Do you need a master’s degree in cybersecurity?
Introduction
One of the greatest challenges in landing a job in any field is demonstrating that you possess the knowledge and experience required for the role. This is especially true in cybersecurity, where 70% of organizations say half of applicants to their posted positions are unqualified for the role to which they are applying.
This is often pointed to as the explanation behind the paradox that the cybersecurity field supposedly has over 4 million unfilled positions but cybersecurity applicants cannot find jobs. If applicants are unrealistic about their skill sets and compensation requirements and cannot demonstrate that they have the skills for the job, hiring managers may be unwilling to take a chance on them.
FREE role-guided training plans
One of the simplest ways of demonstrating proficiency and standing out from the competition is by pursuing higher education. Completing a master’s program in cybersecurity results in a diploma that verifies that you have achieved the associated level of knowledge and experience.
Why not get a degree?
The arguments in favor of pursuing a master’s degree in cybersecurity are fairly straightforward. But what are the arguments against pursuing one? Some of the major disadvantages of a master’s degree are the demand for master’s degree holders, the duration of the program and the cost.
Pro: Demand
The principle of supply and demand is a major driver that dictates pricing and competitiveness in the job market. If there are more positions than applicants, hiring packages get better and it’s easier to find a job. Conversely, a saturated job market means that hiring managers have a better range of applicants to choose from.
Pro: Job requirements
CyberSeek is intended to provide hard data on the current cybersecurity job market in order to help close the skills gap in the United States. This data includes information on the desired education level included in numerous job postings.
According to CyberSeek, a master’s degree is not required for the majority of cybersecurity jobs. In fact, of the fifteen positions included in their analysis, security intelligence has the highest percentage of job roles requiring a master’s degree at 18%, and security intelligence is only considered a cybersecurity “feeder role.” Between 0 and 15% of cybersecurity job postings require a master’s degree.
Pro: New opportunities
Another way to look at this is the number of new positions that a master’s degree opens up. Rasmussen College performed an analysis of 96,951 job postings to determine if they needed a high school diploma, associate degree, bachelor’s degree, master’s degree or doctorate.
Of these 96,951 job postings, a candidate with a bachelor’s degree was eligible for 93,793 of them, which is 96.7%. A master’s degree opens up another 2,442 potential positions, which make up 2.5% of the total.
Program duration
In general, a master’s degree takes a couple of years after completion of a bachelor’s degree. This is significantly longer than earning a certification, which can take between three and nine months on average. However, this significant time investment also has other downsides.
Con: Skill relevancy
One of the downsides is the expected longevity of the information learned there. The average half-life of technical skills is approximately two years, meaning that half of the information learned in a technical profession, like cybersecurity, will be outdated and irrelevant within two years.
With a two-year program, this means that if a class was updated the summer before courses began, half of its information could be expected to be out-of-date by the summer after graduation. This also assumes that professors are constantly updating their courses and that students are not enrolled in courses that are already several years old.
Con: Hands-on experience
A recurring problem with common hiring practices is that you need experience to get a job and a job to get experience. This is true in the field of cybersecurity as well, where 95% of organizations are looking for hands-on experience during the hiring process but only 89% care about a candidate’s credentials.
During a master’s degree program, a student can be expected to pick up some hands-on experience in their field. However, realistically, they’re unlikely to gain the same amount of real-world experience as a person working in the field for that same two years. When hiring for a position, HR may favor promoting someone with two years of experience in the field at a lower grade than hiring someone with an advanced degree but no experience.
Con: Program cost
Beyond the time investment, a master’s degree can also represent a significant financial investment by a student. The average price of a master’s degree is between $20,000 and $70,000 per year. While scholarships and internships may reduce this cost, they are limited in number and may carry additional obligations.
In comparison, pursuing a certification in the field can be significantly cheaper. Well-respected certifications such as the (ICS)2 CISSP, EC-Council CEH and CompTIA Security+ certifications all have self-study options for under $1,000.
Conclusion: Should I pursue a master’s degree in cybersecurity?
At the end of the day, the choice of whether or not to pursue a master’s degree in cybersecurity is one of personal preference. A specific career path or position at a certain company may be easier to achieve (or even require) advanced education. In other cases, a certification or two and/or demonstrated experience in Capture the Flag (CTF) exercises may be more than enough to land the job that you want.
