Master's Degree decision - advice needed

Joined
Aug 10, 2001
Messages
2,312
a little background:

i am turning 30 this summer. i graduated from a small liberal arts college with a BA in philosophy and a BA in Sociology/Anthropology. i have been working in the IT field for the past 6 years with basically the last 2.5 years in the information security area. currently i am working on a certification and accreditation project for federal IT systems at a consulting firm, am technical editor for a book on C&A that will be published in the fall, and will hopefully be moving back into more technically challenging (and thus interesting) information security projects next year.

i have an MCSE on windows 2000, i have the GIAC GSEC and GCFW, and recently got my CISSP. i am happy with the direction my career has taken, and haven't faced any real roadblocks to success despite my lack of a degree in a field related to my work.

so i am looking into getting my master's degree. the programs that i have found as possible options are the following (all 3 places are listed as national centers of excellence by the NSA):
John's Hopkins University Master's Degree in Information Systems and Technology
at first this seemed like the best choice since JHU is a great name, and the degree is only 10 courses so i can finish fairly quick. however, i have talked to some people that say JHU is a big name only for medicine and such and no one in the info sec field holds this program in high regard. also, the program is the most expensive so even though it is short, it might take the longest to finish. also, it is an IT degree. i could take courses which focus on security, but it is still not a security degree.

another point is that if you look at the courses, there are like 6 classes all about TCP/IP in some way. some focus on this or that aspect of basic networking, but it seems like there is also a lot of overlap. also, the information security courses offered don't seem all that great. for one i would really like to see a course on forensics, but they have nothing that comes close to that. the overall program of classes doesn't seem all that interesting/a good fit to me.

only maybe 4 of these courses can be done online. if i stay where i live now though the campus is 15 minutes from my house. if i move (which i probably will in the fall) then i'm maybe 45 minutes away.

University of Maryland University College Master's Degree in Information Technology
again, this is an IT degree where i'd have a chance to take security courses. the core courses are like half that program and again don't seem to be what i really want. i mean MSIT 620 Computer Concepts- seriously?? come on. they do have some cool security courses like the incident response and forensics one. they also require you to take a BS "library research" course.

with this program, i ought to be able to take the whole thing online which means putting upw ith 0 commuting BS. this is a pretty big point since i'm about 45 minutes to an hour from the campus.

Capitol College Master's Degree in Information Assurance
this program seems perfect. i can do the whole thing online. the entire program fits exactly what i am doing now, plan to be doing for the forseeable future, and is very interesting to me. the price is midrange between the other 2. courses are offered enough that i could probably finish this one real quick if i killed myself and took a couple each semester. i like this a lot.

the big downside here is- WTF is capitol college??? i don't want to waste a bunch of money, time, and effort on a worthless degree.

i've also looked at the SANS master's programs, and although this seems like the best hands down it has one big caveat- they are not accredited yet.

so, here are my issues/questions.

1) i definitely see myself staying in the information security arena for a while. is there any advantage to having an information assurance/ network security degree versus a more general IT degree?

2) sort of the opposite of #1. if i get back into a job like my previous one where i was a network administrator/IT manager- is there any advantage to having a more general IT degree versus a network security degree?

3) do i really need a master's degree at all? i am under the impression that it will help me get named on proposals that we submit to the government. would it help me in any way when i submit my resume to future employers? i think for some federal government jobs i would not be conisdered at all without the masters. it would immediately bump me to a higher GS level if i had it, right?

4) the BIG question. what is in a name? does the degree from JHU hold any more sway than the degree from UMUC or capitol college? how much sway? all three of these places are NSA national centers of excellence- does that have any meaning to people making hiring decisions for information security jobs? within the info sec field, what colleges DO mean something?

any other thoughts?

thanks,
big boi
 
Probably would be good to go back to school even though you seem very qualified, the BS in Psych has no relevance to this field.
 
Aslander said:
Probably would be good to go back to school even though you seem very qualified, the BS in Psych has no relevance to this field.


In information sec psychology would be totally relevant. Thinking like someone who is likely to attack your systems as a step to secure them is IT 101.

To op:

As far as schools go I'd say things with three letters ending in IT would get my attention first (MIT, RIT, RPI,WPI) not for there programs reps, but for the weight there accronyms carry in almost any field.

