Like what you read and curious about the conversation? Visit CISO Perspectives to get further insights into this topic. CISO Perspectives is a weekly column and podcast where Kim Jones explores the evolving landscape of cybersecurity leadership, talent, and risk—because success in cybersecurity is about people, not just technology.
What’s the “correct” path for entering cyber?
Welcome to the CISO Perspectives Weekly Briefing, where we break down this week’s conversation, providing insights into relevant research and information to help you further understand the topics discussed.
At 625 words, this briefing is about a 5-minute read.
Entering cybersecurity.
As the cyber field has continued to grow, the industry has begun to craft more formal entryways into the field, one of which is through traditional college degree programs.
As these collegiate degree programs have continued to proliferate across dozens of universities, the value of these degrees has risen accordingly. According to CyberSeek, data on entry-level positions shows a strong preference for applicants with college degrees. Cyberseek found the following job postings required at least a Bachelor’s degree:
- 43% of Networking roles.
- 41% of Software Development roles.
- 45% of Systems Engineering roles.
- 52% of Financial and Risk Analysis roles.
- 42% of Security Intelligence roles.
- 32% of IT Support roles.
Furthermore, this is not a new development. A study from 2020 found similar results. In a Department of Education report, they found the following:
- 60% of surveyed cybersecurity job postings required a college degree.
- 24% of surveyed cybersecurity job postings preferred a graduate degree.
However, despite the emergence of an emphasis on many collegiate cyber programs, simply having a degree is not a foolproof solution for newcomers. While degrees are becoming increasingly valued, there is still an emphasis on proving technical skills.
The emphasis on being able to prove your knowledge, outside of holding a degree, is critical. Tangible experiences or certifications that display technical skills are invaluable when paired with a degree. For example, in ISC2’s 2024 Workforce Report, they found that both hiring managers and traditional managers are looking for demonstrable technical skills such as cloud computing security, security engineering, and machine learning. While degrees can aid in demonstrating expertise, certifications still provide value to both applicants and employers. For example, in ISC2’s report, they found the following:
- 90% of respondents who got a certification before they entered the field stated that it was either valuable or very valuable for their career.
- 65% of respondents either somewhat or completely agreed that certifications were the best way to prove knowledge and understanding of concepts.
Outside of ISC2’s findings, the Department of Education report, mentioned previously, echoed a similar conclusion. In their report, they also found that 29% of surveyed job postings either preferred or required certifications.
Despite their value, traditional degrees come with significant costs, prompting many to explore alternative options, such as boot camps and community colleges. While these alternative paths can provide value, there is notable evidence that supports the value of obtaining a Bachelor’s degree, especially when compared to these other paths.
The "correct" path.
Outside of the reports already cited, the conversation with Will Markow referenced some key findings. Regarding programs, such as community college programs, boot camps, or Associate degree pathways, Markow found that only 1% of the cybersecurity workforce comes straight from these programs. Comparatively, those that come straight out of college with a cybersecurity Bachelor’s degree made up 7% of the cybersecurity workforce.
However, notably, both of these findings are lower than what is normally emphasized as a path to success. If leaving either of these programs and entering right into the workforce does not result in a higher likelihood of finding employment, it supports the evidence listed above.
While Bachelor’s degrees are valuable and give noticeable upside compared to non-traditional pathways, having proof of your expertise, through work experience or certifications, is critical. Being able to leverage both a four-year or graduate degree in cybersecurity as well as being able to demonstrate your technical skills appears to be one of the strongest entryways. Aspiring cybersecurity professionals should view a college degree as a strong foundation - but one that must be reinforced with real-world experience.