Start working as a B.Sc. or pursue M.Sc. in Computer Science

t0kt0k Registered Users Posts: 2 ■□□□□□□□□□
Hi,
I'm a long time reader of this forum. Thank you for all the advice you have given me. This is my first post.

I'll finish my Bachelor in Computer Science in a few months. Currently, I'm working part time as a software developer. I'd love to become a pentester. Hopefully, I'll pass my OSCP exam next month. This is my first certificate I have ever taken.

What advice can you give me for my next steps?
1. Finish my Bachelor and apply for a trainee program for pentesting?
2. Pursue a Master in CS first and do some more certs like OSCE and then directly apply for a pentesting job?
3. Something else?

I have spoken with some people, not from InfoSec which started working as a bachelor, and they say that they don't regret not pursuing the M.Sc.

Thank you in advance and happy christmas!

Comments

  • Danielm7Danielm7 Member Posts: 2,310 ■■■■■■■■□□
    I'd jump right in and start working, a BS in CS is the gold standard for most IT jobs, you should be more than fine. Especially if you're going for pentesting, knock out the OSCP and you're good to go. If you really want an MS degree later wait until someone else pays for it and it do it while working. If you're already doing CS too check out the Georgia Tech program, it's super cheap, all online and a great name on your resume.
  • cyberguyprcyberguypr Mod Posts: 6,928 Mod
    Yep. This field moves too fast and as a result experience is king. You'll be best served by gaining valuable experience instead of jumping into a masters right away. Once you get acclimated to your new job, you could look into starting the masters.
  • the_Grinchthe_Grinch Member Posts: 4,165 ■■■■■■■■■■
    If you obtain the OSCP then you will be in good shape and can complete the Masters whenever you'd like (preferably with your employer helping you). The great thing about IT and Information Security is that certification and experience can get you where you want to go. When you are ready to start your Masters I would suggest DSU. My boss is in their doctoral program and they offer a Masters in Applied Computer Science with a focus on Cyber Operations. Based off of what I have seen of my bosses course work their offering is top notch, you will network with students that work in three letter agencies, and be working with some really good professors at a more then reasonable cost.
    WIP:
    PHP
    Kotlin
    Intro to Discrete Math
    Programming Languages
    Work stuff
  • DatabaseHeadDatabaseHead Member Posts: 2,754 ■■■■■■■■■■
    It depends on your situation, personally IMO if you can get the M.Sc knocked out immediately you will no longer have to worry about it, thats a huge win.

    The OSCP certification is big as well and the fact you are working in development is the biggest.

    Can you keep your part-time gig while working on your masters? IMO gaining 2 - 3 years of development before moving into security would be HUGE. And when you are listing out your jobs (let's say for 2 years) you don't have to list it as part-time employment.

    Follow your instincts they have served you extremely well.
  • jdancerjdancer Member Posts: 482 ■■■■□□□□□□
    Danielm7 wrote: »
    ...wait until someone else pays for it and it do it while working...

    Have your employer pay for it.

    However, if you really want that master's, have the government pay for it via CyberCorps Scholarship For Service. You pay back the government via civilian service. Either way, you get both academic and professional experience.
  • TrailRunrTrailRunr Member Posts: 6 ■■□□□□□□□□
    I agree you need to start working right away. The federal government program is a bad idea for those who can become gainfully employed in IT after their BA/BS. That's two or more years of full-time study while sacrificing a salary for a small stipend and two years of industry experience. It's much better to have your employer pay for it while taking classes part-time. If your employer won't pay for it, that's a really bad sign that you need to step it up at work or you need a different employer. On the other hand, the ROI of the MSCS is very questionable for most folks even when the employer pays for all of it due or when it's cheap like the OMSCS due to the massive time commitment. Almost all positions in run-of-the-mill companies won't require a MSCS. If you're working at Google or Facebook, that's different.
  • si20si20 Member Posts: 543 ■■■■■□□□□□
    Honest opinion? Scrap the MSc. I did 1/3 of my MSc before realising it was absolute, utter, sheer trash. I regret spending my own money on it. Put simply, it was years and years out of date. The lecturer kept telling us how insecure Windows was because it runs everything as admin - umm....UAC? Vista? Come on now...

    I lost an awful lot of respect for academia when I did my MSc. A lot (not all, but a lot) of academics are useless in the real world. One of our top security lecturers was bragging about being offered a 23k job (UK £, not USA $). 23k for having a PhD in security??

