Can you become an Infosec Risk Manager without a degree?
An alternative career path to becoming an Infosec Risk Manager with its major challenges, possible benefits, and some unconventional ways to hack your way into it.
Yes, it is possible to become an Infosec Risk Manager without a degree. While having a degree can be beneficial and may open up more opportunities, the field of cybersecurity and information security is known for valuing practical skills and experience over formal education. Many professionals in this field have successfully built their careers through alternative paths such as certifications, self-study, and practical experience.
How to achieve this career goal without a degree:
-
Gain relevant certifications: Certifications play a crucial role in the cybersecurity industry as they validate your knowledge and skills. Some certifications that are highly regarded in the field of Infosec Risk Management include Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified in Risk and Information Systems Control (CRISC), and Certified Information Privacy Professional (CIPP). Obtaining these certifications can demonstrate your expertise and commitment to the field.
-
Build practical experience: Practical experience is highly valued in the cybersecurity industry. Look for opportunities to gain hands-on experience in areas related to Infosec Risk Management. This can be achieved through internships, entry-level positions, or even volunteering for cybersecurity projects. Consider joining cybersecurity communities and participating in Capture The Flag (CTF) competitions to enhance your skills and network with professionals in the field.
-
Develop a strong knowledge base: Stay updated with the latest trends, technologies, and best practices in Infosec Risk Management. Read industry publications, attend webinars, and join relevant professional organizations. Develop a solid understanding of risk assessment methodologies, compliance frameworks, and regulatory requirements.
-
Network and build relationships: Networking is crucial in any career, and the cybersecurity industry is no exception. Attend industry conferences, join online forums, and connect with professionals in the field. Building relationships can provide valuable insights, mentorship, and potential job opportunities.
Hacks and advice:
-
Create a strong online presence: Establishing a professional online presence through platforms like LinkedIn, GitHub, or personal blogs can help showcase your expertise and attract potential employers.
-
Seek out mentorship: Find experienced professionals in the field who can guide you and provide advice on your career path. Mentorship can provide valuable insights and help you navigate the industry.
-
Continuously learn and adapt: The cybersecurity landscape is constantly evolving, so it's important to stay updated with the latest technologies, threats, and risk management strategies. Continuously learning and adapting to changes will enhance your marketability and career prospects.
Difficulties and benefits of pursuing this path:
One potential difficulty of pursuing a career in Infosec Risk Management without a degree is that some employers may have strict educational requirements. However, many organizations recognize the value of practical experience and certifications, and are willing to consider candidates without a degree.
The benefits of pursuing this path include:
-
Flexibility: Without the constraints of a traditional academic path, you have the flexibility to focus on gaining practical skills and experience that are directly relevant to Infosec Risk Management.
-
Cost-effectiveness: Pursuing certifications and gaining practical experience can be more cost-effective than obtaining a degree. Certifications often require less time and financial investment compared to a full degree program.
-
Career acceleration: By focusing on practical skills and certifications, you can potentially accelerate your career progression. Employers often value hands-on experience and industry-recognized certifications when hiring for Infosec Risk Management roles.
Differences from a conventional or academic path:
Choosing a non-conventional path to become an Infosec Risk Manager allows you to focus on building practical skills and gaining relevant experience. While a conventional academic path may provide a broader foundation of knowledge, a non-conventional path emphasizes hands-on experience and industry-specific certifications. The non-conventional path can be more flexible, cost-effective, and potentially lead to quicker career progression. However, it's important to note that both paths have their own merits, and individuals should choose the path that aligns with their personal goals and circumstances.
Senior IT/Infrastructure Engineer
@ Freedom of the Press Foundation | Brooklyn, NY
Full Time Senior-level / Expert USD 105K - 130KField Sales Director, Third Party Risk Solutions (New York)
@ SecurityScorecard | Remote (New York Market)
Full Time Executive-level / Director USD 400K - 500KField Sales Director, Third Party Risk Solutions (Detroit)
@ SecurityScorecard | Remote (Detroit Market)
Full Time Executive-level / Director USD 400K - 500KField Sales Director, Third Party Risk Solutions (Toronto/Boston)
@ SecurityScorecard | Remote (Toronto or Boston Market)
Full Time Executive-level / Director USD 400K - 500KField Sales Director, Third Party Risk Solutions (Atlanta)
@ SecurityScorecard | Remote (Atlanta Market)
Full Time Executive-level / Director USD 400K - 500K