What would you change about the WGU MSISA Program?

colemic · August 2011

For those in it - what would you change?
For those not in it - what would you want to see, to make it more appealing/effective/sexy?

I am currently in the program - I would love to see:

-some kind of credit for those that already have CISSP, CISA, or CISM (surely a fundamentals class could be waived!)

-drop the CCNA, go back to Network+ (my reasoning is that CCNA, by itself, doesn't have a lot to do with security. Maybe that is just my background speaking; I have never been a networks guy, and would rather see a more generic networking cert than something so vendor-specific.) Or better yet, give us a choice of which one we would prefer.

-Multiple tracks - different options. Some want an emphasis in wireless, some want an emphasis in networking (CCNA fits good here), some want an emphasis on the really technical side (CEH-type stuff), some want to be geared more toward project management/policies/risk management/leadership than becoming uber technical, which appears to be the sole focus.

-Drop the Organizational Management course and replace with a project management course, you could even tie it into CAPM.

Discuss amongst yourselves.

hiddenknight821 · August 2011

Apparently, I'm not in it, but I'm considering the program once I finish the BA. I would love to see the CCNA being replaced with the CWSP that they used to have. The CCNA would make it easier for me to enroll, which is something I don't agree with. Personally, I think no one should get waived from any of their graduate-level classes with entry-level certs. CISSP is reasonable enough.

demonfurbie · August 2011

id drop the ccna like you said, i would replace it with a network design/documentation class

id change the Organizational Management to a public speaking class, you would be surprised how often a network security/forensic person has to hold meetings for a decent amount of time and get the point across in a way were every one can understand it

id also like to see some linux in there but we all know that aint gonna happen

redneckdiver · March 2012

demonfurbie wrote: »

id drop the ccna like you said, i would replace it with a network design/documentation classid change the Organizational Management to a public speaking class, you would be surprised how often a network security/forensic person has to hold meetings for a decent amount of time and get the point across in a way were every one can understand itid also like to see some linux in there but we all know that aint gonna happen

I've been cramming for CCENT all night and I need to vent.This is my first semester in the program after having already completed the MBA program. So far I'm pretty disappointed in the curriculum, and working with LabSim in preparation for the CCENT exam is not helping. As a guy who has written technical documents at major corporations for a living, I found the SOHO tutorial a bit beneath what I expected in an MSISA program. I literally reset and reconfigured my home MiFi and WRT54g configurations (to the point of going back to Cisco firmware and then reloading DD-WRT for wireless repeater mode on the router) and documented EXACTLY how to configure them step by step. Then my submission got rejected for things like, "He didn't explain what a default route was." WGU - Do you really think even a small company is going to send out a network tech to configure a SOHO router who doesn't even understand what a default route IS??????Like you, I'm not a "network guy." I've been doing various TCP/IP work and troubleshooting from a Unix server perspective for upwards of 15 years, but until now I've never bothered to go memorize the OSI model or some of the finer points related to networking and protocols that I don't have hands on experience with. So at least that initial part of LabSim was interesting. Then we get into items like, what command do you run on the CISCO 99000XYZ to modulate the transwarp flux capacitor. REALLY WGU? Do I need to know all of this Cisco specific stuff, to the point of knowing how to configure device banners? BANNERS?????There's this little priniciple called "segregation of duties" that you might have heard of. Because of this, and the stage of my career and life (and probably many other students as well), there is NO WAY IN HELL I will ever work on one of these devices that I'm being expected to know detailed configuration commands for.To top it all off, I took a new position as a security analyst this year and my boss is on the CISSP industry advisory board. He wants me to complete CISSP and doesn't seem to think there is any value at all in me getting this MS degree. So I'm currently thinking I'll take one shot at this CCENT exam and see what happens. Hopefully I'll get lucky and it won't be full of the Cisco specific minutiae. If I can pass this and the second exam for CCNA, then the rest of the program looks to be more relevant. However, I'm not at a place in my life where I'm interested in being forced to memorize information that has absolutely no relevance to me or really even to the stated goals of the program. If I don't pass CCENT on the first try I think it will be time to withdraw and put all my efforts toward the CISSP route.

ptilsen · March 2012

Drop CCENT and EC-Council entirely. Add Network+, Security+, SCCP ("Associate of ISC(2) for those without experience) or maybe CASP or GSEC, CISSP ("Associate of ISC(2)", once again). Allow GISF and GSEC to sub for Security+ (but new students must take Sec+). Allow CCNA and CCENT to sub for Network+ (new students must take Net+). Replace G2700 with an "elective" which includes any of the same-level GIAC certs.

