Good Day Ladies and Gentlemen:
Wanted to pull from colleagues here and get your inputs.
About a year ago, I finished my Masters in Cyber Systems Engineering and the university I was graduating from didn't have a Doctorate program that could fit my work restrictions.
Today, I am a Program ISSM and decided to go for a doctorate in making myself more appealing to Cyber Executive Leadership within six years.
First program is Cyber Leadership PhD just as it sounds there is little to no technical area of study
Second program is Doctorate in Cybersecurity where it is 1/3 Technical-Equipment, 1/3 Technical-Admin, and 1/3 Leadership.
My gut says it should be the first program, but any insight would be greatly appreciated.
John F. PMP CISSP
Verifiable experience, an ability to talk to people with no signs that you are trying to BS them, and a calm, warm approachable personality will get you much further than any more paper credentials. Having one or two pieces of paper probably will help you get the first interview, but you still need to make a positive impression on each and every interviewer.
"Today, I am a Program ISSM and decided to go for a doctorate in making myself more appealing to Cyber Executive Leadership within six years.
"First program is Cyber Leadership PhD just as it sounds there is little to no technical area of study
"Second program is Doctorate in Cybersecurity where it is 1/3 Technical-Equipment, 1/3 Technical-Admin, and 1/3 Leadership.
"My gut says it should be the first program, but any insight would be greatly appreciated."
You have asked a valuable question for many in our field. There are several aspects to consider. First, as background on this discussion, I recommend you read the summer 2020 community thread here, Seeking PhD education advice
which includes some of my observations, and my more generalized blog comment on the topic, Mid-Career Doctorate?
Please understand my comments are based on experience in the USA. If you are in a different country, the business culture as it intersects with university credentials may be different from here.
Next, pay attention to William's @denbesten advice. Any particular credential, whether degree or certification or other, may help you get an interview, but your combined experience, skills, past performance, and indication of future performance will determine if you are hired or promoted.
Now, for some added thoughts.
1. A research doctorate, whether PhD or DSc, is all about learning to design and complete a research project. If your aspirations are not to perform active research, such as a university or corporate research center, then either degree does not really prepare you for the roles you are seeking. Rather, it does how that you are willing to study a subject very deeply and to commit to completing a long term goal, admirable traits in and of themselves. If you want to develop more deeply key skills and abilities, master's degrees and professional certifications are more appropriate professional development resources.
2. If you plan to pursue your doctorate as a part-time student while working full time in your career, you experience will not be the same, and not include the peripheral but important aspects of a full time university research team, to include actual team leadership, integrating multiple research projects (e.g. master's theses and doctoral dissertations) in a full research program, and the steps in designing and procuring funding for a research program.
3. The culture of the institutions you hope to work in makes a difference. If you wish to work in a research university or major government or commercial research center, then a research doctorate will be essential to advancement within the organization. However, if you aspire to senior positions in industry or government, outside of hands-on research, a PhD or equivalent will have either no affect on your advancement (neutral impact) or may actually be detrimental; you might have to overcome an anti-intellectual bias against "eggheads who can't relate to the real world of profit and loss." Consider, do a notable proportion of senior executives in the arenas you hope to work have doctorates? Repeating William's comment, you will be judged by past performance and promise of future accomplishments toward the goals of the organization; in the commercial world those goals will be how you can increase profit, reduce loss, and contribute to increasing the value of the company's stock.
A lot for you to consider here. I will tell you I loved getting my late career doctorate as a personal achievement, and enjoyed most of the process. And, while I did get a company bonus for completing the degree, i got no pay raise, promotion, or new positions because of it. Also, I was with a company that does a lot of research and does hold advanced academic degrees as having value, so I did not face any anti-intellectual bias there.
As CISSP folks, I think we all know what certification do. It mostly give you "ticket' to interview.
I graduate from a degree in computer engineering 20 year ago.
I have my MBA and Master in Finance 10+ year ago.
I have many security certifications in the recent 5 years. I am a CISO today.
Does my master and certifications give me my current job? I would say no, it gave me the ticket to the interview and I believe my work experience, attitudes give me the current job. ( I did not ask my boss directly why you hire me or what is the key reasons/quality make you hire me).
In the meantime, today I am going back to my Master for Cybersecurity for my own good reasons.
If you looking for Career Advancement ( say in "normal" commercial company or government organisation), I don't think Phd or Dsc will help much except getting you more chance for interviews (maybe)
At the end, your potential employer will look at your achievement, leadership, working experience and what you have done (not in academic field) and how well you convince/match your employer/interviewer during the interview ( or by luck can BS and get your through.. I don't know).
if you want to going into more researcher field, then yes, definitely it help.
I remain associated with the school, and have seen some innovative updates in the doctoral programs in the past few years.
Feel free to contact me directly if you would like to discuss the school's programs.
Also,, note that this thread caused me to add an improved version of my thoughts here to my blog as
If you want to work in Higher Education (colleges and universities) then it will be beneficial. If you want to be a CISO I would say it is not beneficial. You need to gain experience in working with departments and gaining experience in the real world. If you are splitting your time between work and school you will not be able to focus on your work products and developing the teamwork you need to develop. You will find it more beneficial in being a security professional who can prove they can both secure workplaces AND work with others to get things done. If you become a security road stop, then your career will suffer as well.
Learn to become successful as a security professional rather than looking to add letters after your name.
Good Day Dr. Shelton @CraginS ,
Thank you for your reply and insights.
I have already let CapTechU know that I withdrew my interest in the two programs.
Your previous post was spot on. My interest in the Doctorate and Ph.D. programs is rather vain if I eliminate the potential of career advancement. Similarly, it would rather be for personal accomplishment, which would be nice but with very little return on investment:
1. The feedback I got from ISC2 forums and my bosses are aligned. What will determine my candidacy is how well I continue to work with the executives and leading my teams. Pretty much I would publish and perish the first year I graduate since my background has been in Engineering Development and Post Development phases, rather than the Concept Development phase comprising mostly of research and academia.
2. I wouldn't get the full experience as a researcher and the ability to relate with those on the academic path.
Thank you for post. It was truly insightful and allowed me to create a game plan for the future. I would need to lean heavily on the Technical Directors for support. Even though I would love to conduct research, it would just be as important for me to establish and create funds/grants for those who are 100% dedicated in cybersecurity research.
John F., PMP CISSP