So About WGU's BS CSIA(Cybersecurity and Information Assurance) Degree

Accurs3DAccurs3D Member Posts: 19 ■□□□□□□□□□
I just wanted to open up a discussion about WGU's new cybersecurity bachelor's degree. I'm wondering why WGU didn't include Linux+/LPIC-1 or CCNA R&S in there instead of the additional EC-Council and CIW certifications. Linux is definitely VERY helpful to have in the infosec world, as is a solid foundation in networking. A network+ does give some fundamentals, at least.The other tracks like network admin and network operations and security have heavy-hitting certs with an oomph like MCSA Server 2012 and in the case of Network Operations and Security, THREE (3) CCNAs:

  1. Cisco Certified Network Associate (Cisco)
  2. Cisco Certified Network Associate – Security (Cisco)
  3. and Cisco Certified Design Associate (Cisco)

Honestly the difference seems to be that network admin is basically focused on systems administration, the network operations and security track is focused on network administration with some security focus, and the cybersecurity program decided to go all out. Personally, I've applied for the CSIA program and am just awaiting transcript evals. My interest is in cybersecurity, so that's why I made my decision. I can just gain the Linux and networking knowledge myself, although it'd help and would be a major convenience if the certs were included in the program.

What do you guys think? What changes would you like to be made? Is it a decent choice?

Comments

  • Danielm7Danielm7 Member Posts: 2,310 ■■■■■■■■□□
    I think any changes we'd like to be made are pretty irrelevant, since it's not going to change from our input. But, with that said, I think the new program is a much better focus on actual cyber security than the old IT : Security program was, and I'm saying that as someone who did the old program and works in the field.

    For your typical SOC analyst or security engineer, a CCNA sounds nice, but you probably aren't configuring Cisco gear very often, if ever. You'll get the Network+ with the program which should teach you what you need to know about networking. Removing Linux+ is odd, but again, I've never seen someone request that, so just having the knowledge to use Linux is enough. Once you start working in the security field the specific degree name or a cert or two really aren't going to make or break your career options.
  • PJ_SneakersPJ_Sneakers Member Posts: 884 ■■■■■■□□□□
    FYI they are adding a new BS in November that is called Network Operations and Security. Which is more like the old IT Sec. The new Cybersec degree seems more policy-based and the NOS degree seems more technical.
  • Danielm7Danielm7 Member Posts: 2,310 ■■■■■■■■□□
    I'm curious where the idea that this is more policy based is coming from? Checking here:

    https://www.wgu.edu/online_it_degrees/cybersecurity_information_assurance_bachelor_degree

    It covers network and security, cloud security, encryption, DFIR, hacking countermeasures, etc. Seems a lot closer to actual cyber security work than the old one was. When I took it I basically had a general IT degree, with the CCNA: Security and Security+.
  • PJ_SneakersPJ_Sneakers Member Posts: 884 ■■■■■■□□□□
    Im going by the MS, probably. I guess I also used the wrong word. Maybe conceptual is a better word? Definitely not a lot of hands on configuration type stuff.
  • jibtechjibtech Member Posts: 424 ■■■■■□□□□□
    My impression is that the CSIA is more dialed in to the cybersecurity aspect of InfoSec, whereas the ITSec and BSNOS are more dialed into administration of InfoSec. I also think CSIA is more red team friendly, whereas ITSec/BSNOS are more blue team friendly.

    Just my perspective.
  • PJ_SneakersPJ_Sneakers Member Posts: 884 ■■■■■■□□□□
    Oh that's a good way to look at it I guess.
  • Accurs3DAccurs3D Member Posts: 19 ■□□□□□□□□□
    jibtech wrote: »
    My impression is that the CSIA is more dialed in to the cybersecurity aspect of InfoSec, whereas the ITSec and BSNOS are more dialed into administration of InfoSec. I also think CSIA is more red team friendly, whereas ITSec/BSNOS are more blue team friendly.

    Just my perspective.

    So you're saying that cybersecurity is more focused on actual security and the other programs are more focused on administration and operations?
  • jibtechjibtech Member Posts: 424 ■■■■■□□□□□
    Accurs3D wrote: »
    So you're saying that cybersecurity is more focused on actual security and the other programs are more focused on administration and operations?

    I don't agree with the premise that administration and operations aren't "actual" security.

    Look at the differences. Both have the same general education and technology core requirements. The differences lie in the emphasis. Below are the classes that are different between the two:

    CSIA:
    C836 - Fundamentals of Information Security
    C837 - Managing Web Security
    C838 - Managing Cloud Security
    C839 - Introduction to Cryptography
    C840 - Digital Forensics in Cybersecurity
    C841 - Legal Issues in Cybersecurity
    C842 - Cyber Defense and Countermeasures
    C843 - Managing Information Security
    C844 - Emerging Technologies in Cybersecurity
    C845 - Information Systems Security

    ITSec:
    C246 - Fundamentals of Interconnecting Network Devices
    C247 - Interconnecting Network Devices
    C697 - Operating Systems I
    C698 - Operating Systems II
    C299 - Designing Customized Security



    The CSIA is focused on the details of Cybersecurity. Cryptography, Forensics, Countermeasures, etc. It is fundamentally a reactive approach to Cybersecurity. It gets into the weeds of how to respond, and the theory of what made something vulnerable in the first place.

