Narrowing down Masters programs down (IA and Cybersecurity)

Discussion in 'IT and Computer-Related Degrees' started by MichaelRea, Jul 4, 2013.

Loading...
  1. instant000

    instant000 Member

    The truth of the matter is that this thing of whatever people call "Cybersecurity" isn't as formalized as we would like to believe. For the most part, in the DoD, it is a matter of a "name change". What used to be called "information assurance" is now called "cybersecurity". It is simply a matter of labeling. It does not change the fact that there are a wide variety of jobs within this area, that range from offensive to defensive to paper-pusher.

    Also, just in conversation with a layman, the term "cybersecurity" is a lot more effective than the term "information assurance". The layman accepts that "cyber" means information technology. I told my dad that I worked in information assurance, and he had no idea what that meant. I asked him if he thought that I worked in the library? We both laughed, but it just points out how the term "information assurance" never became part of the national vocabulary. I then tried network security, and that didn't work out so well, either. I then told him computer security, and that at least made sense to him. Anyway, cybersecurity is just a name, but it is probably a little easier to communicate "what you do" using that term than "information assurance".

    See this page, for example: Cybersecurity (formerly Information Assurance) | Johns Hopkins University Engineering for Professionals

    Also, see this DoD document (with Cybercom logos): http://www.afcea.org/events/west/13/documents/Cyber101CussattNehmer_000.pdf

    ^ see page 19, where they announce it as a "name change"

    OK, with the "name" issue settled, let's move on to other issues.

    I actually went further into this rabbit hole than I probably should have, as I got myself tangled into the mess of what really makes a "Center of Excellence" but when I dug into it, I found that the parameters for what defines what are under development, and the people at NSA advised me to check out "cisse.info" for more information about the parameters that define the cybersecurity curriculum for the future.

    If you join the forums on the site, you can find some PDFs in there about what they consider to be core items, but one thing that is apparent is that the colleges don't necessarily want to make the curriculums to the standard that NSA would prefer. The issue that I saw was that the program parameters won't necessarily produce the strongest technical candidates. If you read enough into things there, you can see that there seems to be push back in areas such as how much programming skills, or how much mathematical skills are going to be required of the students.

    The way I see it, the best information security education would be a combination of an information security concentration after majoring in computer science or computer engineering, if one truly wanted to have the strong theoretical foundations to "understand" information security.

    Another resource one could check out, would be the NICE framework. One could get an idea of the NICE framework, and try to target positions, based on where one thinks he/she could fit in.

    Also, just because a school has a great curriculum, doesn't even mean that students would even be required to take the courses. A coworker attending Capella remarked that he was attending a Center of Excellence, while also admitting that he wasn't taking any of his technical courses because they were waived due to the CISSP. (I may have mentioned this on the site before.) The thing is, anyone who has studied for/taken the CISSP knows that it does not really cover anything technical. As such, I was wondering how a school could be a Center of Excellence, but not required to have its students actually take the courses. Then, I realized that the then-current criteria were due to a series of factors, but universities can still award credit how they see fit. Also, there's over 150 centers of excellence, so you could easily find one, if needed. I only saw it as mattering if one wanted to go into one of those government programs, which, for most information security pros, would constitute a pay cut to enter those programs which seem more geared towards the entry level.

    So, this is my recommendation:
    1. Figure out what you want out of a program
    2. Find programs that offer "most" of what you probably want
    3. Rely on yourself to fill in the remainder

    Most people get into information security after being experienced, then phase themselves in. Information security is very related to the business. If you know the business, it will aid your ability to understand some of the issues with securing it. Also, you will understand what information is important to the business, and what it desires to limit to need-to-know, for example. This is important background knowledge. Sure, it can be taught, but for an experienced military member, you have a home field advantage in generally knowing the business of the military that an outsider does not.

    For this reason, I advise working the military angle, and working the clearance angle, as far as employment. If applying through to one of those jobs that is fed by the Centers of Excellence is what you want to do, then work that angle, also.

    Information security is very broad. Hopefully the framework will help give you an idea of where you might want to head, but also realize that the "professionalization" effort is still underway, and things can change. So, my recommendation is to get a good base, and a couple focus areas that will have a work demand. If you get a good grounding, you can keep up with the changing technology by being at the forefront, rather than by playing catch up.

    Hope this helps.
     
  2. MichaelRea

    MichaelRea New Member

    instant000,

    Very nice post. Thanks a lot. It sure does change my perspective a bit, that's for sure. I know it would be smartest of me to leverage my clearance/military experience; it's just that I don't want to be stuck in the DMV area, and additionally stay government (or contractor) out here. I'd ideally like to go back to California and find something there.

    At this point, I think I'm still favoring Capitol College, DePaul, WGU, and Florida Institute of Technology.
     
  3. sohaibraja

    sohaibraja New Member

    So do you think information assurance and information security now a days called cyber security ? but different universities offer these degrees not same one :?
     
