The section “How to enter infosecurity” has one section which discusses how to enter the field with a university degree. But it also notes: “However, you shouldn’t think of this as a prerequisite — there are many successful security practitioners without a formal degree.” The following section discusses how to enter the field without formal training.
Whether any given individual should pursue a degree depends on a bunch of individual factors.
Your suggestion that EA orgs should have a “head of security” of some sort sounds plausible in many cases. But a lot will depend on the size of the organisation, its specific security needs, what other duties this person would be responsible for, etc., so it’s hard to be generally prescriptive. As the review lays out, there’s likely to be an ongoing security needs for many impactful orgs for the foreseeable future, and expertise in this domain will be needed at a variety of levels.
Thanks Yonatan! I was the editor of this review.
The section “How to enter infosecurity” has one section which discusses how to enter the field with a university degree. But it also notes: “However, you shouldn’t think of this as a prerequisite — there are many successful security practitioners without a formal degree.” The following section discusses how to enter the field without formal training.
Whether any given individual should pursue a degree depends on a bunch of individual factors.
Your suggestion that EA orgs should have a “head of security” of some sort sounds plausible in many cases. But a lot will depend on the size of the organisation, its specific security needs, what other duties this person would be responsible for, etc., so it’s hard to be generally prescriptive. As the review lays out, there’s likely to be an ongoing security needs for many impactful orgs for the foreseeable future, and expertise in this domain will be needed at a variety of levels.