Do I Need a Bachelor’s Degree for Cyber Security?

One of the most common questions about cyber security and how it relates to college is whether a bachelor’s degree is required to work in the field.  There are cyber security careers available at every educational level, but it’s worth looking at whether a bachelor’s degree is needed for the most common cyber security jobs.

So, do you need a bachelor’s degree for cyber security?  The most common middle and upper level cyber security jobs do require a minimum of a bachelor’s degree in cyber security or a similar major.  Entry level cyber security jobs can be attained with an associate degree, or even no degree if the applicant has other qualifications, such as prior experience and certifications.

Let’s take a look at some of the most common cyber security careers that do require a bachelor’s degree, and whether it’s worth getting a bachelor’s degree before getting into the field.

Cyber security jobs that require a bachelor’s degree

Information Security Analysts

One of the most common cyber security job classifications that requires a bachelor’s degree is what is generally known as an information security analyst.  Keep in mind that these types of positions may have titles such as cyber security analyst, information systems security analyst, security analyst or information security analyst, all depending on what the particular employer chooses to call them.  Regardless of the exact title, what is an information security analyst, and what do they do?

An information security analyst is one of the more versatile jobs in the cyber security field.  They are tasked with designing, deploying and managing security measures for an organization to protect their internal network and technology assets.

A job as an information security analyst is always evolving as new security threats become known.  As with all cyber security related positions, staying current on technology and security issues is a critical part of an information security analyst job.  In positions like these, expect to work both independently and in teams as needed, and to find time on your own to stay current on cyber security trends. Information security analysts often have to communicate with upper level management, but as a generally internally-focused position, interaction and communication with outside customers is often limited.  

According to the U.S. Bureau of Labor Statistics, most information security analyst positions require at least a bachelor’s degree in cyber security, computer science or a related field and previous experience with security or networking, often as a systems administrator or network administrator.  Industry certifications are often required or preferred in these mid to high level positions, with common sought after certifications being the CompTIA Security+ and the CISSP, among many others.

The good news for information security analyst positions is that they are needed by all types of employers, including those in the private sector.  According to the bureau of labor statistics, a large portion of people in this job classification are working for companies in the technology, insurance or financial private sectors.

Pay rates for information security analysts

Pay scales are always difficult to determine because they vary greatly between different areas of the country and are based heavily on the qualifications of the individual, including whether they have a security clearance or not.  With that said, The BLS cites average earnings for information security analysts at about $95,000 per year. They project an increase in the job market demand for this job classification of 28% through 2026, which should serve to maintain or strengthen pay rates for those in this job classification.

Computer Network Engineers

Often called network engineers, network systems engineers, systems engineers or network architects, these positions are responsible for designing and building the local area networks or wide area networks that organizations use.  These positions differ greatly in responsibility based on the size of the company, the size of the network, and the nature of the business that the company is in, but in most cases, these positions will require a bachelor’s degree and prior experience in a technology field.  Since computer network engineer positions are probably more network focused than the security focus of the information security analyst positions listed above, it is likely that more general computer science or computer technology bachelor’s degrees and general technology experience will suffice as qualifications for these positions.

Pay rates for computer network engineers

The BLS cites median salaries for this career at about $104,000 a year, but these salaries probably vary widely based on a number of factors, so it is probably quite possible to work in this area but have a salary a good bit lower than the $104k number provided by the BLS, including salaries as low as $50,000 in many cases.

Interestingly, the network engineer and network architect field is not expected to grow nearly as well as information security analysts, with the BLS citing a modest 6% growth rate in this area, which is in line with the economy as a whole.  The reason for the disparity in job growth between the information security analyst position and the network engineer position is due to the security focus of the security analyst position, and the high demand and sophistication of the skill set required to deploy, maintain and stay current with security.

IT Security Consultants

Similar to information security analysts, an IT security consultant works to determine security for an organization, but does so in a consulting arrangement.  These positions include researching and communicating security suggestions and may include the actual implementation of those recommendations as well.

IT security consultants need a bachelor’s degree in cyber security and actual experience, but also need to be strong communicators as well.  For positions like these, expect that you’ll need to communicate to upper-level management and other stakeholders in a company, and you’ll need to be comfortable with writing up technical documentation to show what you’ve done or will do.  IT security consultants may focus on technologies such as intrusion detection systems, intrusion prevention systems and firewalls, among many other security items and technologies.

Pay rates for IT security consultants

The pay range for IT security consultants can vary widely, from a low of $50,000 to $150,000, based on the level of security solutions that the consultant is expected to deliver.

Chief Information Security Officer

The top security position in many organizations is the chief information security officer, or CISO, often pronounced SIS-OH.  CISOs are executive level positions that act as the head of IT security for an organization. They determine and are responsible for all IT security strategy decisions and oversee the implementation of that security, and as such, are ultimately held responsible for breaches that occur to their systems.

CISO positions require a minimum of a bachelor’s degree, and preferably a master’s degree, and extensive experience, as well as managerial and leadership ability.

Pay rates for chief information security officers

Pay rates for CISO’s are often around $150,000, with nearly all positions earning six figure salaries, and the highest paid positions earning more than $200,000 annually.

Other cyber security career options

Just because these positions require a bachelor’s degree, doesn’t mean that you must have one to get started in cyber security or that you need to wait until you get a degree before you can get into the field.  There are many entry level and lower level positions that do not require a bachelor’s degree. A good approach to starting your cyber security career may be to get started with one of these lower level positions while you are pursuing your bachelor’s degree.  This approach would simultaneously get you the degree and experience that all of these jobs require.

Related Questions

What things should I look for in a college cyber security program?  Any college cyber security program that offers a feasible schedule at a reasonable price and provide hands on lab practice opportunities where you can learn the skills is worth looking into.  Overly expensive exam cram programs or boot camps, or those programs that only accept full-time enrollment may not be the best option for most people.

Can I get into a college program if I haven’t been in school for a long time?  Going back tto school when you haven’t been in a classroom in a long time can be intimidating and challenging.  Always keep in mind that you are not the only person in that situation. Colleges, and community colleges in particular, have transitional coursework options that can get you back up to speed on the academic skills that you haven’t used in a while.  These programs often have substantial transitional options in place to assist people returning to the classroom after a hiatus.

Matt Day

Matt Day

Matt Day is a cybersecurity professional with over twenty years of experience in the IT, cybersecurity and technology training fields. He holds CompTIA A+, Network+, Security+ and Cisco CCNA certifications, and is the author of the book CCENT Troubleshooting Guide.