IT career people, is a degree in cyber security worth it?
Discussion
Asking on behalf of my nephew. He’s working a pretty dead end job in a factory atm. Bright lad, just didn’t try at school really, he’s fascinated with computers, building them etc. Seems the open university are now doing a cyber security degree, something that he’s very interested in and could do part time whilst working.
If he came out successfully at the end with the qualification, would that put him in good stead for a job in that area, or are there better ways in? He’s 26 currently. What sort of salary are these guys earning to begin with and what can it lead to?
Said I’d ask on here for him because I think there’s some of you already working in this field.
TIA.
If he came out successfully at the end with the qualification, would that put him in good stead for a job in that area, or are there better ways in? He’s 26 currently. What sort of salary are these guys earning to begin with and what can it lead to?
Said I’d ask on here for him because I think there’s some of you already working in this field.
TIA.
If he's willing to put the study in outside of working hours then I'd vouch that he's probably better off, at least initially, studying for certifications rather than a degree, things such as CompTIA A+, N+, Sy+ initially perhaps.
Although it's totally dependent on what route within cybersecurity he wants to take, as there are many, from analyst to architect, GRC to pentesting, and everything in between. I'd imagine it would be easier to do some basic certs and move into an entry-level SOC type role, and then on the job learning would make progress easier.
Although it's totally dependent on what route within cybersecurity he wants to take, as there are many, from analyst to architect, GRC to pentesting, and everything in between. I'd imagine it would be easier to do some basic certs and move into an entry-level SOC type role, and then on the job learning would make progress easier.
I'm not specifically in Security but have been in IT for over 20 years in related roles, but can tell you that building PC's for fun is a world away from "cyber security" which will most likely be based around some theoretical concepts and legal angles such as GDPR etc. I don't think that a degree course is a lot of use for most areas of IT as most of the content will be out of date in such a fast moving industry. More useful qualifications are industry based as most suppliers run certification training courses and recognised exams.
Having said that, if your starting from scratch and the degree is super cheap, then it may just get a foot in the door somewhere.
Having said that, if your starting from scratch and the degree is super cheap, then it may just get a foot in the door somewhere.
Would agree that a degree will not deliver ongoing benefit that make a difference in your day to day activities over the course of a career. The piece of paper, on the other hand will open a lot more doors than a simple professional qualification -though its a huge amount more work, especially if you follow the OU path, and do the degree while working fulltime.
Cybersecurity is not going away anytime soon though, so might be worth investing time into - like someone said above doing personal Meccano is not the same as a career in policy writing and interpretation
Cybersecurity is not going away anytime soon though, so might be worth investing time into - like someone said above doing personal Meccano is not the same as a career in policy writing and interpretation
I worked for a multinational cyber security company up until a few months ago and the latest recruits for endpoint protection had computer studies degrees and the network protection recruits had CCNA and CompTia.
There are many roles in cyber security as has been mentioned, and a start in endpoint protection would be the easiest way in.
You can always have a look at the various companies web sites for their requirements and job types. A cyber security degree would probably be one way in but it would be worth talking to the tutors or course admin to see where their grads have got jobs.
There are many roles in cyber security as has been mentioned, and a start in endpoint protection would be the easiest way in.
You can always have a look at the various companies web sites for their requirements and job types. A cyber security degree would probably be one way in but it would be worth talking to the tutors or course admin to see where their grads have got jobs.
Just a thought, while cyber security is a big thing, does he really want to restrict himself to one specialism?
Personally I'd be looking for a more general IT qualification particular given he hasn't got that background to build on.
When I was recruiting I would look for a wide range of experience. Specialist degree holders were often too hide bound in their thinking to be able to fix things they werent expecting.
I was going to say they couldn't think out of the box but that sounded far too w
ky
But I did 35 years in IT based on a physics degree, so anything is (or was) possible
Personally I'd be looking for a more general IT qualification particular given he hasn't got that background to build on.
When I was recruiting I would look for a wide range of experience. Specialist degree holders were often too hide bound in their thinking to be able to fix things they werent expecting.
