How did your Cyber Security bachelors degree work out for you?

Kevzors

I've heard a lot of mixed emotions about getting a degree specifically in cyber security, due to the fact that cyber security jobs require years of experience and certifications.

Are these bachelor programs worth it? They are popping up everywhere, and I would like to know if anyone actually got a security job out of college.

636-555-3226

As a hiring manager, I would be interested in someone with a bachelor's in cybersecurity, but it wouldn't get you the job. Most infosec jobs in my area have schmucks applying for them, so the degree would at least imply that you know something. be prepared, however, for me to quiz you on the degree and get a feel for how much you really know. when i hire I want someone who knows the stuff. if i've got you with a degree but you don't know how to use nessus & splunk and i've got another dude who doesn't have a degree but has been running splunk & nessus against his home network & VM lab environment for a few years, he wins....

TheFORCE

636-555-3226 wrote: »

As a hiring manager, I would be interested in someone with a bachelor's in cybersecurity, but it wouldn't get you the job. Most infosec jobs in my area have schmucks applying for them, so the degree would at least imply that you know something. be prepared, however, for me to quiz you on the degree and get a feel for how much you really know. when i hire I want someone who knows the stuff. if i've got you with a degree but you don't know how to use nessus & splunk and i've got another dude who doesn't have a degree but has been running splunk & nessus against his home network & VM lab environment for a few years, he wins....

I overhead once a hiring manager for my organization when he was talking on the phone with a recruiter about his opinion on the degree vs certifications. The recruiter was asking the guy what requirements should the person have and if degree is important.

The hiring manager told the recruiter that he is interested more on people that have certificates vs someone with only just a degree because you never know if someone got the degree just to have a career change for the money but if someone has certificates in addition to the degree, that means that they put extra effort to be in the field and they like working and expanding their knowledge. Certificates are something that push you to lean new things by having to maintain them often. The degree on the other hand once you take it that's the end of the road. I actually tend to agree and had never thought about it from that perspective. So the degree alone wont cut it, you need to combine it with something else also.

Danielm7

For me personally, it worked out well. But, I also had over 10 years in IT before I even started it. I've interviewed quite a few people with security BS degrees and I was only really impressed with the people who did anything on their own. The degree is fine, but don't expect it to get you a job, even an entry level one in security, without practical knowledge.

kiki162

I think bachelor programs in general really don't cut it. When I went through my undergrad, a lot of the material was not anything new. The only class where I didn't have much experience on was a lab using Snort rules. Had some law courses that screwed me on my overall GPA, but other than that it was easy. Now I had multiple certifications and 5+ years experience as a system admin when I started my Bachelors. I remember that during my last semester a lot of students were complaining about how easy it was, and had multiple arguments on why this was so easy. Now in my graduate courses, it's a little harder, but again it's all about time management and how well you can write papers.

Unless you are coming out of college with a Computer Science or Computer Engineering major, you really need to have additional certs to back you up and prove you have some experience, when you don't have any job experience. Once you get your degree, no one can ever take that away from you, but it's what you do to maintain and keep your skills fresh is the real challenge.

One other thing to mention, a lot of these cyber security jobs require a background as an Sys admin, network admin, or programmer, and the more experience and skills you have across those 3, the better off you will be in the long run. It's a building block process, so think of it like this, if a job requires you to do pen or vuln testing, and you don't have a clue about setting up a VM, that's a problem.

Would be interesting to hear what your background is, and where your at currently.

Cyberscum

Don't ever pass up the opportunity to get a degree. Life gets in the way and it becomes harder and harder to finish.

Any degree is good.

You can always get the certs after the fact and its such a small sacrifice compared to a degree.

markulous

It's absolutely worth having a bachelor's. There are a lot of hard requirements by HR to have someone with these, especially outside of entry-level positions. It's helped me get past HR filters and always comes up in an interview.

From a hiring perspective, I think it says a couple things about the person. It first says you're willing to invest in yourself a bit and learn outside of work. It also says you know how to learn and you know how to write papers. The latter can be important in a lot of IT positions, specifically security when it comes to policies, IR, forensics, pen testing, etc.

