> cindelicato (Newcomer II) posted a new topic in Career on 09-23-2018 11:14 AM in

> I have reviewed a few Masters Degree programs from online universities, and have
> noted the frequent benefit listed is prepping for CISSP.

Since ISC2 has done such a good job of putting together a comprehensive CBK, a lot of courses and degree programs use it to structure their syllabus or curriculum.   Thus, taking a program that does cover the CBK means you should be prepared (aside from the experience requirement).

>    Does this mean
> holders of a CISSP have already accomplished what (at least) some Masters
> programs provide?

It's possibly going a bit too far to say that, but, partly.  It will (or should) broaden your horizons (as should a good university program).

---

@cindelicato wrote:

I have reviewed a few Masters Degree programs from online universities, and have noted the frequent benefit listed is prepping for CISSP. 

---

Charles,

No, a master's degree is not a specific requirement after attaining a CISSP. However, there may be other career development reasons to pursue such a degree.

First, if you read the program and course descriptions of the many master's degree programs in information security, information assurance, or cybersecurity, you will notice that many of them are designed to help folks with no security experience shift their careers into the infosec realm. If you have earned your CISSP, you are already there. 

As Grandpa @rslade pointed out, using the complete CBK domain set to design a grad program curriculum is a darn good way to cover all the bases. Consider that a five or six day cram course can prep you for the exam. Now think about how deep your learning will be in a program that devotes a full semester course to each domain. If a student had not been ready for the exam before the program, that student should be quite ready after completing all the courses.

Next, many experienced infosec workers who have had a CISSP for years do go back and complete one of those infosec master's degrees. I have a good friend and colleague who did so just a few years ago. The advantage of that sequence is that someone with deep knowledge in only a few of the domains will leave the degree in hand and aa much more complete understanding of the breadth of the infosec world. That person is much more ready to move into the security management positions (wanna be a CISO someday?) than the world's best hacker or pen tster or OS hardener. 

Oh, and all of those course hours count as CPE hours! You should have seen how many CPE units I claimed during my three years of infosec grad school.

Good luck on planning the right development progra for yourself in our field.

They both have separate objectives.

CISSP shows knowledge of a wide range of information related to Cyber Security.

A Masters degree is supposed to help you understand more than cyber security.

To me the CISSP helped me understand how to explain my craft, the Master's helped me explain it in business terms the C-suite would understand.

If you have any desires to get into the C-Suite (CISO, CIO, etc.) I would advise taking a Master's course.