In today’s job market, the more skilled and adaptable you are, the more likely you’ll be able to weather—and take advantage of—shifts in industry and economic trends. This is particularly true if you are working in information technology (IT), as this field is constantly evolving, with professionals possessing the right combination of expertise and insight in high demand.
In their list of “Top 10 Most Popular Cyber Security Certifications in 2020” Forbes noted that almost half of all IT professionals were pursuing cyber security certifications—and that the focus for those working to stay relevant is on knowledge, skills and abilities (KSAs), especially when their resources were limited.
So for people looking to enter or advance within the cyber security field, it might seem like instead of pursuing a multi-year master’s program in cyber security, a shorter cyber security certification program is the way to go, especially as there are so many to choose from. But these two options have some big pros and cons to consider—and their payoffs are vastly different (and depend on where you are in your career).
For anyone wanting to break into the rapidly expanding cyber security field, the work of acquiring and maintaining a current and relevant skill set is paramount. How should you prepare yourself for a cyber security career when the technology is ever-evolving? Or if you already are working in the field and want to move up to a position of greater authority and responsibility (and pay), you may be weighing your options and trying to decide if investing in a cyber security master’s degree program is worth it or if taking certifications will suffice.
There are two primary considerations when comparing a cyber security master’s and a cyber security certification: time and money. Generally speaking, a master’s degree will take anywhere from two to five years to complete, whereas a certification might be a matter of days, weeks or months. While a master’s degree will set you back $20,000 to $40,000 or more, you may be able to obtain a certificate for several thousand dollars.
NPR’s Marketplace reports, when it comes to certification, “it’s the wild, wild West,” according to Su Jin Jez, executive director of California Competes, an education and workforce policy research group. “It’s incredibly difficult to navigate. There’s no single source of good information.” Marketplace’s Jill Replogle adds that research has found, “most short-term credentials lead to a much smaller earnings bump than an associate’s degree or a bachelor’s degree and that Black and Latinx workers are over-represented in these short-term programs. Still, short-term training can help people get their foot in the door or earn money while they further their education.”
Experts in the field like Forbes Technology Council member Bob Fabien Zinga recommend a combination of three things: real-world experience, education, and industry certification: “Security professionals have to be lifelong learners while keeping abreast of new attack vectors and figuring out new ways to mitigate novel security risks… I believe a career in cyber security starts with on the job experience and is enhanced via formal education and relevant industry certifications, like CompTIA Security+ for beginners and CISSP for professionals with at least five years of experience in two of the eight security domains.”
While a cyber security master’s degree requires a considerable investment of effort and money, its rewards are significantly greater than a certification, in terms of higher salaries and potential for career advancement. As well, certifications only focus on specific areas and cannot provide the broad and deep learning that a multi-year cyber security degree program will provide you.
In its 2022 Cybersecurity Workforce Study, (ISC) estimates the size of the the global cyber security workforce at 4.7 million. It also indicates that the current workforce is 3.4 million workers short. That’s over 3 million positions waiting to be filled by qualified cyber security experts (nearly half a million of them in North America alone). (
According to the Bureau of Labor Statistics, top-paying employers in cyber security analytics include those in:
- Information services: $149,500
- Securities, commodity contracts, and other financial instruments: $142,000
- Research and development in the physical, engineering, and life sciences: $129,000
- Scientific research and development services: $128,500
- Software publishers: $126,000
- Publishing: $125,700
The average salaries of professionals with a Master's degree are between $91,000 and $109,000, respectively. About half of all professionals in this field hold a graduate degree. ( )
|University and Program Name||Learn More|
You don’t necessarily need a degree for an entry-level position in cyber security, but your options and pay may be limited and will be predicated on your level of education. As Bob Fabien Zinga indicated, the most promising path to a career as a high-level cyber security professional is a mix of higher education and certificates: a bachelor’s degree in computer science or STEM-related area, combined with cyber security master’s degree, and, as needed to stay up-to-date, professional certifications like those recommended by CompTIA.
The current demand for skilled cyber security professionals is extremely high—so much so that this field claims almost zero unemployment. While most IT careers will overlap with cyber security, every sector of business and government is in need of information assurance and protection, including healthcare, manufacturing, and finance.
The top cyber security position to aspire to is the chief information security officer (CISO). This role typically commands a median salary of over $225,000, according to Salary.com (and one’s earnings can be significantly higher, depending on industry and location).
Other cyber security jobs that typically require an advanced degree include computer and information systems manager, cyber security architect, information security manager, information security analyst, all of which pay six-figure salaries, according to the US Bureau of Labor Statistics (BLS).
There is no single cyber security master’s degree, but rather a series of related advanced computer science degrees that focus on specific areas of cyber security. These include the Master of Science in Cyber Security, Master of Science in Cyber Security Management, Master of Science in Information Systems and Security Management, and an MBA in Cyber Security.
A typical master’s degree program will take two years of full-time study, but if you have ten or more years of experience in information security or a related field, your school may grant you advanced standing and give you credit toward your degree. The same applies if you have an undergraduate degree in the same concentration; you may be able to shrink that standard two-year graduate degree track to something closer to 18 months.
If you want to earn your cyber security degree on a part-time basis, due to work and/or family commitments, there are many online programs available, which will take four years to complete.
You may not have an undergraduate degree in STEM, or have ten to fifteen years or work experience in cyber security when you apply for your master’s degree, and that’s okay. Every graduate school will have their own admission requirements and prerequisites, but many are looking for applicants who are fluent in high-level programming languages such as such as C++, C, Python, and Java; know computer architecture; have a year or more of university-level science instruction; and have completed mathematics through calculus.
In addition, you will need to submit a statement of purpose, letters of recommendation and possibly GRE test scores. Each school will have different standards and unique application processes, which will reveal a good deal about their expectations for what kinds of students they believe are ready to enter their programs.
While each school may offer its own approach to the study of cyber security, there is a good deal of overlap in the fundamental coursework. Classes will include risk management, cryptography, penetration testing, digital forensics, network security, recovery planning, and law and policy. Students will hone their skills in the classroom, but also work in real-world positions, studying data breaches and cyber crime in capstone projects before becoming a cyber security graduate.
The umbrella of cyber security master’s degrees covers a number of specializations, allowing you to find a program that fits your career goals. Specializations can be in systems security, digital forensics, energy systems, or cyber crime investigations.
So what are your next steps? Many of the top cyber security programs are offered online, which makes them accessible no matter where you’re located, and they give you the flexibility to work while you earn your degree. Several of the best online cyber security master’s programs include:
Whatever you decide to study, and wherever you decide to enroll, you can be sure that you are entering a field of tremendous growth and potential, and the cyber security skills and knowledge you’ll gain will set you on a career path that is both successful and rewarding.
Questions or feedback? Email firstname.lastname@example.org