Pursuing a career in Cybersecurity

Question

I'm getting ready to start my undergraduate studies and I am little confused as to where I should place my studies. I like solving puzzles, analyzing data fun and find exploits and pentesting. I want to do this as a carreer in some way, but I am not sure where my focus needs to be when getting a Bachelor. I found the 5 following studies that are possible options:

• Bachelor of Science in Computer Science
• Bachelor of Science in Information Technology
• Information Studies (IFS), Concentration: Data Science and Analytics (IDSC), Degree: Bachelor of Science
• Information Studies (IFS), Concentration: Information Security (IISC), Degree: Bachelor of Science
• Business Analytics and Information Systems (BAIS), Concentration: Cybersecurity (CYBC), Degree: Bachelor of Science

I've always been under the assumption one follows the Computer Science route because of the strong need to understand how to code, memory operations, etc. for malware analysis and more. So I guess the real question is, which would be the most beneficial for someone wanting to do cybersecurity based analysis with a strong desire to do blue/red team operations?

Background information if this helps: Currently, I do IT work and have a decent understanding of coding from building small projects on the side. I've also been playing with Linux and Windows Servers since high school and in my spare time I've also watch cert exam videos but never proceeded to get certifications.

Answer 1

Each school's programs are different, and we can only offer feedback in general terms.

Computer Science tends to be more "R&D" focused at the code and science level. Great for designing new approaches to solve complex problems using code as a tool.

Information Technology tends to be more general at the system and product administration and architecting level. Great for learning how to design a network to meet the needs of business.

Data Science and Analytics tends to be advanced stats on steroids. Great for learning and applying statistics and machine learning techniques to find patterns in noise.

You are correct to be confused because all 3 areas could be really helpful, at least tangentially, to cybersecurity. There are 2 questions you need to ask:

• What are my specific learning goals and what do I hope to walk away from the course being able to do?
• Does this specific program from this school meet my specific goals efficiently?

Consider that most of what you need to know about coding or networking to do "red/blue teaming" can be learned more efficiently as individual classes or on your own. On the other hand, you could do a CompSci degree and learn security on the side. That balance is entirely up to the program you choose, your own resources, and your goals.

Don't follow a path because others have done it. This field changes so quickly that whatever was normal 5 years ago is archaic now. For instance, 20 years ago, I taught at a technical college where most of my students were CompSci grads who were disgusted that their degree was so theoretical as to be useless to be able to actually code anything. Now, most CompSci programs I know have corrected this problem and are far more practical.

Whatever you choose, be prepared for this fact: if you choose to enter cybersecurity you will NEVER STOP BEING A STUDENT! If you choose CompSci, you will need to study infosec on the side. If you choose infosec, you will be studying compsci on the side. Once you graduate, you'll be studying both on the side. From this perspective, then the only real question is about your goals and how to be efficient.

The best in cybersecurity is to crush your hackers, drive them from your network, and hear the lamentations of their modems. But be prepared to amass a colossal library to do all that.