If a company offered a fully funded SANS MSISE degree, would you leave your job for this?

roninkaironinkai Member Posts: 307 ■■■■□□□□□□
edited February 2020 in GIAC
First, a bit of background to this topic:

In planning / reviewing my 2020 goals, I got to thinking about what I wanted to do next in my career. I'm relocating soon to another part of the country for a new position within my company. I'm no longer "learning" in my current role, which I feel I've outgrown and I'm ready for more.

I've already made a list of certs to acquire throughout the year. However, they feel unfocused, arbitrary, and I'm not 100% certain of the time/money investment.

So I started thinking about a second masters. My 1st is from WGU, which was ok, but not as technical as I would have liked. I'm very technical by nature, and getting pretty senior in my career field, yet there is this silent push towards management which I'm not sure I want to do. I got into this field because I love technology, not trying to make teams do the work they're paid to do or solve scheduling conflicts and interoffice disputes. My passion is technology, specifically as it relates to cyber.

That got me to scouring the interwebs the other night, and I once again came across SANS and saw that their MS program is now accredited (this wasn't the case before). I started looking deeper, and it definitely looks like something I'd want to do given the reputation of SANS training and the included certs through GSE for the program. But with SANS of course, the cost is what scares most away and I certainly wouldn't do it unless I could get my company to pay for it.

So that's where I'm at, trying to get them to pay for a full SANS degree. I talked to my management, and the current cap per year is $10K. The SANS MSISE is $40k - $50k for the 3 year program. The company has already identified 5 engineering degree programs which go beyond the $10k/year (one is up to $34k per year) that they'll fully fund, but alas, right now I couldn't get a fully funded path to SANS without coming out of pocket for the difference ($20k).  

I've got some support from my management who can push this up the chain, so I said I'd put something together to show why they should add SANS to their exceptions list given's SANs reputation in the industry, and the potential return on investment in training up people.  One of the selling points I would think in this offering is to attract / retain senior cyber talent, and SANS is one of the biggest names out there.

So back to my question and this topic:

If you found a company who during the hiring process, told you that as a perk to the gig (not the only perk), they would offer full tuition for a SANS Masters Degree (which includes 8 GIAC certs thru GSE) , would this make you consider switching companies? ie: Is it a big enough 'carrot' to dangle? 

In my mind, this is huge because for most of us, SANS training and certs are out of reach. But I wanted to get some thoughts from the community, so I can better gauge how to sell the company on considering SANS as part of their offering to attract new cyber talent.


浪人 MSISA:WGU
ICP-FDO ▪ CISSP ▪ ECES ▪ CHFI ▪ CNDA ▪ CEH ▪ MCSA/MCITP ▪ MCTS ▪ S+
2020 Level Up Goals: (1) DevSecOps Learning Path (2) OSCP

Comments

  • iBrokeITiBrokeIT Member Posts: 1,318 ■■■■■■■■■□
    For that perk alone? No because I've learned I have a low tolerance for doing stupid BS that I don't agree with the reasoning. (Had a Director that didn't trust anything automated like vulnerability scanners such as Nessus so he made us manually check software versions against the weekly US Cert email.  I nop'ed out in just under a year at that company.)  Total compensation and quality of management are 1a and 1b for me.

    I am currently a student at SANS.edu doing graduate certificates. I completed the PenTesting grad cert last and I am currently working on the ICS Security grad cert.  I am averaging 1 SANS class every six months.  I take the first class of the year using the company's standard IRS reimbursement rate of $5250 with the remainder of that class, the next class, and all travel costs on our department's training budget.  Is this type of multiple funding sources available to you?

    I do consider this a massive retention bonus and part of my total compensation that would likely be hard to find elsewhere.  I am also the technical lead for a multi-billion dollar business unit so having so having the right position also helps.

