Certification / Masters query

D'Agger

Hi All,

I'm after completing a post-grad diploma in CyberSecurity with the option now available to progress to masters level. The programme was initially called an MSC in Information Security before being changed after I'd completed one semester.

Given I work in InfoSec & not cyber, I'm wondering if there is much point progressing to the masters level, or is the post-grad diploma not sufficient re: future job prospects?

I have an idea for the project, though I believe it to be more InfoSec based than Cyber and so I'm thinking perhaps it would be better to go for an industry based cert such as the CISA, CISP etc. in the same timeframe.

I've asked some friends who have suggested that I'm almost there just see it through but I'm honestly fairly tired of the grind the past 18months has been, particularly given that I'm not in the cyber field, it's been technically heavy which has been fine given I have a systems background, but given I'm not employing these skills, nor do I envisage myself using them, should I be happy with the post-grad diploma, or is the masters really going to open many other doors for me in comparison.

Also, I realise I have to make this decision for myself - I'm just wondering if any of you fine folks have had experience with this kind of dilemma or have interviewed and thought that a post-grad diploma wasn't sufficient? I'd appreciate any insights you might have.

[Deleted User]

What do you mean you're not in Cyber? Cyber Security == Information Security.

D'Agger

denartha wrote: »

What do you mean you're not in Cyber? Cyber Security == Information Security.

My role is information security and governance based - cyber (based on the course I've been doing) relates to SOC style work such as python scripting, network forensics, device forensics, applied cryptography - whilst very handy to know, aren't related to information security, ISO implementation, governance frameworks, risk management etc.

They're not the same thing

Blowfish

D'Agger wrote: »

My role is information security and governance based - cyber (based on the course I've been doing) relates to SOC style work such as python scripting, network forensics, device forensics, applied cryptography - whilst very handy to know, aren't related to information security, ISO implementation, governance frameworks, risk management etc.

They're not the same thing

Funny, I would have said it was the other way around. InfoSec would include technical SOC stuff, 'Cyber' would be more Governance work. There's no hard and fast rule on either term though.

Honestly though, if it was me i'd stick with it. I've always found that the more technical background/exposure people in Governance have, the better they tend to be at judging risk. There's nothing worse than a Governance person with no technical background focusing entirely on the wrong thing because they simply don't know how to think like an attacker.

D'Agger

Blowfish wrote: »

Funny, I would have said it was the other way around. InfoSec would include technical SOC stuff, 'Cyber' would be more Governance work. There's no hard and fast rule on either term though.

Honestly though, if it was me i'd stick with it. I've always found that the more technical background/exposure people in Governance have, the better they tend to be at judging risk. There's nothing worse than a Governance person with no technical background focusing entirely on the wrong thing because they simply don't know how to think like an attacker.

Well they changed the name due to the more technical nature I believe - either way, semantics!

I understand your point, realistically the technical work is done with the postgrad, the masters is gained via a research project and I don't see the additional benefit other than the piece of paper. I'm sure a masters looks better on a CV, but from a learning perspective I think having a postgrad and an additional certificate might show increased learning....6 of one, half dozen the other I guess I'm just struggling to decide

[Deleted User]

D'Agger wrote: »

My role is information security and governance based - cyber (based on the course I've been doing) relates to SOC style work such as python scripting, network forensics, device forensics, applied cryptography - whilst very handy to know, aren't related to information security, ISO implementation, governance frameworks, risk management etc.

They're not the same thing

I work in Information Security. I do:

Pen Testing
Security auditting
Vulnerability assessments
Patch Management
Security Awareness Training
Prep for ISO certification
and dozens of other things.

Incidentally, the word Cyber comes from Cybernetics which was first used in the context of "the study of self-governance" by Plato in Alcibiades to signify the governance of people, and has absolutely nothing to do with computers.

D'Agger

denartha wrote: »

I work in Information Security. I do:

Pen Testing
Security auditting
Vulnerability assessments
Patch Management
Security Awareness Training
Prep for ISO certification
and dozens of other things.

Incidentally, the word Cyber comes from Cybernetics which was first used in the context of "the study of self-governance" by Plato in Alcibiades to signify the governance of people, and has absolutely nothing to do with computers.

That's interesting on the Cybernetics history. I would work in those fields also, I wouldn't be conducting the pen tests or the patching, but ensuring remediation & governing of remediation. I still believe if you said you worked in CyberSecurity that you're completing technical works such as conducting pen tests, red team exercises, SOC work etc. I do know the college changed the name to identify the course as being more technically based but it seems they don't fully understand the meaning of Cyber either perhaps.

