I'm excited to share that I have finally completed my Bachelor of Science (BS) in Cybersecurity Management & Policy at the University of Maryland Global Campus (UMGC)! And now that I have a completed degree in my hands, I can finally write real career advice on a highly debated topic within our industry.
In this article, we will explore whether or not a college degree in cybersecurity is "worth it." I'll give you my opinion and what I feel is the opinion of cybersecurity employers. Then, at the end, we'll compare and contrast a college degree with other popular cybersecurity training options.
Summary
Quick answer: It depends. A cybersecurity degree is worth it if aligned with career goals and financial capacity.
College programs in cybersecurity offer a broad foundation, covering topics like network security, cryptography, and ethical hacking, enriched with practical labs.
Degrees are valuable for career growth, particularly managerial roles, but aren't strictly necessary for all positions.
Employers value real-world experience and certifications, often alongside or even above degrees.
My cybersecurity management & policy degree gave me a deep understanding of governance, risk, and compliance (GRC) and a thorough understanding of cybersecurity policy development and risk management. This knowledge helped me prepare for the ISC2 Certified Information Systems Security Professional (CISSP) certification.
Evaluate academic options by considering curriculum, institutional reputation, and accreditation.
Degrees have a universal recognition that certifications may lack, offering a versatile skill set.
For military personnel, tuition assistance and the GI Bill make degrees financially accessible.
Balancing a degree with work or family is challenging but achievable; I did it while on Active Duty U.S. Air Force.
Past academic performance shouldn't deter you; maturity can shift your educational success.
Degrees are not the most cost-effective entry into cybersecurity but are worthwhile if you have the means to comfortably afford it.
The degree's value is context-specific, and influenced by career goals and financial situations.
If your hesitation is due to time and effort, remember: "So what? Do it anyway."
Degrees offer a competitive edge in the job market, potentially leading to higher salaries.
My best attempt to answer the "Is a cybersecurity degree worth it?" question
My academic journey in cybersecurity management & policy has been enriching and enlightening. The program taught me invaluable skills such as effective writing, research abilities, and a deep understanding of governance, risk, and compliance (GRC), cybersecurity frameworks, risk management, and cybersecurity policy development. It even prepared me for the CISSP certification, which I doubt I would have attained otherwise.
That said, my degree was focused on managerial and policy aspects, not hands-on technical skills like network configuration or ethical hacking. But this was a conscious choice. I wanted a foundation in cybersecurity's leadership and management aspects, which I felt I couldn't easily acquire on my own. For the technical skills, I opted for self-study, and certifications, and used (and still using) platforms like TryHackMe, Hack The Box (HTB), and HTB Academy.
This brings me to an important point: choosing an academic program should align with your career goals. Technical ability is undoubtedly crucial in cybersecurity, as is the ability to write well and conduct thorough research. For instance, penetration testers must be eloquent writers to produce comprehensive reports that businesses can understand and act upon. Therefore, evaluate your academic options carefully. Consider the curriculum, the institution's prestige, and its accreditation status. Remember, a degree should be more than just a piece of paper; it should provide you with real-world applicable skills and knowledge.
Although many cybersecurity job listings state that a four-year degree is preferred, it's not always a stringent requirement. Most employers prioritize skills and experience over academic qualifications. Moreover, alternative training options offer a better "bang for your buck," delivering competency at a fraction of the cost and time commitment required for a degree.
However, a degree does have its merits. It can make you more competitive in the job market and is often essential for ascending to upper-level managerial roles. Plus, a degree has universal recognition that transcends into other industries, something that certifications alone may not offer. That said, the financial burden of a college education can't be overlooked. If the cost is a concern, consider entering the cybersecurity field through different avenues and pursue a degree later when it's financially viable.
For those serving in the U.S. military, like myself, utilizing available educational resources such as tuition assistance and the GI Bill is strongly advised. The cost barrier is virtually nonexistent for you, making it an opportunity too good to miss.
