How to Get Into Cybersecurity Without a Degree
As it turns out, it’s not uncommon to get into cybersecurity by transferring from another field — even those the average layperson wouldn’t automatically associate with tech.
As Deborah Hurley, professor of cybersecurity at Brown University, once commented on the matter, “Sometimes it’s perceived that the only way of entering cybersecurity is through the technical door, but that’s not the case […] Whatever a person’s talent, with people, administration, management, education, or technology, there is almost certainly an aspect of cybersecurity for which their skills and experience are needed.”
The number of “accidental” cybersecurity professionals — i.e., those who find themselves in the field despite not explicitly aiming for it — appears to be on the rise.
Reporting from TechRepublic indicates that newly-minted professionals are flooding into the cybersecurity industry from a variety of adjacent fields, including IT, law, compliance and government. These new arrivals bring a wealth of experience and entirely new perspectives on how to protect business and consumer data.
This influx is due to an extreme need for talent. A recent report by (ISC)2 noted that nearly 500,000 cybersecurity positions were left unfilled in 2019 — and that to meet current demand from American employers, the cybersecurity talent pool would need to grow by an incredible 62 percent.
Globally, the discrepancy between available talent and job demand is even more significant. The top 11 economies worldwide currently face a collective talent gap of 4.07 million jobs. To meet that need, the global workforce in cybersecurity will need to increase by 145 percent.
All of this means that capable cybersecurity professionals are in very high demand.
In the (ISC)2 study mentioned above, 65 percent of the organizations surveyed claimed that they had a staff shortage in cybersecurity — and many of those surveyed pointed to the lack of experienced and skilled personnel in the field as their foremost concern. Over half (51 percent) of cybersecurity professionals queried said that their employers were at “moderate or extreme risk” due to talent shortages.
This dire need for skilled workers has forced organizations and cybersecurity trainees alike to get creative. Businesses need cybersecurity talent; aspiring professionals need to upskill quickly. As a result of these converging pressures, it’s become possible — and popular — to build a satisfying and successful career in cybersecurity without a degree.
According to the U.S. Bureau of Labor Statistics and Exabeam, while nearly 32 percent of cybersecurity professionals do not have a bachelor’s degree or higher, 83 percent of those in the industry say that they are satisfied with their jobs and 80 percent feel secure in their roles.
Reviews for the profession are overwhelmingly positive, with 86 percent of surveyed professionals saying that they would recommend a career in the field to new graduates.
If you’re wondering — how exactly can I get into cybersecurity without a degree? — you’ve come to the right place. Let’s discuss.
Where to Start
Before you commit time and energy to upskilling, take a few moments to reflect on what the process will entail. Here are a few factors to keep in mind as you start plotting your educational path.
Pros and Cons of Starting a Career in Cybersecurity Without a Degree
It’s important to note that kickstarting a cybersecurity career without a formal degree is, like many worthy endeavors, something of a mixed bag.
There are some positives to entering a cybersecurity profession without a specialized degree. These include:
- The training you receive will likely be centered around highly marketable technical skills.
- You don’t need to dedicate years and significant financial resources to the upskilling process.
- If you have related work experience or a degree in a non-cyber field, you may find that alternative training options provide a more efficient path to the career you seek than a formal college degree.
On the other hand, forgoing a four-year degree can also pose some challenges:
- Without a formal degree, you may need to work harder to convince employers of your capabilities.
- If you come from a non-technical background, you will need to invest time and money in an educational route that can provide you with the technical skills you need to succeed in a cyber-centric role.
- If you plan to take a self-guided educational path, you will need to be self-motivated and dedicated.
Ensure that you fully understand the educational journey you’re committing to before you take your first step!
What Employers Are Looking for in a Candidate
You might be the most technically-capable applicant in an interview room — but if you don’t have a similarly well-developed set of soft skills, you probably won’t get any job offers.
Yes, employers are looking for technical skills and knowledge, but they are also looking for someone who can take a creative, people-centered approach to the role. To borrow a quote from SANS Security director Lance Spitzner, “Many people think cybersecurity is all about hacking into or breaking things, but cybersecurity is actually all about learning how technology (and people) work.”
If you’re going to thrive in the cybersecurity sector, you’ll need to collect a few essential soft skills.
Cybersecurity professionals are proactive digital detectives; they root out threats before they strike and never stop looking for potential vulnerabilities. If you hope to make it as a cybersecurity pro, you need to face each new day as an opportunity to learn, explore and improve. Never stop asking questions!
Attention to Detail
In an industry where overlooking a minuscule system vulnerability could mean the exposure of confidential business or consumer data, having a keen attention to detail is paramount. While aspiring cybersecurity specialists should be able to understand broad-strokes plans, they need to be capable of noticing and acting upon tiny details just as well.
What would a cybercriminal do?
It’s an odd question, for sure — but one that all of the best cybersecurity professionals can (and should) ask themselves at work. Being able to put yourself in an attacker’s shoes and understand how they would approach a system will allow you to better identify and address vulnerabilities.
