September 22, 2021

Do I need a degree for high level Cyber Security roles?

Hi all,

So I am 22 years old and I am trying to decide between going to uni to study Computer Science or a job offer I received as a Level 4 Cyber Security apprentice.

*I have recently completed a Level 3 Infrastructure Technician Apprenticeship in a seperate company.

They both have their own personal pros and cons and honestly I just dont know what is best for me long term. I will be honest that one of my main reasons for wanting to go to uni is the social aspect but ofc I would still study hard however I am not sure would I enjoy programming and the big downside to uni is just the costs of it all as I am from the uk so its upwards of 50k debt.

For the job I just feel its such a great opportunity, theres a possibility of completing a degree after I have completed the level 4 although this is not an absolute guarantee or is a job at the end of it. I just feel the experience especially in the Cyber Security field would help me in that field going forward in my career. Its just obviously the big downside for me here is nothing really else changes in my life social wise and I have never worked in Cyber before…

Any advice be much appreciated on which option would open the most doors for me long term, is a degree necessary for the top jobs? I have very little experience in programming but what I did with HTML and CSS I did not enjoy tbh so I have to consider this if was go go uni. The job I have been offered is within SOC, is there much career progression here? I find Pen Testing interesting but am not sure in either of these options would it let me to progress to here.




I am an almost 30 year old Security engineer/architect (I’m between roles atm) with almost 10 years experience. I would consider myself high level, I’m in the six figure range in terms of salary. CISSP, etc

>Level 4 Cyber Security apprentice.

That’s a very non-standard job title. I have no idea what that even means.

>I would still study hard however I am not sure would I enjoy programming

>I have very little experience in programming but what I did with HTML and CSS I did not enjoy tbh

You don’t need to be a programmer to be a CyberSecurity professional. Most cybersecurity jobs are going to be infrastructure based (ie, networks, endpoint and server management, patches, etc). You’re not going to be going through or writing lines of code. It’s nice to be somewhat comfortable with programming, every now and then you may need to build a SQL query, piddle around javascript, or make a powershell script; but that’s something basically every IT role eventually learns.

Are there CyberSec jobs that ARE software based? Absolutely. But most won’t be.

Trust me. Got a Computer Science degree because I thought the same thing when I was 18.

>big downside to uni is just the costs of it all as I am from the uk so its upwards of 50k debt.

Wow. I’m not familiar with UK college structure but I’m in the US and got an associates degree (2 year degree) from a community college for around 4 grand. That’s carried me basically all the way up on the career ladder.

> I just feel the experience especially in the Cyber Security field would help me in that field going forward in my career.

Experience is super important in CyberSecurity. Degrees less so.


Take the job offer, go to school after a year or two of work experience.


You’re mad if you knock back any reasonable entry level work experience. You can always get a degree later.

Just take a look at the armies of people on the sub saying “I have a degree, no experience and no job”


Without a degree, you will start hitting ceilings as you go into mgmt. not everywhere, but at some companies. You might not make it past director or something. So if you want to get into mgmt a degree is not necessarily a requirement, but it will probably give you a lot more opportunity to go higher faster.

But if you want to stay a practioner, it will still have value, but probably not the value of 4 years of actual work experience. And you can definitely get a job after a while making $200k+/year in the US without the degree if you’re good at it.


TL;DR: Not required from a technical perspective, may be required by the employer

Longer answer: A 4 year degree (and/or post-grad work) is meant to:

1. Help hiring managers gain comfort that you have the potential to be competent: The core assumption behind this item is that an accredited institution will present a challenging curriculum and a 4 year degree is proof that you completed all requirements for matriculation.
2. Demonstrate your ability to leverage cumulative knowledge and learning toward a comprehensive goal: Beyond completing the curriculum requirements, the degree *program* is viewed as evidence that you integrated increasingly technical concepts into a final thesis, project, or capstone.
3. Be viewed as a conventional a “rite of passage” for white-collar jobs: Partly as a result of generic classism/elitism and partly because of cultural differences between the “supervisor/manager” types and the “worker” types, completing college helped demonstrate that you fit in enough to pick up the endorsement of the college/university.
4. Be viewed as the primary way that professionals gain professional-level technical knowledge: This is especially true for consulting and advisory roles, which many high-level roles boil down to (in which roles are less about “how do I structure this KQL query for high fidelity” and are more about “how do I effectively influence the organization to strengthen the information security posture”). Basically, many hiring mangers’ still have the perspective that certifications and real-world experience aren’t enough to build the skills required for complex, deeply technical work.

