According to the U.S. Bureau of Labor Statistics, people with a college degree earn about 67% more than those whose highest qualification is a high school diploma. However, a college degree doesn’t guarantee employment. Considering the investment of time, money and energy required for a college degree, this begs the question: Is a cybersecurity degree worth it?

If you want to work as a cybersecurity specialist but are confused about how to start, this article is for you. We’ll dissect the potential return on investment (ROI) for a cybersecurity degree, as well as alternative educational options.

Why You Can Trust Forbes Advisor Education

Forbes Advisor’s education editors are committed to producing unbiased rankings and informative articles covering online colleges, tech bootcamps and career paths. Our ranking methodologies use data from the National Center for Education Statistics, education providers, and reputable educational and professional organizations. An advisory board of educators and other subject matter experts reviews and verifies our content to bring you trustworthy, up-to-date information. Advertisers do not influence our rankings or editorial content.

  • 6,290 accredited, nonprofit colleges and universities analyzed nationwide
  • 52 reputable tech bootcamp providers evaluated for our rankings
  • All content is fact-checked and updated on an annual basis
  • Rankings undergo five rounds of fact-checking
  • Only 7.12% of all colleges, universities and bootcamp providers we consider are awarded

Return on Investment

Return on investment measures the profitability of an investment. You can calculate ROI by dividing your net profit (i.e., the amount you’ve earned from the investment) by the cost of the investment. Multiply the resulting number by 100 to see what percentage of your initial investment is being returned to you.

In summary:

ROI = [(present value of investment – initial cost of investment) / cost of investment] x 100, or
ROI = (net profit / cost of investment) x 100

If your result is zero, this means your ROI is 0% and you’ve broken even on your initial investment. If your result is 100, your ROI equals 100%, which means you’ve doubled your initial investment.

ROI of a Cybersecurity Degree

To determine the potential ROI of a cybersecurity degree, we’ll consider these key factors:

  • Cost of tuition
  • Median salary of cybersecurity professionals
  • Potential wages lost during study
  • Time required to recoup the capital

Let’s say you’re a full-time university student. If you earned a bachelor’s degree in cybersecurity without financial aid from a public university, what would the ROI on your investment be? Let’s look at the variables at play here.

  • Total tuition. According to the National Center for Education Statistics, the average annual tuition and fees at a public college is about $9,700. Multiply this figure by the standard four years it takes to earn a bachelor’s degree, and your total tuition should be $38,800.
  • Lost wages. Let’s say you’re unable to work while studying full time. This could mean lost wages of about $15,080 per year, based on the standard U.S. minimum wage. After four years, this loss amounts to $60,320. It’s important to factor in lost wages when determining the cost of your investment.

Using these figures, you can determine that your total tuition ($38,800) plus your lost wages ($60,320) equals the total cost of your degree investment ($99,120). Next, let’s determine the ROI, which depends on the cybersecurity salary you earn after graduating.

Say you become an information security analyst after completing your cybersecurity bachelor’s program. These professionals earn a median annual salary of $112,000.

ROI After One Year of Work

Now that we know the numbers we’re working with, it’s time to determine the ROI of your cybersecurity degree. Let’s start with your ROI after one year of full-time employment as an information security analyst:

[($112,000 – 99,120) / 99,120] x 100
(12,880 / 99,120) x 100
0.13 x 100 = 13%

These calculations show that it can take only one year of full-time employment to recoup the capital you invested in a cybersecurity degree (and then some). This is a far better outcome than you might get from most bachelor’s degrees, which take five to 10 years of work before breaking even on the initial investment.

ROI After 20 Years of Work

To calculate this figure, let’s determine your total earning potential over 20 years by multiplying $112,000 by 20. This gives us $2,240,000.

Now, using our ROI formula:

[(2,240,000 – 99,120) / 99,120] x 100
(2,140,880 / 99,120 ) x 100
21.6 x 100 = 2,160%

This means after 20 years in a cybersecurity position, you’re bound to recoup your degree investment about 21 times over.

