If you are asking this question, you are probably sitting with some version of the same concern: you want to work in cyber security, but you are not sure whether your current background is enough to get started. Maybe you do not have a degree. Maybe you have a degree in something entirely unrelated. Maybe you are still studying and wondering whether what you are learning is the right preparation.
The honest answer is that cyber security is one of the most accessible technical fields to enter precisely because it has more legitimate routes in than almost any other profession. But that accessibility comes with a catch: knowing which routes are credible and which are noise requires some clarity about what employers are actually looking for.
This guide provides that clarity, broken down by the type of background you are starting from and the kind of role you are aiming at.
🐦 Click to TweetDoes Cyber Security Require a Degree?
The short answer is no, not in most cases. But the fuller answer is worth understanding.
A degree in cyber security, computer science, or a related field provides genuine value. It builds foundational knowledge of how systems work, develops structured problem-solving habits, and demonstrates sustained academic commitment. For some roles, particularly in government, defence contracting, and highly regulated sectors, a degree may be listed as a formal requirement or strongly preferred. If you are currently studying for one, that investment is not wasted.
What has changed significantly is that a degree is no longer the only credible signal employers look for. The cyber security skills gap is real and growing: there are currently an estimated 4.8 million unfilled roles globally, and organisations cannot afford to filter out capable candidates on the basis of educational background alone. Nearly two-thirds of employers now report using skills-based evaluation for entry-level hiring, meaning the question has shifted from "what did you study?" to "what can you actually do?"
For students, this is worth understanding clearly: a degree and practical skill-building are not in competition. Employers who value academic credentials increasingly expect to see them accompanied by hands-on evidence. The candidates who stand out are those who combine structured learning with demonstrated ability, using labs, certifications, and personal projects to show they can operate in real environments, not just describe them. TryHackMe sits naturally alongside university study as the place where that practical evidence gets built.
What Employers Are Actually Looking For
Across most entry-level cyber security roles, three things carry the most weight in hiring decisions.
Practical, demonstrable skills. The question employers most want answered is: can this person do the work on day one? That is increasingly evidenced through certifications that test real-world ability rather than theory recall, through participation in CTFs and Capture the Flag competitions, through hands-on lab experience, and through portfolio projects that show how you approach a problem. A well-documented writeup of a lab exercise or a CTF challenge often impresses a technical interviewer more than a transcript.
Certifications that signal competency. Industry certifications have become the most consistent way to demonstrate a baseline of knowledge. CompTIA Security+ is the most widely recognised entry-level credential and is required for many government and defence roles. For those targeting SOC analyst positions, practical certifications like TryHackMe's SAL1 validate operational ability in a way that multiple-choice exams cannot. For those moving toward offensive security, PT1 demonstrates penetration testing methodology through a simulated real engagement. These are credentials built around doing the work, not recalling definitions of it.
Relevant technical foundations. Networking fundamentals, Linux command-line proficiency, and an understanding of how systems communicate are the baseline that most technical roles build from. These can be developed through a degree, through self-directed study, through bootcamps, or through structured online learning. The source matters less than the depth.
What Each Role Actually Requires
Cyber security is not a single job. The qualifications that matter vary significantly depending on which direction you want to go.
SOC Analyst. This is the most common entry point and one of the most accessible roles in the field. Technical interviewers for SOC positions are testing for log analysis ability, familiarity with SIEM tools like Splunk, basic networking knowledge, and the analytical mindset to distinguish genuine threats from false positives. A degree is often listed as preferred but is rarely a hard requirement at Tier 1 level. A practical certification like SAL1 or BTL1 paired with hands-on lab experience will carry significant weight. Many successful SOC analysts came from IT support, help desk, or networking backgrounds.
Penetration Tester. The bar here is higher, and employers are more likely to list specific technical requirements. Linux proficiency, familiarity with web application vulnerabilities, knowledge of Active Directory attack paths, and the ability to produce professional reports are all expected. A degree in a computing-related field is beneficial but not essential if practical ability can be demonstrated. Certifications like PT1 and OSCP are meaningful precisely because they require you to perform in a live environment. Participation in CTFs is also a credible signal for junior penetration testing roles.
GRC (Governance, Risk and Compliance). GRC is one of the clearest examples of a cyber security path that does not require a deeply technical background. The skills that matter here are structured thinking, strong written communication, familiarity with frameworks like ISO 27001, NIST, SOC 2, and GDPR, and the ability to translate security requirements into language that stakeholders across a business can act on. People transitioning from law, finance, project management, or audit backgrounds often move into GRC more naturally than those with purely technical backgrounds. A degree from any discipline is well-regarded here, and certifications like CISM or CRISC become relevant as you progress.
Cloud Security. Cloud security roles typically require a foundation in how major cloud platforms operate, familiarity with identity and access management, and an understanding of common misconfigurations and attack patterns in cloud environments. This is a specialism that usually builds on either a broader security background or a cloud engineering background. Vendor certifications from AWS, Microsoft Azure, and Google Cloud, alongside security-specific qualifications, are increasingly expected.
AppSec and DevSecOps. These roles sit closest to software development and typically expect either a development background transitioning into security or a security professional who has built strong scripting and code review skills. Understanding of the OWASP Top 10, experience with CI/CD pipelines, and the ability to work alongside engineering teams are the practical requirements. A computing degree is common among professionals in this area but is not always listed as mandatory.
Transferable Backgrounds: What You Already Have May Count
One of the most underappreciated aspects of getting into cyber security is how much non-security experience transfers directly.
IT support and help desk roles give you familiarity with real systems, troubleshooting under pressure, and user-facing communication skills. Networking roles provide the foundation that SOC and defensive security work is built on. Software development experience is highly valuable in AppSec and DevSecOps. Legal, audit, and finance backgrounds align naturally with GRC. Even non-technical careers build skills that cyber security roles need: clear writing, project management, stakeholder communication, and attention to process.
The move from any of these backgrounds into cyber security is not a reinvention. It is an extension. The practical work is learning the security-specific layer on top of what you already know.
Building the Evidence That Matters
Whatever your starting point, the practical guidance is the same: build a record of what you can do, not just a list of qualifications you hold.
That means working through structured learning paths that map to real roles. It means earning certifications that require demonstrated ability rather than multiple-choice recall. It means completing labs that put you inside real tools and real scenarios. And it means being able to talk specifically in an interview about what you did, what you found, and how you approached a problem.
TryHackMe's Cyber Security 101 path is designed as that starting point for anyone entering the field, regardless of background. It covers the foundational technical knowledge that every cyber security role builds from, through hands-on labs rather than passive reading, and it connects directly to the certifications and specialised paths that lead toward your first role.
The Qualification That Matters Most
There is no single qualification that unlocks cyber security. What opens doors is a combination of things: enough foundational knowledge to operate confidently, practical experience that demonstrates you can do the work, and the ability to articulate both clearly to an employer.
A degree strengthens that combination significantly, particularly for roles where academic depth is valued or where progression into senior positions is the goal. But it is one component among several, and in most entry-level cyber security roles, demonstrable skill is what gets tested in the interview room, not the certificate on the wall.
The field is growing faster than formal education can supply it. That is an opportunity for anyone willing to build genuine ability, whatever their starting point.
Start Building Your Practical Foundation
Whether you are studying for a degree, transitioning from another career, or starting completely from scratch, TryHackMe gives you the hands-on environment to build and demonstrate the skills that cyber security employers are actually hiring for.
Nick O'Grady