Are you willing to face down a problem, even if the solution has eluded you for minutes, hours or even days? If you aspire to be a cybersecurity professional, your answer should, without a doubt, be yes.
To borrow a quote from Reg Harnish, CEO of GreyCastle Security, “The most important quality I look for when hiring new talent is persistence. Are they determined? Do they have the gumption to do the job right? In the cybersecurity world, the problems people face are not only ever-changing, but also very difficult to start with, so persistence is key.”
When you work in cybersecurity, you can never let frustration hold you back.
Of course, it needs to be stated that in addition to the soft skills covered above, employers will be looking for candidates who have a sturdy set of technical skills, as well. The specific technical skills you’ll need will depend on the professional roles you choose to take on; however, there are a few that you will likely need regardless of the specialty you find yourself in.
Risk Analysis and Mitigation
Assessing vulnerabilities is a core part of cybersecurity work. Aspiring professionals in the field need to know how to perform a cyber risk analysis; doing so will allow you to proactively identify risks and develop a plan to safeguard vulnerable systems and information.
Sometimes, bad actors slip through the cracks. If you plan to get into cybersecurity with no experience, you will need to have a basic understanding of how to react after a breach occurs. Understanding the basics of digital forensics and how to use relevant tools and software to investigate wrongdoing and identify potential vulnerabilities after an adverse event is a must.
Securing tablets or phones against hackers might not be the most exciting job, but it is a crucial one. Cybersecurity is a field that hinges on proactivity above all else.
Having a grasp on data prevention strategies and understanding how to secure mobile devices across an organization could mean the difference between keeping bad actors at bay and inadvertently allowing them in.
Cloud Security and Virtualization
For companies facing continually expanding data stores and user bases, having scalable, consolidated systems is paramount. Cloud systems provide a valuable means to facilitate this expansion, but it isn’t without its vulnerabilities. Security virtualization is the process, procedure and policy that allows cybersecurity professionals to secure far-reaching, virtualized (and cloud-enabled) infrastructure.
Jobs Available Without a Degree
There are countless entry-level cybersecurity jobs available to those who do not have a degree. That said, it is worth noting that many require applicants to have additional training to prove that they have the skills necessary for the job at hand.
A cybersecurity specialist works to protect their employer’s systems from hacks or data breaches. They test firewalls, security software and other applications, and use their findings to make improvements. Generally speaking, you will need to have some programming skills and a basic understanding of security principles to succeed in this role.
A systems administrator manages IT services — including security — for their employer. If you plan to take up an administration role, you should look into getting certified as a Microsoft Certified Systems Administrator (MCSA) or Microsoft Certified Systems Engineer (MCSE).
Junior Penetration Tester
A penetration tester may work in-house or for an outside security firm. They specialize in thinking and acting like hackers to test security defenses to strengthen them for the future. Here, technical skills, including programming languages, are particularly necessary.
Information Security Analyst
An information security analyst creates and implements procedures that the entire IT department follows to protect your employer’s systems from malware, breaches and other security problems. Certifications like Certified Information Systems Security Professional (CISSP) can help you advance.
Alternatives to a Degree
While you can get into cybersecurity without a degree, don’t make the mistake of thinking that “no degree” means “no training.”
Countless jobs in the field require a certification, even if they do not require a degree. Researchers for Global Knowledge recently reported that the number of cybersecurity professionals who hold one or more certifications is on the rise; according to Exabeam, over 33 percent of cybersecurity professionals have the Certified Information Systems Security Professional (CISSP) designation. Another 23.7 percent have the Certified Ethical Hacker (CEH) certificate, while 22.7 percent are CompTIA Security+ certified.
If you’re wondering how to get into cybersecurity with no experience — and without a degree — there are two main educational pathways to consider: self-guided study and boot camps.
Studying On Your Own
If you are a highly motivated and self-directed learner, you can enhance your technical skills dramatically by studying on your own. There are countless books, tutorials and other resources specifically designed to help people learn cybersecurity skills.
Not sure where to get started? We have your back.
- The Cybersecurity to English Dictionary — by Raef Meeuswisse
- Cybersecurity: A Comprehensive Beginner’s Guide to Learn the Basics and Effective Methods of Cybersecurity — by Brian Walker
- Hacking for Beginners: Your Guide for Learning the Basics of Hacking and Kali Linux — by Ramon Nastase
- Cybercrime Magazine — A trusted source for cybersecurity facts, figures and statistics. Provides cyber economic market data, insights and market projects to a global audience of readers.
- Threat Post — A blog that offers breaking news and insights from the IT and business security sectors.
- Cyber Defense Magazine — A trade publication that shares cutting-edge knowledge, real-world stories and awards on the best ideas, products and services in the information technology industry.
- Darknet Diaries — An investigative podcast that shares real stories of hackers, malware, botnets, cryptography, cryptocurrency, cybercrime and internet privacy.
