Cissp & Msia Or Msis

Discussion in 'IT and Computer-Related Degrees' started by TEKMAN, Jul 7, 2008.

Loading...
  1. TEKMAN

    TEKMAN Semper Fi!

    Hello Everyone,

    I just want anyone with their opinion. What would you choose between these path for a career in Information Security? Would you rather holding a certification in Certified Information Systems Security Professional or a degree Master of Science in Information Assurance (Information Security)?

    Thanks in advanced.
     
  2. sentinel

    sentinel New Member

    The Certified Information Systems Security Professional (CISSP) designation is a highly sought after credential by employers hiring information security personnel. While the Master of Science in Information Assurance (MSIA) degree is valuable, the CISSP is the requirement typically seen in employment postings. You could earn the CISSP followed up by the MSIA. That being said, if you are interested in working with or for the Federal Government of the USA, then the MSIA from an NSA/DHS approved programme of study such as that offered by Capitol College might give you an advantage, and it covers the material expected of the CISSP examination.
     
  3. pr0xy

    pr0xy New Member

    Hi,

    While the CISSP is very highly regarded, I think in the long run the MSIA degree would be more of a better choice. Like sentinel stated, most of these programs even prepare you for the CISSP. Working in the government sector, I noticed the the CISSP certification is getting oversaturated -- meaning almost every information security professional has one. Our information assurance lead is a GS-15 with a MSIA and no security or IA certifications whatsoever (pretty young guy too, only 29 yo) When I looked at some corporate position, most of them either wanted a CISSP or a degree specializing in IA. With that being said, according to my research, I truly believe that the higher management positions are being filled by persons with CISSP.

    By the way, whatever happened to the George Washington University program that you were enrolled in?

    Regards,

    Sebastian
     
  4. Randell1234

    Randell1234 Moderator Staff Member

    I earned my MCSE in NT 4.0 years ago and then Microsoft announced they were going to retire the track. All that work and the risk of it going away. At the time I did not have a degree. My boss had a masters degree that was 8 years old and was not current on anything. The lesson: certs are great but I feel they should be a complement to a degree. This way you have a one-two punch of a degree and cert. Most degree programs should cover the information required to earn the cert. if they do not, it may not be the program for your needs.
     
  5. Daniel Luechtefeld

    Daniel Luechtefeld New Member

    A GS-15 under age 30?? Wow!!! They're headed to SES well before 40!!

    Is this person a former military officer, or did they go into Federal service straight out of college?
     
  6. pr0xy

    pr0xy New Member

    hi Daniel,

    Yep, its a person that went to federal service straight out of college. When I talked to him, he said got an internship position, it was a GS-9 target GS-13. Every year he would get promoted automatically, if his performance was adequate. At age 27 he was a GS-14 and it took him only 2 years to get GS-15.

    When I was working in Florida, there was a lady that was a SES-2, and she was only 38! She said the key to her success was working at Washington DC for the first 10 years.

    Regards,

    Sebastian

     
  7. Daniel Luechtefeld

    Daniel Luechtefeld New Member

    From a GS-9 internship to a GS-15 leadership role - in ten years. That's an amazing success story.

    It also says a lot about how motivated that little corner of the Federal government is to recruit fresh blood to replace a generation of retiring civil servants.
     
  8. pr0xy

    pr0xy New Member

    That's precisely my point. I have my MCSE on MS Windows 2003 but now with the introduction of new MS server environment I don't know what's going to happen. I have a BS in Computer Science and a MS in Information Systems Management. I'm currently working on a MSIA, and I think I'm done with IT certs.

    Regards,

    Sebastian

     
  9. TEKMAN

    TEKMAN Semper Fi!

    Well, I planned to stay in Northern Virginia; therefore, I chose George Washington University to earn my master. However, the tuition is expensive. I thought I could get some financial aid, or student loan. After taking one class at GWU, almost my whole pay check is gone into tuition. And the VA gave me only $368.00 per month, that doesn't covers $3,500.00 per class at GWU. I have never heard anything about my financial aid, and student loan. I don't think I can afford it anymore. Flipping on the otherside, SMU gives me 50% discount on tuition. Which is only under $500.00 per credit. Both schools are tier one school, and I intend to move to SoCal in two years to study at USC. Therefore, I don't really care if my master is from GWU or SMU.

    The reason I ask about the CISSP and MSA because I want to complete my Master in Telcom and Management. Then sitting on the CISSP exam by the end of next year.
     
  10. pr0xy

    pr0xy New Member

    Hi,

    I was under the impression that the rankings of 1-50 are Tier 1, 51-100 are Tier 2... etc. Last time I checked, according to US News and World Report, SMU ranked 67.

