Master's in Comp Sci or Cyber Security for an InfoSec career?

aderon

Which degree do you think would be more beneficial for an IT Security career if you wanted to specialize in penetration testing, digital forensics, and malware analysis? The two degrees I'm considering are either a Master's in Computer Science or a Master's in a more specialized degree such as Digital Forensics or Cyber Security/Information Security. I should be graduating with my Bachelors by year end and I'm trying to plan ahead.

I imagine one of the more specialized degrees would have a higher relation to actual security concepts, but I feel like the comp sci background could come in really beneficial when analyzing/developing code. Any thoughts?

pinkydapimp

I would probably go with cyber. It will have a little of both most likely.

phantasm

I would do Comp Sci. It's more widely known and accepted. Plus it's a good program if you can do it. If I had the brains... I would've. lol.

TechGuru80

Computer Science is geared towards developing code and tools where Cyber is more likely to have tools and such to use. Cyber will put you in a position to immediately use the tools, but CS will help you master development for down the road.

SoCalGuy858

Of the individual courses that make up the different majors, what interests you more? The (assuming) more theoretical CS classes, or the more applied cyber classes?

I definitely agree with phantasm that "Computer Science" is more commonly recognized than most varying-name "cyber" degrees, but if you don't go with what interests you, it might just end up being time / money wasted.

NovaHax

Honestly, just having a Master's, regardless of what its in, is mostly likely going to open the same doors. But you will get more out of the CompSci degree. Anybody can quickly and easily learn how to run "cyber security" tools...but the logic and programming skills you'll get from a CompSci degree are not so easily taught.

I'd say go with CompSci.

pinkydapimp

For undergrad, i agree comp sci is the degree to get. However for grad school, the goal is to specialize typically. Comp Sci is more well known, but down the road i suspect a Masters in cyber security will be handy. Plus, most good cyber programs have alot of programing. So you get both.

aderon

It seems like they both have their benefits. I guess I'll try looking for a comp sci degree that is heavy in programming but allows a specialization/minor in security

ajs1976

The applied computer science masters at DSU has a specialization in Cyber Operations. I found another one with a similiar specialization, but can't remember the school.

aftereffector

I'm in a cyber security masters right now (the WGU MSISA), and while it fits my needs at this time, I sometimes wish I had chosen a CS program instead. The cyber program will teach you a lot of useful things about how to use a tool for an exploit, but the CS graduate will know how that exploit functions, which is a lot more valuable for a cyber security professional in my opinion.

aderon

aftereffector wrote: »

I'm in a cyber security masters right now (the WGU MSISA), and while it fits my needs at this time, I sometimes wish I had chosen a CS program instead. The cyber program will teach you a lot of useful things about how to use a tool for an exploit, but the CS graduate will know how that exploit functions, which is a lot more valuable for a cyber security professional in my opinion.

Yeah that's where I'm coming from. I'm sure a good cyber sec program will teach you how a tool functions and get a general idea of how it works. But to actually be able to look at it, at its base level and comprehend it for yourself. That's the goal I'm trying to shoot for.

aderon

ajs1976 wrote: »

The applied computer science masters at DSU has a specialization in Cyber Operations. I found another one with a similiar specialization, but can't remember the school.

Thanks for the tip man! I just checked out their applied computer science master's and it's pretty much exactly what I'm looking for. The required courses look really interesting.

• CSC 705 - Design and Analysis of Algorithms 3 credits
• CSC 710 - Structure and Design Programming Language 3 credits
• CSC 714 - Database Systems 3 credits
• CSC 718 - Distributed and Parallel Computing 3 credits
• CSC 720 - Theory of Computation 3 credits
• • INFA 723 - Cryptography 3 credits
  • INFA 725 - Advanced Network Hacking 3 credits
  • INFA 729 - Advanced Web Hacking 3 credits
  • INFA 751 - Wireless Security 3 credits

pinkydapimp

aderon wrote: »

Yeah that's where I'm coming from. I'm sure a good cyber sec program will teach you how a tool functions and get a general idea of how it works. But to actually be able to look at it, at its base level and comprehend it for yourself. That's the goal I'm trying to shoot for.

