Thinking about a getting a cybersecurity degree but aren’t really sure? You’re not the only one. There’s a lot of debate on whether a cybersecurity degree has any value.
But as a sign of things to come, the Office of National Cyber Director recently announced a willingness for federal agencies to move away from education-based hiring and towards skills-based hiring.
So now the question everyone is asking…are cybersecurity degrees really worth it?
Read on as I walk through a few things to consider before you decide whether a degree is worth your time and money.
Unfortunately, there’s no straightforward answer to this question. According to a 2023 ISACA report, only 52% of organizations require a university degree for hiring in entry-level cyber roles. Part of the reason for this lack of clarity is the challenge employers face when determining how 'well-prepared' college graduates are.
The ISACA survey revealed that 28% of respondents agreed or strongly agreed that recent cyber graduates were well-prepared for the challenges in their organizations, whereas 24% disagreed or strongly disagreed.
This indicates that employers are divided on the effectiveness of a cybersecurity degree. However, this doesn’t mean that obtaining a degree in cybersecurity lacks value; there are still several benefits to consider.
Keep in mind this thought process doesn’t apply to leadership positions. Most executive roles, such as those of a CISO, typically require a degree in cybersecurity or a related field. Additionally, some companies may even prefer candidates with a master’s degree.
There’s no doubt that a cybersecurity degree is an excellent launching pad for a successful career in the cyber industry. While it’s absolutely possible to land an entry-level job without a cyber degree, it’ll likely be more challenging for you. Compared to an equally capable candidate without a degree, a degreed candidate is more likely to gain access to a wider range of positions, secure an interview, be hired, receive opportunities for promotion, and earn a higher salary.
However, I believe the most significant benefit of obtaining a cybersecurity degree lies in the experiential learning it offers, particularly through internships. Internships provide an opportunity to develop necessary skills in a real-world environment while allowing companies to invest time and effort into your training, thus improving your chances of employment after the internship.
It’s important to recognize that your return on investment (ROI) depends entirely on your career goals. If you’re ‘okay’ with an entry-level position, low upfront costs, and slow growth with potential limits on promotion opportunities, you might be fine without a degree.
And I completely understand that going to college isn’t cheap. The average cost of an undergraduate degree on campus is $36,436. To calculate a more accurate ROI, consider also the four years of lost wages during your studies because you’re likely working part-time instead of full-time. Assuming a wage of $15 per hour, you’re giving up $15,600 per year, or $62,400 over four years. This, plus the cost of your undergrad degree, brings your total educational cost to $98,836.
Now, using the median annual salary of an information security analyst, which is $120,360, the average ROI comes to 21.8% per year, derived from ($120,360 - $98,836) / $98,836.
After working for ten years, this translates to an ROI of 1,100% without a single promotion and an ROI of 2,300% after 20 years—a massive return for your four years of education! Keep in mind that other factors, such as taxes, inflation, and salary increases, will also impact your actual ROI, but this gives you a basic idea of the benefits.
Cybersecurity professionals currently occupy 82% of US jobs. Additionally, employment growth is expected to rise in the next decade. This means that, degree or not, the industry urgently needs quality candidates.
If you aren’t interested in a 4-year degree, here are a few alternatives to consider:
This article explored whether a cybersecurity degree is required by employers, the benefits of having one, and whether it’s worth the personal investment. And though a degree can open many doors and potentially lead to higher salaries, it's not the only way into the industry. With the cyber industry's rapid growth and the shift toward skills
-based hiring, alternatives like associate’s degrees, boot camps, and self-directed projects also offer valuable entry points.
Ultimately, the debate continues: Is a traditional degree necessary, or should we value practical skills more?
What's your take? Do you think degrees are essential, or is it time to reprioritize and determine what is essential? Share your thoughts below.