Danielm7

Cyberscum wrote: »

Don't ever pass up the opportunity to get a degree. Life gets in the way and it becomes harder and harder to finish.

Any degree is good.

You can always get the certs after the fact and its such a small sacrifice compared to a degree.

True. Reading this makes me want to clarify my comment above. I think a degree is very important, just that a BS degree in security isn't a guaranteed job. My company has tuition reimbursement, the fact that almost none of my coworkers take advantage of it blows me away.

DatabaseHead

Years ago we had hired a help desk tech who just recently graduated with a CIS degree with a focus on security. Within 2 years he was working at Master Card as a security analyst. I just recently followed him on LinkedIn and he has moved up twice and recently received his CISSP.

It's been working for him.

mbarrett

Kevzors wrote: »

I've heard a lot of mixed emotions about getting a degree specifically in cyber security, due to the fact that cyber security jobs require years of experience and certifications.

Are these bachelor programs worth it? They are popping up everywhere, and I would like to know if anyone actually got a security job out of college.

It's an undergrad, so it's worth about as much as another undergrad - the supposed difference being that you took a couple classes in "Cyber Security" whatever that means.
Most schools chase the hot thing in the market by adding a Major or Minor in that subject. Some state-supported schools are mandated by charter to educate the citizens of xxx state in job skills that are relevant to today's market. Whether or not they are really any good is a different question.
Experience means a lot, probably as much (or more) than a piece of paper.

the_Grinch

Having a degree is what matters. I have a security based bachelors and it seemed to generally hurt me. Most of the security positions I interviewed for would ask questions well above what someone with just a bachelors would know. When I interviewed for a helpdesk position, they'd usually say I'd be bored as they don't do security. Thus I advise people to get a CS/MIS/IS/IT bachelors and a minor or concentration in cyber security. That way you get a firm base, can apply to normal helpdesk/sys admin jobs, and then move into security once you are truly ready.

cyberguypr

Last year we hired a person out of college with a cybersecurity degree with zero practical experience in anything IT related. His cyber degree was one of the reasons why we hired him. It was definitely a gamble but we like to live on the edge so we went for it. Guess what? It paid off. The person was able to pick stuff up quickly from the senior team members. Based on this, I say there's some advantage in having a cyber degree. We have another position open and tried he same approach but so far no one looks promising.

Cyberscum

I guess I was off topic of the OP.

I do not have a cyber degree, I decided to stay with business degrees and it has worked out for me.

If you stick with a cyber degree you might have to stick with cyber your whole life. You never know what opportunities may come your way. But all in all it will not hurt to get a degree.

mbarrett

Cyberscum wrote: »

CISSP, SEC+, CEH etc... are a joke and require little to no effort or experience.

From the ISC2 site -

Candidates must have a minimum of 5 years cumulative paid full-time work experience

https://www.isc2.org/cissp-how-to-certify.aspx

I see what you are saying, but CISSP is by definition a cert that implies real-world experience, not entry-level. Simply passing the test is not enough to get certified. CISSP holders typically already have years of experience in the field.

Cyberscum

mbarrett wrote: »

From the ISC2 site -
https://www.isc2.org/cissp-how-to-certify.aspx

I see what you are saying, but CISSP is by definition a cert that implies real-world experience, not entry-level. Simply passing the test is not enough to get certified. CISSP holders typically already have years of experience in the field.

Sorry, I'm not following?

the_Grinch

cyberguypr wrote: »

Last year we hired a person out of college with a cybersecurity degree with zero practical experience in anything IT related. His cyber degree was one of the reasons why we hired him. It was definitely a gamble but we like to live on the edge so we went for it. Guess what? It paid off. The person was able to pick stuff up quickly from the senior team members. Based on this, I say there's some advantage in having a cyber degree. We have another position open and tried he same approach but so far no one looks promising.

Your company has the awesome mentoring program correct? In that situation, if I am remembering correctly about the mentoring program, then I would fully agree the cyber degree would work. Sadly, that is more the exception than the rule.

Danielm7

Cyberscum wrote: »

I guess I was off topic of the OP.

