Do You Need a Degree to Work in Cybersecurity?

Updated December 2023

The need for skilled cybersecurity professionals is already huge. And it's getting bigger.

By some estimates, the global cybersecurity industry will be short 3.5 million workers by the end of 2025.

But is a university degree necessary to get started in cybersecurity?

The short answer is no. Many job postings do call for a degree, but that doesn't necessarily mean you can't land those roles without one.

In many cases, employers are more interested in what you can do rather than what credentials you hold. It's more about proving your skills on the job rather than in the classroom.

Exactly what skills do you need and what are employers looking for? Here's what you need to know.


HUGE DEMAND AND SCARCE SUPPLY makes cybersecurity degrees "optional"

Even before the pandemic, the number of jobs for people who could detect and prevent data breaches was expanding enormously.

A 2016 report from Deloitte estimated that the demand for cybersecurity professionals in Canada was growing by seven percent annually.

And in December 2023 alone, there were more than 2,300 vacant cybersecurity jobs across Canada, according to TECHNATION.

The huge demand and lack of available talent mean salaries in this field can also be quite high. The median salary for cybersecurity specialists is roughly $91,000, based on data from the Government of Canada Job Bank.

What does this all mean?

A lot of employers have so many open positions that they are willing to accept candidates with basic cybersecurity training rather than full-fledged degrees.

If you can prove you have the skills to do this work, and perhaps some industry certifications, you can easily get your foot in the door.


SKILLS YOU NEED to get hired in cybersecurity

Anyone looking to start a career in cybersecurity needs to possess certain basic skills.

We reviewed some current job postings for entry-level roles such as security analyst, network administrator, and junior penetration tester to find out what kinds of technical skills employers want.

Generally speaking, you should be comfortable with tasks like:

☑️ Installing firewalls, access controls, anti-virus software, and other network security tools

☑️ Monitoring system performance and security

☑️ Researching cyber threats and attacks

☑️ Reviewing security alerts, log files, and reports

☑️ Carrying out data backup and disaster recovery procedures

☑️ Creating and updating security documentation and training materials

Derek Lewis is an experienced IT security consultant who has also worked in education. He says technical knowledge is important, but it’s not the end of the story.

“Employers want to hire people who can look at the organization, identify all the security flaws, and choose the tools and technologies that should be applied to those specific needs.

Companies need people who can think critically and laterally. Skills and tactics come and go and evolve over time, so it’s having that cybersecurity mindset that really matters the most. That’s what sets people apart.”



You might not need a university degree, but cybersecurity certifications can be essential for starting and advancing a career in this field.

In a survey of cybersecurity professionals, completing a certification was one of the most popular pieces of advice offered to newcomers.

Derek agrees.

“Anyone can say they’re a cybersecurity professional, but having respected certifications really proves your expertise.

Certifications like the Certified Information Systems Security Professional (CISSP) are developed by world-renowned organizations. The exams are challenging; if you pass, that tells employers you are extremely proficient in cybersecurity.”

It's wise to check out job postings to see which specific certifications employers are looking for.

The survey we looked at said the CISSP designation was by far the top choice.

Certifications related to cloud security, such as Certified Cloud Security Professional (CCSP), are also well respected by employers.


what to expect from a college cybersecurity diploma

Don't want to invest time and money in a university degree?

A short, focused cybersecurity course at the college level can help you develop a solid foundation of skills for a career in IT security.

A good program offers training in:

☑️ Current threats and vulnerabilities

☑️ Security practices for multiple platforms, such as Windows, Unix, and macOS

☑️ Network monitoring

☑️ Cloud security

☑️ Web application security

☑️ Ethical hacking techniques

☑️ Digital forensics

☑️ Disaster recovery procedures

Most diploma programs take two years or less. Some include an internship so you can get hands-on work experience. And many are designed to prepare students for key cybersecurity certifications.

That means diploma holders can get entry-level roles and, with experience and talent, work their way up into leadership positions, even without a degree.

For instance, with a college diploma, you can qualify for positions like security analyst and penetration tester. Once you gain some experience, you could also pursue roles like ethical hacker or cybersecurity manager/consultant.



The unique cybersecurity program at Herzing College is just 12 months long and includes a 100-hour internship. Training is delivered online.

Herzing's course includes preparation for four certifications that can help students advance their careers in IT security:

☑️ Certified Information Systems Security Professional (CISSP)

☑️ Certified Cloud Security Professional (CCSP)

☑️ Cyber Security Practitioner (CSXP)

☑️ Systems Security Certified Practitioner (SSCP)

Eager for more information? Click below to get complete course details and chat live with an admissions advisor. We're here to help.

Explore the Cybersecurity Diploma Program

hard hat icon



Most Read