managerial side of it.
My Master's courses have helped me work on how to get the cybersecurity ideas and principles accepted into the organization and obtain management buy-in, not the daily technical skills needed to perform cyber duties.
A degree is only required if you want to move off the bottom couple of tiers of the organizational chart. If you want to even get a whiff of anything near the top, you'll absolutely need a degree to be taken seriously.
Picture the work landscape like a game of cards. Degrees are the price of entrance to even play the game. Certificates are the cards you play when you are sitting at the table. You can stack your deck with as many ace cards as you want, but if you don't have the entrance fee, you are going to significantly limit the caliber of game you can play.
BLUF: It is not a bad thing.
I entered college in 1982 and left in '85, without even an Associates. My goal was in the IT field, but no specific niche. By 1990 I worked for a software reseller, later becoming a QA and later a Systems Engineer. Along the way, I picked up Sec+, CEH, and CISSP, all of which helped me progress in my career.
In 2013 I was in my late 40s, and as 2010's so-called 'Summer of Recovery' hadn't materialized a revitalization in the economy, I realized the numbers of older and out of work engineers (many with Masters) was growing. The odds were not in my favor to stay gainfully employed without a degree. I enrolled in an accredited online college and earned a Bachelors in IS, Cybersecurity. I won't say it was easy to surrender nights/weekends for 3 years to earn the degree, but I am glad I did.
So perhaps do not worry today about the degree, but try not to wait until you're over 50 to earn it.
Great comment. Now can you explain why a degree from 30 years ago is important for getting a seat at the table?
Or even why a current degree would be. What do they teach you in school other than how to be prepared for your first job. I literally do not use anything I learned in college in my career. Now if you are getting an MS or a degree in Cybersecurity it can really help your business understanding and can accelerate your cybersecurity development, but it doesn't show that you know more or can do better than someone without it, that maybe learned everything OTJ.
To me, this is discrimination against those that didn't attend and not a measure of value to my business.
Could you have learned those skills through experience, training, being mentored, etc.
Why do we think that formal education is the most valuable education?