There are many paths to consider when choosing a cybersecurity program. You could get a 2-year community college degree or a 4-year bachelor’s degree. Within those programs you could decide to major in computer science, or business, or political science, or even criminology. You could even forgo college and decide to attend a security boot camp designed to help you pass a specific security certification. All of these paths can lead to a job in cybersecurity.
So, what should you choose?
The answer is, it depends on what is best for you and your situation. I can’t tell you what the best option would be for your situation, but I can give you some information to help you with that decision.
I think the best way to understand the difference between the education paths is to visualize a pyramid. The bottom, wide portion, represents the knowledge gained at a 4-year university, and as you go up, the focus narrows till you get to the point, representing a certificate, where the knowledge is very specific.
How do you pick between these options?
Some of it comes down to time, money, and whether you’d like to prioritize breadth or depth. If time and money are rare commodities for you, and if you’d like to prioritize depth, your best bet is a boot camp focused on a certification.
Certifications are a very viable option and can lead to great entry level cybersecurity jobs. There are plenty of online or in-person bootcamps to choose from. Taking one of these bootcamps, combined with reading good books on the subject, can help you pass one of the many cybersecurity certifications. Opinions vary on the value of certifications, but I do know of several employers who value certifications more than degrees, including a cybersecurity consultant who works with Fortune 50 companies.
One of the challenges that you will face in the certification route is that you need to know exactly which field of cybersecurity interests you. Do you want to work in a SOC? Or do you want to do pen testing? Maybe code review sounds good to you. How about computer forensics? You get the point; there are a lot of fields in cybersecurity, and you would need to pick a certification for that particular area.
There are some general certifications, like Security+, but I believe that those are more valuable when they’re combined with a 2- or 4-year degree. However, if you are not planning on getting a degree, your best bet is to pick an area of cybersecurity that interests you and to study that topic in depth.
2-year Associate Degree
Moving down from the point of the pyramid, you are starting to broaden your range of knowledge. A 2-year associate degree adds on some general education classes, such as math, history, and English. But why would you need these skills for cybersecurity? One of my former students, who now works for a pen testing company for Fortune 10 companies, says that his job is about 50% cybersecurity and 50% writing up reports, so he highly values individuals who can produce legible findings for their valuable clients. A cybersecurity certification won’t refine your writing skills, but a 2-year degree will.
Another upside of getting a 2-year degree is the cost of tuition. Several community colleges, at least in California, offer either the first year or even both years tuition free. How can you beat that?
4-year Bachelor’s Degree
This is the final, broadest level of our pyramid. With a 4-year degree you’ll learn the theory behind cybersecurity that you don’t necessarily learn in 2-year or bootcamp programs. You’ll learn how and why cybersecurity works the way it does, beyond the surface of implementation. You will learn, for example, the history of cryptography and how it evolved to where it is now. This is important to understand if you are tasked with selecting a solution involving cryptography. Solving such a task requires a surprisingly broad background in cryptography—a background you’re most likely to develop in a 4-year degree program.
I should probably disclose that as a professor at a 4-year university, I’m a bit biased. I believe that, assuming you have the time and money, a 4-year degree is worth the cost because beyond learning cybersecurity, these programs are designed to make you a more well-rounded human being. I believe this is important for many reasons. First and foremost is the sheer number of ethical issues in cybersecurity. If you are in charge of making ethical decisions for an organization, you’ll need some background to pull from. A 4-year degree allows you to take courses in history, critical thinking, ethics, justice, and many other topics that you can add to your ethical decision-making repertoire. There are also math courses to build your computer science background and writing courses to round out those report-writing skills.
Computer Science Degree
This leaves one final discussion on what to major in at a 4-year college when pursuing cybersecurity. The obvious choice, and again I am biased, is to major in computer science. This gives you a very well-rounded background in operating systems, programming languages (both scripting and compiled), networking, machine learning, databases, web programming, and, of course, security. A computer science degree prepares you for many different areas of cybersecurity.
One drawback is that a 4-year degree is not as focused as the top of the pyramid, the certification route. So, it is possible that you will, on your own time, need to prepare for and take a certification. The upside is that you will have a very strong background and therefore would not need to study as much for the cert as if you were to do a cert without the 4-year degree.