nav[aria-label="Primary Navigation"] { padding: 0; & ul { list-style: none; width: 100%; display: flex; flex-direction: row; justify-content: start; align-items: start; gap: 30px; padding: 0; & li { margin: 0; } & ul li { list-style: none; } } }

Norwich University - BS in Cyber Security --> MS ISA Comparison

LSagee

I am opening this thread to give a comparison of the two programs and a running update of the MSISA as I am about to start the MSISA program in December. I suspect there will be some overlap between the two programs, with the MSISA diving much deeper into the subject areas.

Background: I currently work in the cybersecurity field and completed the BS CS program about a year ago, concentration was in Computer Forensics and Vulnerability Management. I started in 2016 and throughout that time, I was able to get all the certs you see in my profile on my first attempt as well as the Virtual Hacking Lab certificate of completion. Norwich does not provide certs but I found the instruction to be overall, excellent. This allowed me to the opportunity to invest very little additional time in preparing for my certification exams. I did not put any serious study time in for CySA+ and CISSP, except to thumb through a few books for a few hours each. CASP and Sec+ were a bit different though as those were my first certs. Although prior technical experience came into play, I feel the BSCS program played a large role in my success as I was intimately familiar with most of the topics through classwork.

The BS CS program has a good mix of technical classes but the overall slant is more on the managerial/policy side than the technical side from where I started. I transferred in a lot of credits from my CC so I did not have to take programming courses at Norwich to include the ASM course. On the technical side, the Malware Forensics course was very challenging and the instructor was one of the best I ever had. The pentest classes use material that is a bit outdated regarding the MSF and other tools, but was still very relevant for beginners. Those classes stressed being able to properly author vulnerability assessment reports to various target audiences as you progress. The digital forensics courses are much the same, you will get a solid beginning foundation and be able to effectively convey your findings to target audiences.

At $250-$375 cr hr. for the BS CS, Norwich is very competitive in terms of pricing. You will not be able to breeze through the program in a year like WGU and come out with a bunch of certifications, but you will come out with a solid understanding of "cybersecurity" and how to implement it in an organization. You will also have a solid foundation of high and low-level topic understanding for any security-related certifications you pursue. The staff and instructors are extremely responsive and knowledgable in the material. I also had a chance to go to the graduation in VT and it instilled a lot of pride in becoming an alumnus. I can't say enough about how getting my undergrad degree from Norwich catapulted my career forward into the career field I wanted to get into.

Concerning the MSISA, I originally was about to apply for the GA Tech MS in Cyber Security because it is cheap at a bit over $10k. However, I recently attended a webinar and although it is a good program with a solid brand-name reputation, the class load was not for me. GA Tech expects 15-25 hrs a week of study a week. The class load is 10 classes with 3 semesters a year, 16wk,16wk,11wk and is group project heavy. That means it would take at least 3 years for me to complete. Also, my job has me traveling a lot and I may not have the time to deal with constant group work.

The Norwich MSISA is a bit more pricy at $32k'ish but alumnus are currently offered a $1500 per class scholarship (total $9k). This being combined with educational assistance from my job dropped the price to an affordable level for me. The MSISA is 4 semesters a year, 11 wks each. This means it will take 1.5 years to complete. The MSISA also have a very good reputation in the career field. The main educational difference between GA Tech and Norwich is that the Norwich MSISA is policy/ managerial heavy and is geared for high-level positions such as CIO / CISOs. The GA Tech masters degree seems to be a lot more technical, even in choosing the policy track. I also considered many other schools to include WGU, but they were not for me for one reason or another.

The admissions process so far is very smooth. It is just as easy as when I applied for the BS program but even easier since they already have all my info on file and I did not need to send them any transcripts. Also, it seems that a few classes will be using the same books as the undergrad classes so I might be saving a ton of money there.

Find more posts tagged with

SAVE $250 on Your Boot Camp — Use Code "EXAM26"

Exclusively for TechExams members for Infosec Boot Camps starting before April 30, 2026

View Boot Camps

Comments

FSF150

Good luck with your journey. I saw you posted in the MSISA thread back when it was still alive. Look forward to reading about your experiences.

LSagee

Thanks! I am really excited to start this and go back to Norwich again.

Unfortunately, that sweet alumnus scholarship was a typo and I just happened to catch it on one of the few days it was on the page before it was fixed. The alumnus scholarship is $425 a semester. A bit of a bummer. Class starts Dec 2.

Looking at the books for all six classes, there is some overlap in the material. Mainly the 2 vulnerability assessment classes. I expect those two classes to be extremely similar to the undergrad classes. The other 4 core classes use different book. Two of them require Cengage books so that is a pretty penny depending on if the class uses the Cengage labs. If they don't use the labs, the price to rent a book is fairly cheap. Overall, I would guess that required books is less that $500-$600 for the program.

nevermore

I am a current Norwich MSISA student. Just completed my fifth class (Vulnerability Management I) last weekend and start Vulnerability Management II in a couple of weeks. Coursework will conclude in February and will be attending residency on June. I really enjoyed the program and while challenging it has been very rewarding.

