The Value of Formal Education
A reflection on the value of formal education in the context of a career in cybersecurity
The Value of Formal Education
Background
What is the value of formal education in the context of a career in cybersecurity? This is a question that I had considered almost 5 years ago, before I embarked on my journey to obtain a degree in cybersecurity. I had been working in the industry for 2 years then, and thought of getting a degree as a way to further my career.
I am not shy to admit that I had my doubts about the value of formal education, and whether it would be worth the time and money spent. I understand the cookie cutter mentality of going through a university education, especially in Singapore, where a degree is seen as the bare minimum to get a decent job. But I also considered how that contrasted with my experience working in the industry, where I held my own against others with degrees.
Let me share with you my journey as someone who didn’t follow the cookie cutter route of taking a degree before starting work, and how I came to appreciate the value of formal education in the context of a career in cybersecurity.
The Application
Back in 2020, I took the leap of faith and enrolled into the Information and Communications Technology (Information Security) programme at the Singapore Institute of Technology (SIT). I made what was seen as a rash decision by some, to quit my job and wait for my application to be accepted. As much as I wanted to say that I was confident in my decision, SIT did not see it the same way. I was rejected in my first application, and had to wait another year to reapply.
A Chance Return
I endured two more months of disappointment, before I was to start at a then unproven startup. In hindsight, this was one of the best decisions I had made, and an incredible stroke of luck that I had not been accepted into SIT. My work at Biofourmis gave me the rare opportunity to experience a front row seat to the challenges faced by a startup, and to be part of a team that was building a transformative IT experience for the company.
Even today, I still hold the experience gained at Biofourmis in high regard, as it truly showed me how a well-executed IT strategy could transform a startup with barely any IT systems into a SOC II Type 2 compliant powerhouse. I have to admit that my standards for acceptable IT systems have been raised significantly, that I still find it hard to accept the status quo of not having practices like Zero Trust Network Access (ZTNA) or Mobile Device Management (MDM) in place.
It was a truly once in a lifetime opportunity that I am grateful for, and that I would never have experienced if SIT had accepted me in 2020.
The Reapplication
In 2021, I reapplied to SIT, where I was accepted, and still there as of the time of writing. As I said working in my second year at Biofourmis, I continued to work part-time at the company while studying full-time.
I realized that, while Biofourmis was indeed a transformative experience even in my first year there, I could not let go of the dream of obtaining a degree, as I still understood the value of formal education. At the same time, I did not want to let go of the opportunity to see through the transformation of our systems, such as the introduction of Jamf Pro and eventually, Zero Touch Deployment.
Best of Both Worlds
While my primary focus shifted towards my studies, I still continued to contribute what I could to make the vision we had at Biofourmis a reality. I kept rather quiet about my work at Biofourmis during my first 2 years at SIT, as I wanted to wait for something more substantial to show for my efforts, and what I did in Biofourmis were not directly relevant to my studies. And so I kept my head down and pushed forward with my two-pronged focus, until I started this blog in 2024.
While the work I did was more of a system administrator role, the studies I undertook were more of a cybersecurity role. I found that the two roles complemented each other well, as the knowledge I gained from my studies allowed me to better contribute back to a better design of secure IT systems. I also found that my work in the industry gave me a better appreciation of the practical aspects of cybersecurity, which I could apply to my studies to understand why certain concepts were important.
Undeniably, being able to see the practical application of what I was studying in the industry gave me a better appreciation of the value of formal education, and how it could be applied to real-world scenarios. I found that the two roles were not mutually exclusive, but rather, they complemented each other well, and that I could leverage my experience in the industry to better understand the concepts I was studying.
A Chance Challenge
In the final trimester of my second year of my studies, I found myself in a position where I had a golden opportunity to undertake an industry certification to fulfill academic requirements. As I now understood the dual perspectives of system administration and cybersecurity, my classmates and my colleagues both echoed the same sentiment: that I should take on the CISSP certification, as an ultimate challenge to my knowledge and experience.
As you might already know, I succeeded on my first try and obtained the Associate of ISC2 designation. I was certainly sure that if I had not taken the opportunity to work in the industry alongside my degree, it would have been an even greater challenge to pass the CISSP certification, let alone on my first try.
Retrospective
Right now, I stand just less than two months away from completing the last modules of my degree, and I can say with certainty that I have come to appreciate the value of formal education in the context of a career in cybersecurity.
While I ultimately still believe that a degree is never required to succeed in the industry, I have come to appreciate the value of formal education in providing a structured learning environment to understand the concepts of cybersecurity. Having been in the industry before this, I also found it easier to relate the concepts I was studying to real-world scenarios, and to understand the importance of these concepts.
That is also not to say that I have not faced personal challenges, as my work constantly demanded my attention away from my studies (and vice versa), and I had to juggle between them constantly. But I have made it through those challenges, and I am proud to say that it was a combination of hard work, dedication, and luck that got me to where I am today.
You don’t need a degree to work or succeed in cybersecurity. You need experience more than anything else. Does that mean a degree is worthless? The answer ultimately lies in what you want to achieve in your life.
Conclusion
I believe a degree helps you talk the talk, and experience helps you walk the walk. You can succeed in cybersecurity without both, but it will be undeniably easier if you do. My own journey has shown me how the two can complement each other, and how I can leverage my experience in the industry to better understand the concepts I was studying.
You must make your own choice, and decide what is best for you. I have made mine, and I am proud of where I am today.
References
- Singapore Institute of Technology - Information and Communications Technology (Information Security)
- Jamf Pro
1
2
nicholaschua@youread.me:~$ exit
logout