I do not have a cyber degree, I decided to stay with business degrees and it has worked out for me.

If you stick with a cyber degree you might have to stick with cyber your whole life. You never know what opportunities may come your way. But all in all it will not hurt to get a degree.

I guess the other side of that is that you have to stick with business your whole life? Once someone is much past their first job or couple years I don't imagine that many employees care what your BS concentration was in anyway.

GreaterNinja

Well security generally does require experience in desktop, servers, network, and informed awareness.
I would say having an Bachelors in IT security or Cybersecurity would definitely pay off. The caveat is that it could be very interesting or it could be VERY BORING / DRY at times.

To add to that, ANY respectable (challenging) bachelors degree or higher should pay off. Think of it as investing in a 401k early. You will see the returns much earlier in life and that will add up in your lifetime.

beads

I prefer to hire people with more generalist background who go into security later in their career. A degree is a degree but an overspecialized degree can make one look really out of date fast if the subject matter falls out of fashion. Take for instance a degree in data analytics or data processing. The world moved on but those degrees still exist.

Yes, their will be outliers to every condition. Someone graduates from po-dunk-U and makes it big stories are rampant here. I can also show you dozens of messages from people claiming to have both bachelor's and masters in 'security' (a big misnomer unto itself) and no job. Priorities are broad based education, experience, then certifications appears to be the golden path. Try to skip a step and generally have more problems than its worth. Right now to many people are trying to either skip the education requirement or jump straight into a six figure career by taking an exam or two. For the vast majority of non-outliers - it ain't gonna work.

And yes, because security is the latest cause du jour - most candidates, suck.

- b/eads

alias454

I have a BS with a concentration in security. After actually deciding to get a BS, I choose security because I was interested in security from early in my career. There were other concentration choices like; programming, web development, networking, software architect, and security. Out of those, I figured security would be the most interesting to me and the most beneficial career wise. I choose to get a degree after working in technology for 13 years and doing jobs like pulling cables, desktop support, system builder, web developer, helpdesk, net admin, etc. the unifying thread in all of my career has been an overall interest in security.

There were two huge takeaways for me when I got my degree. The biggest thing was the structured lesson plans. Yes, a lot of it was redundant because of my prior experience but I always felt like I had gaps. Getting a degree forced me to look at things that I might have skipped over going the self-taught route. Another thing that was highly beneficial is being exposed to a lot of different ideas provided by faculty and students alike. Really, what I am saying is it isn't so much about what degree you get if that is what you decide but the fact you get one at all, as it will help you in many unforeseen ways.

One thing I see time and time again on this forum and others, is the idea a degree is somehow supposed to be like trade school. You go in, they teach you how to do X, then you leave. A degree should add to a foundation; allowing one to learn and build on. The technical how to should be taken care of with certifications and experience. That isn't to say folks without a degree are worse off and I am sure if you search hard enough, you can find many examples on this forum and elsewhere that speak to the uselessness of degrees. Each person's path will be different and you have to find the way that is right for you.

TL;DR if you are interested in security, by all means check into it but if you are interested in something else, do that instead. Don't just follow the money.

Kevzors

kiki162 wrote: »

I think bachelor programs in general really don't cut it. When I went through my undergrad, a lot of the material was not anything new. The only class where I didn't have much experience on was a lab using Snort rules. Had some law courses that screwed me on my overall GPA, but other than that it was easy. Now I had multiple certifications and 5+ years experience as a system admin when I started my Bachelors. I remember that during my last semester a lot of students were complaining about how easy it was, and had multiple arguments on why this was so easy. Now in my graduate courses, it's a little harder, but again it's all about time management and how well you can write papers.

Unless you are coming out of college with a Computer Science or Computer Engineering major, you really need to have additional certs to back you up and prove you have some experience, when you don't have any job experience. Once you get your degree, no one can ever take that away from you, but it's what you do to maintain and keep your skills fresh is the real challenge.

One other thing to mention, a lot of these cyber security jobs require a background as an Sys admin, network admin, or programmer, and the more experience and skills you have across those 3, the better off you will be in the long run. It's a building block process, so think of it like this, if a job requires you to do pen or vuln testing, and you don't have a clue about setting up a VM, that's a problem.