These assumptions are not universally accurate and are increasingly a poor fit for navigating the scale issues/skills shortage in the information security field. The primary benefit of a college experience for information security isn’t the technical knowledge, it’s the context, broader awareness, and interpersonal network that you develop through the process. As an example, all accredited MBA programs offer the same *technical knowledge*, but Harvard, Wharton, and USC charge (massive) premiums for structured, facilitated access to Harvard, Wharton, and USC *students and faculty.*

I’ll say that when considering a candidate I focus on their thought processes and how they’ve demonstrated leadership and problem solving capabilities regardless of the environment. In my limited experience, job effectiveness is more weakly correlated to deep technical knowledge than practical experience solving complex, time sensitive problems in team settings.

Your resume gets you the interview, during the interview can you speak to your ability to apply systems thinking and understanding of third and fourth order effects? Can you speak to the types of real-world problems (not threats, not risks, problems faced by the organization) that the organization faces? Can you connect your experience to the organization’s problems? If not, consider which option will put you in the best position to build that experience.

I hope that helps.


The short answer is “yes”. It can be done without one, but you will be automatically disqualified from a large number of jobs, and will find the lack of a degree more and more career limiting as you rise through the ranks.


Personally, the social aspect of going to college was worth the cost and career delay (I actually didn’t even get my degree for many years afterwards). The personal development that happened was really important to me and honestly is worth a lot more than the money (thinking about it, I probably set my retirement back by ~5 years). I was able to do things like study abroad in Tokyo for a year. I met all sorts of people and learned to socialize a lot better thanks to my time in college

Professionally, you’re almost certainly better off working now and skipping college (potentially doing it part time and getting an employer to pay for it in the future)

TL;DR – Personally I’d go to college. Career-wise/financially it’s a bad decision


A quote my Dad once told me “More education will only ever open doors for you, it never shuts them” that being said I’ve seen many successful people in this field with and with out degrees. I got my first security job while working on my degree still but finished it. I think people just want a way to verify you know what you are doing prior to hiring you that is just most regularly achieved through college education, work experience and certifications but I think you can be successful with any combination of those.


I’m in my thirties and if I were in your position, I would jump on the occasion to get good professional experience, and probably do a degree anytime I want on the evening, distance learning, when you would feel ready to do it. You can go back to school any time you want, but you cannot find good experience opportunities anytime you want.


It’s ultimately up to you OP. You’re only 22, and I have seen people going to college at like 26 27 or even 30s. Plus also, going to college means that you’ll have to study and do exams…. You have to ask yourself if you’re ok with studying or not. College is not for everyone, and it’s not an instant ticket to success.


And honestly if you need someone to chat with online just message me!


Either option is fine. My friend did a level 4 apprenticeship in a SOC, straight out of school. The pay wasn’t great (maybe £18k but the training is paid for), however when it finished he doubled his money elsewhere in another SOC, and then became a security engineer within 2 years. I would personally go with the apprenticeship because it guarantees you a career in cyber security and I don’t see a degree making much difference in the UK, but if you want to go to uni for the social aspect then go ahead.


The folks saying that the degree matters are just wrong. I’ve been considered for multiple positions and offered 6-figure positions twice now. Another thing is that a 4 user degree does nothing compared to 4 years of experience in the field. If you have an opportunity to start working in the field now, it’s better to take that and address the degree during evenings. If anything, that shows a strive for personal improvement outside of just meeting the demands of a 9-5.

To be clear, I was turned down from one position (at MITRE) who said they would love to have me but the HR requirements were too stringent to even try to fight for me without a degree.

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: By filling this form and submitting your commen, you acknowledge, agree and comply with our terms of service. In addition you acknowledge that you are willingly sharing your email address with AiOWikis and you might receive notification emails from AiOWikis for comment notifications. AiOWiksi guarantees that your email address WILL NOT be used for advertisement or email marketting purposes.

This site uses Akismet to reduce spam. Learn how your comment data is processed.