I'm not sure if there's a good reason the program is not already aimed at getting people to pass CISSP, but of my above suggestions, that is #1. You don't need experience to take and pass the test and achieve a certification (as I said, "Associate of ISC(2)"), so I don't want to see any arguments here.

Students with the experience are CISSPs. The rest become CISSPs after getting the experience.

Edit: To add to all of this, CCENT and Ethical Hacking again are particularly inappropriate for this degree because they are very tool-and-command heavy. The degree should be about theory and high-level application and knowledge, not extensive use of specific tools. Perhaps they could offer a more technical degree or specialization, in which case I could see vendor certs, C|EH, OSCP, etc. For what the degree is now, it needs to have a better focus, which ultimately means the changes I recommended above.

eansdad · March 2012

I also don't like the CCENT here, a lot of people comming from the BS programs will already have it. I would like to see GSEC added and CISSP since "This program is aligned with security standards put in place by the National Security Agency (NSA) and encompasses the 10 security domains that are the foundation of the Certified Information Systems Security Professional (CISSP)." CISSP could be the class before the Capstone.

I think they should hash out security (further taking security into management and use) and forensics and make 3 seperate tracks. I would LOVE if they added OSCPs OCP and/or OCE. Exams which you have to be able to show what you know would be great. I also still think that at a minimum some type of linux course is needed. A systems admin/network admin aren't going to need all the same certs and training as an auditor or forensics investigator.

swild · March 2012

I agree with a lot of what ptilson says above. This is a graduate degree! CCENT? gotta go! This should be a direct followup to the BSIT:Sec degree. There should be absolutely zero classes that would transfer over. You want Cisco in your program? Let's see the ROUTE exam. Make the CCNA a prereq for entry, or allow a remedial period to get caught up. If they are coming out of a BSIT degree, but followed another emphasis, put these in between graduation from the BS and official entry into the MSISA.

Raise the bar and make your program difficult. Net+ and Sec+ can't be included because you should have already earned them. CASP or GSEC would be good to see. If the CISSP is included, it should be no less than 6 CUs, probably more like 8 or 9, but then you are looking at that being a 3rd of the degree. I think the SSCP makes more sense in this case at 4 to 6 CUs. Either of these courses could easily take care of 3 or 4 of the other courses.

I agree that all of the EC-Council certs should be dropped. I think the CHFI should be swapped with the GIAC GCIH cert.

I like the G2700 and wouldn't change that.

CEH? Some say it is way too tool heavy. I have studied for it and I have to say that it is not just tool heavy, it is only about tools. Useless. A grad degree should be about theory. It should be platform independent. I would like to see the OSCP, Pen Testing with BackTrack. While this course uses a custom linux distro, all of the concepts are taught to be used on any OS. I have not taken this course, but it is higher on my personal want list than the CEH.

Now, Organizational Management. To be in the corporate ISA field, you will need an understanding of management practices. I would like to see this course swapped out for a Philosophy of Business or Philosophy of Management course. It shouldn't just teach some key jargon that you will hear. It needs to teach the reasoning behind the words and ideas. Ten years from now, all jargon will be different. If you know the philosophy, the meta-thought processes, behind the jargon, you will be able to adapt flawlessly. When I was attending a state college, I was a philosophy major for a time, so I have a bias. Philosophy is the basis of understanding. Teach us how to think, not how to do. You know what they say, "Give a man a fish..."

CISA is another very difficult exam that I would live to see in this program for the Vulnerability Assessment course.