    US NEWS AND REPORTS
     
  11. RFValve

    RFValve Well-Known Member

    I wouldn't go for a master's in information security or assurance, the reality is that the IT market is so dynamic that today is security, yesterday was E-commerce and tomorrow can be something else. Master's degree are a long term investment so you wouldn't want to stay with the "security" tag in your master's when the future might require you to be specialist in something else. The best is to get a master's in IT, IS, EE, CE or CS and top it off with certifications. I would go for a master;s in a generic field and the CISSP certification.

    The reality is that most employers in security consulting would require a CISSP rather than a master;s degree in the field so why bother with a master's degree in security when you would need to get the CISSP anyways.
     
  12. RFValve

    RFValve Well-Known Member

    I ditto this, certifications are normally a good complement to a degree but not really a replacement. Most companies expect you to have a degree but certifications play a big role when deciding among different candidates. The problem with certifications is the are too expensive to maintain and the market might change to a point that a certification might become obsolete. However, we get them mainly because the market requires them. IT certifications pay far better than a PhD for example in the IT industry.
     
  13. pr0xy

    pr0xy New Member

    Hi,

    While I agree that the IT industry is so dynamic, I really don't think you could compare information assurance to the past hype of E-commerce. I don't think information security is going anywhere soon. Now, would I go for a PhD is that field, probably not. On a master's level, definitely a different story.
     
  14. pr0xy

    pr0xy New Member

    Hi,

    Obviously were describing two different industries. I don't know where you work and have no idea what your level of experience is. I'm relatively new in the information systems industry, only 5 years experience. I work with people of all types, with different skill sets and different credentials. From my experience, especially in the government sector, certifications are great for contractor level positions. All the leads and NSPS/GS management positions consist of graduate level credentials, with little or no certification supplements. Our director is a SES-3 with a PhD in CIS and makes alot more money than a standard person whose credentials consist of certifications.

    Best regards,

    Sebastian
     
  15. RFValve

    RFValve Well-Known Member

    It is not going to anywhere but how many can the industry really need? How many security specialist do you really in a company? How many schools are there offering this degree? I have been in the IT industry for almost 20 years and I have seen the same the trend with many IT fields such as networking, data mining, E-commerce, databases, etc. The market drives many new IT professionals in a specific field by offering high salaries but in few years salaries go down to the point that doesn't become attractive anymore. There is nothing wrong with profiting with the trend towards security but I wouldn't waste my time with a master's degree in the field but rather get some certifications and master's in a traditional IT field.
     
  16. RFValve

    RFValve Well-Known Member

    Government and education are two places that pay for higher education. If you work for the government, I agree that degrees are a better bet but not the case for industry jobs.

    I accumulated many graduate degrees and realized this so at this point I make more money working at Universities and colleges than industry. However, if I were to start all over again, it is far more cost effective to have a B.S and get certifications since the IT industry does not really pay much for graduate education.
     
    Last edited by a moderator: Jul 11, 2008
  17. Daniel Luechtefeld

    Daniel Luechtefeld New Member

    I speak from the perspective from someone who has worked as a network engineer in federal contractor and in the private, for-profit wireless/telecom
    sector. Additionally, I've done pro bono consultant work to non-profits and local public safety agencies.

    I can tell you that your statement applies only to the public sector, and to the federal contracting sector in particular. In private enterprises - both for-profit and non-profit - security is a cost center, not a profit center/revenue generator.

    Consequently, security is one of the first areas to be cut when private-sector budgets get tight. Keep in mind that the C-level executive teams of most enterprises have risen from the sales and marketing ranks, not the technical specialties.
     
  18. scubasteveiu

    scubasteveiu New Member

    I want to be sure about your question before I attempt an answer. I will assume, at the juncture, that you are not currently working in InfoSec.

    My question to you and others on this board is "why not both?"

    Some have given feedback about the potential for security to change and maybe even get downsized - fine. People will always need someone to protect their information. It is the same reason why we need a standing army, the FBI, and certain types of insurance. Period.

    I really hope you are not currently in InfoSec, as that is the best place to start. Give me a Sys admin, Net admin, or better yet, someone from App support. How are you expected to protect something which you have never built, broken, or toiled upon? From what I have read, you might have to wait a bit to take either of the below certs. No offense, as I am in the same boat.

    MSIA - this is for Audit. You do not take this exam unless you are already in the field.

    CISSP - same story, but for Security Management. You do not take the exam unless you have 5 years full time security experience (4 with a MSIA or proper additional certification).

    MSIA - Open door. There is a big range here.

    If in the field of security, get your CISSP --- else, work on a Masters.

    cheers,
    Steve

     

Share This Page