How to land a cybersecurity job when you don’t have a degree

But maybe you don’t have a related degree. Or maybe you don’t have a college degree at all. If so, you might be wondering if it’s still possible to start a career in cybersecurity. 

A recent survey by cybersecurity company Trellix found that cybersecurity professionals are well-educated. Most have at least a high school diploma or equivalent and 95% have a bachelor’s/undergraduate degree. Similarly, 83% report holding vocational qualifications and certifications to help them grow in their career.

But despite this, 56% of current professionals believe a university degree is not needed to have a successful career in cybersecurity. “Many in the industry report being self-taught or being taught on the job the skills they need,” said Michael Alicea, chief human resources officer at Trellix. “The key to a career in cybersecurity isn’t in degrees and certifications, but rather in soft skills such as teamwork, critical thinking, and problem-solving.”

Do you need a degree to work in cybersecurity?

While many industry veterans came into cybersecurity through other disciplines, having a degree does ultimately help you to break into the field at many companies. However, it is possible to get your foot in the door—with some persistence—with the necessary knowledge and skills.

“A lack of a degree may present a challenge for getting hired into companies that require a bachelor’s, but most quality companies are more interested in knowledge areas that aren’t really taught widely in college,” says Jamie Boote, associate principal security consultant at Synopsys Software Integrity Group.

Training and skills needed for a cybersecurity career 

A career in cybersecurity requires a blend of formal education, practical experience, and continuous learning to keep pace with rapidly evolving threats and technologies. Whether or not you have a relevant college degree, the following training and skills are essential for a cybersecurity professional.

Certifications

Getting one or more certifications related to cybersecurity shows that you have relevant training and skills. Popular certifications include:

• CompTIA Security+: An entry-level certification that covers basic cybersecurity knowledge.
• Certified Information Systems Security Professional (CISSP): A more advanced certification for experienced cybersecurity professionals.
• Certified Ethical Hacker (CEH): Focuses on offensive security through ethical hacking techniques.
• Certified Information Security Manager (CISM): Ideal for IT professionals seeking to move into management roles focused on security.

Boote noted that some certifications can be helpful for more specific roles within the industry. “For example, the [OffSec Certified Professional] can allow a candidate to demonstrate proficiency in tools and techniques needed for penetration testers,” he says.

On-the-job training

Many cybersecurity professionals report that they learned much of what they need to know while working. So if you’re looking to break into cybersecurity, it can help to research companies that are open to providing this kind of on-the-job training and mentorship so you can get your foot in the door and work your way up. 

“Cybersecurity companies should provide prospective talent professional development programs—mentorships, internships, and apprenticeships to help individuals feel more prepared to enter the field and encourage openness to those from non-traditional cybersecurity backgrounds,” Boote says. “In turn, these programs ensure that entry-level hires have a solid understanding of the skills they need to be successful in their role.”

Technical skills

Through a combination of general education, certification, and experience, there are certain skills that should be in your arsenal to be successful in cybersecurity. If you’re lacking in any of these areas, consider enrolling in a course or bootcamp to improve your hireability.

• Knowledge of operating systems: Understanding the intricacies of various operating systems, including Windows, Linux, and MacOS, is crucial since these are the platforms you’ll be protecting.
• Networking: A solid grasp of networking principles and protocols (such as TCP/IP, DNS, HTTP/HTTPS) is key for understanding how information moves across the internet and how it can be intercepted or manipulated.
• Programming: Familiarity with programming languages such as Python, Java, C/C++, or PowerShell aids in automating tasks, analyzing malware, and understanding attacks.
• Security principles and technologies: Understanding firewalls, VPNs, anti-virus software, and intrusion detection/prevention systems (IDS/IPS) is vital for defending networks.
• Cryptography: Knowledge of cryptographic principles and techniques is necessary for securing data in transit and at rest.
• Ethical hacking and penetration testing: These skills are necessary for identifying vulnerabilities in systems before malicious hackers can exploit them.
• Incident response and forensic skills: The ability to respond to cyber incidents and conduct forensic analysis is important for mitigating damage and understanding how breaches occurred.

Soft skills

Aside from technical skills, there are certain “soft” skills that make cybersecurity professionals stand out:

• Communication: Clear communication skills are needed for explaining technical issues to non-technical stakeholders and for effective teamwork.
• Ethics: You’ll need a strong ethical framework, as cybersecurity professionals must handle sensitive information responsibly.
• Teamwork: Cybersecurity is often a team effort, requiring collaboration and the ability to work well with others.
• Stress management: The ability to remain calm under pressure is important, especially during a security incident or breach.

The takeaway 

A career in cybersecurity can be rewarding, with plenty of opportunity for growth. If you don’t have a degree, certain employers may not be willing to hire you. However, across the industry, there are many more who are looking for talent with self determination and real-world experience over a piece of paper. 

“Stay curious and observant,” Boote says. “The best security professionals are the type of people who will see some detail that’s out of the norm and go ‘Huh, that’s funny. I wonder why that is?’ Digging into little details like that often unearth security issues that put folks on the path to doing security full time.”