Review: The Updated WGU MSCSIA *2023*
A look into the refreshed cybersecurity master's degree at WGU
After completing the recently updated Master’s in Cybersecurity and Information Assurance (MSCSIA) from Western Governors University, I wanted to share an overview of the program and give my thoughts on it. Like many other people, I had thoughts on pursuing a master’s degree in cybersecurity, but I wasn’t 100% sure of the ROI or the best options out there. So, if that sounds like you, I want to share information that will hopefully help you make a more informed decision about what is best, from the perspective of someone that was in the same boat. I’ll be providing information on the new master’s level cybersecurity curriculum at WGU, comparing the new program to the old one, explaining my journey through the courses, and explaining who this program is designed for and who it is not for. I will not be covering course specific information or giving away answers, sorry I am not quizlet or chatgpt.
Before I start, I do want to provide a few disclosures regarding my specific situation.
I was not going into the degree with a goal of shifting careers into cybersecurity. I would consider myself very knowledgeable on cyber topics and was not taking the program to learn “cybersecurity.” I fully expected to know most of the information already.
Prior to beginning the program, I already held a BS in Cybersecurity, had worked for 3 years in the industry, and had quite a few certifications, including CISSP Associate, CySA+, Pentest+, Sec+, and more.
I joined in the middle of the switch from the old program to the new one, so it was a little unique for me to figure out what I would pass out of. I officially joined the old program, then was switched to the new one after one month.
Due to the certifications and timing, I was able to pass out of four courses in the program. I took one old course and 5 of the 10 new/updated courses. The courses with a certification requirement were the ones I did not take.
The Updated Program vs the Previous Program
New Program
The new program consists of 10 courses. WGU courses have two possible evaluation methods. Either a performance assessment or an objective assessment. An objective assessment is an exam, and the Performance assessment is a paper/assignment. I’m not sure exactly the numbers, but new program consists of at least five courses that were Performance Assessments (PA), and one or two that are only an Objective Assessment (OA), and a few with both assessments. This program was not created to focus on a certain cybersecurity discipline, but rather it provides a good overall of multiple disciplines. Each course focuses on a unique domain of cybersecurity. Here is the full list of courses.
One thing to know about WGU is that along with the degree, you also often will collect industry certifications along the way. In the new MSCSIA, you can obtain up to 6 certifications. Four are required for graduation, and two are optional. It is worth noting that these aren’t some worthless items either, the certifications are some of the more respected vendor-neutral options on the market. MSCSIA students have the opportunity to get the following certifications.
The CC, CySA+, and PenTest+ are required to pass D481, D483, and D484 in that order.
Old Program
The old program consisted of 9 courses. Four courses were comprised of only Objective Assessments (OA), three were Performance Assessments (PA), and two had both assessments. Here was the full list of courses. (I will have a side-by-side comparison below, no need to scroll back and forth to find the differences).
The old program also came with two certifications from EC-Council. They were the Certified Ethical Hacker (CEH) and the Computer Hacking Forensic Investigator (CHFI) certifications.
CEH was used in C701 and CHFI was for C702.
Differences
Now let’s get into the differences between the programs. Here is a comparison of the courses in each program.
No courses were really “dropped” from the old program, but all were either updated, renamed, or combined into a single course, in the case of the cybersecurity management offerings. The new program did add two courses, cloud security and governance, risk management, and compliance (GRC). It also greatly updated the penetration testing, security operations, and security foundations courses. The other courses saw updates, but they were not major, either just a change in project topic, an OA switching to a PA (or vice-versa), or some changes in the content that the course covered. The new program has more PAs, one more course to take, and offers up to four more certifications.
Really the most important change between the two programs is the certifications offered. EC-Council has been put into cybersecurity prison. Due to the nature of their exams and some EC-Council business practices, their certifications are not regarded highly. Most EC-Council certs do not provide proper evaluation of real-life skills and some people will even consider it a red flag to possess their certs, and thereby support EC-Council. On the other hand, CompTIA and ISACA are some of the better certification providers on the market. And the CISM, CASP+, and Sec+ can provide a lot of value to job searchers or those looking to move into different roles. Any certification can only do so much for you, but it definitely won’t hurt to have these ones on your resume. As well, the CISM normally costs about $750, and the combined CompTIA value is over $1,000, so that’s basically a $1,750 value.
Other WGU Benefits
Here are a few other benefits you get as a WGU student.
Access to Office 365 during your time as a student
Access to Linked Learning for life (I think)
Access to your WGU email for life
Access to Pluralsight
Other services, resources, and coaching options
Here are two links of good lists for all of the best student resources available:
My Journey
Now that you have the details of the curriculum, the format, and additional perks of WGU, let me give my thoughts on the program, and why I chose to do it.
As I said previously, since I joined WGU just one month before it was an option to switch to the new program, I began in the old curriculum, then switched to the new one. Prior to joining, I transferred out of three old classes, which covered some new classes as well. I also took one of the “old” courses, but the new version hasn’t really changed much, besides some content updates. The course from the old program was Secure Software Design. From the new program, I took the Secure Network Design, Cloud Security, GRC, Cybersecurity Architecture and Engineering, and Capstone courses.
What I had coming into the program
CISSP Associate, CC
PenTest+, CySA+, Sec+
3 years of cyber experience
Having that experience coming into this program definitely gave me a leg up. Much of the information I already knew or just had to do a refresher on.
My Why
So why even get a degree with your experience, and why do it now?
