cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Curiousmind18
Newcomer II

is a degree required for entry level cybersecurity jobs?

been having a debate on wether or not one requires a degree to enter an entry level junior soc type of job in cyber security

 

I'm of the opinion that companies security culture has matured, and most have trained their HR staff to the point they don't list degree as a requirement, but rather focus on skills. Then there's other HR departments that " keep throwing mud, until something sticks". I'm in no way stating that degrees aren't valid, or wouldn't be useful for midcareer, merely that for entry level cybersec jobs they aren't needed, so i want to know what everyone's take is on this. Thanks.

12 Replies
fortean
Contributor III

My take on this is that it is not your formal education but your provable skillset that qualifies you for a job. One of the ways to prove some skills is to have an academic grade. Another is to be certified. And then there is the option to be trained on the job after being let in as a student, trainee or junior. In the pentesting world, people can get a job by participating in CTF events or hack a site (responsible disclosure). In the world of standards, processes and certifications, that is almost impossible, and then you really need certs an/or an academic grade.

 

So, I'd say: yes it is possible to enter our field without a formal education, given that you are able to convince some employer to hire you. But it makes it so much easier if you have an accreditation like CISSP or are a BSc or MSc etc.

 

--
Heinrich W. Klöpping, MSc CISSP CCSP CIPP/E CTT+
Shannon
Community Champion

 

If I were offering the job, then no. Obviously that isn't the case, so the answer will depend on the employer, and their views / HR policies.

 

If an organisation's HR policy mandates that employees have a degree, then you'll need this for the sake of eligibility, unless you've had an opportunity to get interviewed and have sufficiently impressed a manager with your skills --- in which case he / she may be able to circumvent the usual policy.

 

 

Shannon D'Cruz,
CISM, CISSP

www.linkedin.com/in/shannondcruz
rslade
Influencer II

> Curiousmind18 (Newcomer II) posted a new topic in Career on 04-06-2019 03:59 AM

> been having a debate on wether or not one requires a degree to enter an entry
> level junior soc type of job in cyber security

 

I'd say "entry level" says it all ...

 

>   I'm of the opinion that
> companies security culture has matured, and most have trained their HR staff to
> the point they don't list degree as a requirement, but rather focus on skills.

 

Bwa ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha

 

Oh, thanks, I needed a laugh.

 

Oh, you were serious ...

 

> Then there's other HR departments that " keep throwing mud, until something
> sticks".

 

Yeah, I'm much more familiar and experienced with them. I remember all the companies I've worked for where all the training and tech writing people had degrees--in English and History. (Same for all the HR people, come to that.) I remember putting in my first IBM machine, and all my IBM support people having music degrees ...


............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
MikeGlassman
Contributor II

tsk tsk,

 

I think it's pretty obvious (Perhaps only to me), that the poster was referring to degrees in something compatible with the field of computers, be it sciences or cyber.

 

Personally, I don't see having a degree in anything (running with you here @rslade) necessarily means that person a is any better than someone who doesn't have a degree (person b).

 

I have interviewed people from both sides of the spectrum, including people with a few years (4 or more) in the field of computers, cyber, communications etc, and found that in more cases than one, unless you have had hands on, worked in the field (not as a button pusher), then you have no value as anything more than a total absolute beginner.

 

I have also interviewed people with absolutely no knowledge and found their thinking to be exactly what was needed for cyber and have chosen to hire and train.

 

A degree can be a bonus, but it does not have to be, and if there is no fully defined definition as to what degree is required, and what the degree has to encompass, then it's a waste of ink on paper.

 

Mike

Sincerely,

Mike Glassman, CISSP
Iguana man
Shannon
Community Champion


@MikeGlassman wrote:

I think it's pretty obvious (Perhaps only to me), that the poster was referring to degrees in something compatible with the field of computers, be it sciences or cyber.


Yes, I too assumed he was talking about that. Anyways, my opinion is that competency doesn't depend on a degree.

 

A candidate who's accumulated a wealth of knowledge but is unable put it to use won't be worth much in this field --- although HR probably sees that differently.

 

 

 

Shannon D'Cruz,
CISM, CISSP

www.linkedin.com/in/shannondcruz
fortean
Contributor III

Folks,

 

Pre-amble: in the Unix world, in which I grew up and still feel very much at home in, we have a utility called 'grep' which is used to search for series of letters (words, acronyms) in files. Unix folks often use the name of the utility as if it were a verb: "You can grep on CISSP and see what turns up".  Well, HR departments grep on titles and acronyms in CV's which they often do not even understand the meaning of, and if you want to 'turn up', you'd better be sure to have the proper acronyms / titles in your CV.

