4

I will try to be as straightforward as possible here.

I am currently working as a security integrator at an integration company.

I work with products of vendors like Check Point, Cisco, Juniper, HP, Symantec, Websense etc.

All ranging from switches and routers, to firewalls, URL Filtering and Email solutions, Dlp products and SIM/SOC systems.

This is definitely the right field for me and I wish to pursue a career in it. There is not a single moment on my job which I find boring and each day I learn a huge amount of information and my knowledge grows with each day.

I am pursuing certifications of various vendors which we all know like CCSA/E, CCNA, and the rest of the bunch (I also know the great feud between those who say certs are worthless and those who say that they hold value).

I have no academical degree. To be honest, the academia something which I am not very fond of and I am not too drawn to the concept, nor do I believe I will have success in this kind of learning environment. I also believe (with my minimal experience in the field) that one can make good progress and build a solid career without pursuing a degree. The alternatives are "higher" certifications like CISSP, CISM, CISO etc.

I really look for the opinions of people who have no self interests in mind, and can really advise on this matter. Is it "possible" to flourish career-wise without going for a degree? (I have a strong belief that everything in life is possible, and have experienced it along the way in my life. Nothing someone says is indefinitely true).

You might say one would need at least a first degree in business management, while others would say that CISSP and the sorts teach exactly that, and as an integrator you have a lot of experience in the field, coming from the inside - Where the actual hands-on are.

All in all - Is it a likely scenario?

I would appreciate your answers on this matter.

Franko
  • 1,530
  • 5
  • 18
  • 30

6 Answers6

4

I think both are important. It's becoming more common for employers to require an undergrad degree for many positions. Fundamentally, if you don't have an undergrad degree, your ability to apply to positions will be limited. For example, if you ever want to consider working for the Big 4, you'd have to be very much in demand to get past their screening systems, even if you know the hiring manager if you don't hold an undergrad degree. So, your ability to "grow your career" and the path you can take shifts relative to those that may hold an undergrad or grad degree.

IT Certs are useful to demonstrate the currency of a skillset. Vendor-specific certs demonstrate that the candidate passed a set of tests (practical, knowledge, or both) in accordance to a set standard. It's good to have in certain situations but it also locks you into a specific vendor. For example, a Cisco security cert may demonstrate the candidate's skillsets related to the Cisco tech stack, it may not have much bearing in a Juniper/Checkpoint shop. With that said, it's not valueless, since vendor-specific certs still require demonstration of knowledge relative to standards (routing, firewall, ips, etc).

Vendor-agnostic certs generally demonstrate higher-level knowledge. CISM is meant to demonstrate the candidate's ability to act as an InfoSec manager. The requirements to obtain certification include passing a written test but also education and experience verification in a very specific set of skills (IT Governance, Risk, IT Sec Mgmt). If you aren't able to demonstrate practical experience in those areas, then you'll have passed the exam but won't be awarded the cert until you meet the experience requirements. CISSP follows a similar model as well. In both cases, ISC2 and ISACA allows substitution of academic degree with years of experience. So a candidate with a Masters won't have to demonstrate as many years of experience as would a candidate without a degree.

The big question for you is your ultimate end-goal relative to your career. If you want to continue working at a SI as a consultant/tech/sa/mid management, you'll likely be fine for some time without a degree. If you want to move out of SI, then I'd recommend reviewing job descriptions for your ideal next-step to determine whether a college degree is required. However, consider the impact/effect on your career if your SI is acquired by another SI. In such a situation, the acquiring organization may begin to impose their views on hiring/promotion.

So, I'd agree that it's possible to have a great career without a degree, I'd recommend sampling a path of your success and typical job requirements for those ideal jobs and chart out different paths to get where you want to be with and without variables (degrees, certs, experience, etc). Lastly, I'd also recommend doing a search for individuals in infosec that have made it without undergrad degrees and determine the paths they took. If I recall correctly, Marc Maiffret is one guy I know that's been pretty successful in InfoSec without a college education. However, he is quite bright and has made a name for himself over the last decade.

HTH

bangdang
  • 1,824
  • 11
  • 9
  • bangdang, regarding this specific field - After working as an integrator for a few years, the next step is (I think), to go for a job that is less technical and involves management skills. Computer Science and Engineering will not give me that. They will only make me smarter in regards to the technical aspects. Going for a degree in management of some sort seems the right thing to do. My logic - If someone has a technical experience of 6 years, and wants to do some consulting, Computer Science degree won't be an added value here, A degree in Information Systems Management WILL. Your thoughts? – Franko May 25 '12 at 11:57
  • @Franko - I agree. ISM is a more relevant major than pure cs/ce if you want to move up into management in the SI/Consulting side (in a less technical organization). For example, ISM might be a good next step to move into a Consulting Manager role. With that said, Technical Manager roles could require CS/EE (or related experience) plus demonstrated leadership/management accomplishments. The separation is the depth of technology leadership required in the management role. Take a look at the curriculum for ISM programs because they can vary greatly from school to school. – bangdang May 26 '12 at 19:25
  • This is six years aso, so I don't mean this wrong, only to update. This seems less true nowadays. All jobs seem to have a big "or" experience in them now. Still important, but not as much. – johnny May 13 '19 at 14:32
4