As for Info sec masters programs, RIT, (http://www.cs.rit.edu/~hpb/Scia/) has a decent specialized one and I know they regularly place people with the CIA, heck George Tenent was a grad speaker one year.
 
perhaps i should clarify. i haven't taken my GREs nor would i like to if i can avoid it. if there's a program that would be loads better than anything else i would consider it though.

also, i should have specified. i live around DC. i am not planning on going to school full time since work experience basically trumps any piece of paper a college is going to give me at this point so relocating to attend a FT program like MIT, RIT, etc is not an option. something in the DC metro area or which i can do entirely online is what i'm looking for.

thanks so far.
 
hate to say it, but any decent grad school with a FT program is gonna need the gre's. If its piece meal say 1 or 2 courses a semester you can usually find progs that dont need gre's as they are aimed at professionals like yourself.

Fully online stuff is hard to judge, I did a few undergrad courses online and it was hit or miss. If it was stuff I had experience it was nice to avoid going to class, but if its new material I found it hard to do without some classroom element. But coming from you point with alot of experience online looks the way to go.

I'm just spoutin this stuff cause I recently went through looking at alot of dif grad programs too ;)
 
dx2 said:
I'm just spoutin this stuff cause I recently went through looking at alot of dif grad programs too ;)

did you think that the name of the school was important at all? i can understand where some people go directly from undergrad to graduate school and want to go to a school like RIT or something. they know that when they graduate there will be a lot of recruiters there looking for fresh talent. in my situation i obviously don't need that. but is that all i'd be giving up by going to a place like capitol college? or is the name still important?

does it even matter if i'm only able to do some sort of evening/"executive" program? IOW, if i'm not going to MIT do all other schools tie for a distant second making this agonizing decision somewhat moot?

btw, captiol college, although totally online is a far cry from University of Phoenix or the like where it is not a school, but a for profit business.
 
As for name of school my undergrad GPA made the names like MIT a pipe dream, 3.0 not being terrible but by no means ivy material :p

Looking at my organization the upper level IT positions, Cheif Info Officer, Head of Networking and Telecom, have as a qualification an MS in IT or the like that can be substituted for 10+ years of experience. In my current possition my undergrad counted for the 5 years experience portion of my job spec. My point being as long as you can put M.S. in IT on your resume and back it up with your skills the decision comes down to what is the best path for you to take to get there. I went with RPI because I could do a combo of online and classroom, and luckily they have a campus in hartford that is close to my home.
 
SAN's WILL be accedited soon. They have to be. The SANS classes I have taken are hands down the best courses I have ever had the pleasure of attending.

Of those 3, you know the name Johns Hopkins will automatically come with a little more clout when people ask where you got your "degree" from.

Good luck!
 
SANS won't be acccredited until sometime after they graduate their first class of students. that would obviously be my first choice since i know the name is well-recognized in the field, the programs look great, and the education is excellent. however, without accreditation i can't get reimbursed through a corporate tuition reimbursement program, and although they really should be accredited at some point it is still somewhat of a risk at this point.

so basically if i decide to wait for SANS to become accredited then i get started on this later, and graduate later.
 
The last time i looked at masters programs, Carnegie Mellon had some good program's. Some specifically geared for the Infosec and its quite reputable in the industry as a whole.
 
i work with someone who went to CM and they're a total lunchbox. anyway, again i don't think that's really even remotely an option. i'd have to quit my job and go full time, or at the very least, move to pittsburgh.

itsmikey, SANS is exactly as good as everyone says it is. or better.
 
as a note regarding the SANS institute: i have it from a reliable source that the first group of students will be graduating this year, and that the application process for accreditation with the middle states accrediting body is underway. i'm not sure how long that whole process takes, but the first batch of students must graduate before it can happen, and that will occur by the end of the year.
 
I was going to try and get plug in for my Master's school (www.ini.cmu.edu They have degree called MSISTM - information security, technology and management), but since you want to stay in the DC area, I cannot help much.
 
Out of that list I'd probably go with John Hopkins. I dont think any of those schools are particularly well-known for Information Systems programs, but at least Hopkins has the name working for it. I would personally stay away from SANS for at least a year even after they become accredited. I still know a lot of people in the infosec profession who don't know who SANS is or have heard the name but don't know much about them, and until they get their name out there as being a good school for masters programs (which I'm sure they are), they may have to contend with being relatively unknown in the academic world, or worse the initial impression that they're "just a 'technical school'." That may or may not happen, but it deserves consideration at least. I'd hate to spend all that money and not have my Masters get the recognition it deserves because someone is under the misconception that it was an easy program.
 
Eastern Carolina offers a Masters in Information Technology completely online. I'm planning to move on to that next after I finish my BS in Internetworking Technolgoy from Strayer. It's very reasonable since I'm in state, but costs a lot more for out of state. But, if you want to focus on security this would be a good match.

http://www.ecu.edu/cs-acad/options/programs/graduate.cfm
 
Back
Top