 

Apart from that, IMHO a degree IS most certainly of value as it proves the holder has important skills that are valuable in our field. Even if it is "only" a degree in music, history or social geography - just to mention a few that often are depicted as "easy to obtain", which I don't know as I never tried to .. - well, even in those cases, the person has provable intelligence, stamina an is able to focus, write a fairly decent report and knows where to find information (outside the Internet). If it is a degree in information security, or in computer science, we can add a more than average knowledge of information processing, computers, at least a nodding acquintance with programming and knowledge of standards, techniques etc. commonly used in our field. So, I can totally understand why companies (especially their HR departments) grep for such degrees.

 

It is, of course, absolutely true that some people that do not hold a degree will be of above average intelligence too, and some will know more about anything than the first person with a degree. Most of the experienced old hands that hold no title but work in our field are taught by the famous School of Life - 30 years of practical experience, doing courses, learning from others, reading stuff on the Internet, books and of course by trial and error - but alas, the School of Life does not hand out any of those grepable titles for HR departments.

 

That's why I think that the CISSP and other certifications are a very good thing: if you are experienced and have most if not all of the skills of an academic, you can probably achieve CISSP in a few months. And then you HAVE the proper acronym / title which helps HR departments to grep your CV from that pile they have - and you may get an invitation to that super job that you would not have gotten without it. 

 

Your alternative is to smuggle yourself inside the company of your preference somehow and make a favourable impression on the people that you would like to hire you. It has been done (even by yours truly), but believe me: it's far easier to obtain CISSP, CCSP, CIPP/E or even an MSc..

--
Heinrich W. Klöpping, MSc CISSP CCSP CIPP/E CTT+
CraginS
Defender I

No, most of the real skills of a beginning cybersec worker are available (sometimes better!) from experience other than college. However, as others have indicated, some employers require a degree as a filter to reduce the number of applicants they must seriously considered.

 

Later in a cybersec career the broader education (theoretically) obtained when earning a four year degree can be very beneficial to the pracitce.

 

 

 

D. Cragin Shelton, DSc
Dr.Cragin@iCloud.com
My Blog
My LinkeDin Profile
My Community Posts
rslade
Influencer II

> MikeGlassman (Newcomer III) mentioned you in a post! Join the conversation

>   Personally, I don't see having a degree in anything
> (running with you here @rslade) necessarily means that person a is any better
> than someone who doesn't have a degree (person b).

Getting back onto the original topic (where's the fun in that?) I am reminded of a
couple of things.

I get asked, a lot, about whether people should take a degree to get "into
computers." I respond that if you want to get into network admin, a relevant
degree is probably a help. If you want to get into the entry level (which probably
means tech support, to begin), it doesn't help all that much. If you want to get
into programming, people want to see what you've coded.

I was asked, by an institute of higher education, to address a "close to graduating"
class on how to get a job. I was given little info about the program, so I asked the
students when I stood up in front of them. The program was a degree. It was run
by the business faculty, but called a computer degree. It was supposed to make
them into "developers." I was in front of 300 students. I asked how many knew
more than 5 programming languages. Only a handful. I asked how many knew at
least oen assembler or machine language. Only a handful. I was getting depressed.
I asked how many had at least developed an app. About a dozen. Well, I said,
those ones will have an example. When you apply for jobs, they won't care about
your degree from X. They will want to see what you have coded.

====================== (quote inserted randomly by Pegasus Mailer)
rslade@vcn.bc.ca slade@victoria.tc.ca rslade@computercrime.org
People don't care how much you know until they know how much you
care. - Mark Twain
victoria.tc.ca/techrev/rms.htm http://twitter.com/rslade
http://blogs.securiteam.com/index.php/archives/author/p1/
https://is.gd/RotlWB

............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
rslade
Influencer II

> CraginS (Advocate I) posted a new reply in Career on 04-07-2019 05:04 PM in the (ISC)² Community :

> No, most of the real skills of a beginning cybersec worker are available
> (sometimes better!) from experience other than college.

Good judgment comes from experience.

Experience, unfortunately, comes from bad judgment ...

====================== (quote inserted randomly by Pegasus Mailer)
rslade@vcn.bc.ca slade@victoria.tc.ca rslade@computercrime.org
You should never be proud of doing what's right. You should just
do what's right. - Dean E. Smith
victoria.tc.ca/techrev/rms.htm http://twitter.com/rslade
http://blogs.securiteam.com/index.php/archives/author/p1/
https://is.gd/RotlWB

............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468