A good cyber program should teach that though. It really depends on the program.

xeruan

Honestly, this question is part of the reason that I'm deciding to just do both. I realize this option isn't for everyone, but it's how I am choosing to address the issue.

UnixGuy

I would only do masters in Comp Science if I wanted to work in academia (progress to PhD) or programming. Go with the practical Cyber security masters..or even better, save your money, just do infosec certs and get experience!

YFZblu

Why not save your money and spend time actually acquiring the skills you want? It appears as though you want to follow the technical path. Outside of academia, a Master's degree won't mean much to a competent group of technical people in infosec.

aderon

YFZblu wrote: »

Why not save your money and spend time actually acquiring the skills you want? It appears as though you want to follow the technical path. Outside of academia, a Master's degree won't mean much to a competent group of technical people in infosec.

I'm just worried that with the stiff competition there is for jobs, that if I won't do something, somebody else will. My concern is that HR might weed me out before I even get to speak with the technical staff (That's been my experience when applying to most jobs in IT).

pinkydapimp

YFZblu wrote: »

Why not save your money and spend time actually acquiring the skills you want? It appears as though you want to follow the technical path. Outside of academia, a Master's degree won't mean much to a competent group of technical people in infosec.

This is far from the truth. A Masters can and will set you a part from the crowd

YFZblu

pinkydapimp wrote: »

This is far from the truth. A Masters can and will set you a part from the crowd

You're currently in sales engineering, right? That's one perspective. My perspective is that of a technical security person who conducts interviews, and instructs our (awful) recruiting companies on what qualities I am looking for in potential candidates. The notes I give them define who gets called.

aderon wrote:

I'm just worried that with the stiff competition there is for jobs, that if I won't do something, somebody else will. My concern is that HR might weed me out before I even get to speak with the technical staff (That's been my experience when applying to most jobs in IT).

I completely understand this concern - I was there myself. That being said, what you need to know is this: once you obtain your first job in security and do well, Human Resources no longer exists.

The short version is this: after 6 months in a technical purely infosec role learning, growing, finding out what you don't know, etc...companies will be falling over themselves to hire you. After my first job, Human Resources became nothing more than a formality, because I was unofficially offered jobs by people I know in the community. IMO, a CompSci degree is more than enough to get your first job; which really is the key.

InfoSec is an insane little world. Be savage about improving your skill set, seek understanding, and you can manipulate this career into pretty much whatever you want it to be - regardless of what words your resume' provides under the formal education section.

pinkydapimp

YFZblu wrote: »

Outside of academia, a Master's degree won't mean much to a competent group of technical people in infosec.

YFZblu wrote: »

You're currently in sales engineering, right? That's one perspective. My perspective is that of a technical security person who conducts interviews, and instructs our (awful) recruiting companies on what qualities I am looking for in potential candidates. The notes I give them define who gets called.

Correct. I was mostly commenting on your blanket statement and wanted OP to know that i dont believe that is the case in many situations. I get that some people, including yourself value things other than a masters. But the reality is, many do indeed value a masters (and the knowledge one gets from one) outside of acedemia. Infosec is a HUGE space so what might be valued in your role or company likely varies quite a bit from other roles and companies.

YFZblu

pinkydapimp wrote: »

Infosec is a HUGE space so what might be valued in your role or company likely varies quite a bit from other roles and companies.

InfoSec may be broad, but the OP clearly stated his goals and refined the context to pentesting, forensics, and malware. That is what my post was directed at. The vast majority of senior people in those roles care about getting people with experience and understanding, not much else. If that understanding came from a Master's degree, then that's great. But the source is not important, at all.