    I have found independent audits are always a great way to reinforce your position on certain issues.  Along with your proposal ask them consider a cyber skills gap and training analysis by your auditors.  (ie NIST has the NICE framework) 
    2019: GPEN | GCFE | GXPN | GICSP | CySA+ 
    2020: GCIP | GCIA 
    2021: GRID | GDSA | Pentest+ 
    2022: GMON | GDAT
    2023: GREM  | GSE | GCFA

    WGU BS IT-NA | SANS Grad Cert: PT&EH | SANS Grad Cert: ICS Security | SANS Grad Cert: Cyber Defense Ops SANS Grad Cert: Incident Response
  • roninkaironinkai Member Posts: 307 ■■■■□□□□□□
    edited February 2020
    Good points. Happiness / satisfaction / quality of life at the job of course are important criteria as well. I just know that unemployment in cyber is almost zero, and money isnt always the driving factor for people who tend to be fed by a passion for learning, and leveling up in their field. 

    I'm in your shoes, tech lead for a multi-billion dollar company who want to attract the best and the brightest, and keep them. I think they may go for it, it just the benefits have to register with the decision makers in a way that they can understand. 

    Right now, we still get $10K per year as full time employees. That's probably enough for 2 SANS courses per year +/- some out of pocket coverage (similar to your work). So technically an employee could get the MS anyway, it would just take longer, but the company will still fund the learning path. This money is overhead. There is also additional money not from this pool at the sector/department level, so yes, multiple sources are available. I just think with the demand of cyber growing at a steady rate and we get a baseline of people with the same level of skills, knowledge, edu, and experience, there should be something to offer for those who want to put in the world and step up a few notches in knowledge/skill. Advertising this perk at cyber conferences or job fairs could help attract some of this talent.

    I'm familiar with the NICE framework and I know they are starting to utilize it for gap assessments. I guess my point is that a good majority of certifications are worthless. In your assessment, you find employees have X certs, degrees, etc, but yet still can't really do the job, or even know what they are talking about. The people that truly "get it" are few and far between. Companies are still attracted to certs like CEH (which I have), that are complete garbage. It doesn't measure skill at all, just wrote memorization. Then there are the higher ups in cyber management with a CISSP, but still couldn't work their way around a computer. It's a pet peeve of mine when I talk to someone with an MS in cyber, CISSP, and X  # of other certs, but is still lacking a basic understanding of how security is actually applied to a system. I think a SANS offering would help attract more of the ninjas, and less of the book worms. 
    浪人 MSISA:WGU
    ICP-FDO ▪ CISSP ▪ ECES ▪ CHFI ▪ CNDA ▪ CEH ▪ MCSA/MCITP ▪ MCTS ▪ S+
    2020 Level Up Goals: (1) DevSecOps Learning Path (2) OSCP
  • SteveLavoieSteveLavoie Member Posts: 1,133 ■■■■■■■■■□
    It is a major benefits and I would take it in consideration. However, if the work environment is toxic or bad, no benefits is worth it.
  • bigdogzbigdogz Member Posts: 881 ■■■■■■■■□□
    Yes, I agree with @SteveLavoie on this issue.
  • PC509PC509 Member Posts: 804 ■■■■■■□□□□
    If all else looks good with the company, yes I would. I would do it specifically for the degree, but if it was a great company and I wanted to move - yes. If it's a great company and I'm not looking to move? No. If it's a crap company? No. 
  • roninkaironinkai Member Posts: 307 ■■■■□□□□□□
    Yes it is a great company. But agreed, I'd only do it if it was to include the MS degree, not certs or courses alone.

    Actually, I just made a spreadsheet breakdown of the full costs of this program compared to taking courses 'a la carte'. Within the MS program, they are $4125. Individually, they are $7020, which pretty much eats most of the annual education assistance. Pretty crazy prices.
    浪人 MSISA:WGU
    ICP-FDO ▪ CISSP ▪ ECES ▪ CHFI ▪ CNDA ▪ CEH ▪ MCSA/MCITP ▪ MCTS ▪ S+
    2020 Level Up Goals: (1) DevSecOps Learning Path (2) OSCP
  • Danielm7Danielm7 Member Posts: 2,310 ■■■■■■■■□□
    It's a nice carrot but I don't think enough if everything else didn't balance out. I don't think the MS degree from STI is a huge selling point on it's own. Most deep tech roles don't care much about an MS in the first place, and unless they really get security I don't know that one from SANS specifically would change that. 

