Is this a good path? BS-IT security >Cybersecurity and Information Assurance....

faintingheart

Is this a good path? WGU BS:IT security and then get the WGU MS in cyber security and information assurance. All school no work: meaning I have zero work experience the whole time going to school. Then after finishing MS, I would intern for a Information Security Analyst position to get foot in the door. And work from bottom to management one day. Estimate Arrival date to get master is around 5 years. I willing to pay the price to get there in 5 years. What do you guys think of my plan?

Danielm7

I wouldn't do that. Why not work on your BS and try to get an internship during that? 5 years is a VERY long time to trade off for that schooling. Also, with WGU it really shouldn't take you 5 years to do all that, even without experience, if you aren't working that whole time.

faintingheart

Okay, what if it only takes 3 years to complete. Would it be worth it then?

(2 years for BS) + (1 year for MS:CIA)

Russ5813

I think you're greatly underestimating the value of hands-on experience in an IT environment and soft skills-- two things you won't get with just a degree. That's not to say your plan won't work, but why not try to get a job or internship while going to school? It's completely doable.

beads

Get this question once or twice a week on various accounts, particularly on LinkedIn. Below pretty much reflects what I hear after someone puts 6 plus years of effort into getting a bachelors and masters in security and IF they can find work at all. They are dismayed at the results.

Your first position with a Masters in Security with no real world experience, particularly when your school work is really just a bunch of certs attached to a "degree" will likely be an entry level SOC analyst or entry level auditor role. Same as getting just a bachelor's degree in security so there is little benefit outside of putting off making a living earlier.

Your best bet is to find a short term entry level auditor position so you begin to understand the reasoning behind security in the first place. Given you will have a strictly academic and certification introduction to the field with no fundamental understanding why business would pay someone to "squash vulnerabilities" all day is more than a bit misleading. At least this is what most new security grads tell me when they start working. Audit teaches us how business actually interacts with technology and that risk is to be measured and managed for fiscal reasons not just because we can. It may very well be a great idea to patch every machine to the latest upgrade but the cost to remediate those changes may very well cost the organization more than the cost of the vulnerability in the first place. Much the same with compliance, government mandates and organizational culture. You don't learn those things sitting in front of a computer or getting a cert.

Yes, I know it sounds harsh but this question has been asked so many times before it could become its own negative sticky. Its just the nature of the work. I find the best security people come from a wide variety of backgrounds and career functions in IT not people trained to simply see everything as a vulnerability that needs to "squashed".

Its a formula carefully examined by many over decades of practice, no matter what schools try to tell you otherwise.

- b/eads

faintingheart

I feel kinda nervous about going to get an intern with almost almost zero competency in security (only learn some security in the network+ cert) otherwise I don't know much. Sounds like getting an intern is the best way, from the info you guys are giving me. I'll try to look for an Internship as soon as I buy a car LOL. I don't even have a car right now.

PJ_Sneakers

First things first.

Russ5813

I wouldn't sweat getting an InfoSec job/internship just yet. If you find one, great, but working helpdesk is a good way to begin understanding how various sections (Security, network, PLYPLN, HD) work with one another, which is extremely useful.

Danielm7

For what it's worth, WGU isn't going to help you find an internship either, it's not really part of their model.

markulous

I'd recommend getting into a SOC or help desk if possible before trying to get into your Master's. If I saw someone with a MS in cyber but with no experience, I probably wouldn't interview them for a security analyst role unless it's one of those rare train from the ground up opportunities.

faintingheart

Will help desk help me build experience toward Information Security Analyst in the future? Fast foward way in the future I would like to be someone important in the IT Field (management in security I guess?). The only certification i have currently is the Comptia Network+ and I just started WGU in October. Is help desk an easy (or doable) job? If it's doable maybe I can be help desk and go to school at the same time.

markulous

That's what I did. I worked at a help desk that had A LOT of downtime and finished my BS there.