I decided to get a master’s degree mainly for personal achievement purposes. It wouldn’t immediately provide me with new job opportunities or a pay raise, and I don’t expect that to be the case within the cybersecurity profession (look for a blog of cybersecurity college education in the future). Experience really is everything in this career field. However, I do enjoy learning, had some free time, and have considered pursuing being an adjunct professor in the future, so I decided it’d be best to just go ahead and get the masters. No time like the present.
I chose the WGU program for 3 main reasons.
I could complete it at my own pace, which I knew would be quick as I had a goal of one semester.
It was cheap. I would not go into debt, and I could utilize employer education funding to cover the entire $4,500.
It is a respected program, offered a certification I didn’t have, and has a strong alumni base.
Due to my unique timing and “transfer credits” I did not take the full 10 courses. Here is what I did complete and receive:
6 Courses – Secure Software Design, Secure Network Design, Cloud Security, GRC, Cybersecurity Architecture and Engineering, Capstone.
Received the CASP+ voucher
Program Review
Overall, the degree teaches general cybersecurity topics at a medium level of depth. Topics covered include general information security principles, risk management, network design and management, penetration testing, hacking countermeasures and techniques (blue team), software security, web and cloud security, secure system analysis and design, and cybersecurity management. The degree is designed to teach newer cybersecurity professionals multiple cyber disciplines, it is not designed to teach current cyber professionals detailed or advanced concepts. It is a degree that is absolutely focused on working individuals, and accommodates all sorts of lifestyles pretty well. I wish the program covered some things such as programming, networking/web foundations, but not everything can be covered. It does contain a good range of relevant topics most cyber professionals will utilize. I took five months to complete the six courses I needed for the degree. I could have finished it in like three months, but I took some time off to compete in the US Cyber Games Season III Combine - https://www.uscybergames.com/. I believe for all 10 courses, it is very achievable to complete it in two semesters.
Short Course Specific Thoughts
Secure Network Design – A fairly decent class, however it won’t be too helpful to know how to secure a network if you skip over networking fundamentals. Depending on your experience, it would be very helpful to watch some YouTube videos and learn about networking prior to taking this course.
Secure SW Design – Not very applicable unless you’re in software engineering. Covers the secure SDLC and OWASP Top 10, which is definitely helpful information.
Cloud Security – Very applicable to jobs. Focused on Azure and had hands-on learning within an Azure environment. I experienced some issues with the labs, but offered feedback, and as this was the first month of the new program being used, this was to be expected.
GRC – Again, this course was very applicable to job responsibilities. It covered some very common frameworks and what people working in GRC may see on a daily basis.
Cyber Architecture and Engineering – This OA course was a quick completion for me due to work experience and certifications, I’d rate it as fairly standard cyber design/engineering content level.
Capstone – I wish this course could be used to contribute something new to the industry. Instead, it is basically a write up of securing a company through a technical implementation.
I wish I had been able to take Security Operations and Security Foundations courses, since these could be very valuable for someone looking to start a career in cybersecurity, if done well. However, by having the CC and CySA+, I do have a pretty good idea what the courses cover from a content perspective. I definitely would expect there to be some labs and hands-on learning involved with Security Operations. These are pretty good introductions to general cybersecurity fundamentals and blue team practices.
Many people will be excited for the Pentest course, I would say that course and Secure Software Design would be the two I would remove from the curriculum, if I needed to change anything. Working in software security and pentesting is usually more advanced roles, when looking at the experience level. It is not common or likely for someone to start working as a pentester without experience in IT or other cyber roles. The skill and knowledge required for these roles is high, and it’s a different focus than the rest of the degree, which is aligned with learning the basics of cyber.
Is It For You?
Who This Program is For
This program is for someone that is looking for a master’s degree in cybersecurity with these characteristics:
Self-paced. This degree really is one you can do any time, any place, and at any pace.
Online. 100% online, check.
Cheap. $4,550 for a semester. Depending how quickly you can complete this program, you can easily receive a master’s degree for under $10,000.
Strong alumni network. WGU is popular, and has over 300,000 alumni, found in all 50 states. You don’t have to look to far to find someone else that has gone to WGU, especially within the military or education circles.
A high-level education on cybersecurity, covering many topics. This degree covers multiple disciplines about 75% of the CISSP domains.
Someone looking to learn cybersecurity that has minimal experience. This will be a great introduction to the activities and tasks required to work in a cybersecurity role.
No nonsense assignments or busy work, and straight forward path towards graduation. There are no discussion boards posts here, give a short of joy! The program is only concerned with your ability to master the information the class is designed to teach you. If it is a OA course, and you know the information, you can pass the class in a day.
Who This Program is Not For
This program is not for someone looking for these characteristics in a master’s program:
Research heavy. This is not a research school, nor a degree that really encourages researching.
Not online. Obviously, this degree is entirely online.
Close professor or student interactions. This program has low levels of personal interaction. Besides emails and phone calls, not much other interaction will be had with program mentors, course instructors, or other students. Some people love this, others do not. If you are looking to learn and work with professors closely, this is not the program for you.
You are a seasoned cyber professional looking to learn new/more information. The program doesn’t get deep into any one specific topic. If you have worked in cybersecurity for a few years and know multiple disciplines, you may want to consider a program that is more advanced and focused on a specialty or discipline.
You can find more information about the degree on the WGU website here: https://www.wgu.edu/online-it-degrees/cybersecurity-information-assurance-masters-program.html#
There is definitely a lot to take in when looking into a master’s degree in cybersecurity. While WGU may not be for you, the cost, completion pace potential, course topic relevance, and inclusion of certifications makes the MSCSIA a top tier choice. I can definitely recommend this program to people, as long as an honest expectation of the ROI from a master’s degree in cybersecurity is maintained.