Ask the Expert

The value of a degree versus certification

I am the designated security person in my company. I'd like to become more educated in this area so that my knowledge/experience is not just vendor specific. I am now at the point of deciding whether to pursue a degree, get general certifications (e.g SANS Institute) or do both.

I've seen a lot of organizations advertising general certifications, but I haven't seen any colleges or universities advertising degree programs. What colleges and universities offer degree programs in information security?

In today's market, besides experience, is a degree still a better credential than a certification?


    Requires Free Membership to View

Thanks for your questions, in which you raise some very interesting issues.

The whole trade-off between degree and certification is tricky, because many academic programs tend to take a theoretical or less-than-current approach to such things. That said, many graduate institutions -- if not most, by now -- will let Master's degree candidates specialize in information security.

So, I assume you're looking for undergraduate programs that offer infosec specializations. The best undergraduate computer programs -- Carnegie-Mellon, Stanford, Purdue, MIT, University of Washington and so forth -- are starting to permit undergraduates to concentrate in this area, but as with most undergraduate programs, the amount of specialization pales beside the basic number of courses and hours required to meet computer science degree requirements.

Even if you don't have plans to pursue a graduate degree, a Master's or PhD program will let you specialize much more meangingfully in infosec topics.

That said, if your ultimate goal is to work in industry rather than in academia (in which case a PhD is an absolute must) or in R&D (in which case a Master's or PhD is likewise a good idea), you can probably get by with a collection of certifications. The SANS program is a darn good one, as is the ISC-squared's CISSP. Check out my security certification landscape/survey tips for more pointers:

  • vendor-neutral security certs
  • vendor-specific security certs

    Depending on your goals and objectives, you can probably get certified more quickly than you could get a degree. But certifications must typically be maintained or renewed, and a degree lasts a lifetime. Ultimately, you should be able to figure out which path works best given the amount of time, energy and money you have to spend on its pursuit.

    Good luck!


    For more information on this topic, visit these other SearchSecurity.com resources:
    Ask the Expert: Best graduate schools for network security
    Best Web Links: Infosec Training, Careers and Events


    This was first published in September 2002

  • There are Comments. Add yours.

     
    TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

    REGISTER or login:

    Forgot Password?
    By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
    Sort by: OldestNewest

    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to: