Value of MS Infosec/Assurance

ramrunner800

Hi all! I'm 27 and looking at changing careers. I have a B.A. in political science, and a job that pays well, but I would like to do something different. Computers have always been a passion of mine, and I have recently begun studying it in ernest. I love doing certifications because they constantly offer new challenges and goals.

I have recently begun looking at the MS in Information and Security Assurance offered by WGU, and it seems like an interesting program. What kind of jobs can somebody with this degree expect to be able to compete for? What are the long term career prospects for somebody with this degree? I'd like to be able to skip the help desk and get into a security position as quickly as possible, but I understand that might be an unrealistic hope.

It's a scary leap to make, because I don't really know what's out there, and I know I'll take a hefty pay cut, but I am excited to start doing something that I love.

ptilsen

Long-term career prospects are great. Short-term can be trickier. No matter what you do, you might be looking at a pay drop to get started in infosec. The thing to consider is that with time, your pay will catch up.

It is not impossible to skip helpdesk, but you won't find a plethora of entry-level infosec positions. "Entry-level infosec" is almost an oxymoron. The good news is even if it takes you a few years of doing security-light IT work, the experience will still be valuable and it's not like you'll struggle to feed yourself.

If you are single and childless, my recommendation would to both go for the WGU MS (or another, similar degree) and to look for a job in the field. Even the certs you have are enough to get your foot in the door. What I wouldn't do is wait until you finish the degree, because that's more time you're not gaining career-relevant experience, and the degree will help you much more after a few years of experience.

ramrunner800

Thanks for the detailed and thoughtful reply ptilsen. I have been studying for the CEH and ICND-2 lately as well, and my employer is planning on sending me for the EC Council's CEH training so that I can be eligible to take the exam. I also find OSCP and SSCP very interesting. Is it worthwhile obtaining these more advanced security certifications before making a career switch? Do you think having an MS makes any huge change in career trajectory? Will I find many more dores open from having the degree? I really appreciate all of your advice.

ptilsen

More certs and education certainly open more doors, but I wouldn't necessarily wait. I doubt too many people get started in infosec positions OSCP and a master's degree. Sec+, CCNA, and CEH ought to be enough to get a start. SSCP wouldn't hurt.

It's also worth thinking about more about what you really want to do. OSCP is great if you want to go into penetration testing. SSCP would be more to for implementing and operating systems and networks in a secure way. An MS will help almost no matter what, but again, I don't think you need it before you get an infosec position.

forestgiant

A real world application of MSc Infosec & Assurance degree really has two parts. Infosec usually implies a high degree of technical expertise, where having compsci background would be really valuable. Assurance is more policies, procedures, and processes, so it's definitely more governance and strategic. Both aspects are highly distinct but related.

In my SMB role there's not much distinction between the two, but I would think larger companies or govt entities would have separate needs and budgets to support a more diverse team. For anyone familiar with the infosec triad of Confidentiality-Integrity-Availability (CIA triad), it's important to segregate duties and limit system privileges so the guy/gal who configures systems (technical) and logging isn't the same person responsible for audits and certifications (assurance/legal) aspects.

With your polsci background I'd think assurance would be both applicable and expedient way of getting a job in this field.