Juggling the responsibilities of a full-time job or family obligations while pursuing an education can feel overwhelming. It's important to remember that it's not impossible. Speaking from experience, I managed to complete my bachelor's degree while serving actively in the U.S. Air Force. Furthermore, I've witnessed others achieve this same feat while raising their children.
Similarly, if you were disengaged during high school like I was, don't let it discourage you from pursuing a college degree. As someone who graduated from high school with a 2.0 GPA and ranked at 159 out of a class of 178 students, I graduated from college with a 3.87 GPA 11 years after graduating from high school.
Initially, I almost decided against pursuing my college degree simply because I greatly disliked high school. I had no interest in most of the high school subjects. I never did homework because I only wanted to play video games after football and basketball practice. Thankfully, my mother encouraged me by saying, "So what? Do it anyway" while we talked about whether I should pursue my degree. Well, I took her advice and pursued my college degree regardless of the excuses I was trying to make for myself. I'm grateful for that decision because my college education has significantly benefited my everyday life and professional career.
Sometimes, it takes time and maturity to unlock our potential and realize what we can achieve. Success is about overcoming obstacles and pushing through any excuses that may arise as we work towards our goals.
Conclusion
The value of a college degree can vary based on circumstances, career goals, and financial factors. If the cost of college is your primary concern when considering a cybersecurity degree, it's probably not the best investment for you. Personally, I don't think going into a lot of debt is worth it, especially since there are so many other training options for far less money.
However, if you have the means to pursue education without putting a substantial financial burden on yourself and your hesitations are tied to the time and effort needed to obtain a degree, then I would say the same thing my mother told me, "So what? Do it anyway." A college degree is absolutely worth the time and effort needed to complete it.
While it's not a requirement for entry-level or mid-level cybersecurity positions, having a degree can open up opportunities for career growth and potentially lead to higher salaries and help you stand out as a job applicant. Remember that there are infinite paths to success in the cybersecurity industry, so align your educational/training choices with your long-term career aspirations and personal budget constraints.
Compare and Contrast
Generally, there are four training options:
Training Method | Cost | Time to complete | Value | Bang for your buck | "Worth it?" |
Boot camp | $$$ | Medium | Medium | Low | No |
Degree | $$$$ | Long | Very High | Low | Depends |
Certification | $$ | Short | High | High | Yes |
Self-learning | $ | Continuous | High | Very High | Yes |
Four-Year Degree
A college degree in cybersecurity is a program that offers an understanding of the principles and practices of cybersecurity. It typically includes network security, cryptography, ethical hacking, and information assurance courses. Students enrolled in these programs complete both coursework and practical labs to earn a bachelor's (or master's) in the field. In the cybersecurity industry, a college degree can be a foundation for career advancement for more advanced or managerial positions. However, it is essential to note that employers often value certifications and real-world experience to keep up with the changing landscape of threats. While having a degree provides a rounded education, it may not always replace the skills demonstrated by professional accreditations.
Pros:
Degrees are highly sought after by employers.
Learn crucial research, communication, and writing skills (unlike other options).
Online and in-person degrees are available.
Pre-determined course schedule and learning path.
(This can be a con if you prefer self-pacing and the ability to choose your own path).
Some schools allow you to specialize and take electives so you can specialize in a particular area.
Cons:
Very Expensive ($35,692 on average).
Gain skills very slowly (Typically, your first 2 years of courses don't provide cybersecurity skills, and it typically takes 4 years to finish the degree).
Not as "hands-on" as the other options.
Some employers/peers may not care about your degree.
Certifications
A cybersecurity certification is a recognition given by an organization to acknowledge an individual's specific abilities and knowledge in cybersecurity. Acquiring certifications involves completing challenging exams assessing one's expertise in cybersecurity, including ethical hacking, information security management, and network defense. These certifications are highly valuable in the industry because they establish a measure of competency, enable employers to evaluate the skill level of hires or current employees, and often serve as prerequisites for specialized roles or projects. As a result, they play a role in career progression, establishing credibility and ensuring that personnel possess the skills to combat ever-evolving cyber threats.
Pros:
Affordable
$554.51 on average (for both training and exam voucher(s)).
