Masters degree

shreenagshreenag Member Posts: 26 ■■■□□□□□□□
edited January 2020 in IT Jobs / Degrees

Hi All

Needed some advice with my career aspiration to become a CISO

I have 10 years of IT experience in total. 6 of them in GRC. I currently am in a controls testing/assurance role. I have not managed a team but am involved in stakeholder management at a well known Consulting and systems Integration Company.Currently in a client facing role in the UK. The client is a major financial instiutuion.Do not have major security certifications. Worked on the CISSP and got a 670, three years back.

Long story short,I am 32 at the moment and would like to pivot to senior management(CISO) roles in the future. My queries are:

  1. Which is better -  MBA in finance or a masters degree in infosec?? to achieve my end goal in next 8-10 yrs
  2. If its an MBA that you suggest(which I think is right), should I get it full time(interested in 1yr programs only) or would part-time also work ?
  3. Or Will I be better off getting a CISSP and then doing a part-time MBA in the future ?

My other concern is I am originally from India and would like to change geographies and settle down in some advanced country like US/UK...So looking at the masters from that perspective too.

Any advice is appreciated



  • JDMurrayJDMurray MSIT InfoSec, CISSP, SSCP, GSEC, EnCE, C|EH, CySA+, PenTest+, CASP+, Security+ Surf City, USAAdmin Posts: 12,015 Admin
    edited January 2020
    Are you planning on only being a "cyber" CISO or do you also want to control physical security as a Chief Security Officer (CSO) does?

    Do you see many job postings for CISO asking for an MBA or the CISSP or EC-Council CISO certifications?

    Have you reviewed the many CISO Forum postings on sites like YouTube?

    Do you have the opportunity to work directly for a CISO as an intern or protege?
  • scascscasc Member Posts: 367 ■■■■■□□□□□
    My personal opinion as follows - of course you don’t have to follow it ;).

    Having worked over 15 years (purely cyber risk/controls/info assurance etc) in the UK, doing 3 of the big 4 consultancies and having my own business I think that the best thing to do is:

    1. Enrol on an MSc - from somewhere in the US such as WGU and build a grounding in the area. This will help you know where you want to head.
    2. I believe US is better than UK regarding opportunities, training, how cyber is perceived etc. In this country culture is such that it’s usually harder to move around if you want to do something specific. Just my experience, of course everyone is different.
    3. From the MS you can apply for some really interesting, varied roles. To be a dynamic CISO I reckon it would be best to really understand cyber properly first with some senior management experience. MBA is an option by no means a deal breaker - but best if you have SM experience. 
    4. By getting an mba now you still won’t be able to get a SM role unless you have done this already. It’s not a golden ticket to the top. Quality experience doing the right things is. 
    5. An example i can give us that SM level and directors in big 4 literally step into CISO roles once they want. Comes with the territory, experience and exposure.

Sign In or Register to comment.