The role of an ethical hacker is only one of the many career paths available in the cyber security industry, but it’s worth noting that more than half (58%) of hackers are self-taught, according to a recent report from HackerOne.

Astoundingly, the report found that fewer than 5% of hackers learn their skills in the classroom. In addition, only 42% of undergraduate computer science programs offer three or more info security-specific courses.

If the learning isn’t happening in the classroom, it’s worth asking: Is a formal education critical, or even necessary, for a career in cyber security?

The classroom cannot solve the skills gap

HackerOne CEO Marten Mickos answered a firm yes, particularly when talking about the whole of cyber security as an industry. “Formal education is absolutely needed and should exist in every computer science program; however, security cannot be solved alone and therefore education should not be confined to computer science programs and graduates,” he said. “The broader connected society must prioritise security, because the cyber security skills gap will never be solved in a classroom.”

Whether a person desires to be a white hat hacker or a security analyst, there are so many different paths one can travel to learn, earn and advance in a cyber security career. “As a society we have to accommodate the various personalities we find,” Mickos said. “We should let humans learn the way they learn best, and we should not limit or discriminate in any way because we need to bring this education to millions of people.”

Learning in different ways

The future of the industry holds a lot of promise, and those organisations that understand the potential of what is to come are interested in blending their teams. That there are many different types of problems to solve demands that people from all different mindsets come together. That diverse collection of professionals will and should learn differently.

“Information security is something that should permeate everything we do in the digital realm. It’s not the responsibility of the few but rather the responsibility of the entire connected society. Those who use software (every human being) should get training in basic cyber hygiene,” Mickos said.

Source: Security Boulevard