Master's or CISSP?

Trying to decide what to do here. I have a B.S. in IT and was thinking about the CISSP next. But now wondering if a Masters first would be the better route? I'm not real familiar with WGU but apparently it is fairly well accepted in the IT realm? I had looked into the IA program at PSU, partially because of the pedigree but with the cost it isn't likely to happen. The WGU program is a little more attainable, both in cost and time. I figure I shouldn't have much trouble completing it in 1 year. If I go for the CISSP I would probably spend the next 4 months or so studying but don't think I would get as much out of it as the Master's at this point in time. I would still plan to complete the CISSP later.

Thoughts/opinions?

Find more posts tagged with

Comments

TheFORCE

What do you want to become? Do you want to become a C-level executive or do you want to be in mid level management? If C-level then yes, Masters would have better RIO, if mid level manager then CISSP for short term RIO.

Terminator X

I would say do the quicker of the two first. You can obtain your CISSP first then go for your Master's. Do not under any circumstances try to do both simultaneously. I was fortunate enough to be able to obtain both however I got my Master's first because I didn't know about being a CISSP at the time. Now I have both which frees my time up for other certs. I agree with everything TheFORCE had to say.

fmitawaps

TheFORCE wrote: »

What do you want to become? Do you want to become a C-level executive or do you want to be in mid level management? If C-level then yes, Masters would have better RIO, if mid level manager then CISSP for short term RIO.

RIO = Return Investment On?

Terminator X

fmitawaps wrote: »

RIO = Return Investment On?

LOL...I knew that was coming from someone.

NOC-Ninja

Both! Master is for HR and so that higher ups with masters wont blink. CISSP is icing in the cake.

OctalDump

Which WGU are you thinking of? If you go for the Cybersecurity and Information Assurance, then doing the CISSP first should make the degree easier, which hopefully means faster, which means cheaper. If you go for one of the IT Management degrees, then there would still be some crossover, but not quite to the same degree.

But it also depends on where you are in your career. They aren't likely to give the new guy with almost 5 years experience a C level position (often even if you are the best candidate) whether you have an MBA or not. So if you know that the Management degree isn't going to pay off for a couple more years, then getting that CISSP could be a good move. On the other hand, if you're already in middle management, leading a reasonable size team and largish projects, then that Master's could be the only thing you need to make the next step, and a CISSP might not add much value.

TheFORCE

Terminator X wrote: »

LOL...I knew that was coming from someone.

It was really late when I posted that, after a really long day. Don't crucify me for a typo lol.

dhay13

Geez...i thought theFORCE was sending on a vacation to RIO

Thanks guys. I am at about the mid-stage of my career with about 10 years experience but I am currently not at a managerial level. Just looking to set myself up for my next opportunity and make myself stand out a little. I would like to be C level at some point but not in a hurry to get there, management level yes. Although I have an A.A.S. in network security, I am fairly new to this sector, having spent most of my career as a Systems Admin, although I did handle AD, Group Policy, permissions, etc.

I like the idea of doing the quicker one first but I think I'm looking for the bigger 'pop' first as I am currently searching for new jobs

Danielm7

Terminator X wrote: »

I would say do the quicker of the two first. You can obtain your CISSP first then go for your Master's. Do not under any circumstances try to do both simultaneously. I was fortunate enough to be able to obtain both however I got my Master's first because I didn't know about being a CISSP at the time. Now I have both which frees my time up for other certs. I agree with everything TheFORCE had to say.

Agree with this. I did my CISSP first because I could self study for it a lot faster than my MS and it was far cheaper out of pocket. It also helps contract negotiations with work quite a bit. In security I don't see an MS as a huge selling point, but I'd like to do it at some point anyway.

OctalDump

dhay13 wrote: »

Thanks guys. I am at about the mid-stage of my career with about 10 years experience but I am currently not at a managerial level. Just looking to set myself up for my next opportunity and make myself stand out a little. I would like to be C level at some point but not in a hurry to get there, management level yes. Although I have an A.A.S. in network security, I am fairly new to this sector, having spent most of my career as a Systems Admin, although I did handle AD, Group Policy, permissions, etc.

