Every career has a cost associated with learning how to do it. Some professions, like plumbing, will let you learn the ropes while working. You start as an apprentice and work your way to journeyman over the course of 2 years, jumping from $15/hr for apprentices to $25/hr for a journeyman plumber.
Other jobs require extensive education, such as doctors. You have to sink the first 10 years of your adult life into education, internships, and constant studying, with the average cost of medical school landing between $150,000 – $400,000. However, the return on investment is staggering.
According to Medscape’s 2019 Physician Compensation Report, the average physician salary is $313,000. Specialists earn an average of $341,000 per year, while primary care doctors earn $237,000 on average. But not everyone can be a doctor, and not everyone has $400,000 to spend on schooling…
The Rewards of a Cybersecurity Career
So where does cybersecurity fall compared to plumbers and doctors? Somewhere in the middle, both for education and ROI, but with a lot less crap to deal with.
The average entry level salary is just shy of $73,000 per year starting out. Once you gain industry experience, that jumps to the industry average salary of $111,000/yr. After you are in cybersecurity, the growth opportunities are ripe for the picking.
Cybersecurity is the one of the fastest growing industries out there, with an estimated addition of 3.5 million jobs needing to be filled by 2021. However, only 941,0000 of those jobs are currently being filled. That leaves a massive 2.5 million jobs left to fill in the near future, and there aren’t enough qualified individuals to do it.
Because of this backfill, companies are hiring and promoting experienced security professionals constantly. Even during the global pandemic, cybersecurity companies increased hiring at a rate of 5-15%. This means the sooner you enter the workforce, the faster you get promoted. You can be well on your way to Chief Information Officer in the near future.
It isn’t expected to slow down anytime soon either. COVID-19 only sped up the growth. With the workforce functioning remotely, computers are being attacked nearly every 39 seconds. Because of that, companies are pouring money into the industry.
GMI’s data analytics predict that the cybersecurity industry will grow up to $400 billion by 2026. Cybersecurity is not slowing down anytime soon, making it one of the few recession-proof industries of the future.
The Costs of Getting into Cybersecurity
Cybersecurity can be complicated and depending on your background there can be a learning curve. Because it encompasses so many different fields, there is a lot of confusion surrounding the best way to get into the industry.
The traditional pathway into the industry is through a college year degree, normally in Computer Science or Information Technology with an emphasis on Security. Even when looking at lists of most affordable degrees, they all cost between $40,000 – 80,000 all together.
The other major options are fast-paced cybersecurity bootcamps offered through many different institutions. These are usually 8-24 week intensive programs designed to emulate a degree, and range between $10,000 – 20,000.
That doesn’t begin to cover the cost of not working and making income. Full degrees are very difficult to attain if you are working, and take 2 – 4 years to complete. Bootcamps are generally full-time and in-person. Most of the time, you are required to schedule your life around them and can be very difficult to do while working.
The option most folks are starting to adopt are remote online courses that work around your schedule, letting you keep working while studying. These cost between $3,000 – 7,000k, and can be completed in 1 – 6 months at your own pace. This means you can still work or find an entry level IT job while you are training for your cyber security career.
ROI = Return/Investment
Let’s run the numbers. For the sake of math, we will use an extremely conservative salary of $30,000 a year for the first year. This comes out to $15/hr. We will first calculate the Cost of Lost Wages and add that to the Total Cost of the actual program.
Then, we will take that and see what the Return on Investment (ROI) is at the entry level salary after 1 year, and after calculate what the return will be after 3 years in the field. We will assume that a promotion and raise happen, and the 3 year salary average will be $73,000.
2-4 years @ $30k/yr = $60-120k in lost wages
+ $20-40k degree cost =
8-24 weeks @ $30k/yr = $5-14k in lost wages
+ $7-20k program cost =
***Remote Online Training
Able to keep working = No lost wages
+ $3-7k program cost =
Now let’s take those calculated costs and see what the rate of Return is at the entry level salary after 1 year, then calculate what the return will be after 3 years in the field. We will only use the average entry level salary of $73,000 as a conservative estimate.
*College– 1 yr ROI: $73,000/$80,000-160,000= .9-.45 = 45-90% return 3 yr ROI: $73,000*3/$80,000-160,000 = 2.73-1.37= 137-273% return
**Bootcamp: 1 yr ROI: $73,000/$12,000-34,000= 6-2.14= 214-600% return; 3 yr ROI: $73,000*3/12,000-34,000 = 18.25-6.26= 626-1825%
***Remote Online Courses: 1yr ROI: $73,000/$3,000-7,000 = 24.3-10.4= 1040-2430%; 3 yr ROI: $73,000*5/ $3,000-7,000 = 73-31.28= 3128-7300%
Can I get a cybersecurity job only with experience?
Before 2020, IT professionals could get away with leaning on their experience alone. Recruiters wanted to see work history and didn’t care as much about education. Certifications were recommended but not required.
With the arrival of COVID-19, the job market changed drastically. Companies fired and rehired, and recruiters started to become much pickier about who they hired. Most of the time, recruiters use AI recruiting tools to weed out people without certifications simply because there will still be enough applicants that have them.
Many experienced IT professionals are now finding it difficult to get an interview or a callback. Even people with 4 year degrees focused in cybersecurity can’t get their foot in the door if they don’t have certifications.
This can be attributed to 3 things:
- Companies aren’t willing to take a risk with their security. The average total cost of a single data breach is $3.68 million (IBM).
- Taking a class doesn’t mean you can actually do the job
- Employers want the assurance of a reputable 3rd party proving you can do it
Most companies and recruiters started leaning heavily on reputable organizations to validate prospects through certifications. CompTIA, (ISC)², and EC-Council are among the most trusted 3rd party organizations to earn certifications from.
Certifications vs. Degree
Why do they trust these organizations and not college degrees? The same reason universities look at SAT and ACT scores- they are difficult tests that sort people based on their ability, not what they “say” they have accomplished. The people that make up these organizations and create the tests are all experienced IT professionals, and they ask the questions that matter.
Again, these are difficult tests. CompTIA has a 50% pass/fail rate, and most people that self-study have to take it twice because they weren’t prepared for it, even after studying for a full year. If you feel like you only want to go into cybersecurity because its the “cool new thing to do”, please read this article: “Is Cybersecurity Right for Me?”
That is why having a support system is so important to pass these tests. A study done by Stanford proved that studying more strategically is proven to increase exam scores. A huge factor in that is self assessment and strategic evaluation. Knowing what you need more work on is the difference between passing and failing, and having a mentor or coach giving you feedback is vital to your success.
Betting on Yourself
At the end of the day, you are betting on yourself. Only you know if this is the right next step for you. If you do believe that you need to make a change to get more out of your career and you believe cybersecurity is the way to do it, then make sure you do it in the most effective way possible.
Questions to Ask When Deciding What is Best for You
- Will this actually get me a job in the field that I want?
- Will I have career assistance?
- Does this fit into my Work/Life balance?
- Will I be able to stick with it to the end?
- Is this the most effective use of my resources (time/money)?
If you would like talk through your options with a cybersecurity career advisor, please reach out. The best way to decide if something is right for you is to talk through it with an expert.