You need to have experience with what you're securing, so Help Desk allows you to get experience to do that. I love education and certs as much as anyone here, but you pretty much have to have hands-on experience in a corporate environment

faintingheart

That's sounds like what I will do too. I will look for a help desk job once I obtain a used car. Thanks Markulous and all.

faintingheart

Okay i found this website http://www.jobskillshare.org/ is it a good idea to use this website to train myself to become a helpdesk support?

Remedymp

For what it's worth, where I worked, a Masters degree in Cyber Security will get you into a Senior Sec Analyst role with no experience.

TheFORCE

faintingheart wrote: »

Okay i found this website http://www.jobskillshare.org/ is it a good idea to use this website to train myself to become a helpdesk support?

You don't need to train yourself to become a helpdesk tech. The company will train you, all they need is someone that can be trained and someone that is willing to put in the time. Going to school for IT is something that will help you get those interviews.

faintingheart

So they don't expect me to know help desk by myself? Oh well that's easier then training myself. I was planning to split 60 percent for school work and 40 percent for help desk training. But since you say that, then the company will train me.


Rememdymp, your the first to say i don't need experience if i obtain my Master. I don't really know what to follow. I guess just bet on doing help desk and go from there? Experience is better than none , right right?

"Going to school for IT is something that will help you get those interviews."
I will take that advice, thanks pal!

OctalDump

Working while studying has two obvious advantages: an income and experience. If you are working somewhere where your studies are relevant to your work, you can get some synergy between the two, and it can make both easier. WGU's great advantage is that it is very flexible, so makes working while studying much easier.

If you are just starting out, then I'd get whatever IT role you can get, and study around the work.

Master's degrees without experience are not giving as a big a bang for buck as a Bachelor's or Associate level degree would. I'd consider the Master's once you are about 5 years into your career. It's long enough to get a good grounding in your field, and a good sense of what you want to do.

The exception to this would be if you had a clear path where you knew the Master's was necessary or would be a big advantage eg academics.

dmoore44

Just curious... but what has caused you to decide that security is the role you want to pursue? Pursuit of the bachelor's degree is a great first step towards a career in the broader IT space, but just to be clear, security is only one component of the whole and is usually a niche that someone moves towards after a few years in a more general IT position (server admin, net admin, DevOps, DBA, etc...). The general theory goes that the most effective security analysts are those that have experience with the technology that they're trying to secure.

As with some of the other responses above, I'd also caution you to wait a few years before pursuing a master's. I think you'll get more out of the master's program if you've got a few years experience, but, perhaps more importantly, your contributions to class discussions and homework assignments will be much better. Or, you may also decide that once you get in to security, it's not what you expected, in which case, you'd probably be glad you didn't spend time, effort, and money pursuing an education that's not going to be directly applicable to your career.

markulous

faintingheart wrote: »

Okay i found this website http://www.jobskillshare.org/ is it a good idea to use this website to train myself to become a helpdesk support?

Helpdesk is different than a security role. For a lot of those jobs, I think people are willing to train the right person. I would focus on your BS and certs and start applying. We just hired someone at my job that didn't have a lick of IT experience, but was definitely motivated and showed he was a quick-learner. For entry-level jobs, that's a lot of times what they are looking for.

Danielm7

dmoore44 wrote: »

Just curious... but what has caused you to decide that security is the role you want to pursue? Pursuit of the bachelor's degree is a great first step towards a career in the broader IT space, but just to be clear, security is only one component of the whole and is usually a niche that someone moves towards after a few years in a more general IT position (server admin, net admin, DevOps, DBA, etc...). The general theory goes that the most effective security analysts are those that have experience with the technology that they're trying to secure.

As with some of the other responses above, I'd also caution you to wait a few years before pursuing a master's. I think you'll get more out of the master's program if you've got a few years experience, but, perhaps more importantly, your contributions to class discussions and homework assignments will be much better. Or, you may also decide that once you get in to security, it's not what you expected, in which case, you'd probably be glad you didn't spend time, effort, and money pursuing an education that's not going to be directly applicable to your career.

Read this, over and over. You have zero experience in IT and you're already planning out your MS and future. What about security interests you? If it's based off a movie or TV show you might want to change your plans now.