I like the idea of doing the quicker one first but I think I'm looking for the bigger 'pop' first as I am currently searching for new jobs

I'd go for the CISSP. If you are sticking in Info Sec, then good part of your competition for middle management roles will have it. It also puts you more in the mindset of management, and will make the Master's a little easier. It would be nice if WGU gave you credit for it (which they probably should in a sane world, as their Cybersec and Assurance course looks to rehash a good part of it), but at the moment, they don't.

Cheaper and easier, and likely will make the best financial and professional sense in the long run.

cwelber

Some schools like mine (Excelsior - online and huge with the military) actually offer 3 graduate credits for the CISSP. So I have my CISSP now and I'm two classes away from my masters. I think having them both puts you in a great position. Certs are great, but degrees show you can actually write a decent paper and understand how professional research is done.

A cyber masters is also a great platform for a future PhD too. I think security guys who hold both can write their own tickets and get higher compensation, plus have great job satisfaction. With that said the academic work at a master's level is no joke and very challenging, but it makes you a better professional in my opinion. I think poor writing and communications skills keep some folks in our industry from advancing.

I would look for a master's program which accepts the CISSP for credit, and this way you will be working towards you masters while you study for the CISSP.

danny069

I'm finishing up my B.S. in Cyber Security/Digital Forensics and then starting my Masters in the Fall, before I start I plan to obtain my CISSP. For me, it's never one or the other, it's both.

dhay13

I definitely plan on the CISSP and probably the M.S. Sounds like the concensus is CISSP first.

TechGromit

TheFORCE wrote: »

If C-level then yes, Masters would have better RIO, if mid level manager then CISSP for short term RIO.

HUH? The average cost of a master degree is $40,000 and requires a full time commitment of two years. Studying and passing the CISSP is less than $1,000 in study materials and a 6 to 9 month time commitment. On average people with masters degrees in computer science earn $80,400, compared to CISSP $108,000, the CISSP is a way better investment in my opinion.

OctalDump

TechGromit wrote: »

HUH? The average cost of a master degree is $40,000 and requires a full time commitment of two years. Studying and passing the CISSP is less than $1,000 in study materials and a 6 to 9 month time commitment. On average people with masters degrees in computer science earn $80,400, compared to CISSP $108,000, the CISSP is a way better investment in my opinion.

But that isn't the comparison you need to make. The comparison would be for someone with ~10 years in IT, ~5 in Info Sec, a BS and AAS, how much extra would getting a CISSP give them compared to getting a Master's, right now.

Then for C-level positions, how much more would an MBA add compared to CISSP? If the average CIO or CISO has an MBA and earns 170k, then maybe that MBA is worthwhile. If the average CIO or CISO or CTO or CSO or whatever earns 120k AND has an MBA, then yeah, it will take years to break even.

If you are talking about people in general with a master's in CS, then you are including all the new graduates, all the people working in lower paid fields, all the people without much experience. CISSP means at least 5 years working in Info Sec domains, and probably means also that you are a fair way above junior. So a CISSP is in a high demand field, with experience, and proven industry specific skills.

It's not about IT jobs in general, but about the specifics of your situation at this point in your career in your market. And for most people there isn't a enough good data to be sure.

The other point that sometimes gets lost in this, is that it isn't just about money. Some people like to develop professionally, and find that at a point a Master's degree is the best way for them to grow in the way they want. Particularly in IT as you get more senior and have to work at more abstracted levels and understand the business better, something like an MBA or other business oriented degree (like the MS IT Management) becomes quite attractive.

No_Nerd

I can agree with another member here . " do not try to do both" I did and I failed CISSP and it caused my GPA to slide a bit in gard school....

renacido

Look at job postings for the roles you're aiming for now. Choose the credential that seems more important to the people potentially hiring you.

I'm betting that will be CISSP.

In most mid-senior level infosec job postings I've ever read is the qualification, "BS/MS in IT, CS or related field, or X years of relevant full-time experience". CISSP or "an equivalent certification" is always "strongly desired" or "a plus". So if you've got deep infosec experience, HR won't stop you for lack of a degree, and the actual hiring manager won't even care about it, unless they have a strong personal feeling about degrees and pedigree. Most hiring managers really want someone with lots of relevant experience and a proven track record. Degrees and certs are credibility indicators when the experience and employment record is not as solid or deep. There are exceptions, sometimes in Gov or HigherEd, sometimes finance, because those companies in general have a higher median education level and therefore it's part of their culture. In those cases it's more of a culture-based qualification than anything else.

