Master of science cybersecurity and information assurance

Last week I finished up my final task for the Masters of Science in Cybersecurity and Information Assurance program. On Monday my student mentor began the graduation talks with me and after 3 terms, I can finally say, it's over!

That being said, I know a lot of people are asking questions about this program so here is my two cents & feedback.

To WGU staffers, if you happen to feel this is too negative, I am sorry. I only ask that you use my feedback in the event you remove this post. I am posting this not as a gripe or complaint, but as helpful feedback. I promise not to include any names. This post isn't going to help me as I likely won't be a student at WGU again.

I have been working IT since 2000 and specifically with penetration testing on the architecture exploitation side of the house for 10 years. I've worked in every domain of CISSP since at least 2005 or earlier. I completed a bachelors in 2005 (EE from Maryland). I hold about 12 current IT certifications and have let probably every bit of 20 expire since I don't need them (Security+, Net+, CCNA, CCNA Wireless, CCNA Security, JavaRE, GSEC, MSE, LPIC-1, LPIC-2, etc.)

I enjoyed my time with WGU and I am happy I completed this program. This was the only masters program for me due to my very heavy work and travel schedule making a normal college impossible. I am on the road for over 200 days a year and many nights are in hotels with very poor wifi or no internet connectivity at all. I could not attend a college that required multiple nights of mandatory webinars or sessions. I also do not have the time to hang out on student forums, write X-number of posts on topics each week, respond to X-number of other students posts, and respond to the professors comments on your posts. I absolutely refuse to take part in a group project through an online based college where the entire group shares the final grade regardless of input or effort on the said project. UMUC, I'm looking at you!!! I worked on a project with 5 people and 4 of them stopped helping after week 1. The professor more or less forced me to do it by myself if I wanted a good grade.

How much time did I spend? Not once did I ever spend more than 10 hours a week on WGU homework. I finished my entire capstone, prospectus, written project, and presentation w/ video in two weeks start to finish. This is a slight smack in my own face because this means I could have finished sooner had I spent more time each week. As previously stated, I have 18 years experience in IT and have held CISSP for nearly 10 years. The vast majority of this was a review for me. Your time and effort will likely vary.

Pros:

• CEH and CHFI are worthwhile certifications. I hold higher, more difficult certifications, and my employer still wants me to maintain CEH because that's what his clients know. I hold GXPN, GLEG, and GSLC and I am taking GSE later this year in Vegas. GSE is considered by many to be the most difficult IT certification. I'm personally nervous as hell and think I'll fail the hands-on part of it on my first try or two. If I tell a client we are working on vulnerability assessments for that I hold GXPN most times they wonder what it is. I have even had a fellow IT person ask "is that as good as CEH?" even though CEH is leaps and bounds easier. That goes to show you how well CEH is known outside.

• This program puts you well over halfway on the material covered under CISSP. I recommend you don't stop here but you keep going for CISSP, even if you must settle with the Associate level until you meet experience requirements.

• My student mentors: I had 3 of them due to no fault of my own, that I know of! I was told one retired and one quit though neither of them said anything about it. My third SM did OK and he left me alone most weeks unless I asked for help.

Cons:

• Feedback on tasks, even passing items, was very poor. My student mentor could not understand the feedback sometimes because they would copy and paste "does not meet requirements" over and over. During one course, the course mentor reviewed my work, said it was great, and it still got returned. I set up a meeting with the course mentor, he talked things over with me and confirmed he could clearly see the rubric requirements they said did not meet requirements. He manually marked my task as completed within minutes of me resubmitting it. This has me wondering how many students this has impacted. How many students are spending hours, with no feedback, no help, but have actually passed the task?

• Some of the course mentors in the Course Chatter are blatantly rude. If WGU is going to use this course chatter system, WGU staff should be responding in a helpful manner (and timely) not saying "you didn't read your directions did you?" as a response.

• A few courses used very old material. I'm talking 20+ years old material. I recalled one of the task scenarios when I was in high school back in the late 90's. I pointed it out to the course mentor and she said she was unable to update the course materials due to internal issues. WGU should be updating their course materials periodically to ensure they are somewhat current (less than 10 years old would be a start). We should not ever have to explain why a bank running Windows 98 SP1 is a problem.

• Some course tasks were unable to be completed if you used the most current references (NIST, ISO, etc.) I don't remember which exact course or reference as it has been a year or so. I think it might have been TFT2 or VLT2. The task required you to have a reference that was removed when the ISO or NIST reference was updated. The version of the task required you to use was over 10 years outdated (meaning it was updated over 10 years ago). I struggled on this task because we own the most up to date references through our license at work so I used them. It wasn't until I struggled with it for two weeks and got the task returned 3 times with a "does not meet requirements" canned response, that I reached out to the course mentor. She responded, "go to this page, this reference number" and when I told her it was not there that was when we figured out you had to use the ~2002 reference for an ISO/NIST.

Recommendations for future or current students:

• They aren't overly strict with APA or MLA styles. You can probably tell by my writing style here that I am far from perfect. Make it easy to understand with a clean layout. My references were not correct to APA standards most times but not once did they get returned. The only citations I used were (name, date) at the end of the line and made an input on the references page for it. Every reference all the way through the program was a web-based reference too.

• Write your tasks to the rubric and only to the rubric. Do not include anything else or it might confuse the graders. Make clear and easy to see navigation tabs in MS Word which point to Rubric requirements. If it happens to be a heading, mark that heading as, for example: "Justification (A2)" where A2 was the rubric item number. I found if you don't leave the graders looking for your topic and you quite literally spell it out, you'll do well. In my normal college classes, this would have got my papers marked down because they did not transition well.

• I highly recommend you use Grammarly and if you have the funds, pay for Grammarly Premium. All risk management tasks and both Capstone tasks made it through on the first try using Grammarly.

Is a Masters in cyber security worth it?

What can I do with a masters in cyber security?

Which master degree is best for cyber security?

Is Cyber security Masters hard?