Master's Degree - Cybersecurity or IT (Information Assurance)

jamesindc

Hello.

I want to enroll in Master's program for either Cyber Security or a more general Information Technology Degree.

I keep hearing cybersecurity degrees are just a fad and most people who get into just end up doing penetration testing all day.

jamesindc

Which do you think is the better option?

636-555-3226

Saying cybersecurity is a fad is like saying IT is a fad.... It's here, and it's gonna stay

Cybersecurity is also the hottest job market in the world for the next few years. It'll eventually settle down and be a "normal" job - but not anytime in the next decade+. Most infosec job postings in my area for the past 5 years or so (which is only when you started to see infosec job postings) have gone unfilled or were filled with inexperienced people they tried to then train up.

Most people on these forums only seem to want to do penetration testing, but that's a very small market in the overall infosec world. I also try to steer most people away from pentesting since that's a very specialized niche and to be any good at it you need to be really good at a LOT of things. not to say bad pentesters can't get a job - 90% of the pentesters I know (and I know a ton) aren't what i'd consider to be any good at their job. they can run a bunch of scripts they find online (metasploit, empire, mimikatz, etc), but that's about it.

most things cybersecurity, if you want a cybersecurity job, is defense, aka blue team. it's made of up 3 areas - the technical realm, administrative realm, and physical realm. most people typically think of the technical realm (running the AV, web filter, investigating logs, etc) but the admin realm is just as important, just with a different focus (writing & enforcing policies & standards, contract review, speaking to business people to find out what's the goal for the next few years, etc). physical too, but in most companies i know that's the job of the usual security department, not infosec dept.

i'd recommend getting a taste - get darril gibson's CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide and read through it. if you think it's interesting, then dig deeper. if not, move on. the security+ exam is a great primer for all things infosec-related, and that study guide has knowledge bits for everything in the exam.

Danielm7

636-555-3226 is dead on. I don't know who is telling you that most people with cybersecurity degrees just pen test all day long, but please do more research than random anecdotes from people who probably aren't even working in the field.

Before even considering a master's degree, do you have general IT experience now? Just rolling straight into a master's program isn't going to do you a lot of good, you'll just spend more or end up with more debt and not be in a much better position than every other person coming out of a BS program without actual work experience.

Look here:
https://tisiphone.net/2015/11/08/starting-an-infosec-career-the-megamix-chapters-4-5/
and see what kind of jobs are out there in the security space. Note how none of them say "get a master's degree and get a job". See if any of them really appeal to you, then start researching more into that specific area. Are those types of jobs even available near you? Are you willing to move to get a better job? etc.

EANx

What's your current level of experience? What do you want to do?

What does the curriculum for the cyber degree look like?

I've seen several Cyber masters degrees that have zero technical and a while lot of compliance/auditing. Make sure the degree in question matches your goals.

yoba222

jamesindc wrote: »

I keep hearing cybersecurity degrees are just a fad and most people who get into just end up doing penetration testing all day.

I'll venture to say that most Masters in Cybersecurity graduates are poorly prepared to do penetration testing from the degree experience alone. Acadamia just doesn't teach the specific skillset needed for that kind of work at the depth needed. Certs do a better job of it, which is why job ads often ask for specific pentest related certs, while being vague about the degree.

Example, writing a term paper and doing a group case study or two for a course on physical system security does not demonstrate competency in being able to actually stake out a building to break in during a pen test.

cyberguypr

I keep reading "my friend says this", "people tell me that" about the security field. Most of the time the stuff mentioned makes zero sense. I wish I could get more context on those sources. Are they industry professionals? Do they hold any degrees?

the_Grinch

What's your undergraduate degree in? If you have one in IT/IS/CS then I would say for for Cybersecurity. If it's in another field or in something security related then I'd say go for the general Masters in IT (most offer concentrations in security anyhow).

LA2

Cyber security is not a fad. Buzz word, maybe, but fad, no. Would a masters degree in cyber security help you land a role in security? Yes, if you have some experience and/or certifications to back you up. And no, you will not be doing pentesting all day unless you are shooting for that role.

kaiju

Certification and Accreditation (C&A) and Cyber Security Engineers are two really good fields that are somewhat intertwined. Many Cyber Security Masters Degree programs will concentrate on cert material (CISSP, CISM, GIAC, CEH) that will pertain to those two fields.

