While these degrees are interesting, they still have the same entrance requirements as on-campus programs (transcripts, references, undergrad degree). This is a shame bc there are many people, especially in software engineering, who have the skills yet lack adequate proof of those skills.
I'd love if there were a CS masters that either let you apply directly or complete a specification to get automatic admission. Perhaps after completing foundational courses with a B average. That would greatly increase access and should be sufficient to weed out unprepared candidates.
I was accepted into the Georgia Tech CS masters program without any formal education in CS. I have significant practical work experience though. If you don't have an undergrad degree at all, I'm not sure a master's degree is appropriate? If you don't want to get an undergrad degree, at this point in time that has some logic to it, but you are committing to a path where you will not be getting formal degrees. There are things like Coursera specializations that can provide training and some level of certification.
>If you don't have an undergrad degree at all, I'm not sure a master's degree is appropriate?
Why shouldn't it be? I don't see why 3 years worth of miscellaneous classes and 1 year worth of classes toward a major (not even necessarily in computer science) should be a prerequisite for a cybersecurity program, or for any masters program for that matter. It just seems like another part of the false mythology of undergraduate education. And I'm sure the people running these credential rackets realize that allowing students to cut to the point would put an end to their gravy train.
Even the name of the degree, masters, implies that this is for mastering that subject. I personally take that as a hint that (in general) you should already be intimately acquainted to it before mastering it.
Those years for the bachelor don't just prove you learned some random subjects. They also show that you deliver - you have a topic, you study it, you pass the exam.
The reason you say "I don't need that" is because you have to pay a crapload of money for those 3 years with a dubious ROI. It's a credential racket because they charge you through your nose. And it's cheaper now because online is cheaper. But it's unrealistic to assume you get the same quality for less money, it would sink their normal masters business right? Lots of things are debatable here especially if you dig into the exceptions but generally it might be the difference between takeout/fast food and a good restaurant.
When I see people skipping some degrees and going for the online ones they have to show some damn good practical achievements to convince me that was time worth saving.
I'm pretty sure most of you would refuse to go to a doctor who studied online. Cyber-security can easily turn out to be life or death.
If you are mid-30s with 100+ semester credits done in your Bachelor's Degree, but can't go back to finish it because many of the credits have expired, the idea that you'd have to re-finish the degree just to sit for a Master's Degree when you turn 40 is ridiculous.
Plenty of people have been admitted to MS programs without a BS/BA when they prove why they're the exception. Serious private sector work fills in the gaps easily. MBA programs are no different.
That's an oddly specific case. But as I said, digging into the exceptions will always find something to support any point of view. I'm looking at the overall situation. In most cases the degree can be compensated with work experience.
> Plenty of people have been admitted to MS programs without a BS/BA [...]
This of course is entirely up to the program. Most PhD programs require both, some require only one. What I said is that I (personally) see this as a natural progression. Skipping one will have to come with a damn good reason attached. Like exceptional performance otherwise.
> MBA programs are no different.
Again, personal opinion, I trust the MBA program the least of all. I have seen so many people (including a lot of colleagues) dish out several (tens of) thousands of Euros to get an MBA while still in their 20s, with only some mediocre team-leader over 4-5 people for 2 years experience behind them that I simply cannot put any kind of weight in that achievement.
I think that the case you're describing is the exact reason this requirement is important. Lacking credits in an undergraduate degree is a red flag -- why are you missing them? Why didn't you go back and make them up? If you're serious about a formal education, the lack of a few credits shouldn't hold you back.
In my case, I took a full-time job overseas between my JR and SR year making 100k+ in the field I wanted to study. It was an easy answer for my admissions officer who then recommended I be admitted to a MS program.
There's a lot of reasons why you wouldn't finish a degree that are valid. Have you considered asking rather than assuming? What if someone had serious depression or social anxiety? You're making a lot of assumptions on being "serious" and it's honestly pretty naive and silly, borderline offensive, and very common in academia.
> why are you missing them? Why didn't you go back and make them up?
Pretty sure that's asking, and if you find that _borderline offensive_ then you probably need a little bit thicker skin. If you're applying for a top-tier institution, they are going to look for red flags in your transcript, and not finishing your education, no matter the reason, is a red flag that needs to at least be explored. They aren't going to simply _assume_ you had some legitimate excuse for not finishing because many people don't.
I don't think it's fair for you to call it naive and silly for someone to understand your background. No one is saying that your serious depression or social anxiety isn't a legitimate reason, but it's also something that has to be considered. Academic institutions have a graduation rate to protect, and they aren't keen on letting someone in that is a risk to drop out after a couple of semesters -- no matter the reason.
