I am the designated security person in my company. I'd like to become more educated in this area so that my knowledge/experience is not just vendor specific. I am now at the point of deciding whether to pursue a degree, get general certifications (e.g SANS Institute) or do both.
I've seen a lot of organizations advertising general certifications, but I haven't seen any colleges or universities advertising degree programs. What colleges and universities offer degree programs in information security?
In today's market, besides experience, is a degree still a better credential than a certification?
Thanks for your questions, in which you raise some very interesting issues.
The whole trade-off between degree and certification is tricky, because many academic programs tend to take a theoretical or less-than-current approach to such things. That said, many graduate institutions -- if not most, by now -- will let Master's degree candidates specialize in information security.
So, I assume you're looking for undergraduate programs that offer infosec specializations. The best undergraduate computer programs -- Carnegie-Mellon, Stanford, Purdue, MIT, University of Washington and so forth -- are starting to permit undergraduates to concentrate in this area, but as with most undergraduate programs, the amount of specialization pales beside the basic number of courses and hours required to meet computer science degree requirements.
Even if you don't have plans to pursue a graduate degree, a Master's or PhD program will let you specialize much more meangingfully in infosec topics.
That said, if your ultimate goal is to work in industry rather than in
academia (in which case a PhD is an absolute must) or in R&D (in which case
a Master's or PhD is likewise a good idea), you can probably get by with a
collection of certifications. The SANS program is a darn good one, as is
the ISC-squared's CISSP. Check out my security certification
tips for more pointers:
Depending on your goals and objectives, you can probably get certified more quickly than you could get a degree. But certifications must typically be maintained or renewed, and a degree lasts a lifetime. Ultimately, you should be able to figure out which path works best given the amount of time, energy and money you have to spend on its pursuit.
For more information on this topic, visit these other SearchSecurity.com resources:
Ask the Expert: Best graduate schools for network security
Best Web Links: Infosec Training, Careers and Events
This was first published in September 2002