McxRisley

For the love of god people, STOP GETTING MASTERS DEGREES just because "my friend said this" or "I heard that...". A masters degree is not worth your time unless you have worked in the industry for a very long time and are bored. It will do ALMOST NOTHING for your career. You don't need a masters to work in management and sure as hell don't need a masters to get a job.

Ok, I feel better now.

Nyblizzard

But it usually helps and for many that's the only reason needed

BlackBeret

On topic of degree choice: I'm finishing my MS in Cybersecurity in a few months. The first thing I'll say is that because "cybersecurity" is new as a buzzword every job, degree, program, etc. anything with it in the title means nothing. You have to look at what you're signing up for. The degree title means nothing when comparing "Cybersecurity" and "IT/IA". Look at the courses required, they'll vary widely between schools, even with the same title.

The next thing is, why do you want to pursue a Masters degree? I'm not discouraging it all, unlike some here, I always support the pursuit of more education. The program you pursue should depend on your current position and your end goal. If you're new to IT and trying to use the Masters as a way to break in to it, you need to look at programs that are more general in IT with some IA focused courses. If you've worked in IT and looking to break in to security, look at a program that's more focused on general security. If you've worked in security and pursuing a Masters, find something more focused on what you want.

I will say that my degree program was focused on covering all areas of Cybersecurity, and it started out the first course with a bunch of people who had completely different backgrounds. A few school teachers, some random retail workers, etc. By the third course it seemed most had some sort of technical background. Now in my last course everyone's bio lists some type of IT with security work. Basically, without the right background for the program, you might struggle to get to the end.

If your goal is to just get in to IT at all, a degree probably isn't the best route. If you're trying to get a senior level position somewhere, need a Masters, and you have the work experience in other fields, but want the IT or Security education on top, you might also look in to MBA programs with a concentration in IT or Security.

McxRisley

I personally have not met or worked with one person who benefited from having a Masters, they just got it because work paid for it. None of our upper management here have a masters except for one and its not even IT related. If you personally want to pursue a masters, then that is your choice. I am just saying that you shouldn't expect much of, if any ROI after obtaining the degree. You don't have to listen to me, I'm just some random dude on the internet lol But IMHO masters degrees are just not worth it, at least at this point in time.

ITSec14

@McxRisley I have to agree with you there. I'm a security engineer and I work with people who have masters degree's and others who only have a high school diploma. They are in the SAME positions too. I mean, if my employer wanted me to have a master's or is willing to give me a fat raise for getting one, then sure why not! But unfortunately, that's not the case. There is literally ZERO incentive for me to get one at this point. If I wanted to move into management, ehhhh maybe, but still usually not required.

Danielm7

I'm looking to start one, but I've been in IT for over a decade and a half, manage some people and still have to do a technical job. Does my job require one? Not at all, but if they'll pay for it then I'm willing to take the classes. Worst case I learn some stuff and become more marketable? Would I go into deep dept to get a technical masters, nope.

CompuGeorge

I already have a master in CS and thought about getting a masters in Cybersecurity. I looked at WGU and noticed that the program focuses on certifications... lots of them. Rather than do the second masters degree I decided to focus on getting the certs... Just an idea.

tedjames

CompuGeorge wrote: »

I already have a master in CS and thought about getting a masters in Cybersecurity. I looked at WGU and noticed that the program focuses on certifications... lots of them. Rather than do the second masters degree I decided to focus on getting the certs... Just an idea.

I have bachelor degrees in architecture (building design and construction) and technical writing. I considered getting a master in security, but then I decided that experience and certifications would serve me better.

snokerpoker

I am looking into an MS program right now. Looking at Central Washington University or Fort Hays State.

Having a degree of any kind will never hurt you.

YuckTheFankees

To say cybersecurity is a far, is crazy. To say most security people end up doing pentesting all day made me laugh lol. I would love to know your sources!

Before jumping into a masters degree, really think about if you need it. Honestly, if you have the experience, self study for the CISSP and I bet a lot of options would become available to you. You would save a ton of money and time...

But! If you really have your mind set on a masters, then go for it. You'll never truly know the ROI but one day you might get an interview because you had a masters and the other guy didnt...then its up to you to impress them.

Fadakartel

If your in the USA/EU go for your cyber sec degree bro

In my part of the world nobody cares about cyber security unfortunately.