    The certs on the other hand, could be very valuable, the GSE of course, but making me trade salary, PTO or options like remote work would start to cut heavily against that. I know the question is what "we" would do, but working currently somewhere with the $5250/year reimbursement that almost no one takes advantage of even to finish a BS, it makes me realize it would probably be pretty rare for this to be a giant selling point for potential employees. Most of them think I'm weird for constantly pursuing this sort of stuff. 

    Another thing I'd also consider, is the time investment for something like that. For example, a friend of mine is doing a program right now, it's through coursera / some big name university. Even without big cert exams or anything, it's still a bunch of time, and while his work will fund it, they won't give him time to do it. So, he's learning to benefit the company without the company giving him any non-billable time to do it. So, he's learning at night, which is causing tons of family stress. Saying someone could do 8 GIAC certs, a bunch of papers, non cert classes, the GSE, etc in 3 years, that's going to take a ton of time. So you'd need a very specific type of person who would want to take most of their free time to do that as well. 
  • LonerVampLonerVamp Member Posts: 518 ■■■■■■■■□□
    Would I consider this? Probably. Having the cache of certs, connections, and knowledge at one's fingertips is pretty compelling.

    It would entirely depend on how long I'd be locked into that role, of course, knowing nothing else about whether it's a good company with good management or not. I can suffer a non-ideal position for a year or three if it means the investment pays for it afterwords. (Sort of like being back in the entry level grind!) But, I would ask more questions if this was a beyond a 3 year commitment.

    Security Engineer/Analyst/Geek, Red & Blue Teams
    OSCP, GCFA, GWAPT, CISSP, OSWP, AWS SA-A, AWS Security, Sec+, Linux+, CCNA Cyber Ops, CCSK
    2021 goals: maybe AWAE or SLAE, bunch o' courses and red team labs?
  • McxRisleyMcxRisley Member Posts: 494 ■■■■■□□□□□
    I wouldn't even consider it because this would most certainly would require you to sign a contract agreeing to stay with the company for over 5+ years or you have to pay them back for all of it. Been down that road before, not doing it again.
    I'm not allowed to say what my previous occupation was, but let's just say it rhymes with architect.
  • TechGromitTechGromit Member Posts: 2,156 ■■■■■■■■■□
    edited February 2020
    No, I'm pretty happy where I am now. The next step in management, which I have no interest. A master's degrees and GSE will not get me a large enough bump in salary or pay to be worth the investment. When you consider my total compensation is over 150k (counting company paid benefits and pension), plus 90% of the time it's a 8 to 4 Mon-Fri job, no 60 hour work weeks, on-call once every 7 weeks, and pretty stable employment environment, I'd be crazy to jump ship for extra 10k. Hell between conferences, SANS and other training, they dropped a good 10k a year on me the last 5 years.   

    Radical moves like this are worth it for those beginning there career, not those well established in them.    
    Still searching for the corner in a round room.
  • quogue66quogue66 Member Posts: 193 ■■■■□□□□□□
    I'm finishing up the MSISE now.  Whenever I consider a new company I inquire about their tuition reimbursement policy.  I wouldn't go to a company solely based on the tuition policy and I would not let them leverage it in place of salary.  I am considering law school or an MBA next and I would consider a company that would be willing to do 'corporate sponsorship' for me.   
  • VictorVictor5VictorVictor5 Member Posts: 77 ■■■□□□□□□□
    edited February 2020
    @roninkai - this may be a no, but I'm going to ask anyway. Have you given thought about going for a PhD? As you and I know, and to put it bluntly, SANS ain't cheap. Yes training is solid but for what SANS is charging for the MSISE is honestly law school rates.

    However, I won't talk about law school unless you really want to :smile: - PM me if you do. 

    You already have a Masters, which you said wasn't technical. Fair enough, but with a PhD you can make it your own, as technical or untechnical as you want. If you can get in somewhere that allows you to do research while keeping your "day job" the costs won't be as much as a MS from SANS.

    Hit me up if you want to chat about either the PhD or JD.

