If a company offered a fully funded SANS MSISE degree, would you leave your job for this?
First, a bit of background to this topic:
In planning / reviewing my 2020 goals, I got to thinking about what I wanted to do next in my career. I'm relocating soon to another part of the country for a new position within my company. I'm no longer "learning" in my current role, which I feel I've outgrown and I'm ready for more.
I've already made a list of certs to acquire throughout the year. However, they feel unfocused, arbitrary, and I'm not 100% certain of the time/money investment.
So I started thinking about a second masters. My 1st is from WGU, which was ok, but not as technical as I would have liked. I'm very technical by nature, and getting pretty senior in my career field, yet there is this silent push towards management which I'm not sure I want to do. I got into this field because I love technology, not trying to make teams do the work they're paid to do or solve scheduling conflicts and interoffice disputes. My passion is technology, specifically as it relates to cyber.
That got me to scouring the interwebs the other night, and I once again came across SANS and saw that their MS program is now accredited (this wasn't the case before). I started looking deeper, and it definitely looks like something I'd want to do given the reputation of SANS training and the included certs through GSE for the program. But with SANS of course, the cost is what scares most away and I certainly wouldn't do it unless I could get my company to pay for it.
So that's where I'm at, trying to get them to pay for a full SANS degree. I talked to my management, and the current cap per year is $10K. The SANS MSISE is $40k - $50k for the 3 year program. The company has already identified 5 engineering degree programs which go beyond the $10k/year (one is up to $34k per year) that they'll fully fund, but alas, right now I couldn't get a fully funded path to SANS without coming out of pocket for the difference ($20k).
I've got some support from my management who can push this up the chain, so I said I'd put something together to show why they should add SANS to their exceptions list given's SANs reputation in the industry, and the potential return on investment in training up people. One of the selling points I would think in this offering is to attract / retain senior cyber talent, and SANS is one of the biggest names out there.
So back to my question and this topic:
If you found a company who during the hiring process, told you that as a perk to the gig (not the only perk), they would offer full tuition for a SANS Masters Degree (which includes 8 GIAC certs thru GSE) , would this make you consider switching companies? ie: Is it a big enough 'carrot' to dangle?
In my mind, this is huge because for most of us, SANS training and certs are out of reach. But I wanted to get some thoughts from the community, so I can better gauge how to sell the company on considering SANS as part of their offering to attract new cyber talent.
In planning / reviewing my 2020 goals, I got to thinking about what I wanted to do next in my career. I'm relocating soon to another part of the country for a new position within my company. I'm no longer "learning" in my current role, which I feel I've outgrown and I'm ready for more.
I've already made a list of certs to acquire throughout the year. However, they feel unfocused, arbitrary, and I'm not 100% certain of the time/money investment.
So I started thinking about a second masters. My 1st is from WGU, which was ok, but not as technical as I would have liked. I'm very technical by nature, and getting pretty senior in my career field, yet there is this silent push towards management which I'm not sure I want to do. I got into this field because I love technology, not trying to make teams do the work they're paid to do or solve scheduling conflicts and interoffice disputes. My passion is technology, specifically as it relates to cyber.
That got me to scouring the interwebs the other night, and I once again came across SANS and saw that their MS program is now accredited (this wasn't the case before). I started looking deeper, and it definitely looks like something I'd want to do given the reputation of SANS training and the included certs through GSE for the program. But with SANS of course, the cost is what scares most away and I certainly wouldn't do it unless I could get my company to pay for it.
So that's where I'm at, trying to get them to pay for a full SANS degree. I talked to my management, and the current cap per year is $10K. The SANS MSISE is $40k - $50k for the 3 year program. The company has already identified 5 engineering degree programs which go beyond the $10k/year (one is up to $34k per year) that they'll fully fund, but alas, right now I couldn't get a fully funded path to SANS without coming out of pocket for the difference ($20k).
I've got some support from my management who can push this up the chain, so I said I'd put something together to show why they should add SANS to their exceptions list given's SANs reputation in the industry, and the potential return on investment in training up people. One of the selling points I would think in this offering is to attract / retain senior cyber talent, and SANS is one of the biggest names out there.
