Carnegie Mellon for Cybersecurity?

axiom1axiom1 Member Posts: 4 ■■□□□□□□□□
Hey everyone,
I have received an admission offer for Carnegie Mellon’s MS in Information Security Policy and Management program, and I was hoping to gain everyone’s opinion regarding the value of a CMU degree in Cybersecurity. It’s definitely not a cheap program, but I was hoping to use it to “break into” the field. I will also pursue a number of security certifications to bolster the degree. Does this sound like a generally reasonable/prudent plan? 


  • cyberguyprcyberguypr Senior Member Mod Posts: 6,926 Mod
    Sounds expensive. Do you have any experience? I am a hiring manager and am always cautious about people with lots of education and little hands-on. I always recommend people trying to get into the field to get any experience over education.
  • JDMurrayJDMurray MSIT InfoSec CISSP SSCP GSEC EnCE C|EH Cloud+ CySA+ CASP+ PenTest+ Security+ Surf City, USAAdmin Posts: 12,437 Admin
    CMU is hot hot hot for a lot of technical degrees, like Computer Science and Engineering, and has great name recognition. I don't about the ROI for CMU's cybersecurity learning.
  • axiom1axiom1 Member Posts: 4 ■■□□□□□□□□
    So I’m making a career transition from a largely unrelated field. I figured it’s a unique educational opportunity, and the degree may serve me well down the line. It’s a two-year, full-time program. Not online/part-time. It’s definitely not cheap, around $40k per year for tuition and room/board. So $80k total, roughly.  
  • itdeptitdept A+, S+, L+, LPIC1, CCNA, CCP, ITIL, AWS CSAA Registered Users Posts: 248 ■■■■■□□□□□
    Personally I don't think it is worth it. I figure you are better off getting a foot in the door and working towards the security field. I will maintain if you want to protect or attack a system you need to have at least a basic understanding of how the system works. I would be happy to hear from others with an opposing view who have just "jumped in" to Info Sec.
  • DatabaseHeadDatabaseHead Teradata Assc 16, Querying Microsoft SQL Server 2012/2014, CSM Member Posts: 2,712 ■■■■■■■■■□
    Go with your gut, sounds like an amazing opportunity.  
  • AverageJoeAverageJoe CISM, CDPSE, CISSP, SSCP, CYSA+, SEC+, NET+, A+, LINUX+, PROJECT+ Member Posts: 316 ■■■■□□□□□□
    There's not a right or wrong answer.  It is a generally reasonable plan, but there are a lot of factors still to consider.  Here are my first two questions:

    First, that 80 grand you're going to spend on this education.  Do you have it?  If you do, great!  If you're taking out $80,000 in loans... that's a lot less great (big risk).  

    Second, how familiar are you with Information Security Policy and Management?  You said you're coming from an unrelated field, but are you familiar enough with this program and career area that you're confident you're a good match for it?  If you are, that's great!  If you're not very familiar and don't have much idea what it would be like working in this field... or that you'd even finish the degree... that's a lot less great (big risk). 

    Beyond that, lots of other factors... current debt, study compatibility, current age and health, family/dependents... so much we don't know so can't help with, but quitting work and going to school for 2 years to start a new career is a luxury many people cannot afford. 

    On the flipside, many people would love to be able to do just that, so if you can afford it and your circumstances allow it, that's awesome!
  • axiom1axiom1 Member Posts: 4 ■■□□□□□□□□
    Really appreciate the thoughtful responses. Some more info: few years out of undergrad, can cover a large chunk of the cost out of pocket, no dependents, no debt, reasonably healthy (knock on wood). However, I’d be quitting a stable job and moving across the country, away from my family, friends, SO, etc. My current field of employment doesn’t pay a reasonable wage, and there’s no real progression potential, so I’ve turned towards InfoSec as a solid middle ground between my skills, interests, and desired earning potential. 

    I am reasonably familiar with InfoSec, and I come from a policy background, although not technology policy. I have some IT experience (helpdesk in college) and a fairly decent technical skillset. I’m hoping to find a career that will allow me to keep one foot in policy and another in the technical aspects of Cybersecurity. It might be cool to become a CISO someday. 

    My main concern is ROI and long-term impact to my career. I’m spending all of my money on this degree, so I really need it to pay off financially. I’m also concerned about pigeonholing myself into non-technical roles at a very early point in my career. I don’t have much experience, so I want to leave my job options open. Bottom line, I don’t want to make a financially/professionally detrimental decision.
  • Info_Sec_WannabeInfo_Sec_Wannabe Senior Member Member Posts: 410 ■■■■□□□□□□
    If I'm in your situation, I would try applying for helpdesk, technical writer or positions similar to it to get your foot in the door. This might cause you accepting a lesser paying job than what you have right now, but it can open doors for you. How you make use of that opportunity will depend on you.

    80 grand is a big number, imagine the number of SANS courses you can enroll yourself in. If you want to be a CISO later down the line, an MBA or equivalent might serve you better.

    Just my 0.02.
    X year plan: (20XX) OSCP [ ], CCSP [ ]
  • scascscasc Member Posts: 414 ■■■■■■□□□□
    edited May 11
    As mentioned above everyone will have their preference. My own personal one would be to pursue the degree from a renowned, world class institute where you can leverage the alumni network to obtain the work you wish - this is the key differentiator that the world class uni's have. Very hard to match this. I think if it is feasible, try and go for it. I get asked always the uni I went to (LSE in UK) and it helps immensely with winning work etc.

    But bear in mind what you really want to get involved with - if it is policy, compliance work etc fine, however if it is tech work then you might be better off using the money to hone your tech skill set. As companies want to see someone who can do hands on work. If you crave to be a CISO - its more strategic in nature than tech. CISO has army of bandits under him/her giving them the info they need to portray risk to the board - more policy related. So next move will probably mean choosing what you really want and then deciding the path to take.

  • axiom1axiom1 Member Posts: 4 ■■□□□□□□□□
    Is $80k+ salary a reasonable expectation for a Cybersecurity master’s grad in a HCOL area? I’m leaning towards making the jump right now, and I feel like ~$25k annual tuition for two years is fair, but I need to make sure that my overhead costs don’t get out of control. Ideally, in the year after graduation, I’d like to make enough to pay off the whole degree and live very modestly on the remainder. 

    Working my way into the field is another option, but I have the luxury of returning to school right now, so I really want to capitalize on it. I might not have the same opportunity in the future. It all winds down to money, and whether the degree will serve as a launching pad for my career. 
  • shochanshochan Member Posts: 967 ■■■■■■■□□□
    I've watched their classes online, most ppl in the classes seem bored...The material was pretty good but felt like my self studying was a better route.  I've also heard it's real expensive, but go with what you feel is best.
    2021 Goal ~ OSCP

    Urban Achiever~ A+, Network+, i-Net+, MCP 70-210, CNA v5, Server+, Security+, Cloud+, CySA+
    A.A.S - CIS
  • UnixGuyUnixGuy Are we having fun yet? Mod Posts: 4,341 Mod
    It's one of the best courses in the world and might lead to a job in one of the big names in Silicon Valley via on campus recruitment. I'd do it if you can afford it and your experience in a highly regulated environment will come in handy
    In Progress: MBA
  • KasorKasor Member Posts: 929 ■■■■□□□□□□
    CMU is a great school in IT and Technical field. Also, many big companies and federal agencies often have hiring events to identify potential candidates, or at their alumni events (prior Covid19).
    Kill All Suffer T "o" ReBorn
Sign In or Register to comment.