Problem solve Get help with specific problems with your technologies, process and projects.

The value of a degree versus certification

I am the designated security person in my company. I'd like to become more educated in this area so that my knowledge/experience...

is not just vendor specific. I am now at the point of deciding whether to pursue a degree, get general certifications (e.g SANS Institute) or do both.

I've seen a lot of organizations advertising general certifications, but I haven't seen any colleges or universities advertising degree programs. What colleges and universities offer degree programs in information security?

In today's market, besides experience, is a degree still a better credential than a certification?

Thanks for your questions, in which you raise some very interesting issues.

The whole trade-off between degree and certification is tricky, because many academic programs tend to take a theoretical or less-than-current approach to such things. That said, many graduate institutions -- if not most, by now -- will let Master's degree candidates specialize in information security.

So, I assume you're looking for undergraduate programs that offer infosec specializations. The best undergraduate computer programs -- Carnegie-Mellon, Stanford, Purdue, MIT, University of Washington and so forth -- are starting to permit undergraduates to concentrate in this area, but as with most undergraduate programs, the amount of specialization pales beside the basic number of courses and hours required to meet computer science degree requirements.

Even if you don't have plans to pursue a graduate degree, a Master's or PhD program will let you specialize much more meangingfully in infosec topics.

That said, if your ultimate goal is to work in industry rather than in academia (in which case a PhD is an absolute must) or in R&D (in which case a Master's or PhD is likewise a good idea), you can probably get by with a collection of certifications. The SANS program is a darn good one, as is the ISC-squared's CISSP. Check out my security certification landscape/survey tips for more pointers:

  • vendor-neutral security certs
  • vendor-specific security certs

    Depending on your goals and objectives, you can probably get certified more quickly than you could get a degree. But certifications must typically be maintained or renewed, and a degree lasts a lifetime. Ultimately, you should be able to figure out which path works best given the amount of time, energy and money you have to spend on its pursuit.

    Good luck!

    For more information on this topic, visit these other SearchSecurity.com resources:
    Ask the Expert: Best graduate schools for network security
    Best Web Links: Infosec Training, Careers and Events

  • This was last published in September 2002

    Dig Deeper on Information security certifications, training and jobs

    Have a question for an expert?

    Please add a title for your question

    Get answers from a TechTarget expert on whatever's puzzling you.

    You will be able to add details on the next page.

    Start the conversation

    Send me notifications when other members comment.

    Please create a username to comment.