Author Topic: Master's Degree - InfoSec?  (Read 2222 times)

jeromedawg

  • Magnum Stache
  • ******
  • Posts: 3268
  • Location: Orange County, CA
Master's Degree - InfoSec?
« on: March 12, 2015, 03:55:28 PM »
Hey all,

So I've been contemplating pursuing a Master's Degree in infosec with an organization that I've already gotten several infosec certifications from. I graduated with a BA in Intl Studies and work as a QA Engineer now but have held several security engineering/analyst jobs in the past. Been in the workforce now for about 10 years or so. The particular organization I'm thinking about going with just got accredited and, based on some initial conversations, since they've been piloting the program even before that, seems like I would likely get accepted despite my irrelevant Bachelor's degree. They are a pretty well-known organization in the infosec industry. I know I could probably go the easier route and get an IS/cybersecurity degree from many other online universities that offers it (and for less $$$), but I've often heard that those programs aren't really that great because there's usually a detachment of real-world experience from those teaching, as well as for other similar reasons (I guess, in a nutshell, they can often be described as "mile-wide inch-deep")

My work offers tuition assistance of up to $50k for up to a 5 year graduate program (they recently changed tuition assistance providers and I think this one is a little better and more flexible at least for graudate program assistance). I would say one of the factors for me being wishy-washy before they changed providers, was definitely cost. But even then, it still wouldn't have cost *that* much for me to do considering they still would have covered a majority of the costs. At this point, I'm pretty sure the current tuition assistance would cover most if not all of the cost of the program I'm considering.

Seems like a no-brainer but I'm quite hesitant because I have an idea of how demanding the schedule is going to be. Also, it's difficult for me to get into the swing of things with any educational course I'm taking (even if it's free) because I really struggle disciplining myself to learn and practice. I told myself, after graduating and having a pretty rough time through college, that I would never go back to school again. But now that I think about it more, especially with a growing family and my wife potentially not working for a while, I start worrying about really securing and defining a career path. So I would say a lot of my reasoning for considering it would be for financial reasons.... I think I may be more potentially interested in a management position.

At this point, I know there are going to be quite a few things I'd have to sacrifice to pursue this. I'm just not sure if it would be worth it for me at the end of the day. I'm also hesitant with potentially starting school and intense studies while starting a new family (first one on the way in August).

Just seeking some plain old advice and wisdom for anyone else who has been in a similar situation...
« Last Edit: May 03, 2015, 10:43:11 AM by jplee3 »

Bearded Man

  • Handlebar Stache
  • *****
  • Posts: 1142
Re: Master's Degree - InfoSec?
« Reply #1 on: March 13, 2015, 10:24:10 AM »
InfoSec is hot right now, but I wouldn't do it, and I have some InfoSec certs as well. I think you might better be served by getting a CISSP cert and trying your hand with that. If you say you've worked in the industry in the past in one sentence, then say you are not sure you are cut out for it due to lack of technical skills, then I wouldn't pursue it.

If you want real security, go into management. Most IT positions these days, be they programming, dba, or infosec, are contract. Management positions are usually not contract so you are harder to fire. If you want to bridge the gap, get your CISM certification instead. It's the management version of the CISSP. It could help you get into a management position where you don't necessarily do hands on infosec work but oversee it. Probably best of both worlds for you. That said, infosec is a burn out field IMO, and I work with a few CISSP's and CISM's.

If you want to go into management, try getting your PMP cert, or ITIL cert. Let me know what works for you, maybe if my advice helps you out you can return the favor down the road ;-)

jeromedawg

  • Magnum Stache
  • ******
  • Posts: 3268
  • Location: Orange County, CA
Re: Master's Degree - InfoSec?
« Reply #2 on: March 13, 2015, 01:46:32 PM »
InfoSec is hot right now, but I wouldn't do it, and I have some InfoSec certs as well. I think you might better be served by getting a CISSP cert and trying your hand with that. If you say you've worked in the industry in the past in one sentence, then say you are not sure you are cut out for it due to lack of technical skills, then I wouldn't pursue it.

