Let's cut to the chase on the two- versus four-year degree question and look at your answer to this question: "How much experience?" If you've got at least two more years of experience as compared to a person with a four-year degree that might be enough to put you on an equal footing -- provided, of course, you could convince the interviewer that your knowledge base and skills were otherwise the same.
For highly technical fields in computing -- and infosec certainly qualifies -- you'll find that employers do tend to put more emphasis on advanced degrees. Thus a bachelor's is worth more than an associate's, and a master's trumps either (while those with infosec doctorates can usually pick and choose among a number of positions). If you can afford the extra time and effort, the four-year degree will probably be more valuable on the job market.
Visit the NSA Web site under the heading "National Centers of Excellence in Information Assurance" to see a list of 50 college names whose infosec programs are recognized as the cream of the crop. Those are probably the best bets when looking for a good source for an infosec degree (and since they qualify for government money for scholarships and fellowships, you might even be able to partake of some of this largesse).
For more info on this topic, please visit these SearchSecurity.com resources:
This was first published in March 2004