Opinions: MSISM or MBA?

cbush33

I've been on the technical side for about 8 years now and have finally moved into a SOC management role. My desired career path is upper management (Director/CISO/CIO), and I was wondering which program is more likely to appeal to CIO's/CEO's.

Looking at the SANS MSISM, it just seems more impressive to me (By far really) than a standard MBA, however I fear not many CIO's/CEO's will really know what it entails and will be more attuned to tried and true MBAs.

Assuming knowledge, skill, management experience, ability to pass said programs is all good, which of these two simply looks better on paper/at first glance to a C level hiring manager?

Current Certs: CISSP, GCHI, CEH, CCNA, SEC+

(Also, I thought about CISM but I feel CISSP+a masters degree will really outshine this anyway)

TechGuru80

MBA. They are very unlikely to know what an MSISM means or even is for starters. Also the MSISM isn't going to teach you subjects like accounting and other business functions like an MBA...it will teach you to manage InfoSec processes.

TechGuru80

What is your undergraduate degree in? If it's business than MSISM is ok (expensive but ok)...anything but business undergrad and stick with my advice above.

kiki162

I thought about SANS at one point. If you really want to get into it, you'll probably get a better ROI doing one of their Graduate Certificate programs. There are plenty of good Masters programs online that you can get into. If you really want to get some brownie points, take a look at CMU's MSIT program (Carnegie Mellon University's Heinz College - MSIT Distance Track). Stanford has a online Master’s program as well. I don't think an MBA is really going to be the best path for you.

NetworkNewb

This may help: What CIO Wannabes Need to Know About Where the CIO Career Path Is Heading

cbush33

Appreciate the replies so far; I have a Bachelors in Information Security and Assurance btw. So it sounds like going the full MSISM path probably isn't going to be helpful in the long run. I'm not really sure about the grad certificates, it seems like with a Bachelors + CISSP those wont really provide much value?

The Carnegie Mellon one is interesting. I've looked at their cyber security program before as CM is one of the most respected universities in the country when it comes to InfoSec, along with NYU. with 12 semesters though, and no classes being skip-able (like with SANS MSISM due to GCHI and CISSP crossover), it seems to be even more of a significant undertaking.

I also have a terrible Undergrad GPA and even though I've done great things to separate myself from those care-free days of 8 years ago ( i graduated in 2009), I was recently denied admission to NYU's masters in infosec program... even though my employer at the time was the primary sponsor of said program. With the MBA, I figure my alma mater should accept me with my experience. Any idea if SANS has strict GPA requirements?

cbush33

NetworkNewb wrote: »

This may help: What CIO Wannabes Need to Know About Where the CIO Career Path Is Heading

Thanks for the article. I think that's why I've also been leaning towards MBA, is that I do see a lot of people go from CIO to CTO or CIO to even CFO (happened at my former company). I figure I need a more well rounded business scope rather than just InfoSec.

UnixGuy

I would say an MBA. The more on the business side you are, the better your chances of becoming a CIO/CISO. you have more than enough technical knowledge (more than most CIOs anyway)