WGU MSISA Review

Unknown

I went to the WGU commencement ceremony a few weeks back and networked with quite a few people graduating with their BSIT. All of them work in the Security sector and highly recommended to get into that field that the security jobs in certain metro areas are tripling due to raising demand and not enough IT workers to fill the need. They all happen to be working on their MSISA at WGU as well.

I combed through the forums here but cannot find anything relevant towards the actual review of the MSISA program besides a lot of mention of busy work which is not anything out of the norm. My brother is working on his MS in Accounting at a state school and he said he is loaded with busy work.

Since the MSISA at WGU is setup to cover all of the domains of the CISSP my question is has anyone who finished the MSISA program at WGU felt they were better prepared for InfoSec positions either already working in the field or coming new to field?

smokeyalien

I just got my MSISA from WGU. I had my CISSP before that. I have been working in IT security in a roundabout fashion for several years due to my industry which is to say I am not a IT Security position directly but I have done many aspects of the work over the years. Due to my work experience and all the studying I did to get my CISSP I flew through the courses and while I didn't learn a lot there were a few little things here and there that I polished up on. Many folks like myself that have been doing this type of work for years are getting their Masters in IT security to satisfy job requirements and remain on the same academic standing as a lot of these folks who have never done this kind of work, but want the degree for those "hot" infosec jobs everyone is predicting. The problem there is that most folks chasing the degree have no experience and think that the paper will get them some mid level infosec manager position. It won't. If you want to do infosec then I recommend you get an infosec job. The degree will help enhance your knowledge and give you a broader understanding, but it won't guarantee you a job. Just look at all the out of work MBAs.

Legacy User

Thanks for the reply. I never expected the degree would guarantee anything job wise. My question was more directed to the knowledge obtained since it is a Masters program. I was hoping since its essentially 1 1/2 - 2 years of deep diving into 10 domains within the CISSP that at the end of it I am better at thinking analytically towards security.

I could easily take 3 months and cram for the CISSP and more then likely pass and my experience satisfies at least 4 domains just need 6 more months to hit that 5 year mark. But I do not want to rush I want to thoroughly understand it that is why I have been seriously considering WGU for the inexpensive education experience. Besides your honest feedback I have not seen anyone else saying that they learned anything of value just that its a lot of busy work. Which has me hesitant to take the program there.

Lets say you did not have your CISSP. Would you have learned anything of substance that you can apply at work?

I agree to your comment about all of the out of work MBA's and people who rushed to get their MS in other fields once the recession hit. All of the newly minted people with their MS saturated the market which raised the standard education wise. So when a few years back the min for a job was a HS diploma but nowadays the minimum is having a Bachelors.

aftereffector

The MSISA isn't training in the same way that a lot of certifications are - for instance, I didn't know much about configuring Cisco ASAs until I studied for CCNA Security. The MSISA, or at least the four classes I've taken so far, will give you some useful experience in creating and analyzing policy documents, defining a business continuity plan, analyzing legal issues in cyber security, and so on, but it's not really set up to train the student in any particular domain.

stryder144

Since you've finished your bachelor degree, you are only required to have four years of experience in the relevant domains in order to sit for the CISSP. This is the link that I reviewed prior to posting this.

I, too, have been considering getting WGUs MSISA but have recently been leaning more toward either SANS MSISE or possibly an MSc in Digital Forensics from Champlain, UMUC, or UCF. Unfortunately, those programs do not let you go as fast as you can, which is a great selling point for WGU (aside from the cost, naturally).

Very interesting post, I am following it in order to gain more insight before I have to make a decision. Thank you for posting it.

cyberguypr

I think the big variable here is experience. I had my CISSP walking into the MSISA, but even if I didn't have it I am positive would've ended up learning absolutely nothing. This is due to the fact that I've done most of the things covered in the curriculum at some point throughout my career. For me it's so mind numbing that 60% into the program I am still questioning if it is worth my time finishing it.

colemic

Cyber, I get what you are saying - I felt the same way - but then I realized that just mean I had really, really good work experience, that was actually preparing me for master's - level work, if that makes sense. Starting out with extensive knowledge puts you so far ahead of the learning curve, it can really seem that it's not challenging enough, but in reality it's just an incredible head start into the program.