I was going to say they couldn't think out of the box but that sounded far too w
kyBut I did 35 years in IT based on a physics degree, so anything is (or was) possible
drmotorsport said:
I'm not specifically in Security but have been in IT for over 20 years in related roles, but can tell you that building PC's for fun is a world away from "cyber security" which will most likely be based around some theoretical concepts and legal angles such as GDPR etc. I don't think that a degree course is a lot of use for most areas of IT as most of the content will be out of date in such a fast moving industry. More useful qualifications are industry based as most suppliers run certification training courses and recognised exams.
Having said that, if your starting from scratch and the degree is super cheap, then it may just get a foot in the door somewhere.
I would agree with this. Cyber security is not like the films - most of the time people will be reviewing patch manifests and arguing with developers. Clearly there are some situations where it is a bit more spiky, but I’ve seen that the best people in this space come from a Comp Sci background allied to a passion for programming. Having said that, if your starting from scratch and the degree is super cheap, then it may just get a foot in the door somewhere.
If he “gets” fiddling with computers, then he’d do well to get an entry level job doing just that. Fixing users workstations, setting up printers, that sort of stuff. He’ll then have a chance to work out what he wants to do - does he want to get some Microsoft admin certs, or has he realised that Microsoft is the devil and wants to (say) get some Linux and Openshift admin certs. Or some AWS certs. Or .... that he does really want to do a security or Comp Sci degree. Quite a lot of large employers would co-operate very nicely with someone doing a part time degree.
IMHO the better option would be to look for roles as a Pen Tester. If he's interested in security then it might be worthwhile having a look at things like OWASP and maybe Kali Linux. There are plenty of web resources out there that deal with exploits and how to prevent them (or how to use them if you're that way inclined).
As others have said, a degree isn't necessary. Aptitude and an inquisitive, analytical mind are probably of more benefit.
As others have said, a degree isn't necessary. Aptitude and an inquisitive, analytical mind are probably of more benefit.
If he's interested in computers and wants a career in that area then he should start working in that area now. Preferably somewhere that will give him a wide range of experience that will look good on his cv and help him decide where his real interest lies.
Building computers is about as close to cyber security as changing a car stereo is to designing traction control systems.
Building computers is about as close to cyber security as changing a car stereo is to designing traction control systems.
Great answers on here, and if I was talking to my own nephew I would suggest he asks to 'shadow' someone working in the field, on a normal business day (Covid makes this difficult of course)
My experience working alongside security is that there is a real need for people-skills; the soft stuff about questioning, influencing, guiding, persuading, supporting; or at least that's what they do when we are in meetings. SO, that's kind of policy / practice / usability layer.
There's another layer of folks who are looking at theoretical risks and possible exploits; and to be honest, I don't see them much. But I have gatecrashed some of their 'lunch and learn' sessions and been really struck by their sheer intelligence *curiosity* and fascination with cyber badasses and their methods.
You're already a good uncle, in that you sharing the load about future career. Maybe you could press him on *why* he would want this career? The '5 why's (why do you want A, so I can get B, why do you want B etc) might be a good framework to help him uncover what's the underlying goal / need )
Sorry if I am butting in too much - but when I think of my own nephew that's what comes to mind. You know your nephew, and it's great (maybe a little daunting too) that he's discussing these things with you.
My experience working alongside security is that there is a real need for people-skills; the soft stuff about questioning, influencing, guiding, persuading, supporting; or at least that's what they do when we are in meetings. SO, that's kind of policy / practice / usability layer.
There's another layer of folks who are looking at theoretical risks and possible exploits; and to be honest, I don't see them much. But I have gatecrashed some of their 'lunch and learn' sessions and been really struck by their sheer intelligence *curiosity* and fascination with cyber badasses and their methods.
You're already a good uncle, in that you sharing the load about future career. Maybe you could press him on *why* he would want this career? The '5 why's (why do you want A, so I can get B, why do you want B etc) might be a good framework to help him uncover what's the underlying goal / need )
Sorry if I am butting in too much - but when I think of my own nephew that's what comes to mind. You know your nephew, and it's great (maybe a little daunting too) that he's discussing these things with you.
Probably not, I do have a massive chip on my shoulder about academia in general but chances are things on that course will be rather out of date. The best way to do it is to get an entry level IT job and work your way up from there, real world and industry experience far trumps outdated academic teachings, they just can't keep up with how fast the industry moves.