If you want real security, go into management. Most IT positions these days, be they programming, dba, or infosec, are contract. Management positions are usually not contract so you are harder to fire. If you want to bridge the gap, get your CISM certification instead. It's the management version of the CISSP. It could help you get into a management position where you don't necessarily do hands on infosec work but oversee it. Probably best of both worlds for you. That said, infosec is a burn out field IMO, and I work with a few CISSP's and CISM's.

If you want to go into management, try getting your PMP cert, or ITIL cert. Let me know what works for you, maybe if my advice helps you out you can return the favor down the road ;-)

Thanks for the tips. Yes, CISSP is definitely one that I need to get ramped up for - I've been so lazy with self-study. I have an old book though and I know they've changed some of the domains around and consolidated stuff. But I'm not sure if the material has changed all that much. If it hasn't then I guess I can proceed with studying out of the old Shon Harris 4th edition book I have. Maybe I should just capitalize on my company's tuition assistance for certs and take the SANS GISP course to force me to do it. Also, SANS offers the management track (MSISM) for a more management-centric masters, so presumably not nearly as technical as the MSISE. It still seems like a whole heck of a lot of work either route though.

But yeah the technical stuff excites me less than the big-picture stuff at the end of the day, at least for security. Like finding vulnerabilities, and figuring out how exploits work or how to develop them is pretty cool and all. But I'm more of the mindset that as long as I generally understand how they work, I'm most interested in figuring out how to mitigate and protect at the large scale. I like talking about security at a higher-level rather than trying to delve into the intricacies of an awesome exploit a security researcher developed (I mean, I could probably get into it but I find that it really drains me and just makes me exhausted when things get overly technical). On a side note, I keep saying I need to "automate more" but daily [support-driven] tasks often suck up my time and energy in this regard. Constant barrages of "support requests" that I end up devoting my time to researching and doing a ton of root cause analysis on, eats up most of my time. In my current role I've primarily been testing new product security features (especially integration) and then supporting other QA teams with making sure they have the correct configuration, etc when it all hits the fan (e.g. when all else fails, ask this guy [me] to figure out what went wrong). Even though it has the word "security" in it, it's far from actual security testing or anything along those lines as much as it is just new feature testing. The worst part is that it's becoming hard to track all this stuff to be able to effectively synthesize and then update my resume and Linkedin profiles. I think I need to step back and really take some time even for that.

I was considering getting my PMP and while others have mentioned I could potentially make a good project or program manager, I'm just not convinced I want to go down that route at least right now. If you put "security" in front of it though it does makes it sound more enticing LOL
« Last Edit: March 13, 2015, 02:09:34 PM by jplee3 »

humbleMouse

  • Bristles
  • ***
  • Posts: 301
  • Location: Minneapolis
Re: Master's Degree - InfoSec?
« Reply #3 on: March 13, 2015, 02:30:14 PM »
If big-picture stuff interests you in info-sec I would recommend learning Russian.  Seeing as many threats originate from Russia, you could make lots of $$$ scanning Russian forums on the darknet and identifying threats and techniques that are being used and ones that are becoming popular. 

jeromedawg

  • Magnum Stache
  • ******
  • Posts: 3268
  • Location: Orange County, CA
Re: Master's Degree - InfoSec?
« Reply #4 on: March 13, 2015, 02:33:51 PM »
If big-picture stuff interests you in info-sec I would recommend learning Russian.  Seeing as many threats originate from Russia, you could make lots of $$$ scanning Russian forums on the darknet and identifying threats and techniques that are being used and ones that are becoming popular.

Interesting take! I should also learn Chinese too - that would be good, considering I'm Chinese-American but don't know a lick of Chinese (I take that back, I know a few words :P)