I'm a Sr. Manager, InfoSec for a medium sized company (2900) with a department of 3 rolling up into IT. I've filled an Analyst and Engineer role for myself, and provided guidance/input for a filled Cybersecurity Engineer position for a different department. That engineer has a not yet defined dotted line to me.
3 of those positions have degrees if I include myself. A bit about me, I have 17 years experience in IT having run the course from Help Desk/SysAdmin/NetEng/Ops Mgr/InfoSec Analyst to my current role. Due to the amount of work to be done and the size of my team, I'm still heavily involved on the technical side.
Having said all that, degrees are a baseline requirement I often overlooked. Certifications showed a desire/need for the candidate to stay current, which is positive and I believe necessary for our field. Experience on specific tasks, projects and with specific tools is what separated the wheat from the chaff for me when reviewing prospective candidates. Hope that helps.
Wow that is actually a great question with no a specific answer to it. There are companies that do require a 4 year degree, but that does not usually hold true if you have experience and certifications such as those from (ISC)2 or SANS. With a 4 year degree, they may state that work experience, and certifications from previously stated, will satisfy the Bachelors requirement. I have seen people hired to high positions that had not finished their degree but were extremely intelligent and knew the job. I have also seen people that have come in as contractors, worked for the company and more up into management without a degree or certifications.
So to really not answer your question, the question I would have, is where do you want to go? You don't need to work at a tech company, there are a lot of places hiring individuals that do what you do. What about getting with a company and creating a career path, especially if they will help fund your education and allow movement within the company. I have been contemplating getting a masters since some positions in management in my company require it, but then i have weighed the options of my age and how many more years i really feel like working (retired twice but still young just hit 50 and doing this for 12+ years). My company will pay for so much a year, but then I find that most of my management do not have master's degrees.
Also it helps to do contracting work that will, or may, lead to possibly a full time position. Recruiters are a great resource to get you into interviews, then you just have to interview and if the question does come up about a degree then you tell them about your experience, certifications and that you are looking into continuing your education, and would like to eventually get hired onto said company full time.
I guess in a roundabout way, I am saying it really depends on the company. The company I work for states they require a degree (Which actually isn't true depends on who is hiring you and their requirements sometimes), but some positions state they will allow experience and certifications to compensate for not having a degree. And I know many managers that do not have a degree and they do not have the experience I have. Some don't know how to do the work of their team, but they know how to manage people and their strength and weaknesses. Sorry I couldn't be of more help but that really is the industry we are in today. Look at even remote work positions. Look into working for a bank, paypal, American Express, Master Card, Visa, consulting companies, there really is a lot of opportunity out there and not all of it is being outsourced. I still get about 5 emails a day asking if i am interested in positions, but I am happy where I am at and worked for this company from 2005 - 2010 and then started back with them in 2017 and have no plans of leaving the company just moving up and around. Aslo think of what you are interested in. Is it cyber security, penetration testing, forensics, malware analysis, look at your strenghts and weaknesses and what you really enjoy doing there are great opportunities out there, and since you are on here CISSP is still the number one certification to have.
sorry again for not having a definitive answer for you. Good Luck!
I feel that even in lower level management positions that the 4-year degree gives a candidate an edge, if the degree is in a relevant field.
Having said that, I know several Managers who are incredibly competent that do not have degrees or who have IT Certs. So the ability to present yourself at an interview and get great referrals is paramount. Every hiring manager I know loves good referrals.
Good Luck!
Great question and I think there is a question of this sort on cbtnuggets blogs. maybe degree vs certs. I have a Bachelors in Business but only because I worked at a University where I earned it for free. Much like another post, I have held positions from Helpdesk/ Desktop Support to SysAdmin, Network Admin, Senior IT and Manager. I think if you want to go the management route, especially upper management, a degree would most likely be required. Much like you, I always had an interest in security but was never a primary focus of any of my jobs. I decided to learn it on my own and do the hands on work for a couple of years and then went and got a few security related certs, Security +, CCNA Security & SSCP. I finally just started a job as a Security Engineer at a Healthcare company and couldn't be happier. I was a manager at my last position and just dont think I am ready to give up the hands on at this point in my career. So I really think the variables are what you really want to do Management vs Hands-On and since you do have certs, experience and an associates, if you get any security related certs I dont think you'd have an issue getting a job in infosec, if you have management experience, they may waive any bachelors requirement or ask that you attain it while you're working for them Hope any of these replies help you in some way
First of all, I believe you are right when you feel that sysadmin jobs are drying up. I foresaw this many years ago and as a consequence decided to take up infosec. I also think that it may be a wise decision to go back to school and try to obtain a degree, especially if it is a degree in information security. Would it be worth your while? Well, that depends on what your aims are.
if you intend to work for the government, bigger research organisations, banks, big IT companies (e.g. IBM, HP) etc. in my experience they favour a formal degree over certifications. Given they have to choose between a CISSP and a MSc, they will pick the MSc. It, of course, is best if you have both 🙂
For many other organisations it actually does not matter much. They typically hire folks using some HR department or staffing organisation. Such organisations typically will scan for the famous letters on your CV, e.g. CISSP or - kudos to our friends - CISM and CISA. It definitely helps to have these letters on your CV.