    In short: the OSCP is a great cert and trumps a MSc completely. However, as I mentioned in another thread, the OSCP is very bad when it comes to SQLi and XSS - which are covered heavily in today's pen-testing roles. You might want to consider getting a certification revolving around SQLi and XSS on top of the XSS and you're golden. But definitely start working and unless you get an MSc paid for, I personally think they're a big, big, big waste of time.
  • OctalDumpOctalDump Member Posts: 1,722
    The best IT guy I know did CS followed by a Master's. Lots of people thought he was crazy, but he's never had a problem finding well paid work, and hasn't had to go back to school to "upgrade" or refresh. But he was the kind of guy writing applications in assembler in high school.

    Or do both? You could get settled into work, and then start a Master's part time. If you work for the right kind of company, they might even support you to get the Master's. The ideal thing is where your studies and work synergise, so you can use what you are studying in your work and consequently learn it better, and also get interesting ideas to put back into your studies.

    On the other hand, a Bachelor in CS + OSCP + something like CISSP will probably keep you in work for the next 5+ years. And at that point, you might have a better idea of what you want to do.
    2017 Goals - Something Cisco, Something Linux, Agile PM
  • t0kt0k Registered Users Posts: 2 ■□□□□□□□□□
    Thank you all for your advice! I thought a lot about it in the last few weeks, but this is what my gut feeling was telling me. I just wanted to know if I'm headed in the right direction. I'll apply for a job right after my bachelor this summer.
    If I really feel the need for a MSc, I can do it later. You have helped me a lot.
  • DatabaseHeadDatabaseHead Member Posts: 2,754 ■■■■■■■■■■
    OctalDump wrote: »
    The best IT guy I know did CS followed by a Master's. Lots of people thought he was crazy, but he's never had a problem finding well paid work, and hasn't had to go back to school to "upgrade" or refresh. But he was the kind of guy writing applications in assembler in high school.

    This is really why you do it. You do it so you never have to go back and do it again. You stay current through training, real world projects and work, seminars etc.... The sooner you get it the more it will impact your career.
  • si20si20 Member Posts: 543 ■■■■■□□□□□
    OctalDump wrote: »
    The best IT guy I know did CS followed by a Master's. Lots of people thought he was crazy, but he's never had a problem finding well paid work, and hasn't had to go back to school to "upgrade" or refresh. But he was the kind of guy writing applications in assembler in high school..

    If he was writing assembly code in high school, he was 2-3x ahead of any MSc program that I know of. He probably aced his MSc because it was easy compared to writing apps in assembly.
  • lucky0977lucky0977 Member Posts: 218 ■■■■□□□□□□
    Assembly, C++, C# and Java make up the bulk of a BSCS degree so I don't know what Master's program you're referring to.
    Wish they would've taught us Ruby and Python but I guess once you know one language, the others you will have to learn on your own.
    Bachelor of Science: Computer Science | Hawaii Pacific University
    CISSP | CISM | CISA | CASP | SSCP | Sec+ | Net+ | A+
  • OctalDumpOctalDump Member Posts: 1,722
    si20 wrote: »
    If he was writing assembly code in high school, he was 2-3x ahead of any MSc program that I know of. He probably aced his MSc because it was easy compared to writing apps in assembly.

    Well, I know that one of the things he learnt in the Master's was Operating Systems and Filesystems. He wrote his own software to image and recover files "for fun" based in part what he learnt in that course.

    I'm not sure how much assembler was in either the Bachelor or Master's, but programming is about more than knowing the syntax of a language. Fun stuff like algorithm theory and how to write properly structured code, and work as part of project, requirements gathering, systems analysis and all those other things that make the difference between someone who can program and a software developer/engineer.
    2017 Goals - Something Cisco, Something Linux, Agile PM
  • TechGuru80TechGuru80 Member Posts: 1,539 ■■■■■■□□□□
    t0k wrote: »
    What advice can you give me for my next steps?
    1. Finish my Bachelor and apply for a trainee program for pentesting?
    2. Pursue a Master in CS first and do some more certs like OSCE and then directly apply for a pentesting job?
    3. Something else?

    Well definitely finish your Bachelor's degree. If you really want to be a pentester I don't think a Master's degree will be extremely helpful. Do you actually have knowledge of how networks and computers work outside of programming? If not you really need to get spun up on securing operating systems / networks and how they work.

    Once you have enough knowledge of networks and systems....if you can complete OSCP do it, otherwise if it seems difficult start with the C|EH followed by OSCP. From there I would start getting into bug bounty programs and try to develop CVEs. If you get pretty good at that you are likely to land a job....if you still can't then proceed to OSCE.
Sign In or Register to comment.