Like what you read and curious about the conversation? Visit CISO Perspectives to get further insights into this topic. CISO Perspectives is a weekly column and podcast where Kim Jones explores the evolving landscape of cybersecurity leadership, talent, and risk—because success in cybersecurity is about people, not just technology.
What role does higher education play in cyber?
Welcome to the CISO Perspectives Weekly Briefing, where we break down this week’s conversation, providing insights into relevant research and information to help you further understand the topics discussed.
At 450 words, this briefing is about a 4-minute read.
Higher education’s role in cybersecurity.
Over the past decade, higher education has become increasingly central to the cybersecurity field. This trend is reflected in the proliferation of degree programs and their impact on current hiring practices. For example, a 2020 Information Systems Education Journal study found the following for cybersecurity architect postings:
- 27% required a graduate degree.
- 69% required a bachelor’s degree.
- 4% accepted less than a bachelor’s degree.
These patterns are not isolated; they reflect the broader cybersecurity industry's attitudes toward academic credentials. In the ISACA 2024 workforce report, they found:
- 21% of respondents stated that a university degree was very important when determining if a candidate was qualified.
- Another 46% saw it as somewhat important.
This strong emphasis on collegiate degrees has already begun to have tangible impacts. As the industry has expressed its desire for candidates to possess university degrees, job seekers have taken notice. In a 2022 ISC2 report, they found the following:
- 39% of cybersecurity workers have earned a bachelor’s degree.
- 43% of cybersecurity workers have completed a master’s degree.
A cybersecurity degree's value has only continued to grow; however, even with degrees entrants still find it difficult to enter the field. This begs the question: what is the value of these degrees?
A degree’s value.
While organizations have expressed their clear desire for entrants to possess degrees, this pathway is often not enough for newcomers to enter the field. Regardless of the university, industry leaders and organizations alike often label these programs as too theoretical and lacking substantive experience.
To account for these theoretical degrees, employers have clearly expressed their desire for candidates to possess meaningful, real-world experience alongside their degrees. ISACA’s report further illustrates this:
- 73% of respondents stated that it was very important for candidates to have prior hands-on experience.
- An additional 22% of respondents listed this experience as somewhat important.
- 27% of respondents stated that hands-on training was very important.
- An additional 54% of respondents listed this experience as somewhat important.
This dual demand for both formal education and real-world experience demonstrates the challenges facing entry-level professionals in cybersecurity. Obtaining both a four-year degree while simultaneously obtaining practical experience is oftentimes unrealistic, which has contributed to the talent pipeline congestion seen across the industry.
As the cybersecurity workforce grows, addressing the disconnect between academic preparation and industry expectations will be essential. By creating and refining more effective talent pipelines, both organizations and job seekers will benefit - ultimately leading to a more robust and resilient cybersecurity workforce.