cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Iontomorrow
Viewer

Is a 4 year degreee still a requirement?

Hi everyone,

I have an Associates in CIS, several certifications and 10 years of experience as a sysadmin/engineer. Security has always been something I have been involved with but never a direct focus.

I am considering whether going back to complete a 4 year degree has any merit. It feels that unless I start working at a tech company, jobs like I am used to are drying up in favor of outsourcing, contracting, and IaaS, cloud, etc.

So I am considering the options of remaining technically hands-on and digging into security or going the IT management route.

How does anyone out there that may be a hiring manager feel about candidates with or without 4 year degrees? Do they still hold relevancy?
81 Replies
Ravenshroud
Newcomer III

I am going to let it go.  I think I am just a bitter old man. 🙂

Baechle
Advocate I


@Ravenshroud wrote:

I am going to let it go.  I think I am just a bitter old man. 🙂


You shouldn't! 

 

I hope you take this to heart.  Here's a new way of looking at it:

 

1.  You earn CPEs for academic contact hours.  You attend a college or university and you get CPE credits for your certifications at the same time as your earning your degree.  At half time (about 6 courses per year) you could be earning as much as 120 CPE credits toward certifications every year.

 

2.  The cost is the same as one or two conferences per year.  There are a handful of schools where the annual tuition is in the $3000 to $5000 range.

 

3.  It's like attending a non-stop professional conference all year.  You are attending school along with several others, all arguing and attempting to support your opinions about what is the best implementation for INFOSEC (or whatever you want your major to be in), what worked, what doesn't work anymore, what should work tomorrow, etc. with a professional mediator to step in when the trolling starts. 

 

4.  You get online library access that is worth almost 2x your tuition.  You get access to recent textbooks and updated exam study guides for CompTIA, (ISC)^2, etc. in an IT security program.  Your university library typically has unlimited access to Books 24x7 or Safari Books Online, or both (worth $500~1000 a year on its own, and you get to keep library access as an alumni when you graduate!!).

 

5.  You can test out of programs that are too easy or that you'd rather just pass up.  Most universities in addition to (a) taking your prior credits, and (b) giving you credit toward certain classes for work experience, also have (c) Challenge Exams or accept passing CLEP test scores.  Don't feel like sitting through a history class?... fine, take a Challenge Exam or sit for a CLEP test.  It's what I did.  I CLEP'ed History, Geography, and English, and a handful of others.

 

If you would like some help with this, feel free to contact me privately.  I'll go over the pros and cons of a couple of different schools and their formats and tuition with you.

 

Sincerely,

 

Eric B.

 

Ravenshroud
Newcomer III

There is no $5k degree.  There is no $5k for one year at any accredited university that I am aware of.

Baechle
Advocate I


@Ravenshroud wrote:

There is no $5k degree.  There is no $5k for one year at any accredited university that I am aware of.


That tuition rate was almost 15 years ago, my apologies.  The tuition is now a little over $6500 for one year (~$3190/6 months + admin fees), with a degree within one year in their Cybersecurity track totally achievable for someone with existing certifications and 20 years of experience.

 

And yes, it's an accredited, not-for-profit, hybrid distance/online program with a School of IT that has programs meeting NSA/CNSS 4012 and 4011 certification.

 

https://www.wgu.edu/financial-aid-tuition/tuition-it-degrees.html#close

Baechle
Advocate I


@Ravenshroud wrote:

There is no $5k degree.  There is no $5k for one year at any accredited university that I am aware of.



I forgot the second half of your message there.

 

University that I am currently attending is at the rate of a little over $1000 for 2x 3-credit courses.  With a half-time rate of 12 credits per year, that comes out to between $4,000 and $5,000 in tuition per year.  I got in last year during a period of reduced tuition so my program is locked at the lower rate unless I withdraw.  Unfortunately, that one recently upped their price so its now about $1000 per 3-credit course.  But you're still looking at a little more than $6 or $7k per year for that program.  But this is more traditional... you'll spend 4 years here.

 

And yes, it is also accredited.  And it has both graduate and undergraduate forensic investigation programs that were (until the DoD contract changed over about a year ago) actually parallel to the Defense Computer Crime Center training program and delivered by some of their former instructors.  Their business, accounting, and a hybrid criminal justice programs (degree in financial crime investigation) conform to several other standards bodies such as the AICPA and ACFE, as well as provide VM labs in EnCase and FTK, etc.

 

Sincerely,

 

Eric B.

 

fortean
Contributor III

Well, you can still obtain a degree when you are over 50. I did it and it was one of the most satisfying experiences in my life (so far).

