Short answer: no, you don’t need a degree. Long answer: here’s what you actually need instead, and why the degree route isn’t as different as you think.
Table of contents
Open Table of contents
The Degree Myth
The idea that security requires a CS degree comes from people who got into the industry before alternative routes existed, and from university departments who’d prefer you spend three years and £27,000 on their curriculum.
The hiring reality in 2025: employers care about what you can do and what you know. They use degrees as a filter because it’s easy, not because degree-holders are meaningfully better at the job.
The things a degree teaches you that are relevant to security:
- Fundamentals of networking and systems
- Some programming/scripting
- How to learn difficult technical material systematically
All of these can be acquired without a degree. The question is whether you’re willing to do it yourself.
What Employers Actually Want
At the junior/entry level, most security roles expect:
- Understanding of networking fundamentals (TCP/IP, DNS, HTTP, TLS)
- Basic familiarity with Windows and Linux administration
- One or two relevant certifications
- Some evidence you’ve engaged with security problems (home lab, CTFs, personal projects)
- The ability to communicate clearly
The certification that opens most entry-level doors is CompTIA Security+. It’s broad rather than deep, but it’s widely recognised and demonstrates baseline knowledge. After that, depending on your direction:
- SOC/Blue Team: SC-200 (Microsoft Security Operations Analyst), CySA+
- Cloud security: AZ-500, AWS Security Specialty
- Pentesting: eJPT (entry), PNPT, eventually OSCP
Building Skills Without Formal Education
The resources are freely available. The challenge is structure and persistence, not access.
TryHackMe and HackTheBox for hands-on practice. TryHackMe is better for beginners because it’s more guided. Work through the SOC Level 1 and Pre-Security paths before you worry about anything else.
A home lab — even a basic one. A spare laptop or a £5/month VPS is enough to run vulnerable machines, practice log analysis, and understand how attacks actually work. The act of setting up and breaking things teaches you more than any course.
YouTube: NetworkChuck, John Hammond, David Bombal. Watch things that explain concepts you don’t understand. Don’t just collect tutorials — actually do the things.
The Honest Comparison
Someone with a CS degree has:
- 3 years of structured learning
- A credential that bypasses CV screening
- Theoretical foundations that might be irrelevant to the actual job
Someone with an apprenticeship or self-study route has:
- 2-3 years of practical experience (in the apprenticeship case)
- Or equivalent knowledge built through structured self-study
- Potentially a shorter path to the job if you’re focused
Neither route is strictly better. The degree is slower and more expensive but more legible to certain employers. The non-degree route requires you to be more deliberate about building and demonstrating skills.
The Thing Nobody Says
A lot of people who ask “do I need a degree” are actually asking “is it okay that I didn’t/don’t want to do a degree”. The answer to that is yes.
The degree route is one path. It’s not the only path, and for people who learn better by doing things rather than studying them, it might not even be the best path. What matters is whether you can do the job.
Build the skills. Get a cert to demonstrate them. Show evidence that you engage with security problems. That’s the formula regardless of your educational background.
Where to Start This Week
If you’re reading this and haven’t started yet:
- Create a TryHackMe account and complete the Pre-Security path
- Buy CompTIA Security+ study material (Professor Messer’s notes and videos are free and excellent)
- Set up a home lab — even just a Kali Linux VM on your existing machine
That’s it. Start there. Everything else follows.