been having a debate on wether or not one requires a degree to enter an entry level junior soc type of job in cyber security
I'm of the opinion that companies security culture has matured, and most have trained their HR staff to the point they don't list degree as a requirement, but rather focus on skills. Then there's other HR departments that " keep throwing mud, until something sticks". I'm in no way stating that degrees aren't valid, or wouldn't be useful for midcareer, merely that for entry level cybersec jobs they aren't needed, so i want to know what everyone's take is on this. Thanks.
My take on this is that it is not your formal education but your provable skillset that qualifies you for a job. One of the ways to prove some skills is to have an academic grade. Another is to be certified. And then there is the option to be trained on the job after being let in as a student, trainee or junior. In the pentesting world, people can get a job by participating in CTF events or hack a site (responsible disclosure). In the world of standards, processes and certifications, that is almost impossible, and then you really need certs an/or an academic grade.
So, I'd say: yes it is possible to enter our field without a formal education, given that you are able to convince some employer to hire you. But it makes it so much easier if you have an accreditation like CISSP or are a BSc or MSc etc.
If I were offering the job, then no. Obviously that isn't the case, so the answer will depend on the employer, and their views / HR policies.
If an organisation's HR policy mandates that employees have a degree, then you'll need this for the sake of eligibility, unless you've had an opportunity to get interviewed and have sufficiently impressed a manager with your skills --- in which case he / she may be able to circumvent the usual policy.
> Curiousmind18 (Newcomer II) posted a new topic in Career on 04-06-2019 03:59 AM
> been having a debate on wether or not one requires a degree to enter an entry
> level junior soc type of job in cyber security
I'd say "entry level" says it all ...
> I'm of the opinion that
> companies security culture has matured, and most have trained their HR staff to
> the point they don't list degree as a requirement, but rather focus on skills.
Bwa ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha
Oh, thanks, I needed a laugh.
Oh, you were serious ...
> Then there's other HR departments that " keep throwing mud, until something
> sticks".
Yeah, I'm much more familiar and experienced with them. I remember all the companies I've worked for where all the training and tech writing people had degrees--in English and History. (Same for all the HR people, come to that.) I remember putting in my first IBM machine, and all my IBM support people having music degrees ...
tsk tsk,
I think it's pretty obvious (Perhaps only to me), that the poster was referring to degrees in something compatible with the field of computers, be it sciences or cyber.
Personally, I don't see having a degree in anything (running with you here @rslade) necessarily means that person a is any better than someone who doesn't have a degree (person b).
I have interviewed people from both sides of the spectrum, including people with a few years (4 or more) in the field of computers, cyber, communications etc, and found that in more cases than one, unless you have had hands on, worked in the field (not as a button pusher), then you have no value as anything more than a total absolute beginner.
I have also interviewed people with absolutely no knowledge and found their thinking to be exactly what was needed for cyber and have chosen to hire and train.
A degree can be a bonus, but it does not have to be, and if there is no fully defined definition as to what degree is required, and what the degree has to encompass, then it's a waste of ink on paper.
Mike
@MikeGlassman wrote:I think it's pretty obvious (Perhaps only to me), that the poster was referring to degrees in something compatible with the field of computers, be it sciences or cyber.
Yes, I too assumed he was talking about that. Anyways, my opinion is that competency doesn't depend on a degree.
A candidate who's accumulated a wealth of knowledge but is unable put it to use won't be worth much in this field --- although HR probably sees that differently.
Folks,
Pre-amble: in the Unix world, in which I grew up and still feel very much at home in, we have a utility called 'grep' which is used to search for series of letters (words, acronyms) in files. Unix folks often use the name of the utility as if it were a verb: "You can grep on CISSP and see what turns up". Well, HR departments grep on titles and acronyms in CV's which they often do not even understand the meaning of, and if you want to 'turn up', you'd better be sure to have the proper acronyms / titles in your CV.
Apart from that, IMHO a degree IS most certainly of value as it proves the holder has important skills that are valuable in our field. Even if it is "only" a degree in music, history or social geography - just to mention a few that often are depicted as "easy to obtain", which I don't know as I never tried to .. - well, even in those cases, the person has provable intelligence, stamina an is able to focus, write a fairly decent report and knows where to find information (outside the Internet). If it is a degree in information security, or in computer science, we can add a more than average knowledge of information processing, computers, at least a nodding acquintance with programming and knowledge of standards, techniques etc. commonly used in our field. So, I can totally understand why companies (especially their HR departments) grep for such degrees.
It is, of course, absolutely true that some people that do not hold a degree will be of above average intelligence too, and some will know more about anything than the first person with a degree. Most of the experienced old hands that hold no title but work in our field are taught by the famous School of Life - 30 years of practical experience, doing courses, learning from others, reading stuff on the Internet, books and of course by trial and error - but alas, the School of Life does not hand out any of those grepable titles for HR departments.
That's why I think that the CISSP and other certifications are a very good thing: if you are experienced and have most if not all of the skills of an academic, you can probably achieve CISSP in a few months. And then you HAVE the proper acronym / title which helps HR departments to grep your CV from that pile they have - and you may get an invitation to that super job that you would not have gotten without it.
Your alternative is to smuggle yourself inside the company of your preference somehow and make a favourable impression on the people that you would like to hire you. It has been done (even by yours truly), but believe me: it's far easier to obtain CISSP, CCSP, CIPP/E or even an MSc..
No, most of the real skills of a beginning cybersec worker are available (sometimes better!) from experience other than college. However, as others have indicated, some employers require a degree as a filter to reduce the number of applicants they must seriously considered.
Later in a cybersec career the broader education (theoretically) obtained when earning a four year degree can be very beneficial to the pracitce.