    VV5 out.
    B.S. Electrical Engineering, M.S. Electrical and Computer Engineering, PhD Electrical and Computer Engineering
    J.D. Candidate (2L)
    In the books: CompTIA Network+, Security+, CEH, Associate of (ISC)^2, GIAC: GSEC, GAWN, GCIH, GPEN, GCFA
    ProBoard: FF I & II; HAZMAT: Awareness, Operations, and Technician; Fire Instructor I; NREMT: EMT-B. Next up: Fire Officer I
    Currently Working on: PE-Electrical and Electronics, Patent and State Bars, and Juris Doctor (law degree)
    Next: GCIA/GCWN and/or GCUX/PMP/GSE
    Next after next: Med school!!!!! Lol
  • VictorVictor5VictorVictor5 Member Posts: 77 ■■■□□□□□□□
    @quogue66 - PM me if you want to chat about law school. I'm in the thick of it!
    B.S. Electrical Engineering, M.S. Electrical and Computer Engineering, PhD Electrical and Computer Engineering
    J.D. Candidate (2L)
    In the books: CompTIA Network+, Security+, CEH, Associate of (ISC)^2, GIAC: GSEC, GAWN, GCIH, GPEN, GCFA
    ProBoard: FF I & II; HAZMAT: Awareness, Operations, and Technician; Fire Instructor I; NREMT: EMT-B. Next up: Fire Officer I
    Currently Working on: PE-Electrical and Electronics, Patent and State Bars, and Juris Doctor (law degree)
    Next: GCIA/GCWN and/or GCUX/PMP/GSE
    Next after next: Med school!!!!! Lol
  • LordQarlynLordQarlyn Member Posts: 693 ■■■■■■□□□□
    I'll echo what others are saying. That's a great perk, but do your due diligence on the total picture at the job. Find out what the company culture is like and if it aligns with yours, and preferably if possible, find out what the subculture at your job location is like. And of course other things like work hours, management styles, salary and total compensation package.
  • beadsbeads Member Posts: 1,533 ■■■■■■■■■□
    This would be an extremely unlikely benefit to be provided by any company in today's age and would have to view this with some skepticism at 7,000 per class and nothing about a retention, claw back or reimbursement.

    Possible yes but with a number of caveats to nail down before I would entertain such an offer, like hide my first born and an aversion to sharp and pointy objects used to sign such an agreement.

    - b/eads
  • stryder144stryder144 Member Posts: 1,684 ■■■■■■■■□□
    beads said:
    This would be an extremely unlikely benefit to be provided by any company in today's age and would have to view this with some skepticism at 7,000 per class and nothing about a retention, claw back or reimbursement.

    Possible yes but with a number of caveats to nail down before I would entertain such an offer, like hide my first born and an aversion to sharp and pointy objects used to sign such an agreement.

    - b/eads

    Don't forget that you should run if they ask you to sign the document at a crossroads, at midnight, in Mississippi.
    The easiest thing to be in the world is you. The most difficult thing to be is what other people want you to be. Don't let them put you in that position. ~ Leo Buscaglia

    Connect With Me || My Blog Site || Follow Me
  • yoba222yoba222 Member Posts: 1,237 ■■■■■■■■□□
    edited February 2020
    I'd be worried that 2 masters and 10+ SANS certs would land my resume at the bottom of the unicorn pile, and doubly worried of the difficulty of the tech interview.
    A+, Network+, CCNA, LFCS,
    Security+, eJPT, CySA+, PenTest+,
    Cisco CyberOps, GCIH, VHL,
    In progress: OSCP
  • iBrokeITiBrokeIT Member Posts: 1,318 ■■■■■■■■■□
    edited February 2020
    beads said:
    .. at 7,000 per class 

     Small correction, the MSISE is $1,375 per credit hour which is $4,125‬ per class + cert.  Additionally some classes like NetWars Continuous were "free" in the PT/EH grad certification program.

    Edit: Successfully completing 8 credit hours per year is required to meet their "Satisfactory Academic Progress policy".
    2019: GPEN | GCFE | GXPN | GICSP | CySA+ 
    2020: GCIP | GCIA 
    2021: GRID | GDSA | Pentest+ 
    2022: GMON | GDAT
    2023: GREM  | GSE | GCFA

    WGU BS IT-NA | SANS Grad Cert: PT&EH | SANS Grad Cert: ICS Security | SANS Grad Cert: Cyber Defense Ops SANS Grad Cert: Incident Response
Sign In or Register to comment.