top of page

Certs vs. Degrees. vs. Experience

Updated: Jun 29, 2020

Cyber sign with people holding laptops

A common question that is often asked by people trying to either get into the cybersecurity industry or pivot into the industry is whether or not they should focus on getting a degree, certifications, or simply focus on getting hands-on experience.

Oftentimes, this is a “chicken or the egg” question because there are so many variables that dictate the answer. Regardless of what your reason for asking this question is or what type of job you’re trying to get into, the following tips can be used as guideposts on your journey.

First and foremost, you should determine what type of cybersecurity you’re interested in because the cybersecurity field can be thought of as a mile wide but an inch deep. Are you interested in Network Security? Pentesting? Application Security? Malware Analysis? DevSecOps? Cyber Generalist? By answering this question, this will help give you a starting point.

Next, you should look at the types of jobs and requirements in the cybersecurity niche you selected above. Based on this niche, you can hone in on the skills needed to do the job. Let’s use Network Security as an example – if you want to get a job in this field for the government, there may be certain hard requirements (e.g. X amount of experience or degree) whereas if you are interested in a Network Security job at a startup or small company, they may care less about degrees and certs and are more focused on experience and the skills needed to do the job successfully. If your end game is to end up in the C-Suite as a CISO or CSO, you may want to explore the CISSP certification.

In tandem, while you’re determining what the requirements are for the job(s) you’re looking into, it is also a good idea to leverage the vast number of resources available online. At a bare minimum, any cybersecurity job will require a solid Networking foundation. Be sure that you are familiar with the OSI model and understand how data flows through the different layers because if you are in Network Security or a Pentester or any other cybersecurity field, you’ll routinely reference this model. YouTube, Networking forums, the library, Udemy, and cyber meetups are great resources you can leverage for little to no money.

If you do go down the certification route, I highly recommend sticking to agnostic certifications like CompTIA/ISC2 unless you are specifically trying to advance with a company that only uses a certain vendor (e.g. Cisco, F5, Juniper, HP, etc.). If you wind up in a situation where you are laid off and only have vendor-specific experience and certifications, you may be limiting your other job prospects if they use completely different technologies. That said, a Network+ certification will give you a foundation you can build on and that would be the only cert I would confidently recommend.

Thinking about the recruiting I’ve done over the years, I rarely look at certs or degrees on a resume because I’ve encountered a lot of smart cybersecurity people with no degrees or certs and a lot of clueless cybersecurity people who have dozens of certs and several degrees but have no idea how to solve a simple Network problem. Sure, certs and degrees are nice to have, but when I’m recruiting, I’m more focused on if you have the critical thinking to solve problems quickly and efficiently because real-world scenarios do not match what you learn in a book or a controlled lab.

The bottom line is that you will get a different answer to this question of certs vs. degrees vs. experience depending on who you ask. There are the rare company gems who are willing to take a chance on someone who has no experience and teach them everything they need to know on the job. If you find yourself in a position at this type of company, I would highly encourage you to learn as much as possible because that experience will certainly help you down the road.



About the author: Jose-Miguel Maldonado is the VP of Business Ops & Security at Rubica, a cybersecurity startup, and has acquired a reputation for creating cybersecurity champions out of non-technical people.

253 views3 comments

3 commenti


Featuring a diverse range of captivating slot games, this site ensures that every player can find their perfect match. The site's sleek and modern design enhances the overall user experience, making it easy to navigate and enjoy all that it has to offer. With exciting bonuses and promotions regularly available, players can maximize their gaming experience and increase their chances of winning big. Discover the excitement and thrill of https://slotscity.com/game-hall today and embark on an unforgettable gaming journey like no other.

Mi piace

Jacky April
Jacky April
25 ott 2023

RCA nursing examples underscore the significance of interprofessional collaboration and open communication in healthcare. Effective teamwork and communication are essential in the rca nursing process, and these examples demonstrate how they can lead to improved patient outcomes and safety.

Mi piace

Casey Allen
Casey Allen
16 lug 2020

Certifications and degrees are great, and I encourage anybody who is interested in security to pursue them. As far as their actual value, mileage may vary. Credentials may help you get called back for an interview, but like Jose-Miguel said if you can't demonstrate your command of whatever body of knowledge a certification or degree is based on they are unlikely to translate into an offer.

Mi piace
bottom of page