It's theoretically like someone being an accountant for years, even with a CPA, and then going back to school to get an accounting degree. They would probably ace the coursework just on experience, even though for someone without that kind of experience, it might be really rigorous and challenging.

As far as WGU MSISA, I wish it had focused on things from a higher level, and a course or two on management/leadership, since that's the kind of roles I expect someone with a master's degree to be in. From my experience, it was geared toward making you a technical master, which even then with CEH and CHFI is questionable.

smokeyalien

Clarification:

Colemic hit the nail on the head. After several years of doing something you tend to get good at it or not do it any longer. In my case (and cyber's and other people here) that holds true which is why the MSISA seems so easy and so fast. You will also find 2 distinct types of folks taking this degree program; those that have been doing it for some time and just need to check the box and those who have never done this type of work and get bogged down fast and have a lot fo learning to do. There really isn't a middle ground. Some experienced folks jump into this degree expecting to learn a lot only to be surprised that a lot of the material is information and processes they already knew, just not formally. 3 of the classes are certification tests/practical exams. This shouldn't lead you to believe this is so much a technical degree as much as a management/policy degree. This degree teaches you the 30,000 foot view of security by getting you into all of the domains with an overview of each without getting deep enough to make you a SME. This is just like the actual CISSP where they say it is a mile wide and an inch deep. Don't go into this program thinking it is something more than that.

From a neutral viewpoint I can say I found some of the WGU MSISA courses need a lot more refinement. The biggest problem they face with this program (and maybe others) is that they have the course mentors, the course curriculum developers, and the assignment graders. These are all different people with different goals and different ideas on completing the assignments. Only the course graders (TaskStream evaluators) actually have any say on what passes. So what the graders want is what you have to give them. There are times this can mean the actual study material doesn't seem to jive with the assignments. There is some good information in the study material to learn for the sake of knowledge, but you don't need over 75% of it to complete the assignments.

Summary: If you want the manager viewpoint of security as a whole then this is a good start. If you want to be a technical security person specializing in something like pentesting then this checks a box, but it isn't for you.

Khaos1911

*Long sigh* If only I could afford to pursue the SANS Masters degree.

Legacy User

Excellent write up smokealien what you said seems like a good summation of what everyone mentioned. I wonder if the points that were already made are the general consensus or if anyone else has a differing opinion.

JoJoCal19

Hey Khaos, it's actually doable if you have tuition reimbursement at work of at least $5000/yr and you do the work study for each of the cert classes. Would take a while but if you add some of your own funds to what you would get back from work you can definitely do it within 4 years.

aspiringsoul

I paid off half of my bachelor degree student loans. They're in deferment now because I'm enrolled in the MSISA program at WGU and I am paying out of pocket for WGU.

I decided to go to WGU for a few reasons.

1. It's affordable. I can afford to pay out of pocket and complete the program in two years.
2. It's regionally accredited.
3. It's self paced. I can accelerate or move along the course work comfortably while setting my own deadlines to meet.

I work 40 hours a week (at least) and WGU seemed like the best fit for me. I have a Security+ and I worked for a bank for five years, so I'm familiar with GLBA, BCP, Disaster Recovery, Vulnerability and Risk assessments and etc...

I spent a lot of my time reviewing OSSIM and Nessus reports, while patching machines and plugging holes. It's what made me so interested in Security.

I think that WGU's program offers some good value for the money. Every other Master's in Information Assurance that I looked at was easily twice the cost aside from Dakota State University.

I agree with Colemic's post. I may not be quite as experienced as most of you, and so far, I have not learned much from the program that I didn't already know, but I'm only about 25% finished.

I won't go back to school after this unless I can get reimbursement. I will continue to study for certifications for the rest of my career though....