Now, all of this is very well and good, but we have seen that the newest MS program they added does not have any certifications. So I feel that they will be moving in that direction. Also, in this program, they have removed 2 certifications that I know of, replacing them with non-vendor assessments.

ptilsen · March 2012

Actually, along the lines of what swild is saying, Net+ or similar (CCENT) and Sec+ or similar (GISF) as pre-requisites rather than classes would make sense to me.

I would stick CISSP at the end and leave it a two CUs, four tops. This is a graduate program, and I think a challenging class is justified.

Overall, I really like the idea of different tracks/specializations. CISSP still gives the broad overview, but the specializations go deeper into specific topics.

Ultimately, I can't see myself getting a MS from WGU. There are some better-known brick-and-mortars that offer online degrees, and they seem like better investments to me. Not that WGU doesn't have a place, but if I succeed I my B & M undergrad, I can't see WGU as a logical graduate choice.

erpadmin · March 2012

As a WGU alumnus, I only speak on what would be more of a benefit to the ISA program and get more students:

That WGU stop being lazy, and continue its path to becoming a CAE school. Considering that a lot of state schools are CAE or CAE-R, this could only help WGU in getting more students.
Become more of an academic program and drop certs entirely (yes, really.) Redneckdiver (btw, welcome to TE) pretty much hit the nail on the head in that separation of duties is a security topic. An Info-Sec Analyst isn't going to be configuring routers, BUT he is going to be familiar enough to know what needs to be done. For example, for a shop to be PCI compliant, a whole group of servers might need its own VLAN so that it's separated out from the rest of the server farm. The infosec analyst would perform his PCI vulnerability testing and give his results to the network/server team to remediate the network/server, whether it's getting rid of bad ciphers, upgrading a web server, etc. HOWEVER, while obtaining certs wouldn't be a focus on the programs, WGU could align the program to better prepare the graduate to pass the CISSP exam by (better) aligning it's program to the CISSP domains.
To make this info-sec graduate a more well rounded IT person. How can you be an info-sec person if you don't know what you're securing? If a person doesn't have an IT background, then there should be a bridge course that brings that person up to speed. If a person has an IT background/degree, then the bridge course would not be necessary.

powerfool · March 2012

I would transfer into the program after this semester of my grad program if they would offer some credit for the CISSP and transfer credit from similar graduate programs. Essentially, I would have to be able to graduate in one term with only a moderate effort (I am two semesters from finishing my current MS after this semester). I already have CEH and CCNA in the program... I really don't want to do any more EC Council certifications, and from what I hear from colleagues that are in the WGU MSIA program, I don't think WGU is very interested in keeping most of them around, either.

Now in my fourth semester at UMUC, it is really becoming a drag. The pace of the course and the oddities between instructors is extremely frustrating. I know that it is always the case, but I have had super tough professors... I bust my hump and only get a B... I hear from others that they didn't try very hard and got an A with another professor. They claim rigor, but it appears they are only giving those professors to my cohort. Oh well.

forestgiant · March 2012

If you're in the WGU MS ISA program right now, there's a focus group meeting coming up where you can talk through your suggestions with the mediator.

I'm with most of you on the displeasure of Cisco and EC-Council exams in this program, but to me the biggest apparent evil is GIAC's exam process. There's so much useful information from Sans.org, so it surprises me that the for-profit certification arm of the organization plays hardball with exam costs, waiting period, and apparent strike-out attitude. Say what they will about free market and exam integrity; the whole process they enforce screams greed and pompousness.

tpatt100 · March 2012

I am not a fan of EC-Council's certification. It seems they are not even a fan of their own certs.

Valsacar · March 2012

In the CISSP side, I can see some valid reasons why they do not have it as part of the degree. The biggest being that it's only offered so often, and many may not have the experience to get it. Yes there is the associate, but you have X time (few years) to get the experience, in I remember correctly it goes poof if you don't get the needed experience in the correct amount of time. The testing is scheduled to change this year (going computer based) so that would go away. You also have to factor in the pass rate, which is not that high for CISSP, a mentor I spoke to said that was one of the reasons for knocking off CCNA.

I like that the CEH is in there, it's one of the DoD 8570 requirements and was one of the reasons I went for it. I had borrowed some study material from co-worker and was actually amazed at how simple that stuff was... I was expecting something far more in depth than what was in the official material.