So back to my question and this topic:
If you found a company who during the hiring process, told you that as a perk to the gig (not the only perk), they would offer full tuition for a SANS Masters Degree (which includes 8 GIAC certs thru GSE) , would this make you consider switching companies? ie: Is it a big enough 'carrot' to dangle?
In my mind, this is huge because for most of us, SANS training and certs are out of reach. But I wanted to get some thoughts from the community, so I can better gauge how to sell the company on considering SANS as part of their offering to attract new cyber talent.
浪人 MSISA:WGU
ICP-FDO ▪ CISSP ▪ ECES ▪ CHFI ▪ CNDA ▪ CEH ▪ MCSA/MCITP ▪ MCTS ▪ S+
2020 Level Up Goals: (1) DevSecOps Learning Path (2) OSCP
ICP-FDO ▪ CISSP ▪ ECES ▪ CHFI ▪ CNDA ▪ CEH ▪ MCSA/MCITP ▪ MCTS ▪ S+
2020 Level Up Goals: (1) DevSecOps Learning Path (2) OSCP
Comments
I am currently a student at SANS.edu doing graduate certificates. I completed the PenTesting grad cert last and I am currently working on the ICS Security grad cert. I am averaging 1 SANS class every six months. I take the first class of the year using the company's standard IRS reimbursement rate of $5250 with the remainder of that class, the next class, and all travel costs on our department's training budget. Is this type of multiple funding sources available to you?
I do consider this a massive retention bonus and part of my total compensation that would likely be hard to find elsewhere. I am also the technical lead for a multi-billion dollar business unit so having so having the right position also helps.
I have found independent audits are always a great way to reinforce your position on certain issues. Along with your proposal ask them consider a cyber skills gap and training analysis by your auditors. (ie NIST has the NICE framework)
2020: GCIP | GCIA
2021: GRID | GDSA | Pentest+
2022: GMON | GDAT
2023: GREM | GCWN | GSE
WGU BS IT-NA | SANS Grad Cert: PT&EH | SANS Grad Cert: ICS Security | SANS Grad Cert: Cyber Defense Ops
I'm in your shoes, tech lead for a multi-billion dollar company who want to attract the best and the brightest, and keep them. I think they may go for it, it just the benefits have to register with the decision makers in a way that they can understand.
Right now, we still get $10K per year as full time employees. That's probably enough for 2 SANS courses per year +/- some out of pocket coverage (similar to your work). So technically an employee could get the MS anyway, it would just take longer, but the company will still fund the learning path. This money is overhead. There is also additional money not from this pool at the sector/department level, so yes, multiple sources are available. I just think with the demand of cyber growing at a steady rate and we get a baseline of people with the same level of skills, knowledge, edu, and experience, there should be something to offer for those who want to put in the world and step up a few notches in knowledge/skill. Advertising this perk at cyber conferences or job fairs could help attract some of this talent.
I'm familiar with the NICE framework and I know they are starting to utilize it for gap assessments. I guess my point is that a good majority of certifications are worthless. In your assessment, you find employees have X certs, degrees, etc, but yet still can't really do the job, or even know what they are talking about. The people that truly "get it" are few and far between. Companies are still attracted to certs like CEH (which I have), that are complete garbage. It doesn't measure skill at all, just wrote memorization. Then there are the higher ups in cyber management with a CISSP, but still couldn't work their way around a computer. It's a pet peeve of mine when I talk to someone with an MS in cyber, CISSP, and X # of other certs, but is still lacking a basic understanding of how security is actually applied to a system. I think a SANS offering would help attract more of the ninjas, and less of the book worms.
ICP-FDO ▪ CISSP ▪ ECES ▪ CHFI ▪ CNDA ▪ CEH ▪ MCSA/MCITP ▪ MCTS ▪ S+
2020 Level Up Goals: (1) DevSecOps Learning Path (2) OSCP
Actually, I just made a spreadsheet breakdown of the full costs of this program compared to taking courses 'a la carte'. Within the MS program, they are $4125. Individually, they are $7020, which pretty much eats most of the annual education assistance. Pretty crazy prices.
