Before I begin, I would like you to take note of the date in which this was published. If you are reading this in the future, there is a good chance some of this may change. I am attempting to make this post as evergreen as possible, just as precaution, your mileage may vary.

So, for the past six months or so, I have been plugging away at the Western Governors University Master of Science, Cybersecurity and Information Assurance program during all my free time. I averaged about 15-17 hours a week, excluding the capstone weeks (30 hours on those two) and completed 2-3 classes a month. I came into the program with EC-Council’s Certified Ethical Hacker (CEH) cert, so that saved me some time. In going forward, this post will outline why I chose this program, does a graduate degree really matter, how the program is structured and conclude with some tips for anyone considering this degree.

Why I Chose WGU?

WGU offers a unique term limit in that you can complete as much work as you want in a six week term for one flat fee. Furthermore, the school is a non-profit and regionally accredited so it has authority. Additionally, the program was well review by industry people and reddit. Those were my big requirements for a graduate program and it seemed like WGU was my best option for getting this out of the way.

Does a Graduate Degree Matter?

I will be the first to admit that anything with “Cybersecurity” in it makes me dry-heave a little. My usual stance on the subject is that the more someone says “cyber”, the less that actually know about information security. Of course there is exceptions, but this has been my experience. Furthermore, I have know some with Cybersecurity degrees who could come up a risk matrix or service level agreement in no time but would be stumped for hours when it came to doing hands-on technical analysis. With that being said, I generally feel like you only need a graduate degree if you are looking to move up in your career and it is a barrier, your undergrad is in a different field or it is little to no-cost to you (except time).

For me, my undergrad is in economics and I felt this was a good resume builder for the future to add to my certifications and experience. Additionally, the US Air Force has a great tuition assistance program and I paid very little out of pocket. If I had a computer science undergrad or something similar and had to pay out of pocket, I probably would not have went this route.

Program Breakdown: PA vs OA

WGU structures their course as either a performance assessment or as an objective assessment. Performance assessments are a test and objective assessments are APA format papers. There are four PAs and six OAs leading to the required 30 credit hours. All the test are proctored through a provided webcam and the papers were graded in 12-48 hrs usually. The pre-assessments were enough for the WGU test, CEH isn’t that difficult if you use a study guide and the CHFI resources WGU provides COULD be enough, but I would get a better study guide (and did), especially if you don’t have a strong forensic background.

Course Tips

I can not stress this enough, WRITE TO THE RUBRIC. Structure your papers to match the rubic you will be graded on. If 1a on the rubric is “Explain the History of Computers” then on your document do a 1a with the sub-title “The History of Computers”, then type your response. Doing this will help your evaluation go faster and clear up confusion if it requires revision.

Use the supplied Google Drive and make a folder for each class and put your course work in there. It keeps you organized and you can work from anywhere with it. Also, always be working, if one paper is being graded, move ahead. Use the supplied templates and keep a good pace going. Don’t stalk taskstream to see when your paper is being graded, move on to the next assignment.

The other tip I can suggest is to use gliffy . Sign up with your student e-mail and message support for the pro version for free, since your a student. This is a millions time better than MS Visio and since it is in your browser, you can do your network maps or flowcharts anywhere.

Overall I would recommend this course to anyone as long as they know what they are getting themselves into. It is not the most technical course out there and you will spend very little time in a command line interface or text editor. I feel like the program is aimed at people in management roles, not analyst/operators. As a result, if you have a CISSP or have been in the field for a couple of years, a lot of the material will be a review.

If you have any questions, let me know.

Josh Stepp