My apologies as I don't have enough reputation to comment yet, so I'm forced to create a new answer.

jplyle said "Experience is experience, regardless of whether you get it before or after a degree." I would caution you that this isn't necessarily correct; as a techie, I would recognize any experience and evaluate how relevant it was. I delayed my college graduation as I was offered a job working full-time for the university and I can tell you many companies will not count the years of experience I have before I graduated. It doesn't matter that I did the exact same thing for two more years after graduating, the two years post-graduation count and the others don't. For some one who sucessfully launched a .com before college, that hurts and I keep getting low-ball offers, I get into the job only to be told they should have paid me more, and I get assigned whatever my colleages can't do yet they make 20-30k more than me.

Personally, I would say get a degree. Trust me, I understand the problems with academia. Pick a community college that also does four year degrees (the local one for me would be Columbus State) and you can safe some money while having most professor actually be interesting in teaching. It will provide you better job security should something happen down the road and it won't close doors.

  • Is it needed?
    • Absolutely not (depending on your location).
  • Would it be beneficial?
    • Yeap.
  • Does it make sense?
    • More likely than not.
W3t Tr3y
  • 151
  • 2
3

If you don't like academia, then I certainly wouldn't recommend it for you. You do not need to have a degree to do well in this field. You just need to compensate a lack of degree somehow. Work experience and certifications will be more than enough to prove to employers that you know what you are doing.

This is a very hands-on field, so I think you'll learn more from experience than you would from academia anyway.

I would think most employers would rather see a bunch of work experience and certifications over a degree anyway.

D.W.
  • 98,420
  • 30
  • 267
  • 572
Oleksi
  • 4,809
  • 2
  • 19
  • 26
  • 2
    I agree with everything you said, but the main problem of not having a degree is the impact this will have on your salary. – Silviu May 24 '12 at 19:24
  • @Silviu this probably depends largely on the company. Also if you get your job through networking(which is more common) and you have plenty of experience, it's possible that they won't even ask about your education. – Oleksi May 24 '12 at 19:27
  • Silviu & Oleski - Thanks for your honest answers. Would you say a "non-technical" degree like business management would help, or will a degree have it's weight only when it's a technical one like computer science or engineering? And also, in your opinion after how much time in the field is it right for me to start pursuing the "high" certs like CISM/CISO/CISSP? – Franko May 24 '12 at 19:36
  • @Franko I'm not sure how much non-technical degrees will help, however I am sure you will be ok without getting one, and if you don't like academia, you should probably avoid it if you can. – Oleksi May 24 '12 at 19:38
  • @Franko As for when to get certifications, I would get it as soon as you feel comfortable enough with the material. – Oleksi May 24 '12 at 19:39
3

You do always have the option of going back to study later on in your career, should you decide that it would be worthwhile. Experience is experience, regardless of whether you get it before or after a degree.

I am involved in teaching MSc courses in software engineering to people with industrial experience. Most students already have a BSc in a related subject, but not all do. As all tend to be employed, this would suggest that it is (or at least was) possible to have a successful career without academic qualifications.

As someone with exclusively academic qualifications, I'm somewhat biased. However, it is worth pointing out that academic courses are an education, whereas most courses in industry are training. Both are valuable, but they are quite different. Education will teach theory, as well as understanding of concepts that will not change in the long-term. Training is more immediate and applicable, but may go out of date quickly. This is something to consider when choosing between the two.

jplyle
  • 101
  • 3
1

In the german public sector a formal degree is the most important factor for your salary. Medium salary begins there with a bachelor degree, and a high salary requires a master or higher degree.

There are very rare exceptions from this rule.

Oleksi
  • 4,809
  • 2
  • 19
  • 26
Nils
  • 121
  • 7
  • Its a bit like that in the Netherlands as well, to a lesser extent. I guess this factor is tightly linked to culture and region. For example: I hardly ever prefix my name with my titles since it looks a bit "puffed up" from my perspective, however I have had colleges that would not hand over a business card if their "hard earned title" were not properly printed on it. It's common practice here for employers to ask their employees explicitly if they want their titles printed on their business cards or not. Any way, a title definitely has effect on the bandwidth of a salary in the Netherlands. – Louis Somers May 24 '12 at 22:28
0

I recently just graduated from a 4 year university with a degree in Business IT, and have taken a few classes in Network Security and Network Forensics. If I had the choice, I would go back and take the time I spent studying for those classes and put them towards specific certificates. The thing about a degree is that although it seems like it is almost a requirement for any job at this point, IT seems to be different. I would recommend looking into getting either Security+ or CISSP. It seems as though they are the big ones and with the right amount of experience would be more valuable than a four year degree. Alternately, if you are interested in different multiple areas, academia might be a good place to go to be introduced to multiple topics in a way that you can approach a job saying you've learned it in school. I think the a degree would be more important if you are in a position where you are applying for a management position, where two people with the same work experience and same personality may be applying, but different levels of educational attainment may come into play as a factor of who gets it. It really is a personal decision.

George Bluff
  • 31
  • 1