LSagee

nevermore said:

I am a current Norwich MSISA student. Just completed my fifth class (Vulnerability Management I) last weekend and start Vulnerability Management II in a couple of weeks. Coursework will conclude in February and will be attending residency on June. I really enjoyed the program and while challenging it has been very rewarding.

Does GI512 and GI542 use the Cengage labs for quizzes? Can I get by with just renting the Cengage book and not have to purchase one for the lab access code (or do the online subscription)?

Did you all do anything else besides basic MSF exploits and going over the basic tools besides WireShark and John?

nevermore

There were no labs for me for GI512 - GI542. The first four classes focused on discussion thread posting/responses, quizzes, and writing papers/presentations. That being said, if the format has not changed over the last 12 months, you should not need the lab access subscriptions. The quizzes were based on content contained within the books. For Vuln Mgmt. primary focus on Metasploit and utilizing a few others such as Wireshark, JTR, and Nessus. The Metasploit book was a decent reference but I ended up referencing free resources posted on the Offensive Security website to support some of the labs as the book is a bit dated.

LSagee

Thanks for the reply nevermore.

I just finished week 3 of the first class. There are no Cengage labs like you said so it is not worth getting the Cengage subscription. I just rented the digital book through Amazon for easier reference during the quizzes. Class is not time-consuming so far due to my background. It is more of a refresher. The papers though.....those are going to eat up my time.

Looking at the numerous papers and having just finished one, I think the organizational case study is the easier choice than the industry case study. Unfortunately, my work environment is not ideal for the organizational case study so I am doing industry. This is causing me to invest more time in research.

What you said about the MSISA Vuln Management track sound exactly like the BS in Cyber Security -Vuln Management track. I might switch tracks just so I get something new out of it. I found out that if you take the Project Management track, it will count for the Norwich MBA program as well. That means it would only take 4 extra classes for an MBA.

nevermore

I opted to use the organizational case study. Initially I was leaning to use an industry study as I felt it would be more enlightening and helped to further broaden my horizons as I have been with the same organization for almost two decades. I had some family medical issues come up that became too much of a burden to balance out with working full time and the extra effort/research required for the industry case study so I ended up opting for the organizational option. I was concerned about the sensitivity tied to my employer using the organizational case study. I got around that through not getting too deep, generalizing the topics, and using masking to hide the organization by name or any individual name or position title to help provide confidentiality. It worked fine for me. A couple of the professors had some initial questions regarding the masking phrases I used but once they understood what I was doing, it was fine and they had no issue with it.

In your situation it makes sense to consider a different concentration especially you have the desire to consider the MBA in the future. Cutting down the amount of time and cost for the MBA is a great approach.

After three weeks into my final class, I am counting down the remaining eight...

LSagee

I meant to be more active in this thread. I apologize for that.

GI512 - Foundations and Historical Underpinnings of Information Assurance
Completed - Grade A

This class was a rehash of security principals compared to the BS in Cyber Security program. If you have CISSP, CASP, or an educational background in cybersecurity, you will not be very challenged by the material. If you are breaking into security, you may be overwhelmed trying to take it all in.

You will have weekly quizzes, 3 papers @ 2000 words each, 2 exams which are basically explaining course concepts to various people in memo format as a CISO @ a total of 2000 words for each exam, 1 final paper @ 7000 - 10,000 words. Weekly discussions will run you an avg of 1000 words per week. Expect to write at least 29,000 words for this class.

My professor was pretty lenient on grading. Getting an A was not difficult if you kept up with the work and turned in a finished product. If you are late or expect special treatment without notifying them early on of issues and did not ask for an extension in a reasonable amount of time, you will be crushed. Basically, let them know early on if you need more time.

GI522 - Information Assurance Technology
Completed - Grade A

In terms of writing, the same as above but one less 2000 word paper. So, 2 papers, 2 exams, 1 final paper, weekly discussions, weekly quizzes. Total words ~ 27,000 minimum

The main professor for this class is extremely fair for extensions if needed and will go out of his way to help you with papers. If you submit a week early, he will proofread it in painstaking detail and give you recommendations for your actual submittal. Having said that, he will crush your soul on final grading. You can get an A in this class, but you will have to earn it. If you skim the surface of a topic or write just to write w/o analysis, it will hurt you. I learned a lot in terms of properly writing reports that C-staff will actually want to read.

In terms of material, a lot of it was a review, some of it new and explained more topics in depth. The book is worth keeping for reference. If you are not experienced in the field, a lot of the material will expand on concepts from the previous class.

My impression so far: This degree is definitely fulfilling its advertised intent of being geared towards C-staff. This is not a very technical degree. If you have a BS in Cyber Security and it is slanted towards management, this degree may not be very challenging in terms of material (the required writing is a whole other aspect), you may want to look for something else.

If you want something more technical, Norwich now has an MS in Information Systems. I actually wish it was available when I first enrolled. I would have seriously considered it.

On to GI532...