I started on the helpdesk when I was 17, dropped out of college, I'm 29 now and I have no regrets, and I've been lucky to make a great career of it
I started on the helpdesk when I was 17, dropped out of college, I'm 29 now and I have no regrets, and I've been lucky to make a great career of it
This guy does half decent computer security videos: https://www.youtube.com/c/NetworkChuck/videos
Perhaps your nephew could try a few and see if they inspire him
Perhaps your nephew could try a few and see if they inspire him
Has he looked at entry level roles and their criteria? Correct me if I'm wrong, but an OU degree takes five years, so he'll be 31 and looking to change careers. That doesn't sound like a great situation to be in.
If it were me, I'd do a few free online taster courses and see if it lives up to his expectations. You can study Introduction to Computer Science from Harvard University for free and at your own pace on edX. I've not done this course, so have no idea if it is dry, complex, boring etc. however it is listed as introductory, so here's hoping.
If it were me, I'd do a few free online taster courses and see if it lives up to his expectations. You can study Introduction to Computer Science from Harvard University for free and at your own pace on edX. I've not done this course, so have no idea if it is dry, complex, boring etc. however it is listed as introductory, so here's hoping.
CzechItOut said:
... he'll be 31 and looking to change careers. That doesn't sound like a great situation to be in.
Because 31 is old?If he just wants a career in cyber security I'd do as above and just take what he can get at a pentesting company now. If he wants to do anything more than run other people's scripts though he's probably better off with a computer science degree and a lot of hard yards from there. Either way, it's probably a path to another career change at some point down the line but that isn't too unusual these days.
IMO - Don't bother with a degree... Experience is more valuable but you MUST have an inquisitive mind.
Cyber Security isn't black & white, there are some basic principles to follow (reduce attack surface, off by default, etc...) but there's a lot of risk management too. For example: Whilst it might be known a system is riddled with holes, if it's critical to your business, you can't simply turn it off... Instead, you're going to have to implement controls to mitigate those risks.
Getting your 'hands dirty', in a security focused environment is the best way but can be difficult to get your foot in the door. Someone mentioned SOC (Security Operations Centre), this would be perfect but there aren't enough companies switched on (or large enough) to have one. Start with some of the basics and look at getting a support role or something with more of a systems integration / roll-out type focus.
In the meantime, also look at getting some of these under their belt:
https://ctf.cybersoc.wales
https://www.futurelearn.com/courses/introduction-t...
https://www.splunk.com/en_us/training/free-courses...
HTH
M
Cyber Security isn't black & white, there are some basic principles to follow (reduce attack surface, off by default, etc...) but there's a lot of risk management too. For example: Whilst it might be known a system is riddled with holes, if it's critical to your business, you can't simply turn it off... Instead, you're going to have to implement controls to mitigate those risks.
Getting your 'hands dirty', in a security focused environment is the best way but can be difficult to get your foot in the door. Someone mentioned SOC (Security Operations Centre), this would be perfect but there aren't enough companies switched on (or large enough) to have one. Start with some of the basics and look at getting a support role or something with more of a systems integration / roll-out type focus.
In the meantime, also look at getting some of these under their belt:
https://ctf.cybersoc.wales
https://www.futurelearn.com/courses/introduction-t...
https://www.splunk.com/en_us/training/free-courses...
HTH
M
As the others have said, cyber security is a very broad field from GRC/Data privacy/reg compliance, strategy and one end, malware reverse engineering, security testing, forensics, acute cyber incident response, SOC analyst at the other end, and everything in between.
I would suggest you need one of (if not both) of the following - ability to deal with people, understand people, and understand why people often screw up/are susceptible to manipulation (thus how to design/run process, systems, organisations so as to minimise the scope for this, or at least maximise likelihood that it will be caught /checked by something)
Or
-understanding of how IT (or operational technology) fundamentally works, from basic protocols networking etc upwards. But try to really understand how stuff works, and thus how it could be exploited
Coupled with a desire and curiosity to just understand how things work (technical or non technical), and learn new things.. the area moves quickly.
For all the wrong reasons (ie humans being t**ts to one another), its a good area to be in, and a growth area.
In terms of course, there's online stuff like cybrary udemy, plus a few of the other posters have mentioned a few things. A degree from any of the NCSC listed accredited degree providers will stand your nephew in good stead, Royal Holloway is very highly regarded .. however:
- most of us the field started before cyber degrees existed, so either have STEM degrees such as compsci, physics, maths, engineering, or people degrees, eg physiology. So willst doing a cyber degree, or MSc shows real intent, most of us oldies in the field dont have them.