If depression or social anxiety are holding you back in your life that much, it's time to seek help, by the way. As someone who has experienced the same, that is a really good indication that it has gone past a simple mood thing into a serious medical condition.
But it's unrealistic to assume you get the same quality for less money, it would sink their normal masters business right?
How does that logically follow? Different people have different learning styles and are at different points in their lives and careers. The rigour of the material is orthogonal to the channel of delivery
Yes... one style involves a bucket of money, years spent physically going to the classroom, having to live far from home and pay additional money, and more.
The other style involves paying half or a quarter of that, doing it from the comfort of wherever you choose, while holding a job... and getting the exact same level of quality?
You're saying that there's no clear benefit for the first option other than personal "learning style"? How does that fare when going head to head with the extremely obvious and objective advantages of the online option? There's always a compromise and if you gain flexibility and money something's gotta give elsewhere.
You're making a huge confusion if you think an online masters is just a channel of delivery for some material. A (good) classic masters is more than the professor handing out the material personally instead of emailing it to you (which they do anyway).
Exactly as you said, online is the option you choose when you no longer afford (time/money) the other one. It's for when you need to tick a box on an application. Otherwise you can easily skip it and substitute with your experience.
As a person with a bachelor, 2 masters, almost a PhD (:D), and a whole host of online courses and degrees I can tell you there's a world of difference between the two types of experience. So I treat those degrees with the corresponding level of respect. And please mind you, I said the degrees, not the degree holders.
Masters degrees in particular vary a huge amount. When I got one of mine (in engineering but not CS), it was a couple of years including writing a thesis which included significant original research. Yet I know people, including from top-tier schools, whose Masters was a 1 year program of mostly just classroom.
And both of them were probably more interactive and educational than a standard online masters.
I'm not saying that online=bad. But a good classic masters program will invariably be better than a good online masters program. Of course if something's already not up to par (classic or online) it becomes irrelevant by how much it fails.
You seem predisposed to conclude that degrees are merely signaling devices, and if you believe that about undergraduate degrees then you should also believe that about masters degrees and should avoid this program.
But if you believe that masters degrees have value beyond signaling, then the thinking is that a formal multi-year undergraduate course of study that ensures a minimum knowledge core on a topic will better prepare you for a formal multi-year graduate course of study on that topic than simply working in the field and acquiring a random assortment of specific skills based on what you needed on the jobs that you took.
* Even to the extent that degrees are just signaling devices, they are still useful because many people with power over your career care a lot about those signals.
* If you choose a useful major, that one-years-worth of your undergraduate education certainly has utilitarian value in preparing you for a related career or for further instruction.
* The other three-years-worth of courses may make you more worldly and well-rounded, but their instructional value is nowhere near the $150,000 you'll pay for them at a private university.
>the thinking is that a formal multi-year undergraduate course of study that ensures a minimum knowledge core on a topic will better prepare you for a formal multi-year graduate course of study on that topic than simply working in the field and acquiring a random assortment of specific skills based on what you needed on the jobs that you took.
* Yes, of course, but this only applies to the quarter of the undergraduate courses that are actually relevant. It doesn’t explain why should you need three years worth of courses in underwater basketweaving or gender studies as a prerequisite to a masters in cybersecurity.
Fair point. I actually have an undergrad degree. I'm mostly arguing that as we have straightforward ways of addressing knowledge and ability via courses online (at a low cost to institutions), then admittance should be based on that ability rather than potentially dated proxies (college grades).
I don't have an undergraduate degree in CS or engineering and was accepted with about 5 years of software development experience.
If you're saying that you think people should be able to attend a graduate degree program without an undergraduate degree, then that doesn't really make a whole lot of sense to me. There is a long established precedent that (formal, possibly legal requirements, too?) you must have an undergraduate degree to take the next step in your education.
You either want the formal education or don't -- if you do, then you have to meet the pretty standard requirements.
I have a diploma in CS, but not a bachelors degree, but 10+ years of practical engineering experience. I'd love to work towards a masters in CS, but most online schools don't accept my diploma and work experience as equivalent. I attempted to apply for a GT online masters and was soundly rejected without consideration.
There are always ways around, and candidates that should be considered based on potential. But some kind of a qualifier, even a certificate, that would allow candidates like myself that would love to be engaged through some kind of qualifier or conditional acceptance would allow more people to get engaged and show their ability and commitment to being successful.