McxRisley

Fadakartel wrote: »

If your in the USA/EU go for your cyber sec degree bro

In my part of the world nobody cares about cyber security unfortunately.

The thing about the US though is that you don't even need a degree in cyber security to get a job in the field. A CS degree is a very new thing here still. Hell where I work, NOBODY has a CS degree because that degree has only been around for a couple of years now. Also, as stated above most CS degree at the moment are really not that great. They focus on certifications which should be a MASSIVE red flag when enrolling in a program. To me that just screams laziness on the instructors part.

On a side note: All you need to get started in security here is Security + and a clean background. The DoD and contracting companies are picking up entry level workers left and right.

BlackBeret

@McxRisley it's interesting that you're not seeing anyone getting a benefit out of it. Where I was at for the DoD jobs, it's a couple of pay grades up if you're starting with a Masters vs. a bachelors. Not that you can't get the job without it, but being up two pay grades doesn't hurt. Also, some agencies and positions require the Masters to be in a specific field. I know several people whose Bachelors weren't in STEM fields, so they went for the Masters in a STEM (IT, IA, Cybersecurity) field in order to get the job to begin with. Four years experience and no STEM degree, maybe GS5-7. Throw that degree on it, GS11-13 depending on the position and how well the person negotiates.

For contractors, I don't know if it's a DoD requirement or something the companies are doing themselves, but everyone I've worked for pays more the higher your degree, for the same exact position. Yes, Bob and Joe will both get hired for having certs and clearances. Bob with no degree will be at the low end of the pay range for the position, Joe with a Masters will do the same job, and get paid about 10k more than Bob.

For the private sector, it's absolutely dependent on the company. There are some where you won't rise above X level without a degree. Some won't let you above that level without a specific degree, such as an MBA, etc. Obviously without the degree these companies probably aren't on your radar or places you work, but it happens a lot.

Of course, the most important thing isn't the degree opening doors. That's been hit or miss for every college graduate in every field ever. The important thing is the knowledge you learn and what you want to do with that knowledge. A blanket "Masters degrees are useless and you should do something else" is a bit discouraging on a forum full of people trying to better themselves through education, not to mention ridiculous in theory.

McxRisley

The requirements will vary based on what baseline requirements the area you work in is operating under. We operate under 8140 baseline requirements here, which for me means I come in at master level for my current job(obviously I am no master, but I do meet the requirements to be considered one here). I have heard of some companies paying more depending on your degree OR certification level. When I worked for BAH I was making much more than people with PHDs as a pentester. Now I realize that this doesn't represent all other areas in this industry but the point I'm trying to convey is that a lot people are just wasting their time on a Masters when they should be spending time getting more work relevant certs and experience. I would not recommend pursuing a masters to anyone who was paying for it out of their own pocket.

The part of your post where you mention the important thing is the knowledge you gain and what you want do with it, I agree with you 100% on. That being said, I would also point to what I said previously about MOST CS degrees right now just not being very good or worth the money.

Also once again I will state that this is all just my opinion based off of what I've seen during my time in this industry. I have no problems with people bettering themselves, I am just giving them another opinion or point of view to consider before they make their decision.

jamesindc

Thanks for all your replies. It's all very helpful advice.

Just to tell you about my background. I have a liberal arts bachelors degree and have about 3-4 years of technical experience mainly doing lower level help desk work.

To be honest, I'm pursuing a Masters because I'm curious about the field of IT and how things work. Because of that reason, I've decide to pursue a Masters in Information Technology that will expose me to databases, programming, web development, networking and security.

I feel that I'm limited in what I can learn at my job and with certifications. I want the context of how things fit together and conceptual understanding that comes with taking graduate level classes.

I'm looking into UMUC's Master of Information Technology with a concentration in Informatics. What do you guys think about this program?

