CyberSecurity Master’s – Worth the Effort?

The global cost of cybercrime is predicted to top $6 trillion annually by 2021 – a figure that would have sky-rocketed from $3 trillion in 2015.

Skilled cybersecurity specialists have never been in more demand, with the jobs market for information-security analysts set to grow by 36.5% by 2022. Yet despite this, supply is low. Just 3% of American Bachelor Grads have cybersecurity skills, and currently 209,000 cybersecurity jobs in the US remain unfilled (up 74% over the last five years).

This skills shortage extends from the bottom rung of the career ladder right to the top – where specialist expertise is needed to counter the threat of cybercriminals who are becoming ever more sophisticated.


The pros…

  1. You could earn more (much more, in some instances)

First, let’s touch on the matter of money. A master’s degree in any computer sciences field can boost your average earnings by 21%. Putting some figures to this, the average pay for a Bachelor’s graduate stands at $61,000, which compares to the Master’s average pay of $74,000. 

But we’re talking about cybersecurity here. And professionals in this field earn a median of $92,000. And with a cybersecurity master’s in hand, you can expect to kick off your career at $80,400 straight off the bat. 

A word to the savvy…

Whether you opt for a master’s or not, your earnings will also be largely determined by the field and industry you enter. Here’s the rundown from the Bureau of Labor Statistics:

  • Finance and insurance: $94,050
  • Computer systems design: $93,400
  • Information: $92,900
  • Administrative and support: $92,800
  • Management of enterprises and companies: $87,500
  1. This is the USA – home to a wealth of world-leading educational institutions

Being US-based, you have access to some of the most reputable educational institutions in the world. You also have the option of taking your master’s online – which can fit around your life and your existing career.

  1. You’ll be able to deep dive into topics such as CISO/management…

Like security frameworks, risk reduction, disaster recovery planning, or compliance. 

However, a master’s won’t provide extensive hands-on technical experience. If this is what you’re looking for, gaining certifications may be a better route. 

  1. There are four core curriculums out there – choose wisely to target your dream job

Heavy CS teachings (OS design, for example) can be incredibly helpful if your target career is set within a security center focusing on low-level exploitation, reverse engineering, etc. 

The four main curricula are: 4 primary Curricula Guidances (NSCS from the UK, IISP from the UK, NICE from the US NIST, and the ACM released Guidance on 12/31/17).

  1. A master’s may just mean that you clinch the deal 

Even if we take a negative view of a master’s and believe that the cons outweigh the pros, let’s think of the typical waiting room for your next interview. Who’s going to be in the better position – you with the master’s, or others who share the same experience, but have a bachelor’s? All in all, a master’s can be your edge.

Made your mind up? 

Before we jump into a list of cybersecurity master’s degrees, let’s first get some balance by explaining the potential drawbacks of taking this route.

The cons…

  1. It’s possible that some interviewers couldn’t care less about your master’s

Sometimes it pays to listen to the opinions of those who interview candidates for cybersecurity roles. And some interviewers, it seems, place limited value on master’s degrees. Like this person, for example (read their comments in full over on Reddit)…

“A Master’s degree in security is 100% BS. UNLESS… you plan to go into a non-technical role of program management. Some of the best pen testers and engineers barely got out of HS… maybe a cert like OSCP or GPEN is worth your time in the short term depending on what you want to specialize in”.

And here is another hirer who agrees (also on Reddit)…

“As a security hiring manager I completely disregard master’s degrees – one in infosec means exactly as much to me as one in mathematics or history.

Some certifications to get the interview, coupled with the knowledge and experience to pass it is all that you need”.

  1. IT technology advances at an ever-quickening pace. 

Any master’s – no matter which and regardless as to the grade you’ve achieved – will become more or less null and void at one point or another. Nevertheless, it does demonstrate certain skills – such as commitment, project management, problem-solving, communication and teamwork, data analysis and independent thinking.

  1. Many believe that certifications could be a better choice

Some IT experts (even those who’ve completed a master’s) swear by the value of certifications over and above a master’s degree. Take a look around tech forums and the most commonly mentioned are CISSP (which is probably the most recommended), CEH, GIAC, GPEN, CISM, CSSLP, CGEIT, etc.

  1. In the tech industry, there are very few jobs that demand a master’s degree

Some examples that might include: Infomation Security Officers, certain teaching roles, CIO positions (but some may prefer an MBA) and select research jobs (but again, many of these ask for a doctorate instead).