Getting into cybersecurity: Self‑taught vs. university‑educated?


Are you considering a career in cybersecurity? What learning path(s) should you take? Does formal education matter? ESET experts share their insights.



With cyberthreats on the rise, cybersecurity professionals are, unsurprisingly, a hot commodity. According to a recent study, there will be 350% growth in open cybersecurity positions from 2013 to 2021 and it is estimated that, due to the talent crunch, there will be 3.5 million job openings in the industry by 2021.


With that in mind, one of our articles to mark this year’s Antimalware Day features insights from several ESET security researchers. We asked them a series of questions to learn how they built their expertise and to gather their thoughts about the usefulness of formal education versus self-study for becoming a security practitioner.


Learn all by yourself?


While more and more colleges and universities worldwide offer degree programs in computer security, far from all academic institutions have launched such programs. Indeed, many experts in the field are self-taught and/or have acquired their skills through various non-academic courses and certifications.


ESET Distinguished Researcher Aryeh Goretsky, who embarked on a career in IT security in the late 1980s, notes that back then there weren’t actually any courses or certifications specifically focused on computer security.


“Computer security was taught, but it was largely in terms of models for access control, and I think tended to focus more on the concept of securing multiple user computer systems and users’ access to them being seen as more of an atomi ..