-For the technical fields, eg security testing, etc, passing something OSCP will probably do more to getting a foot in the door with a security testing team.
There is a push of "professionalising" the industry at the moment, with academia, NCSC, CREST, CIISec, IET and others joining to form the Cyber Security Council. This should make understanding potential careers paths easier in due course.
You've also got public statements from HMG about open investment in the NCF too.
Roles Cyber vary from consulting, technical services, SOC and security analyst work, information security managers/CISOs/ security architects , security engineers and vendor roles in product development. You've then got cyber product marketing, sales etc. There a lot of very varied roles..all of them could be described as cyber.
Finally, 31 is not too late, or too old to switch.
I'm heavily involved in the consulting side of things and have been for 2 decades.
Do it.
PM me if you feel it would be worth a direct chat.
Written on my phone one handed whilst under a sleeping toddler, so excuse the typos etc
I would suggest you need one of (if not both) of the following - ability to deal with people, understand people, and understand why people often screw up/are susceptible to manipulation (thus how to design/run process, systems, organisations so as to minimise the scope for this, or at least maximise likelihood that it will be caught /checked by something)
Or
-understanding of how IT (or operational technology) fundamentally works, from basic protocols networking etc upwards. But try to really understand how stuff works, and thus how it could be exploited
Coupled with a desire and curiosity to just understand how things work (technical or non technical), and learn new things.. the area moves quickly.
For all the wrong reasons (ie humans being t**ts to one another), its a good area to be in, and a growth area.
In terms of course, there's online stuff like cybrary udemy, plus a few of the other posters have mentioned a few things. A degree from any of the NCSC listed accredited degree providers will stand your nephew in good stead, Royal Holloway is very highly regarded .. however:
- most of us the field started before cyber degrees existed, so either have STEM degrees such as compsci, physics, maths, engineering, or people degrees, eg physiology. So willst doing a cyber degree, or MSc shows real intent, most of us oldies in the field dont have them.
-For the technical fields, eg security testing, etc, passing something OSCP will probably do more to getting a foot in the door with a security testing team.
There is a push of "professionalising" the industry at the moment, with academia, NCSC, CREST, CIISec, IET and others joining to form the Cyber Security Council. This should make understanding potential careers paths easier in due course.
You've also got public statements from HMG about open investment in the NCF too.
Roles Cyber vary from consulting, technical services, SOC and security analyst work, information security managers/CISOs/ security architects , security engineers and vendor roles in product development. You've then got cyber product marketing, sales etc. There a lot of very varied roles..all of them could be described as cyber.
Finally, 31 is not too late, or too old to switch.
I'm heavily involved in the consulting side of things and have been for 2 decades.
Do it.
PM me if you feel it would be worth a direct chat.
Written on my phone one handed whilst under a sleeping toddler, so excuse the typos etc
If he will still be working whilst studying and passing a cyber security degree via the OU, then that would show a lot of commitment and would look good on him. In fact any degree whilst working full time would look rather good. Cyber security is a very broad area and I am in one part of it (and probably could not do what goes on in some of the other parts even at the company I currently work at). There are currently roles out there for the right people. The team I am on have hired 3 during lockdown. Where I work, some of our analysts have come straight from uni and are doing well for themselves, others have moved up from 1st line to 2nd line, maybe 3rd line in our Soc doing things like firewalls etc and then into the CyberSoc and others have come from other companies.
Building computers is however very different to cyber security. The guys on my team that have cyber security degrees like doing geeky stuff like malware reverse engineering in their spare time. The guys in our Soc team are the drinkers though.
Over 20 years ago I was building computers in my spare time and to be honest it is very different from cyber security and most stuff I have done and I am not sure if there is any overlap between the two. Pretty much anyone can build a PC. In my years I have done direct dial remote access, vpns, 2fa, firewalls, mobile device management, SIEM, dlp, encryption, patch management and a lot more and currently doing threat detection and response.
Is there a particular area of cyber security that he has an interest in?
Building computers is however very different to cyber security. The guys on my team that have cyber security degrees like doing geeky stuff like malware reverse engineering in their spare time. The guys in our Soc team are the drinkers though.