One important consideration is that many companies support continuing education for their employees and may even pay for a master’s degree. If so, getting a certification or two to get your foot in the door and pursuing a master’s degree as an employee might be a cheaper and better option.
FREE role-guided training plans
Sources
- Cybersecurity Career Paths and Progression (February 2019), CISA
- Future of Work: The People Imperative, Deloitte
- Cybersecurity Career Pathway, CyberSeek
- Is a Cyber Security Degree Worth It? The Facts You Can't Ignore, Rasmussen College
- State of Cybersecurity 2020, ISACA
In this Series
- Do you need a master’s degree in cybersecurity?
- Top-paying cybersecurity jobs and salary trends for 2024
- The importance of IT certifications in boosting your career
- Understanding the role of a network engineer in IT
- The role of the chief information officer (CIO) in cybersecurity
- What is a network engineer and how to become one?
- What does a system administrator do and how to become one?
- Cyber security hiring: Tips and best practices
- Cybersecurity soft skills: Career benefits of public speaking
- CompTIA Data+ certification: Opening doors to new careers
- Surviving cybersecurity burnout: Tips from industry experts
- How to make a mid-career change to cybersecurity
- 7 top security certifications you should have in 2024
- The Changing Role of the Modern SOC
- Discover the top 5 information security management certifications
- CySA+ versus CASP+: Is the CySA+ good enough for a career in cybersecurity?
- The best cybersecurity jobs in 2023: Trends, roles and salaries
- Top 10 penetration testing certifications for security professionals (2023)
- How to land an entry-level cybersecurity job: Essential skills and certifications
- 133 cyber security training courses you can take now — for free
- Breaking down barriers: How to make cybersecurity more inclusive and diverse
- Computer forensics interview questions
- The digital security forensic analyst salary guide
- Applying linguistics to cybersecurity: The journey of Jade Brown, a 2022 Infosec Scholarship winner
- The Path to “Career 4.0”: Amy Bonus leverages humanities, FinTech experience to bring Cybersecurity to the layperson
- Security engineer: Degree vs. certification
- Cybersecurity engineer: CyberSeek
- Infosec Accelerate Scholarship winner highlights essential qualities of a successful cybersecurity professional
- Career skills, imposter syndrome and intelligence-led pentesting | From the Cyber Work desk
- Cloud security engineer interview questions and answers
- Prior preparation results in a big payoff for Jason Mondragon, an Army veteran transitioning into cybersecurity
- Infosec scholarship winner Kandice Kucharczyk salutes her mentors as she sets her sights high
- Which CompTIA cert is right for you: Security+, PenTest+, CySA+ or CASP+? [updated 2023]
- How VetsInTech and Infosec Laid the Path to Gaurav Panta’s New IT Career
- Infosec 2022 scholarship winner Anthony Torres: Bringing the Marine Corps ethos to the cyber domain
- Infosec Scholarship winner Chris Chisholm knows the power of service and diversity in cybersecurity
- Betta Lyon Delsordo, Infosec scholarship 2022 winner, is a true life-long learner
- A veteran transitions from military medical logistics to multi-national security analyst
- An Army National Guard member fast tracks his cybersecurity career transition with VetsinTech
- How a career harnessing Navy nuclear energy can power a transition to a Security+ certification
- What is a cloud administrator? Essential roles and skills
- Security control mapping: Connecting MITRE ATT&CK to NIST 800-53
- Should you take the CCSP/SSCP before the CISSP? [updated 2022]
- (ISC)² certifications: The ultimate guide [updated 2022]
- CCSP vs. Cloud+ [updated 2022]
- Data architect: The ultimate career guide
- The ultimate guide to ISACA certifications: Overview & career paths [updated 2022]
- I failed IAPP’s CIPP/C certification. Here’s how I recovered
- How learning to be "Always Flexible" helped a Marine in earning the Security+ certification
- How to learn and pass your next certification exam
- Mission accomplished: How one army veteran turned neurobiologist moved into cybersecurity
Get certified and advance your career
- Exam Pass Guarantee
- Live instruction
- CompTIA, ISACA, (ISC)², Cisco, Microsoft and more!
Professional development
Professional development
Professional development
Professional development
The role of the chief information officer (CIO) in cybersecurity