    The ITSec program is more a preventive approach, with a focus on implementing a network that is secure by design. This includes the policies and processes necessary to support a secure design. It is addressing the proactive model.

    With the changes to the ITSec (into the BSNOS), I think they found a good balance:
    - The CCNA (C246 and C247) is still there, with the focus on practical application of a security framework.

    - They toned down the Linux focus into just Linux Foundations (C851). In my personal opinion, this was a good change. It gives a good overview of Linux, without going down the Linux wormhole, rather than a network security wormhole.

    - They brought in some exposure to cloud technologies with C849. I would have preferred this was the Cloud+, but it still addresses that gap.

    - They brought in the "emerging technologies" concept with C850. I would be interested to see the differences between C850 and C838. My impression is that C838 may be too specific, and C850 a bit too broad.

    You have to remember that the ITSec originally encompassed both CSIA and NOS. It provided a decent overview, but didn't get into enough detail in either. With the CSIA and the NOS programs, they highlight the differences between the two different, but equally necessary, approaches to security.

    Without the solid network platform, strong logging, and effective information security policies, the post-incident analysis can be dead in the water.

    Conversely, you can have all of the logging in the world, but if you can't analyze it effectively, it serves no purpose other than to take up storage space.

    That is why I described the NOS as being more blue team, pre-incident oriented, with the CSIA more red team post-incident oriented. Either way, they both require solid administrative, technical and operational controls to be effective.

    As a different comparison, I see the CSIA leading in the direction of eJPT and OSCP. I see the NOS leading more in the direction of CISSP and CISM. Neither is "better" on security. They just address different facets.

    I personally chose ITSec, and stayed in the program due to my experience. I have 20+ years in the industry, so my experience is going to fill in some of the gaps in one or the other. In my career, I see more value in the Cisco path. Were I starting next month, I would likely go BSNOS. But, I prefer blue team preparation over red team penetration.
  • jimmydffxjimmydffx Member Posts: 10 ■■■□□□□□□□
    jibtech wrote: »
    I don't agree with the premise that administration and operations aren't "actual" security.

    Look at the differences. Both have the same general education and technology core requirements. The differences lie in the emphasis. Below are the classes that are different between the two:

    CSIA:
    C836 - Fundamentals of Information Security
    C837 - Managing Web Security
    C838 - Managing Cloud Security
    C839 - Introduction to Cryptography
    C840 - Digital Forensics in Cybersecurity
    C841 - Legal Issues in Cybersecurity
    C842 - Cyber Defense and Countermeasures
    C843 - Managing Information Security
    C844 - Emerging Technologies in Cybersecurity
    C845 - Information Systems Security

    ITSec:
    C246 - Fundamentals of Interconnecting Network Devices
    C247 - Interconnecting Network Devices
    C697 - Operating Systems I
    C698 - Operating Systems II
    C299 - Designing Customized Security



    The CSIA is focused on the details of Cybersecurity. Cryptography, Forensics, Countermeasures, etc. It is fundamentally a reactive approach to Cybersecurity. It gets into the weeds of how to respond, and the theory of what made something vulnerable in the first place.

    The ITSec program is more a preventive approach, with a focus on implementing a network that is secure by design. This includes the policies and processes necessary to support a secure design. It is addressing the proactive model.

    With the changes to the ITSec (into the BSNOS), I think they found a good balance:
    - The CCNA (C246 and C247) is still there, with the focus on practical application of a security framework.

    - They toned down the Linux focus into just Linux Foundations (C851). In my personal opinion, this was a good change. It gives a good overview of Linux, without going down the Linux wormhole, rather than a network security wormhole.

    - They brought in some exposure to cloud technologies with C849. I would have preferred this was the Cloud+, but it still addresses that gap.

    - They brought in the "emerging technologies" concept with C850. I would be interested to see the differences between C850 and C838. My impression is that C838 may be too specific, and C850 a bit too broad.

    You have to remember that the ITSec originally encompassed both CSIA and NOS. It provided a decent overview, but didn't get into enough detail in either. With the CSIA and the NOS programs, they highlight the differences between the two different, but equally necessary, approaches to security.

    Without the solid network platform, strong logging, and effective information security policies, the post-incident analysis can be dead in the water.

    Conversely, you can have all of the logging in the world, but if you can't analyze it effectively, it serves no purpose other than to take up storage space.

    That is why I described the NOS as being more blue team, pre-incident oriented, with the CSIA more red team post-incident oriented. Either way, they both require solid administrative, technical and operational controls to be effective.

