InfoSec Jobs without College Degree With Work Experience?

Question

This question as been asked before it seems, but I could use some advice myself for my specific situation. I am very frustrated with my university. I study software engineering and I am very bored. I finished my first year of college awhile back and I didn't learn much mostly calculus and chemistry. The main advantage is the cyber defense competitions which we do and I was able to win that last spring and got an internship at a company for the next academic year part time (20 hours a week) doing InfoSec work (security monitoring and internal penetration testing is what I am told).

I am frustrated by the university now I have to study Diffeq and physics this summer and I would much rather be reverse engineering, working on a blog to showcase my skills, and getting certifications. People who don't work in InfoSec have told me I need a college degree, but when I meet people who are seniors and have been through all these courses and can barely explain how what SQL injection is let alone how to exploit it I begin to question that logic.

I have been studying InfoSec since I was in middle school and while I am no expert I do know a thing or two. I am great at teaching myself. I have another company I am trying to get an internship at who had challenges online and I completed all of them and sent them my resume.

Unfortunately, they had already hired interns because I did not find the challenges until very late, but said I could contact them in the fall. I feel like I have all the skills to get into the InfoSec field, but lack the college degree. If I did my internship next academic year and instead of going to university I got the OSCP, OSCE, and OSWP certifications could I just leave college and go work in the InfoSec field? Could I get a full time job as an entry level penetration tester. I don't really care if it is a junior position I just want to turn my hobby into a career and going to college does not seem to be getting me where I want to be. Getting a job in the field I would be able to work in security full time while being able to spend all my free time (I love what I do) continuing to improve my skills I don't think I would have any problems at all and would not have to spend three more years or four more years for the masters program of my life at university.

I know this question has been asked before, but I could use some solid advice.I really very much would love to work in the InfoSec field and not have to spend any more time at college bored, but I will do it if that is what it takes.I have seen a number of blog posts by people who say you don't need a college degree for InfoSec. This is really a gamble and if I am going to take it then I could use some guidance.

TL; DR if I left college and got some certifications to prove my skills would I be able to get a job. I have an internship for the next academic year which is part time doing internal penetration testing and security monitoring. But, if instead of going to college I spent that time getting the OSCP, OSCE, and OSWP certifications with that work experience could I get a job as an entry level penetration tester without a college degree. I am bored in college and want to be challenged and not have to work around college bureaucracy to have time to study InfoSec.

Answer 1

Yes and No, Yes you can leave college and get a job as a pen tester and work in infosec doing that. I will tell you though as someone without a college degree that works in infosec that not having college degree does hold you back in some parts of the field.

There are a ton of HR departments that hold very dear to the idea that anybody without a college degree is not worth considering. It will be an uphill battle of proving your worth for every job that you get. If I was to be starting over right now I would have stayed in school and gotten my degree.

You are on the right path though. Start now getting your name and experience built up and when you get out of college you will have a leg up on everyone else.

Answer 2

What are your goals in life? Do you want to be a security guy or a software engineer? Is your passion security, or is it software development?

I think you may find it easier to enter the InfoSec field without a degree than you will development.

As a developer, you could take a job working in many different problem domains: you might be writing software that manages a physical process, like material handling or controlling lighting. You might write software to manage a clinic. You might write software to do taxes. With any of those, a four year degree might expose you to the concepts behind inventories, biology, and accounting; such knowledge will help you speak the language when your users are speaking jargon like "double entry" or "luminous flux". A four year degree will expose you to a broad set of domains you never really thought about before, and is often a hiring requirement for any development job bigger than a web designer.

As a security professional, you'll benefit by knowing laws regarding computer fraud and abuse, rules about evidence collection and custody, security planning, threat modeling, networking, etc. You may need to understand accounting, especially since so many crimes these days are financial crimes. While these topics are more specialized to the Info Sec field, having exposure to a wider set of topics may help you better chase the bad guys by understanding their motives. Four year degrees in Criminal Justice or other degree programs may be required for advancement to certain positions. Alternately, a Private Investigator license might open a few doors, but I don't know what the requirements are.

Much of it will depend on you. If you don't have any job experience in the Info Sec field, what is your plan to get in without a degree? Are you funding yourself on bug bounties? Will you be taking other certifications, such as CEH? Do you have a part-time job in an associated field, such as working Loss Prevention for a store? You'll need to show some achievements to a potential employer, or they'll pass you by for someone who can.