MS in Information Security & Assurance from WGU vs CISSP

jfitzg

Hey all, Im looking for others opinions on my next course of study. Long story short, I want to gain knowledge in the security field, not necessarily change fields into it, but gain enough knowledge (I will have the opportunity for experience regardless of which path I take) to be able to leap into the field without feeling like Im drowning. Maybe even do some auditing or something of the like for any of my company's current clients. I know the CISSP is referred to as "a mile wide and an inch deep" in regards to the topics it covers, but Im also thinking a masters degree would be overkill as I already have 2 (1 in IT and 1 in IT management). Cost is not an issue as both paths are relatively cheap for me, and I already have a ton of certs (no security ones besides security+). Im leaning toward MS number 3 but would like to hear what other people think. Feel free to post any and all comments. In case anyone wonders what I am doing for work, I am currently a Sr. Systems Engineer at a small MSP.

demonfurbie

im kinda in the same boat

im about done with my bs degree and was thinking masters in in info sec (wgu or other) or cissp

only pro i could come up with a masters is that it doesnt expire

hiddenknight821

Since you already have a master degree relevant to your experience, I don't think you should get another master in security given that you may have been already been exposed to a couple of security-related incidents on the job. The experience alone should definitely help you make a better security professional in case you want to transit into that role. You said you weren't interested in changing specialization, so I think the CISSP should be good enough for you. If I were you, I would go for the CISSP.

I am in the WGU's MSISA program now, and I haven't started my first assignment yet. I am doing this because I am only 24, and I have no long-term IT experience. IMHO, jumping straight to the CISSP would be a bad idea for me. I don't want to get burned out that fast, and I would also devalue the CISSP cert. I figured getting the master is the best path for me to gain general security knowledge before I decide to take the CISSP exam.

erpadmin

Assuming you've done at least two of the domains required to even test for the CISSP, I would go for that. You have two Master's degrees; I don't see how a third would add much value (especially since there isn't much differentiation between the two you do have.) In your case, a 3rd Master's would be complete overkill, and given the choice...I would go for the CISSP.

HLRS

cissp>msia, cissp is demand

jfitzg

demonfurbie wrote: »

im kinda in the same boat

im about done with my bs degree and was thinking masters in in info sec (wgu or other) or cissp

only pro i could come up with a masters is that it doesnt expire

Its a really difficult decision. I like the WGU MS because you get a few certs out of it that I was thinking about getting anyways, though I am pissed they dropped the DR cert, and dont have any ISC2 certs but have the CCENT? Doesnt make sense to me but im sure there was a good reason. I was also thinking of doing the MS then doing the CISSP after, but I will need to get my server 2k12 certs sometime during this so its a difficult decision.

jfitzg

erpadmin wrote: »

Assuming you've done at least two of the domains required to even test for the CISSP, I would go for that. You have two Master's degrees; I don't see how a third would add much value (especially since there isn't much differentiation between the two you do have.) In your case, a 3rd Master's would be complete overall, and given the choice...I would go for the CISSP.

Oh yes, i have dealt with many security incidents, which makes me think about having the auditing skill when needed. I completely agree that a third MS degree wouldnt add any value, and would even make employers wonder why I got 3 MS degrees, my only concern is that AFAIK the CISSP is more theoretical vs technical, I really wouldnt learn much in regards to pen testing and the such. To me, im not sure the value of the info on the CISSP is really what im looking for. But I very well could be wrong as the CISSP covers a LOT of information and I am not familiar with what is covered vs what is not.

demonfurbie

you could get a GPEN after CISSP

CISSP often a buzz word that HR depts look for

erpadmin

To add to demonfurbie's comment, I would then ask what you're looking for.

If you are looking to do more practical then technical, then the GIAC certs may better suit you than the CISSP.

If you are looking to further break into management, or perhaps oversee IT security from a management perspective, then the CISSP would be better.