    As a different comparison, I see the CSIA leading in the direction of eJPT and OSCP. I see the NOS leading more in the direction of CISSP and CISM. Neither is "better" on security. They just address different facets.

    I personally chose ITSec, and stayed in the program due to my experience. I have 20+ years in the industry, so my experience is going to fill in some of the gaps in one or the other. In my career, I see more value in the Cisco path. Were I starting next month, I would likely go BSNOS. But, I prefer blue team preparation over red team penetration.
    Well, this pretty much answered the questions I had. Now I just have to figure out which direction I take.
  • Accurs3DAccurs3D Member Posts: 19 ■□□□□□□□□□
    Thanks for that Jibtech, it made alot more sense. I was trying to figure out what you meant by cybersecurity vs operations focus. Also I didn't meant to say that administration and operations wasn't actual security, just that the CSIA has more of a focus on cyber.

    I'm still not sure if I'm more interested in going pentesting/red team (eJPT, OSCP) versus defensive/blue team (CISSP,CISM). However, I may eventually get the CISSP a few years down the lines anyways because of its market worth. From what I understand, there's more of a need for blue teamers doing defense versus red teamers doing offense, although knowing a bit of both probably wouldn't hurt.
  • jimmydffxjimmydffx Member Posts: 10 ■■■□□□□□□□
    Accurs3D wrote: »
    Thanks for that Jibtech, it made alot more sense. I was trying to figure out what you meant by cybersecurity vs operations focus. Also I didn't meant to say that administration and operations wasn't actual security, just that the CSIA has more of a focus on cyber.

    I'm still not sure if I'm more interested in going pentesting/red team (eJPT, OSCP) versus defensive/blue team (CISSP,CISM). However, I may eventually get the CISSP a few years down the lines anyways because of its market worth. From what I understand, there's more of a need for blue teamers doing defense versus red teamers doing offense, although knowing a bit of both probably wouldn't hurt.
    This is where I am too. Although, as I discussed in another threat, I'm not sure I'm going for the MS CSIA or the BSIT, simply because I haven't head the benefit of some of the other certs yet e.g. A+, N+, Sec+, etc. I do have the experience as an Intel Threat guy with Cybercrime, which is why the CSIA makes more sense. I just don't know if I'm cheating myself by not getting more of the other fundamentals first. As I understand it, with the MS CSIA, certwise, you just do the CEH and one other, and maybe Sec+ but I think I may be mistaken with that. I have to have "the talk" with my enrollment counselor to get a better sense of which might be better given some of my goals. Conundrum!
  • jibtechjibtech Member Posts: 424 ■■■■■□□□□□
    The CompTIA set is a solid baseline. Hardware, network, security. With those in place, you can build from there. If you have been in industry for a long time, you may find them to be more review.

    I wouldn't say there is anything critical in getting those certs, however they are baked into all of the security oriented degrees and it isn't bad to backfill.
  • PJ_SneakersPJ_Sneakers Member Posts: 884 ■■■■■■□□□□
    jimmydffx wrote: »
    I haven't head the benefit of some of the other certs yet e.g. A+, N+, Sec+, etc. I do have the experience as an Intel Threat guy with Cybercrime,
    The A+, N+ and Sec+ are pretty much standard fare in the IT world.
  • Accurs3DAccurs3D Member Posts: 19 ■□□□□□□□□□
    jibtech wrote: »
    The CompTIA set is a solid baseline. Hardware, network, security. With those in place, you can build from there. If you have been in industry for a long time, you may find them to be more review.

    I wouldn't say there is anything critical in getting those certs, however they are baked into all of the security oriented degrees and it isn't bad to backfill.

    Hey Jib, I read through your thread where you used Straighterline and ALEKS to complete and then subsequently transfer a bunch of general ed courses to WGU.

    I was thinking of delaying my start date, then I saw the following:
    "NOTICE
    It is uncertain whether ALEKS will be recertified for the ACE credit program. Unfortunately, after August 31, 2017, users will not be able to request ACE Credit approval for work done in ALEKS. We are working to resolve the recertification issues. We cannot guarantee success in these efforts. If and when we are successful, requests for approval will again be accepted, including work done during the interval of suspended certification. We apologize for this inconvenience and thank you for your understanding."

    Darn. Looks like I'm too late. Anyways, was it easy to sign up for and get through the Straighterline/Aleks content? I saw you did some basic certs like MTA as well in order to pass some of the major/technical classes. I should look into that as well.
  • jibtechjibtech Member Posts: 424 ■■■■■□□□□□
    Not sure what is going on with this. I know it happened back in 2013, and when it was resolved, it was backdated. No idea what is going on right now.

    As for SL, it is very easy. There is a monthly fee, and then a fixed rate per class. If you get through classes quickly, it is a great deal. If you are slow, maybe not so much.

    Also, use a little google-fu to find a discount code, and plan ahead. Some of the codes are only good when you first sign up. Others are good afterwards. Spend a minute planning and you will be much further ahead.
Sign In or Register to comment.