Here's the course list:

Introductory Course

• Orientation to Graduate Studies at UMUC (0 Credits, UCSP 615)¹
  (to be taken within the first 6 credits of study)

Core Courses

• Information Technology Foundations (3 Credits, ITEC 610)
• Computer Systems Architecture (3 Credits, ITEC 625)
• Information Systems Infrastructure (3 Credits, ITEC 626)
• Information Systems Analysis, Modeling, and Design (3 Credits, ITEC 630)
• Information Technology Project Management (3 Credits, ITEC 640)

[FONT=&amp]Core Rules & Recommendations +


[/FONT]
Specialization Courses

• Modern Software Methodologies (3 Credits, SWEN 603)
• Relational Database Systems (3 Credits, DBST 651)
• Software Requirements (3 Credits, SWEN 645)
• Foundations of Information Security and Assurance (3 Credits, INFA 610)
• IT Acquisitions Management (3 Credits, IMAT 637)
• Internet Multimedia Applications (3 Credits, IMAT 639)

[FONT=&amp]Specialization Rules & Recommendations +


[/FONT]

Capstone Course

• Contemporary Topics in Informatics (3 Credits, IMAT 670)

ITSec14

jamesindc wrote: »

Thanks for all your replies. It's all very helpful advice.

Just to tell you about my background. I have a liberal arts bachelors degree and have about 3-4 years of technical experience mainly doing lower level help desk work.

To be honest, I'm pursuing a Masters because I'm curious about the field of IT and how things work. Because of that reason, I've decide to pursue a Masters in Information Technology that will expose me to databases, programming, web development, networking and security.

I feel that I'm limited in what I can learn at my job and with certifications. I want the context of how things fit together and conceptual understanding that comes with taking graduate level classes.

I'm looking into UMUC's Master of Information Technology with a concentration in Informatics. What do you guys think about this program?

The things you need to consider:

1.) Are you paying out of pocket? Or is your employer willing to pay for it? That can make a big difference as the ROI may not be worth taking on loads of student loan debt.

2.) A typical masters degree is going to teach you concepts on paper, not in a live environment. WGU could be a good option as the cost is very reasonable, it's accredited and you will gain some certs too.

Do you research and find out what is going to benefit you the most in the short term and long term. You have options.

McxRisley

So the reason's you just listed for wanting to obtain a Masters are all of the wrong reasons. The type of things you want to learn are things that you learn from doing actual work, not from taking college courses.

NiTech-5

^ Perhaps. But, not all workplaces are willing to take the time to train you in such skills. Unless you have lots of time to teach them to yourself. At least, that's the mentality in this particular area (US East Coast to be exact).

Anyway, not the oldest thread and hopefully the OP gets a notification. I'm also in this same boat of wanting a Masters in IT or Cybersecurity and have been debating about choosing IT or Cybersecurity these past few days. As pointed out by a previous member in this thread, cybersecurity is indeed a multi-discipline field with a technical, administrative, and physical realm. Interestingly, I was able to get a degree with a specialization in Cybersecurity Policy - which can be interpreted as focusing strictly on the administrative component of cybersecurity (cyber governance; procedures/policy; information assurance; general cyber/technical terminology).

But, I'm pursuing the Security+ first. Then, will weight in the Masters in the next year or two because I'm seeking to add a technical component to my current cyber[policy] background. This thread has also given me many good things to consider when debating about an MS in General IT or cybersecurity. Evidently, I already have a Bachelors (non-IT/non-STEM). So, I will take the general IT route instead since my current background isn't 'purely' technical.

NiTech-5

jamesindc wrote: »

Thanks for all your replies. It's all very helpful advice.

Just to tell you about my background. I have a liberal arts bachelors degree and have about 3-4 years of technical experience mainly doing lower level help desk work.

To be honest, I'm pursuing a Masters because I'm curious about the field of IT and how things work. Because of that reason, I've decide to pursue a Masters in Information Technology that will expose me to databases, programming, web development, networking and security.

I feel that I'm limited in what I can learn at my job and with certifications. I want the context of how things fit together and conceptual understanding that comes with taking graduate level classes.

I'm looking into UMUC's Master of Information Technology with a concentration in Informatics. What do you guys think about this program?

Yes, I found out about this yesterday. It's something that I'm keeping my eye on. One big advantage is that it is 100% online and the price tag is quite decent. Anything else that I do for schooling preferably needs to be 100% online. There's also the UMUC MS in Cybersecurity and Technology program (also online) if you look more into UMUC. But, I see myself going for general IT as recommended.

While I clearly agree that cybersecurity is here to stay, the BS or MS crap in Cybersecurity is quite new. I'm 25 and pursued my Bachelors in 2011-2015. Even during that time, there was no specific cybersecurity major on my campus. Only IT or computer science with concentrations in gaming, software& web development, and robotics. Based on my search, you can find cheaper Masters programs in 'General IT' with a specialization in Security compared to most purely specialized Cybersecurity programs out there these days...Just something to consider.