- Hackable? — This podcast explores the vulnerabilities present in our increasingly connected everyday lives.
- Security Now! — A weekly program hosted by the man who coined the term “spyware” and developed the first anti-spyware program.
- FreeCodeCamp — A learning platform that provides tutorials on the foundational coding skills you’ll need to succeed as a cybersecurity professional.
- Udemy — Provides hundreds of courses on cybersecurity, tech, business and more. This is primarily a paid platform; however, it does frequently host sales.
- Cybrary — Offers a host of cybersecurity and tech-related courses, as well as an expansive library of resources. This is a paid site, but many of its offerings are accessible with a free account.
Before we move on, we need to raise one crucial point: While you can, theoretically, gain all of the skills you need to succeed in cybersecurity on your own, doing so can be difficult.
The sheer volume of available resources is a double-edged blade; while there are plenty of options to choose from, some offerings may be lower-quality than others. Make sure that you vet all of your options carefully before committing to one!
Independent study also requires a great deal of dedication and self-accountability; if you fall into the habit of skipping study periods or glossing over “assigned” material, your progress will stall.
If you intend to go the self-guided route, make a firm curriculum, and find ways to hold yourself accountable to a learning schedule.
Cybersecurity Boot Camp
Studying independently is one way to obtain the industry background and technical skills you need to succeed in cybersecurity without a degree. However, it is not the only path to education in the field. A cybersecurity boot camp may be a better choice for you if you enjoy a more guided, organized approach to learning.
Boot camps are accelerated programs specifically designed to empower people with the practical skills necessary to enter the job market quickly and effectively. They stand as great educational options, especially for those hoping for a relatively quick career change.
These intensive, skills-based programs are rising dramatically in popularity. According to a 2019 report from Career Karma, the coding boot camp market size grew by 4.38 percent and produced 33,959 graduates in 2019 alone.
Moreover, boot camps are valued not only for their propensity to impart skills quickly, but also for the guidance, structure and flexibility they provide. Because most boot camp providers offer a variety of part-time, full-time, virtual and in-person courses, enrollees have the freedom to learn in a way that suits their schedule and learning preferences.
Interested in learning what a boot camp could offer you? Check out Berkeley Cybersecurity Boot Camp today.
One of the most important things you can do to advance your career in cybersecurity is to build your network. Joining professional cybersecurity groups, attending conferences and making connections with others in the field can greatly benefit your career.
As Vandana Verma, a security architect for IBM India, shared of her experience for Security Boulevard, “One of the most challenging things in InfoSec is that one needs to stay updated with different areas of technology and their threat landscapes, so learning with a large number of people in communities can make it a bit easier.”
“The turning point came to my career after joining the cybersecurity communities like null, OWASP, and infosec girls,” she said. “[They] introduced me to the broader security domain and domain experts.”
Make it a point to network regularly. You never know who you’ll meet or where your new relationships might take you!
- Top 50 Infosec Communities to Join — Digital Guardian
- 33 Networking Tips You Can Read in Under 5 Minutes — The Muse
- How to Be the Person People Want to Talk to at Networking Events — Monster
Apply for Jobs
Once you have the training you need, look for jobs that suit your certifications and skill set. Make sure to brush up your resume to highlight your achievements, noting any certifications you have received or independent projects you’ve completed during your training.
Use your professional network to find job openings; a good recommendation can mean a great deal to those hiring for entry-level positions. Some boot camps, online communities or networks may offer job boards and similar resources that help you find well-suited opportunities for your skills and experience. Choose entry-level positions that make the most of your skills, and expect to learn much more on the job.
- Actually, You Should Apply for Jobs You’re Not 100% Qualified For — The Muse
- 10 Do’s and Don’ts for Writing a Winning Cybersecurity Resume — SecurityIntelligence
- 14 Job Hunting Tips to Get the Job You Want — Indeed
Prepare for Interviews
During cybersecurity interviews, you can expect to be asked to answer technical questions or even undergo a practical demonstration. Many of the alternative paths to training and education in the field offer exceptional technical skills, so you should feel secure in your ability when you go into your interview.
Working on security projects, even outside of the classroom or a boot camp, will help keep your skills sharp as you pursue your job search. Remain confident in your skills and focus on your knowledge and training, but don’t forget about your soft skills too!
- Cyber Security Engineer Interview Questions: 4 Ways to Prepare — Dice
- 21 Job Interview Tips: How to Make a Great Impression — Indeed
- What To Do After an Interview: 9 Tips to Help You Succeed — Indeed
So, Do You Need a Degree in Cybersecurity?
The short answer is no — you can absolutely get into cybersecurity without a degree, either via a highly practical boot camp or a self-guided educational path. Each option holds its own pros and cons, so consider your learning preferences before choosing the path that’s right for you.
There are countless lucrative positions available in the cybersecurity field and demand for skilled cybersecurity experts continues to grow. In a job field rich with opportunity, the real question is: Which training journey will you choose?
Prepare for a positive career change and take your first steps toward a cybersecurity education today.