But - getting a job is in many cases not the (only) reason to pick up your studies again. Self-esteem can be a very good motivator too. Not just assuming, but KNOWING for a fact that you have up to date knowledge and have proven your intelligence and skills independently can work wonders for anybody, especially for the often somewhat negatively inclinded techies of this world.
Good news: you don't need to choose between work and studies - you can do both, of course. I know, because I did. And being a - ahem - mature student like I was actually proved to be more an advantage than a disadvantage.
I "went back to school" when I was over 50 - to be exact: when I was 52. First, I obtained CISSP in 2011. Then a collegue of mine, who was an alumnus of Royal Holloway (Egham, London), drew my attention to their option to do a (mostly) on-line MSc information security there. I was a bit hesitant, as I never had finished a bachelors or similar. However, Royal Holloway have a policy to accept 'mature students'. They do so because 'mature students' often have been in IT/InfoSec for decades and therefore have a lot of practical experience to share with the more theoretically inclined students. They will of course check your credentials: you'll need sufficient linguistical skills, and be sufficiently intelligent to master their Masters. But one that has obtained CISSP almost certainly qualifies (caveat: there are no guarantees, it's entirely up to RHUL, of course).
So, in short: yes, go for it, and perhaps the RHUL MSc is something for you. I immensely enjoyed it 🙂
For many organisations flooded with applicants it is a simple thing to "sort the wheat from the chaff" by asking for a degree. But, as we all know it is not quite that simple. To simply take this route would deny the wealth of expertise from the military background for example - knee deep in relevant experience, but no academic qualification at all. Alternatively, to hire someone on the grounds of a relevant degree alone yields candidates with a breadth and/or depth of knowledge but with limited real-world experience to support it. So from my perspective I like to see commitment to knowledge and learning supported by demonstrable experience. I need people who can think outside the box and who have learned from real world success, and yes, failure. How we deal with failure is a key enabler when looking for a skilled consultant able to think on their feet and to provide alternate solutions in an ever changing and evolving discipline. Having a degree still opens doors. Having skills and experience removes the doors and any follow-up obstacles to a great career. So for me, if you have the opportunity to take a degree (even in later life) development of knowledge supported by appropriate experience is a game changer.
If you wish to land a job with a large, well-known company then a degree is going to be a requirement. I have worked for both large and small organizations - government, private, and public. Typically the smaller organizations only required the experience, same with the government positions. The large organizations seemed to have that an unspoken requirement. It seemed like they overlooked people qualified from an experience perspective in favor for those with a degree and experience.
What I am saying is that it is up to your career goals. You will get a good job with a decent company and provide a solid lifestyle with any organization that hires you - you are after all, in information security. However, if want to work for an organization that you see commercials on TV or support the Olympics or are the "official sponsor" of such-and-such a sport...you're going to probably need a degree.
My two bits,
I have been working in IT Healthcare for over 20 years. I have several certifications, moved laterally within the institution 5 times and did a majority of my work in sysadmin before switching to Cyber Security 10 years ago. I have earned a very competitive salary without ever getting a four year degree. I am over 50 years old and have decided that the degree ship has long sailed. Am I going strong in my field, absolutely, would I have liked to have earned a four year degree, absolutely. Do I think a degree is required, I have seen quite a few jobs that I would have loved to apply for but the BA/BS degree requirement pretty much shut me out. That is not to say there aren't any interesting jobs out there and employers today are recognizing the importance of experience in place of a degree so the days where 'on the job' training were more prevalent I think are long gone.
With that said, I have worked with folks who have Master's degrees in CIS but had little to no experience in the real world and end up either quitting or getting riff'ed. Most of the folks I work with have degrees in other fields such as History or Psychology, where some of them, like me, never completed their degree or aspired to earn one yet we have a very effective team. What most of us have in common is not our education but our desire to do a good job and have fun along the way.
If your goal is management, I think post graduate work can help you land that interview. If you want to stay in the trenches, you will need to do a little cost benefit analysis to see if the current education investment is worth your time and most importantly the toll it may take on your family.
Good luck