Slightly more expensive ($618.51 on average) if you study/practice part-time
Gain skills very quickly (about 1-2 months if you study/practice full-time).
about 2-4 months if you study/practice part-time
They are highly sought-after by employers as they are listed on most job postings.
Self-study.
(This can be a con if you prefer to have instructor-led training)
Self-Paced.
(This can be a con if you prefer a set schedule).
Semi-custom learning path.
(This can be a con if you prefer a fully structured path).
Cons:
Very difficult to pass exams, and you must pay for another voucher to re-take the exam in most cases.
Somewhat of a hassle to maintain as most certifications require re-certification after three years.
You must pay small maintenance fees to maintain an active certification in most cases.
Some employers/peers may not care about your certifications.
Boot camps
A cybersecurity bootcamp training program aims to equip participants with cybersecurity skills like penetration testing and network defense. Unlike college degree programs, boot camps prioritize hands-on training to prepare individuals for entry-level roles in cybersecurity quickly. While they may not offer the breadth of knowledge or theoretical background as a college degree, boot camps provide skills highly valued by employers for specific positions. Graduates often complement their training with industry certifications to enhance their credibility and meet job requirements.
Pros:
Gain skills quickly (4.5-5.5 months if you attend full-time).
Some boot camps offer part-time attendance, which costs a little more and significantly extends the completion time.
Instructor-led.
(This can be a con if you prefer self-study)
Set course schedule and learning path.
(This can be a con if you prefer self-pacing and the ability to choose your own path).
Some programs incorporate certifications in the boot camp.
Cons:
Expensive ($13,252.34 on average).
Lack of Credentials (No degree and possibly no certifications). Job postings do not require proof of boot camp participation (unlike degrees and certifications).
Self-Learning
Self-learning and improving skills in their free time set job candidates apart in this field. Investing time in self-learning cybersecurity fundamentals, developing necessary skills, and researching existing trends are important approaches to gaining an edge before an interview. Demonstrating an enthusiasm towards learning new technologies while developing knowledge of industry practices through open-source study materials and home labs can make candidates stand out among their competitors. Employers often prefer those who demonstrate competence by actively seeking out information independently versus relying solely on course credits or a degree. Becoming self-taught in the rapidly changing world of cybersecurity is essential if one wishes to stand the best chance of being successfully employed in this continually evolving industry. There is absolutely no reason to forgo self-learning, as you should be self-learning on top of any other training option you are doing due to the breadth of free/cheap training options.
Pros:
Every skill you need can be learned at home for free or at a very low cost.
Gain skills very quickly (You can learn valuable skills in hours).
Seemingly endless online resources.
Very "hands-on."
Employers seek people who learn in their free time as it shows ambition and desire to be in the field.
Self-paced
Custom learning path
Cons:
No credentials to list on a résumé (degree, certification).
(There are ways to list your home lab projects on résumés though).
Self-study and self-paced means you may not know what or where to go for learning.
(This can be a pro if you know what you want to learn and where to go to learn it).
If you're an aspiring cybersecurity professional and have no idea where or how to start your career, read my ultimate cybersecurity career starting guide:
How to Get Into Cybersecurity (and Other IT Fields) With No Experience
https://www.kyserclark.com/post/how-to-get-into-cybersecurity-and-other-it-fields-with-no-experience If you want to know more about why I don't think cybersecurity boot camps are worth it, check out this article:
Are Cybersecurity Bootcamps Worth It? https://www.kyserclark.com/post/are-cybersecurity-bootcamps-worth-it
If you want to know why I like cybersecurity certifications so much, check out this article:
Is a Cybersecurity Certificate Worth It?
Disclaimer: All links to Hack The Box and Hack The Box Academy in this post are affiliate links. This means that if you make a yearly subscription purchase through these links, I may receive a commission at no additional cost to you.
Furthermore, all links to TryHackMe in this post is my referral link. Signing up to TryHackMe through my referral link saves you $5 on your subscription and also saves me $5 on my next year's subscription.
Your support through these purchases helps me continue providing valuable content. Thank you!