Over 20 years ago I was building computers in my spare time and to be honest it is very different from cyber security and most stuff I have done and I am not sure if there is any overlap between the two. Pretty much anyone can build a PC. In my years I have done direct dial remote access, vpns, 2fa, firewalls, mobile device management, SIEM, dlp, encryption, patch management and a lot more and currently doing threat detection and response.
Is there a particular area of cyber security that he has an interest in?
Did your nephew select cyber or did a group of ,well meaning, relatives observe he likes to build PCs and 2+2=£22,000?
Cyber is an oddly specific area to choose with no tech/industry knowledge.
I changed career at 36 into IT. I have only met one person that shares my interest in building PCs. That’s because it isn’t relevant. I found that out in the first few days.
In a lot of big companies, degrees are no longer required. If he has a general interest in technology, I would suggest getting a foundation of knowledge by doing an Azure or AWS cloud computing course. They are often on sale at places like UDEMY for $10. If it is appealing then go on to take the exam and he will have an industry recognized certificate in a few weeks, not years. The next steps will allow him to specialize.
All this will be of no use if he doesn’t have hands on experience though. I’m sure there will be groups he can join to get some unpaid work.
Now, having started off negative, I can give you some real world examples of what is possible. I had a colleague who lives in Glasgow and managed a bar in a hotel at the age of 31. He knew that life was not for him so he retrained in tech. He then entered a graduate program in Glasgow in a big bank surrounded by 21 year olds. His starting salary was over £50k and now he is on over £70k.
The second example is me. I work in the Pharma industry for 15 years and decided I wanted a change. I had zero experience and failed miserably at getting a job for 6 years. That’s because I was trying to get a job where the pool of candidates was huge and I didn’t have the right background. Looking back, I wouldn’t have employed me! One day I realized I had to demonstrate skills they didn’t already have. My background was business and the tech industry was trying to get a hold of their costs which were running away. After 6 years of not getting anywhere, I changed my resume and started getting noticed. The job I ended up getting was “Finance and Business Manager”. The role was created for me and the MD called me to offer me the job because she had my resume from a year earlier. When I turned up, her MD said “I don’t know what you do or why we need you but that tells me, I need you!”
Point being, getting a career in tech might not be about getting a degree in tech and it’s not too late! The biggest players in tech are going to create their own education tracks because degrees are not relevant to them. Also, selling the skills you have can get you further sometimes than trying to be something you are not.
Cyber is an oddly specific area to choose with no tech/industry knowledge.
I changed career at 36 into IT. I have only met one person that shares my interest in building PCs. That’s because it isn’t relevant. I found that out in the first few days.
In a lot of big companies, degrees are no longer required. If he has a general interest in technology, I would suggest getting a foundation of knowledge by doing an Azure or AWS cloud computing course. They are often on sale at places like UDEMY for $10. If it is appealing then go on to take the exam and he will have an industry recognized certificate in a few weeks, not years. The next steps will allow him to specialize.
All this will be of no use if he doesn’t have hands on experience though. I’m sure there will be groups he can join to get some unpaid work.
Now, having started off negative, I can give you some real world examples of what is possible. I had a colleague who lives in Glasgow and managed a bar in a hotel at the age of 31. He knew that life was not for him so he retrained in tech. He then entered a graduate program in Glasgow in a big bank surrounded by 21 year olds. His starting salary was over £50k and now he is on over £70k.
The second example is me. I work in the Pharma industry for 15 years and decided I wanted a change. I had zero experience and failed miserably at getting a job for 6 years. That’s because I was trying to get a job where the pool of candidates was huge and I didn’t have the right background. Looking back, I wouldn’t have employed me! One day I realized I had to demonstrate skills they didn’t already have. My background was business and the tech industry was trying to get a hold of their costs which were running away. After 6 years of not getting anywhere, I changed my resume and started getting noticed. The job I ended up getting was “Finance and Business Manager”. The role was created for me and the MD called me to offer me the job because she had my resume from a year earlier. When I turned up, her MD said “I don’t know what you do or why we need you but that tells me, I need you!”
Point being, getting a career in tech might not be about getting a degree in tech and it’s not too late! The biggest players in tech are going to create their own education tracks because degrees are not relevant to them. Also, selling the skills you have can get you further sometimes than trying to be something you are not.
Gassing Station | Computers, Gadgets & Stuff | Top of Page | What's New | My Stuff