ICP-FDO ▪ CISSP ▪ ECES ▪ CHFI ▪ CNDA ▪ CEH ▪ MCSA/MCITP ▪ MCTS ▪ S+
2020 Level Up Goals: (1) DevSecOps Learning Path (2) OSCP
The certs on the other hand, could be very valuable, the GSE of course, but making me trade salary, PTO or options like remote work would start to cut heavily against that. I know the question is what "we" would do, but working currently somewhere with the $5250/year reimbursement that almost no one takes advantage of even to finish a BS, it makes me realize it would probably be pretty rare for this to be a giant selling point for potential employees. Most of them think I'm weird for constantly pursuing this sort of stuff.
Another thing I'd also consider, is the time investment for something like that. For example, a friend of mine is doing a program right now, it's through coursera / some big name university. Even without big cert exams or anything, it's still a bunch of time, and while his work will fund it, they won't give him time to do it. So, he's learning to benefit the company without the company giving him any non-billable time to do it. So, he's learning at night, which is causing tons of family stress. Saying someone could do 8 GIAC certs, a bunch of papers, non cert classes, the GSE, etc in 3 years, that's going to take a ton of time. So you'd need a very specific type of person who would want to take most of their free time to do that as well.
Security Engineer/Analyst/Geek, Red & Blue Teams
OSCP, GCFA, GWAPT, CISSP, OSWP, AWS SA-A, AWS Security, Sec+, Linux+, CCNA Cyber Ops, CCSK
2021 goals: maybe AWAE or SLAE, bunch o' courses and red team labs?
Radical moves like this are worth it for those beginning there career, not those well established in them.
However, I won't talk about law school unless you really want to
You already have a Masters, which you said wasn't technical. Fair enough, but with a PhD you can make it your own, as technical or untechnical as you want. If you can get in somewhere that allows you to do research while keeping your "day job" the costs won't be as much as a MS from SANS.
Hit me up if you want to chat about either the PhD or JD.
VV5 out.
J.D. Candidate (2L)
In the books: CompTIA Network+, Security+, CEH, Associate of (ISC)^2, GIAC: GSEC, GAWN, GCIH, GPEN, GCFA
ProBoard: FF I & II; HAZMAT: Awareness, Operations, and Technician; Fire Instructor I; NREMT: EMT-B. Next up: Fire Officer I
Currently Working on: PE-Electrical and Electronics, Patent and State Bars, and Juris Doctor (law degree)
Next: GCIA/GCWN and/or GCUX/PMP/GSE
Next after next: Med school!!!!! Lol
J.D. Candidate (2L)
In the books: CompTIA Network+, Security+, CEH, Associate of (ISC)^2, GIAC: GSEC, GAWN, GCIH, GPEN, GCFA
ProBoard: FF I & II; HAZMAT: Awareness, Operations, and Technician; Fire Instructor I; NREMT: EMT-B. Next up: Fire Officer I
Currently Working on: PE-Electrical and Electronics, Patent and State Bars, and Juris Doctor (law degree)
Next: GCIA/GCWN and/or GCUX/PMP/GSE
Next after next: Med school!!!!! Lol
Don't forget that you should run if they ask you to sign the document at a crossroads, at midnight, in Mississippi.
Connect With Me || My Blog Site || Follow Me
Security+, eJPT, CySA+, PenTest+,
Cisco CyberOps, GCIH, VHL,
In progress: OSCP
Small correction, the MSISE is $1,375 per credit hour which is $4,125 per class + cert. Additionally some classes like NetWars Continuous were "free" in the PT/EH grad certification program.
Edit: Successfully completing 8 credit hours per year is required to meet their "Satisfactory Academic Progress policy".
2020: GCIP | GCIA
2021: GRID | GDSA | Pentest+
2022: GMON | GDAT
2023: GREM | GCWN | GSE
WGU BS IT-NA | SANS Grad Cert: PT&EH | SANS Grad Cert: ICS Security | SANS Grad Cert: Cyber Defense Ops