I agree entry level stuff, like CCENT, should not be in there. But I do understand having CCNA, or something similar, as someone in ISA SHOULD have a basic understanding of all aspects (hence CISSP being so broad, with little depth).

CAE... yes, this was the big thing that kept me going back and forth before deciding the certs with the degree was my best option.

A PM course wouldn't hurt, not PMP level, but enough that they have a basic understanding of how it should work. Everyone in IT will end up in some type of project at some point, understanding the process and how it improves things is always a good thing. Something akin to ITIL would also be useful, though I'm not a fan of ITIL... still need to take that stupid foundations test.

ISA is a fairly broad field, and the degree should reflect that. Things shouldn't be entry level (hence the requirement for a BS in IT or equivalent experience/certs), but it shouldn't be in depth in any one aspect.

redneckdiver · March 2012

Operations: 86%Small switched network: 80%Small branch office: 70%Small routed network: 67%WLAN admin: 0%SECURITY THREATS AND MITIGATION: 100%WAN links: 25%Failed by 5 points with a score of 799.

Nobylspoon · March 2012

Was the program change from CCNA to CCENT a recent one?

powerfool · March 2012

That was true for many remote locations, however, it is now being offered at Pearson Vue centers, so that alleviates it. The main reason a think a lot of people would like to get some credit for it is because the curriculum is supposedly designed to prepare you for it; also, I believe one of the undergrad programs actually gives you some credit for it.

swild · March 2012

powerfool wrote: »

That was true for many remote locations, however, it is now being offered at Pearson Vue centers, so that alleviates it. The main reason a think a lot of people would like to get some credit for it is because the curriculum is supposedly designed to prepare you for it; also, I believe one of the undergrad programs actually gives you some credit for it.

The CISSP will give credit for the Sec+ class in the Security track.

erpadmin · March 2012

powerfool wrote: »

Now in my fourth semester at UMUC, it is really becoming a drag. The pace of the course and the oddities between instructors is extremely frustrating. I know that it is always the case, but I have had super tough professors... I bust my hump and only get a B... I hear from others that they didn't try very hard and got an A with another professor. They claim rigor, but it appears they are only giving those professors to my cohort. Oh well.

I dislike both cohorts, and anything involving a team project. I think a cohort is probably a good idea in theory, but when it's put into practice, it goes straight to Hades. I don't want my academic future determined by the roll of a dice of getting students in my cohort who are morons, d-bags, lazy, etc., etc. What I especially don't like about cohorts is that there has to be a vote on which electives to take so that everyone takes the same classes [in some programs; others there's just a cohort only for core/foundation classes.] ---- that! Same reasoning with team projects. You set up a meeting, people show up, only to find out that someone is stuck in traffic, or an emergency at work. I understand things happen, but when it's "all the time" patience tends to wear thin with me.

I'm sure you'll do fine with your next courses at UMUC...hopefully I'll do the same after this semester at my own school (which has no cohort...but loves the team projects....)

colemic · August 2012

So they have ditched JFT2... anybody hearing any buzz about any more shifting and shuffling in the courses/certs? (hopefully!)

petedude · August 2012

The WGU MSISA was too technical, and the WGU MS-ITNM too narrow/wishy-washy.

They really need a solid MS-ITM (not MBA-ITM).

MiikeB · August 2012

After reading more in to the WGU MSISA program I agreed it just wasn't what I wanted. Thats why I decided to do my MBA at WGU and am going to do my MSIA at Davenport. The certifications for the MSISA at WGU just dont seem right for a masters.

I think WGU should have a system for graduate programs that basically says "You need to achieve 2 entry level certifications that deal with security and 2 advanced certifications" then let you pick, kind of like how DoD does for IAT levels.

pram · August 2012

Why would you get two masters degrees? Talk about diminishing returns.

petedude · February 2013

pram wrote: »

Why would you get two masters degrees? Talk about diminishing returns.

Depends. I can see an MBA to demonstrate business mastery and an MS-IT to demonstrate technical mastery.

Beyond that, though, yeah, diminishing returns unless you're learning solely for personal edification.

What would you change about the WGU MSISA Program?

Comments