Job Outlook for Cybersecurity Professionals

The U.S. Bureau of Labor Statistics projects a 32% employment growth for information security analysts from 2022 to 2032. This is much faster than the average projected growth rate of 3% for all professions.

As for cybersecurity positions overall, Cyberseek reports that there are only enough cybersecurity professionals in the U.S. to fill 72% of job openings in the field, also indicating strong demand for these workers.

Society has become dependent on technology for personal and business purposes in the last decade. More than ever, companies need the expertise of cybersecurity professionals to prevent data theft and compromise. This has led to fast employment growth and continued demand for professionals in this field.

As long as digital assets exist, cybersecurity professionals will be in demand. This indicates high job security, which coupled with high earning potential shows that a cybersecurity degree is worth it.

Top-Paying Jobs in Cybersecurity

After earning your cybersecurity degree, you can only start to recoup your investment after landing a well-paying job. Though you might start with an entry-level cybersecurity job, the field offers ample opportunities for career advancement.

Let’s now highlight some of the best-paying cybersecurity jobs.

We sourced the below salary data from Payscale unless otherwise noted.

Bug Bounty Hunter (Freelance)

Bug bounty hunters are expert hackers who detect software security vulnerabilities. Using advanced tools such as Amass, HackBar, Google Dorks and DNS-Discovery, these professionals prevent zero-day attacks.

In 2020, HackerOne reported that bug bounty hunters discover a software vulnerability every 2.5 minutes, totaling over 576 per day. This demonstrates an abundance of employment opportunities for ethical hackers.

Freelance bug bounty hunters could earn up to $500,000 per year detecting and reporting security flaws to big companies. The highest bounties for exposed vulnerabilities exceed $100,000 on HackerOne, and some freelance hackers have earned more than $1 million on its platform.

Chief Information Security Officer (CISO)

A CISO protects company infrastructure and assets from malicious actors by implementing security policies. These professionals also train other employees and ensure companies’ compliance with security standards.

The average annual salary for CISOs is over $173,000.

Lead Software Security Engineer

A lead software security engineer implements and tests security techniques on a company’s network. This senior role is reserved for expert coders with leadership qualities. The average security engineer earns about $100,000 per year, according to Payscale. Experienced security engineers earn around $126,000.

Cybersecurity Sales Engineer

This professional handles the technological evaluation stages of the sales process. Cybersecurity sales engineers combine technical know-how with sales and communication skills to explain the functionality of a company’s product/services. They also communicate customer expectations to the product team to ensure overall user satisfaction.

This type of cybersecurity engineer’s salary is around $76,000 per year on average. Those in senior-level positions earn around $117,000.

Alternatives to a Cybersecurity Degree

Are you wondering how to get into cybersecurity without having to attend college? Though a traditional four-year degree is the most common way to start a career in cybersecurity, it’s not the only one.

Bootcamps and associate degrees can also equip you with the skills needed for an entry-level cybersecurity job. Given the current shortage of cybersecurity professionals, employers are generally more open to alternative education credentials for positions in this field.

Associate Degree in Cybersecurity or Computer Science

This two-year program is a quick way to jumpstart your cybersecurity career. An associate in cybersecurity teaches students the foundations of digital asset protection, equipping them with the practical skills employers require.

Many cybersecurity associate degree programs offer flexible learning schedules. This is ideal for students with other commitments.

The cost of an associate degree in cybersecurity ranges from around $7,100 to about $35,400, depending on whether you study in or out of state and whether your school is public or private.

Cybersecurity Bootcamps

If you want to switch careers without spending two to four years in a classroom, a bootcamp is your best bet. Cybersecurity bootcamps differ from traditional degrees in terms of cost and duration.

Bootcamps range significantly in cost, but they often charge around $11,000 in tuition. Some cost as much as $20,000. Bootcamps are often short-term immersive programs, running from six to 28 weeks.