  4. MichaelRea

    MichaelRea New Member

    Not necessarily; people will still use the terms interchangeably. :p
     
  5. typfromdaco

    typfromdaco New Member

    I would have to say that if you are attempting to gain experience via a Masters program that would be sufficient in the civilian market, you will most likely be let down. Most graduate degrees online are geared towards the leadership aspect of IT because it is assumed people are only trying to achieve a Masters after having received their Bachelors degree, worked in the field for a number of years, and is wanting to move into a managerial position. If you are really wanting to make yourself marketable outside of the military, I would spend this time studying for the A+, S+, CCNA and possibly the CCNP if you have the time. But that is just my two cents, to each their own.
     
  6. MichaelRea

    MichaelRea New Member

    There's only a few online Masters' programs that I've found to fit the bill of what I want, and that's Capitol College, DePaul and the Florida Institute of Technology. Personally, I don't like how the majority of the programs out there are management-focused. I have no desire to go into management anytime soon (it also sounds incredibly boring), and would much rather be the do-er, (although I wouldn't mind being a part of/leading a pen-test/red team later on). Big management is such a turn off.
     
  7. ahardinjr

    ahardinjr New Member

    I have not read all of the posts to this thread, but hopefully I can provide some insight. I work in Cybersecurity for the Fed Govt and have an MBA with an IA Mgmt concentration. I'm also almost done with my MS in IT Network Mgmt at WGU.

    My recommendation would be to determine what area of Cybersecurity interests you and pick the program the fits with your career goals. Some such areas are penetration testing, digital forensics, network security administration, computer emergency response team, malware analysis, crypto, auditing, policy, project management, management, etc.

    Furthermore, while working on your degree, you really need to equally focus on industry certifications such as:
    - Sec+ (entry level Cyber cert)
    - CCNA & CCNA Security onto CCNP and CCIE (for network sec admin)
    - CISSP (mgmt level)
    - CEH (entry level pen testing)
    - CISA (auditing)
    - CHFI (forensics investigator)

    Since you are looking at distance-based programs with no real in-class labs, you'll really want to look at each program and see how well they integrate web-based labs, such as TestOut Lab Sim that WGU utilizes or live class webinars. That way you'll be able to get the hands on learning experience as well, which I think is paramount in Cyber if you want to be successful.

    To be truthfully honest, your certifications are probably equally if not more important than your degree itself in Cyber.

    If you haven't posted or browsed TechExams.net, I highly recommend you do so. It is a great forum for all things IT: TechExams.net IT Certification Forums
     
  8. sohaibraja

    sohaibraja New Member

    Yes you are right i have myself experience of this and truly saying online degree does not give you much worth in professional field of IT , and if you really want to gain some good knowledge of cyber security then you have to jump in Professional field. I have myself 5 years of experience in cyber security with patch management and vulnerability management.
     
  9. jhefner

    jhefner New Member

    I've spent the past 6 months following threads in this forum trying to get the same questions answered that most people here are asking. I've been looking at graduate programs trying to decide "Is this right for me" and it's been tough. I wanted to do a Masters in Computer Science, but lack the prereqs, so I looked elsewhere. I didn't want to do a MS in Information Assurance either because I feel I can get the same stuff simply from taking a CISSP course. I found a program that's somewhat affordable and can be completed in 12 months. It also seems to be pretty hands on. From what I've been told, it's essentially VPN lab based and not as much fluff as other degrees. The program is at National University Master of Science in Cyber Security and Information Assurance

    Has anyone had any experience with this University?
     
  10. TriplHex

    TriplHex New Member

    I've recently been admitted to Capitol College for MSIA. After looking at a ton of schools, I feel that it is a pretty well rounded program that is described by others as being more technical oriented, but still has a good bit of theory. I also like the fact that the classrooms will be live online so you can interact with the professor and rest of the class, and also recorded in case you have to miss one. I've read only good things about the school, so I'm excited and looking forward to starting in August.
     
  11. MichaelRea

    MichaelRea New Member

    I'd love to hear about your Capitol College experience as you go through the program. :)
     
  12. TEKMAN

    TEKMAN Semper Fi!

    After my last Doctorate residency at Nova Southeastern University. The program manager of Information Security informed that their Master program soon will develop matching with NSA CNSS expectation. Also, at the end of the program; graduate allow to sit for 1 week CISSP boot camp. I do not know whether the test is free, but the boot camp is completely free for MS in Information Security graduates. Also, next year my Doctor of Philosophy in Computer Information Systems w/ Information Security will be changed to Doctor of Philosophy in Information Security. The program is also host two residencies per semester in Washington D.C area (specifically: Alexandria, Virginia). Their new target audiences for Ph.D are Federal Government employees in the capital region in competing with
    George Mason University - Ph.D in Information Technology/Computer Science w/ Information Security
    * Capitol College - Doctor of Science in Information Assurance
    * University of Fairfax - Doctor of Information Assurance and Doctor of Science in Information Assurance
     
  13. MichaelRea

    MichaelRea New Member

    Well that's certainly interesting. How's your experience at Nova Southeastern?
     

Share This Page