Going back to the crux of the issue which I want to discuss - a masters trumps a post-grad diploma but I don't think the project I have is technical enough (which is a requirement), or broad enough to get the minimum 30,000 words or so on (30 credit project). I've learned some really good skills from the postgrad course - I'm not sure doing this project is going to advance my knowledge in the field all that much, it'll moreso be a paper chasing exercise to get the title and degree up on the wall & I'm not sure if that's the right call. On the other hand, it's 6 more months having done 18 already even though those 6 months could go towards a CISSP certification - would that and a postgrad be more desirable than a masters degree in your opinion?

[Deleted User]

D'Agger wrote: »

That's interesting on the Cybernetics history. I would work in those fields also, I wouldn't be conducting the pen tests or the patching, but ensuring remediation & governing of remediation. I still believe if you said you worked in CyberSecurity that you're completing technical works such as conducting pen tests, red team exercises, SOC work etc. I do know the college changed the name to identify the course as being more technically based but it seems they don't fully understand the meaning of Cyber either perhaps.

Going back to the crux of the issue which I want to discuss - a masters trumps a post-grad diploma but I don't think the project I have is technical enough (which is a requirement), or broad enough to get the minimum 30,000 words or so on (30 credit project). I've learned some really good skills from the postgrad course - I'm not sure doing this project is going to advance my knowledge in the field all that much, it'll moreso be a paper chasing exercise to get the title and degree up on the wall & I'm not sure if that's the right call. On the other hand, it's 6 more months having done 18 already even though those 6 months could go towards a CISSP certification - would that and a postgrad be more desirable than a masters degree in your opinion?

Yes, but then I'm biased in that I never went to college at all. I learnt by self study and IMO am better for it.

D'Agger

denartha wrote: »

Yes, but then I'm biased in that I never went to college at all. I learnt by self study and IMO am better for it.

Well this ties into the 'piece of paper won't ever beat experience' argument I've been having in my head - the postgrad should be enough, I'm getting encouraged to simply see out the full program instead of stopping and looking to learn more off my own bat

I do guarantee one thing - this will be my last ever stint with academia, there's more to be learned with youtube and a bit of interest I think

[Deleted User]

D'Agger wrote: »

Well this ties into the 'piece of paper won't ever beat experience' argument I've been having in my head - the postgrad should be enough, I'm getting encouraged to simply see out the full program instead of stopping and looking to learn more off my own bat

I do guarantee one thing - this will be my last ever stint with academia, there's more to be learned with youtube and a bit of interest I think

I got asked in an interview if I thought not going to college had been a hindrance to my career and I said, honestly, quite the opposite. I've worked with lots of people who had both Bsc and Msc's who, without sounding arrogant, weren't as knowledgeable or experienced as me.

My ex had a Masters in Engineering, and was 5 years older than me yet I invariably had more senior jobs than her because I had a drive that she seemed to lack.

D'Agger

denartha wrote: »

I got asked in an interview if I thought not going to college had been a hindrance to my career and I said, honestly, quite the opposite. I've worked with lots of people who had both Bsc and Msc's who, without sounding arrogant, weren't as knowledgeable or experienced as me.

My ex had a Masters in Engineering, and was 5 years older than me yet I invariably had more senior jobs than her because I had a drive that she seemed to lack.

Two of the best linux and network admins I've worked with didn't go to college or have industry certs so that's in my mind, I'll try put the project plan together this weekend and see if it looks strong enough to progress with 6 months of a slog, if not then I'll happily take the postgrad degree - the opportunity cost of potentially getting the masters, given I've done 66% of the work to get there is what's playing on my mind.

[Deleted User]

D'Agger wrote: »

Two of the best linux and network admins I've worked with didn't go to college or have industry certs so that's in my mind, I'll try put the project plan together this weekend and see if it looks strong enough to progress with 6 months of a slog, if not then I'll happily take the postgrad degree - the opportunity cost of potentially getting the masters, given I've done 66% of the work to get there is what's playing on my mind.

Id be happy to review your project for you, if you don't mind my uneducated opinion.

D'Agger

denartha wrote: »

Id be happy to review your project for you, if you don't mind my uneducated opinion.

Would very much appreciate that & thanks for offering - trying to finish it today