PJ_Sneakers

I work with two people who have masters degrees in cybersecurity. Neither one can tell me what multifactor authentication is. They can't tell me what ARP does. They don't know what a subnet mask is. Neither knows the difference between symmetric and asymmetric encryption.

They literally don't know anything about cybersecurity, other than the definition of cybersecurity.

Please don't be one of them.

Remedymp

PJ_Sneakers wrote: »

I work with two people who have masters degrees in cybersecurity. Neither one can tell me what multifactor authentication is. They can't tell me what ARP does. They don't know what a subnet mask is. Neither knows the difference between symmetric and asymmetric encryption.

They literally don't know anything about cybersecurity, other than the definition of cybersecurity.

Please don't be one of them.

Although I would be inclined to agree with you that there are less technical people available. I just find it hard to believe you ran into someone who acquired that much education and they couldn't tell you what Multi-factor authentication was or the various forms of encryption.

markulous

PJ_Sneakers wrote: »

I work with two people who have masters degrees in cybersecurity. Neither one can tell me what multifactor authentication is. They can't tell me what ARP does. They don't know what a subnet mask is. Neither knows the difference between symmetric and asymmetric encryption.

They literally don't know anything about cybersecurity, other than the definition of cybersecurity.

Please don't be one of them.

Are they in a security role or are they just help desk guys that happen to have a MS in cyber? That's pretty bad if they are in security...

cyberguypr

I have also come across many people with CyberSec masters that couldn't answer what I consider basic questions, including symmetric vs. asymmetric. Some of them were "technical", others were GRC types, some had no experience in security whatsoever. I even had one guy that completely blew my mind (for the wrong reasons). He had an IT undergrad, cyber masters and was a PhD candidate also in cyber. He did some dev work in the 90s and since the .com bubble popped he's been doing crappy minimum wage jobs totally unrelated to IT. I fail to see how in his mind more education was the solution. If he grabbed whatever IT job he could get years ago, I am sure the story would be different.

To the OP, as others said make sure you are doing this for the right reasons.

Danielm7

Remedymp wrote: »

Although I would be inclined to agree with you that there are less technical people available. I just find it hard to believe you ran into someone who acquired that much education and they couldn't tell you what Multi-factor authentication was or the various forms of encryption.

I interviewed a few people with BS degrees from a good B&M school in security that couldn't answer those questions. A couple couldn't even tell me what a VPN was or why you might use one, it's crazy.

beads

@Redemdymp;

You need to attend more local security meetups and get a real taste of the droves of idiots who think security is something that comes in an off the shelf box you buy at the big box store down the road.

I meet people with the CISSP that have been just as bad. Learn enough to get through an exam then quickly forget it all. Nothing uncommon about it at all.

- b/eads

kiki162

One of the more important things to think about is what does a BS or MS degree really get you these days? Without some type of hands-on practical experience, it's not going to help you in the long run. You may understand some of the technologies and may have played with them a little while in school, but you really need the experience to get the job.

Regardless of the field you are in or want to get into, you'll always have to start at the bottom. This is very important in the IT field in general. In order to get into a "cybersecurity" type of position, you need to have a solid understanding of system and/or network administration, along with some programming experience. You can't **** the system either, even if you were to say get into a position, w/o the basic skills set in place, things will eventually catch up to you.

Remedymp

I am sad to see the comments about people having all of this education and certs and not knowing how to tie their own shoe. :^(

faintingheart

Don't worry guys/gals I will "Tie my own shoes" because I'm going to work from the bottom of the food chain to the top. I'm going to do helpdesk and work my way up into becoming the Whale I am destin to be (j/k i joke, i joke). But yes I will do helpdesk and climb up the ladder of hope.

PJ_Sneakers

No, this isn't a help desk. This is government.

I firmly believe that the things I mentioned (ARP, subnetting, asymmetric/symmetric, etc.) are undergraduate level topics. It's very disappointing to me that I have to carry the majority of the burden for... other people who are more credentialed than I. It's how it goes though.

The field is saturated with people getting these degrees.

EDIT: To include me, since I am also pursuing an MS in cybersec.