 

Money is indeed an issue. In my case, my employer sponsored me, kudos to him. But if you don't have such luck and are a EU citizen, you can actually obtain your MSc information security FREE OF CHARGE, and on-line. You DO need a BSc, and alas, this year has 'sold out' already, but you can keep an eye out for next year.

 

If you did not obtain your BSc, but have sufficient experience in the field (e.g. you are a CISSP) and have sufficient linguistical skills (say, you did the CISSP exam in English), you can apply as a 'mature student' for the Masters InfoSec at Royal Holloway. Fair warning: if you enroll in the on-line (distant learning) variant, you may find out that I'm a tutor there, so I'm not really totally unbiased. The total costs for the MSc are now £ 16511,- Typically you need 2-5 years to complete the program if you also have a job and some kind of social life.

 

--
Heinrich W. Klöpping, MSc CISSP CCSP CIPP/E CTT+
billclancy
Contributor I

Looking into WGU, I discovered they only take Certs recently earned. My CISSP, Security+, Project+, CISA, CISM are all out of reach. Too bad so sad for me. At a ripened age of 60 I'll retire shortly anyway with my successful career and a 2 year technical degree. 🙂

Baechle
Advocate I


@billclancy wrote:

Looking into WGU, I discovered they only take Certs recently earned. My CISSP, Security+, Project+, CISA, CISM are all out of reach. Too bad so sad for me. At a ripened age of 60 I'll retire shortly anyway with my successful career and a 2 year technical degree. 🙂


Bill,

 

I recently 'coached' someone through the process who was in a similar boat.  If those certs were recent, then they would've counted as "transfer credit".  But they're not useless.  They indicate a level of knowledge that could exempt you from having to go through the whole formal evaluation process.

 

Instead, you would "Challenge" the course.  For example instead of taking the CISSP exam (again), you would take a WGU knowledge exam that is basically the course "final test."  If you pass, you get the credit for your CISSP.  I had to do the same thing for the A+ because I earned that in the late 90's, but they didn't require me to sit for the A+ over again.  Same for the CISSP, Sec+, and IT Project+.  My Net+ was more recent and that counted as transfer credit.  Same with the MCSE.  

 

What WGU would normally do if you didn't have the CISSP is mentor you through studying for the CISSP.  Then, before "authorizing" you to sit for the CISSP exam at WGU's expense you would have to pass their knowledge exam.  Likely all you've done is flip that on its head by your CISSP being too old to count as transfer credit without having to take WGU's exam.  I believe all you would do is take their knowledge exam probably online at home to get the credit.

 

Sincerely,

 

Eric B.

CISOScott
Community Champion


@Ravenshroud wrote:

What baseline does it give them?

 

1) You could afford a degree

2) You spent 4 years completing it.

 

That's it.  Just possessing the degree doesn't demonstrate anything other than your ability to pay and your ability to stay.  Everything else is the actual value.  


So the biggest thing that HR thinks that it gives you is an supposedly "unbiased", accredited 3rd party evaluation of your knowledge. You could have went to work for your relative and they gave you glowing performance evaluations, so they could be more biased than an accredited university that has no personal connection to you. HR sees it as you have the ability to stick with something and complete it. You kept up your academics. You stuck to a plan and finished it. Also most HR depts. will credit 1 year of school as equal to 1/4  of a year of work, so to them 4 years of college = 1 year of full-time work. Now I know it doesn't make much sense as you can say "After 4 years, I got 3 more years of actual on the job experience where the real learning happens!" and you would be right, but not in their world.

Also you had someone with a higher level of education than you rate your performance and award you a passing grade. Just like certification bodies. By passing the CISSP exam, ISC2 has conferred that you know at least a certain level of knowledge. So you have an "unbiased" 3rd party confirm that you gained some knowledge. 

Is it the best method? No, but it seems to be the one they like to use. Like I said in another post about wages, once someone else has "qualified" you or given you supposed "value", others are more likely to take the risk on you. If you are an unknown variable, most people will stick with the "proven" method.

 

Since you are a CISO you will have to have loads of experience and find a way to try to get past HR. You could call them and ask if there is anyway that years of experience could be substituted for a 4 year degree. There are ways around the system, you just have to try harder.

billclancy
Contributor I

At 60 years of age, I'm in the twilight of my career. I've accumulated a monster resume, many certifications, security clearance, and most importantly business contacts scattered about the world. I think I'm better off pursuing cutting edge certifications to see me out for the next 5 years, before I hang it up and stroll the beach. AWS, Govcloud2, Azure all would dovetail nicely with my recent CCSP, and keep me employed for a bit. Much like the movement from mainframe to client/server in the 90's, movement to the cloud will offer much opportunity for the next decade. Just have to catch the swell early and ride it in.