Would be interesting to hear what your background is, and where your at currently.

First and foremost, I would like to thank you for taking the time to reply. I currently live in Palm Desert, California. I have just applied to California State University - San Bernardino. I am majoring in Information Systems & Technology with a concentration in Cyber Security. CSUSB offers a scholarship program called CyberCoprs for infosec majors. This scholarship provides a full ride scholarship (for undergrads and graduates) with in exchange for the student to work for the federal government for 2 years after graduating. This program also offers a summer internship before working full time. The reason why I am bringing this up is because if a academic program has been recognized to the point of offering scholarships, it must be legit, right?

kiki162

@Kevzors So we had a Intern last year that got that the CyberCorp scholarship, but here's what he told me about that program. You still have to apply to government positions, you don't automatically get a job somewhere within the federal government, and as difficult as it can be to apply due to the automated resume scanning that you have to get through, the best bet is to apply for a "student" position.

With many government jobs, there's a lot of "preference" jobs out there, meaning you need to have prior military, or prior government competitive service (GS positions) experience. Normally, you'll have a prob. period for about a year, and once you get through your year, you can really go anywhere with the government. In fact, I have 2 family members that started out with a student position within the govt, and 30+ years later they are a GS-13 and GS-14.

I can tell you firsthand, that it's great for experience, but you will be limited to what you can do and access. Again it depends on the agency you work for, but I've seen a lot of the same thing across the board. Now others may tell you differently, but if you are the type of person that makes an effort to continuously grow and educate yourself, you may find yourself around other co-workers that get a little to comfy in their gov't job and let there skills lapse. Personally, I found it to be a bit like "groundhog" day, for many co-workers, and other gov't employees. So it really depends on you in the long run.

Cyberscum

Cyber corps is a good opportunity. Not a guaranteed job, but they have like a 90% placement rate. Also, prob 80% of those end up in the DC area. Just remember that you start as like a GS-9 in DC...cost of living is insane, but it is a job.

Cyberscum

Also, don't you get paid while you are going to school?

From what I remember they were going to give me somewhere around the park of 3k every month while I was in school. It was a good deal, but I am already a govie so I would have to take a huge pay decrease.

cwelber

I'm went the route of Masters in Cyber and CISSP while I was working in Infosec already. I've had CISSP for a year. I will have my masters by the end of year (which will fulfill my continuing education requirement for CISSP for the year)! It seems you can write your own ticket in this situation. Plus I have years of working Infosec in Legal / Finance. I think I'm being underpaid, but really like my co-workers so that counts for a lot.

markulous

cwelber wrote: »

I'm went the route of Masters in Cyber and CISSP while I was working in Infosec already. I've had CISSP for a year. I will have my masters by the end of year (which will fulfill my continuing education requirement for CISSP for the year)! It seems you can write your own ticket in this situation. Plus I have years of working Infosec in Legal / Finance. I think I'm being underpaid, but really like my co-workers so that counts for a lot.

That's the boat I hope to be within a year from now. GSEC, CISSP, MS in Security, plus infosec experience. Should be able to get a nice bump in pay.

Remedymp

I think I'm being underpaid, but really like my co-workers so that counts for a lot.

So, you're ok with making less than what you think you should be paid because you like your co-workers?????

superbeast

Hi Kevzors,

I'm also a IST major w/ concentration in Cyber Security at CSUSB. My first semester is Fall 2017. Maybe we'll end up in the same class. The CyberCorps scholarship is legit. They even offer a stipend of 20,000/year for you to focus on school as any outside employment is prohibited while under the scholarship. May work out for some but I have a family that I have to support so that wouldn't work out for me. My education plan is to go into the National Cyber Security Studies Master's degree after I obtain my bachelor's.

LinuxRacr

I will say that the degree is worth it. I've worked for two infosec companies (one of which I still work for), while finishing my degree. I can tell you that the material you learn is valid, and will point you in the right direction in terms of what you need to further pursue for an info-sec job. The trick is to stay the path of learning.