CISSP won't get you a job, but not having it might get you passed over when they select candidates for interviews.

FWIW, I just accepted an infosec manager role at a large company. I don't have a Masters Degree and probably never will.

TheFORCE

TechGromit wrote: »

HUH? The average cost of a master degree is $40,000 and requires a full time commitment of two years. Studying and passing the CISSP is less than $1,000 in study materials and a 6 to 9 month time commitment. On average people with masters degrees in computer science earn $80,400, compared to CISSP $108,000, the CISSP is a way better investment in my opinion.

The CISSP can get you up to a certain step on the ladder and should not be confused as the golden standard for making huge amounts of money.

All depends on what the OP wants to do and as I mentioned earlier, if someone wants to become a C-level executive, the Masters will get you there faster than a CISSP. Having both though will add more points to your resume.
We are not talking about people with masters degree in computer science vs people with CISSP. We are talking about what is more beneficial for someone at a particular point in their career while at the same time considering future possibilities for advancement. Even though the Masters will take longer, it will add the value and recognition that companies look for someone that they want to hire as a CIO/CISO/CTO etc.

renacido

TechGromit wrote: »

HUH? The average cost of a master degree is $40,000 and requires a full time commitment of two years. Studying and passing the CISSP is less than $1,000 in study materials and a 6 to 9 month time commitment. On average people with masters degrees in computer science earn $80,400, compared to CISSP $108,000, the CISSP is a way better investment in my opinion.

You have a point here, but this is really what those statistics represent:

Those in high-paying positions in infosec are more likely to have a CISSP than an MS.

NEITHER is a pass/fail or stop/go qualification for any high-paying infosec job.

Trust me, there are plenty of CISOs who don't have a Master's Degree. An MS is not a key to the C Suite.

A CISSP becomes very "meh" once you've sat in an infosec manager's chair long enough to break it in. It, along with CISM, CRISC, etc, and YES an MS degree do help as credibility indicators for a Security Director, CISO, CIO job.

But the ONE and ONLY real stop/go qualification for CISO is EXPERIENCE at the level that immediately precedes those positions - Director/Manager of Info Security. And normally, no one goes from infosec to CIO without a tour of duty as CISO.

Degrees and certs are good for you and they help you advance in your career. But those alone are not golden tickets.

wd40

Not many people in IT Know what CISSP is, in Business only few people know what CISSP is.

I think for a c level position, it will be easier for Business to hire a guy with an MBA and other certificates than hiring a guy without an MBA and having to understand and explain that he is a CISSP and other unknown acronyms.

renacido

wd40 wrote: »

Not many people in IT Know what CISSP is, in Business only few people know what CISSP is.

I think for a c level position, it will be easier for Business to hire a guy with an MBA and other certificates than hiring a guy without an MBA and having to understand and explain that he is a CISSP and other unknown acronyms.

Those involved in hiring a CISO (CIO, CEO, and BoD) will know or be informed of what are relevant certifications for the role, including CISSP.

An MBA would be a positive thing but it's definitely not more relevant to the CISO role than a CISSP, CISM, CRISC, or TOGAF certification.

dhay13

FWIW the only way i will be doing the M.S. is through WGU. i have looked at other options and not sure i can justify the cost based on my situation. i have quite a substantial line of student loan debt already. but i plan to do the CISSP either way, whether i do the M.S. or not, just a matter of which to tackle first. from the sounds of the replies the CISSP seems to make more sense for me.

Drjonz1911

Dhay13 did you ever start youR Masters with WGU? I have a few questions.

mbarrett

There are Masters programs which incorporate much or all of the CISSP study into their degree, FWIW.

dhay13

no. i am scheduled to take the CISSP next month. Masters is on hold for now

beads

Two hours versus two years... Let's see here.

A WGU Masters will orientate you more toward hands on work, I agree. Management? Questionable but probably works for someone in a quasi-managerial role. Leadership role? A well respected MBA not certs are the way to go.

- b/eads

GreenLantern

beads wrote: »

Two hours versus two years... Let's see here.

A WGU Masters will orientate you more toward hands on work, I agree. Management? Questionable but probably works for someone in a quasi-managerial role. Leadership role? A well respected MBA not certs are the way to go.

- b/eads

agreed, CISSP will be a better investment over a masters degree.