To further add to DF's response, I do see a lot more CISSP in job searches (not necessarily the jobs I'm looking for...but CISSP tends to be more popular with HR than GIAC.) By no means am I saying GIAC shouldn't be done if pen testing is what you want to do...but CISSP appears to be more popular.

However, I think we've established that a third MS is overkill...now you have to do a self-analysis of what you want to do within information security, and then research accordingly.

Valsacar

Yup, everything said here. No need to do another MS (normally I would have said MS then CISSP), go for the CISSP as it seems to fit what you're looking for at this stage.

Iristheangel

I didn't read your original post very well on my phone. Since you already have an MS, I would change my vote and say go for the CISSP

YuckTheFankees

Exactly what Iris said. I voted WGU, but after reading the opening comment, I would say CISSP now.

ptilsen

CISSP. It's really no contest, IMO. Another MS is simply not going to open any doors for you. Not one. I cannot imagine there is now or will ever be a single job opening in any IT security-related field the hiring managers of which would look at a candidate with two highly relevant master's degrees, tons of experience, a CISSP and plenty of others certs and say "This candidate needs a master's degree in IS/IA; we cannot hire him or her." or "This candidate has three master's degrees and exceeds all other requirements; we must pay him or her more than that candidate with two master's degrees who similarly exceeds all other requirements." Never. If anything, having three master's degrees could be seen as overkill, and provoke strange reactions.

Unless you feel you will truly gain much-needed knowledge from that third master's degree which you would otherwise be unable to obtain, I see no value in it. The CISSP easily adds value, as would other security certifications if you do decide on some specific path.

The only path involving more education I could ever see as being feasible would be for a doctorate or professional degree, but there really aren't any that would be particularly relevant to your career goals, unless you want to teach.

jfitzg

ptilsen wrote: »

CISSP. It's really no contest, IMO. Another MS is simply not going to open any doors for you. Not one. I cannot imagine there is now or will ever be a single job opening in any IT security-related field the hiring managers of which would look at a candidate with two highly relevant master's degrees, tons of experience, a CISSP and plenty of others certs and say "This candidate needs a master's degree in IS/IA; we cannot hire him or her." or "This candidate has three master's degrees and exceeds all other requirements; we must pay him or her more than that candidate with two master's degrees who similarly exceeds all other requirements." Never. If anything, having three master's degrees could be seen as overkill, and provoke strange reactions.

Unless you feel you will truly gain much-needed knowledge from that third master's degree which you would otherwise be unable to obtain, I see no value in it. The CISSP easily adds value, as would other security certifications if you do decide on some specific path.

The only path involving more education I could ever see as being feasible would be for a doctorate or professional degree, but there really aren't any that would be particularly relevant to your career goals, unless you want to teach.

I agree with the 3 MS degrees being a little overkill, but the thing I liked about the MS ISA was that I get a few relevant certs that I wanted anyways. I could easily finish the degree in 2 terms, and then I was thinking of taking the CISSP after. My big attraction to the MS ISA is not opening another door, but gaining additional skill sets in security (auditing, pen testing, etc...) so my big concern is if the CISSP would prepare me enough for those types of roles (as it is commonly known as being a mile wide and an inch deep ) or if the MS ISA would provide a better learning experience. Im happy in my current Sr Systems Engineer role and wont be leaving for a while, so im more interested in learning than trying to move up to a better position.

erpadmin

Have you looked into the CISA? That's a really good one if you really want to get into auditing. That exam, combined with CISSP and your MS degrees should pretty much get you at least looked at by folks looking for security personnel.

I can't even say this enough (apparently...haha) getting a third MS (especially if it's in the same breath as your previous two) would be a waste of time for you. No one is saying you wouldn't be able to do it; you could probably do the MSISA in one term, easily...it would just be a waste of time and perhaps money for you to do so.

Alternatively, you can gun for a SSCP (that seems to be a bit more practical, though I'd shoot for a CISSP personally) and CISA. Though in your case, you might want to gun for a CISA as auditing seems to be a recurring theme for you, and then (if you want) gun for CISSP. Just do yourself a favor and take the third MS off the table.