Re: Masters in Information Security/Assurance

["Louis Lerman" <lblerman () gmail com>]

I just wanted to give my .02 cents. I have a different opinion,
although not necessarily right for everyone as Chuck said. I have an
undergrad degree in CS from one of the "public-ivies". Since
graduation, I spent about 8+ years doing InfoSec work from
Pentetration Testing to Vulnerability Assessments to Policy Work, etc.
I then made the decision to attend grad school and was initially going
to pursue my MS in Information Systems (I wanted a bit of business
mixed in as well). However, a good friend posed this question to me,
"How much more technical do you wish to become?" At first I didn't
really understand the question, but then I realized his point - would
a MS hold much value to me. In those 8+ years doing InfoSec work, I
had learned much about networking, programming, Operating Systems,
etc., than I did in undergrad. Now don't get me wrong, my undergrad
gave me a great foundation, but my work experience allowed me to grow
much more.

Taking this into account, I realized a MS would not really do me
(note: ME) much more. So, I made the decision to pursue my MBA. I
wound up getting into a top school (another "public ivy"), and now am
sort of a dual-edged sword. Not only can I still read through firewall
rules, operating system settings, run a nmap scan, etc., but I can
also read a financial statement, talk arbitrage, figure out cash
flows, etc.

In my opinion, it is as Chuck says below, it all depends on where you
are in life. Each one of us is different. I have been reading some of
the posts on this list for a while and there are some very technical
people. To keep it all in persepctive, I still work in InfoSec and
even have my SSCP and CISSP. As I advance in my career, I am becoming
a bit more "hands off" but still have remained technical enough (for
me at least). Now I have a more "enterprise picture" of things. I can
not only look over and give my input to the budget, but can also
negotiate rates for consulting services, etc.

So, I pose the same question to all of you thinking about returning to
school that my friend posed to me, "How much more technical do you
wish to become?" For some of you then answer is that you want that
Grad Cert/MS/PhD, as you wish to learn more technical aspects of our
field. But for some, you may realize that a MBA is more interesting
(which is what James hinted at). Something to keep in mind is that:
Cost != Great Degree (again, I went to a public school, one with a
great reputation and because I was a state resident it was pretty
inexpensive, even moreso than some of the local private schools that
were not highly regarded).

> My advice is that your school of choice will always be based on where
> you are in your life and not on whether degree A is worth more than
> degree B.  It is not true that a degree from Purdue or Iowa State is
> "always going to win out over "night-school" degrees".  I do have some
> advice for you though...  Before you throw blanket statements like this
> around, be aware of your audience and the diverse lives of the people
> looking for the degree.  I strongly encourage the "night-school" degrees
> and can tell you based upon my experience, a degree is only worth the
> weight of the person that earned it.