There have definitely been a number of students admitted to the GT's OMSCS program who didn't have an engineering undergraduate degree. Not sure though what are the stats of students without any bachelor's degree at all...
There is a requirement to complete a few foundational courses after you enroll but you still need to be accepted first.
The vast majority of universities consider a master's degree to be a post-graduate degree so they'll require an bachelor's degree to enter it. There are plenty of cyber security courses either at undergraduate level or outside of the university system altogether.
I think this varies greatly by industry (maybe what I'm talking about is 20 years outdated). I know quite a few boomers who worked on their Masters / PhD while raising kids and working. From what I've been told it's because their careers were limited by their existing level of education. For example, most K-12 teachers get a pay boost by completing their Masters.
My career is software dev adjacent and I haven't seen college being a limiting factor.
Sounds like you want something similar to WGU, although specifically for CS they don't meet your requirements because they only have a BS degree program.
University of Oxford Master’s in Software Engineering
... However, more extensive experience may compensate for a lack of formal qualifications, and a strong, immediately-relevant qualification may compensate for a lack of professional experience.
You're advocating for admission to a graduate program without an undergraduate degree. It doesn't and shouldn't work that way. Possession of a masters degree indicates you have completed a prescribed course of study.
> You're advocating for admission to a graduate program without an undergraduate degree. It doesn't and shouldn't work that way.
There are BS/MS, BA/MA, BBA/MBA, and BSL/JD programs (asking others) that do not require a prior undergraduate degree but instead incorporate a same-field undergrad degree into the graduate out professional program, with typically less total coursework and tone in residence than separate programs would require because of right integration.
> Possession of a masters degree indicates you have completed a prescribed course of study.
Yes, but there's no reason that a bachelor's degree needs to be an admission requirements for that to work; it may be a completion requirement, but that doesn't mean it needs to be an admission requirement.
You're paying for certification, acceptably proving you've learned what an accredited institution expects you to learn.
The problem I've seen with "I don't need a degree!" people is gaping holes in their self-taught education, missing things that every degreed person learns.
Yes, I'd trust an OMS from Georgia Tech over "I read some books and here's a good portfolio of personal projects". I'd be seriously concerned that the latter missed stuff any MS in the subject should know.
> The problem I've seen with "I don't need a degree!" people is gaping holes in their self-taught education, missing things that every degreed person learns.
I know people with degrees who have gaping holes in their knowledge.
Remember the old adage "C's get degrees"? You only need to understand 50% of the material (C- grade point average in my country) to get your degree. That's not to mention people cheating or bullshitting their way though their degree. I knew plenty of people at university who were lacking basic skills, but managed to get pulled through by group assignments.
A degree certifies that you've been taught a body of knowledge, not that you've learned a body of knowledge.
I'd trust an actual bachelors or masters degree over "self taught" too yes, but as someone else in this thread also pointed out this "online masters degree" looks like it only really covers 100 level bachelors content and not much else.
If it’s like the OMSCS they cover lots of topics that are covered in anundergrad but the marking scheme is that an undergrad A guarantees you’ll pass and if you want an actual A on the course you’ll have to work harder. Any OMSCS grads feel like (dis)confirming?
Currently in OMSCS, after very recently taking some bachelor's level courses. The OMSCS classes are significantly tougher, go far deeper into the material, require more research and involve less hand-holding than the bachelor's level classes.
I interacted a bit with OMS CS students that were taking Udacity courses (there is some link between Udacity personnel/classes and OMS CS), and they all reported being flooded with difficult homeworks/projects, often racing against the clock to submit things before deadline. Some classes even take >40h/week according to them. It doesn't seem to be anything trivial as you'd have implied; more like a proper MS from a Top-10 school. Imagine you need to get a lunar lander module landing on the moon in OpenAI gym via Deep Reinforcement Learning, write your own real-time Augmented Reality system as your final project in Computer Vision, beat real-world radiologists using the very latest Deep Learning research from Stanford as a final project in health informatics, write your own Swift-like compiler etc. Does that seem trivial? If anything, it's awesome people can learn those things online with the proper academic rigor and without dumbed-down curriculum.
I believe it's not really hard to check one's competency level in STEM fields. Suppose you're interviewing those with bachelor's degree in math. Intro to Abstract Algebra and Real Analysis are two of the core requirements for those in undergrad math. Admit all those with papers automatically. Place a super high bar of responsibility and expectations on the so called "self-taught" ones. For example, accept only those who can solve every single problem in Hatcher's Algebraic Topology cold. I doubt even 10% (numbers out of my ass) of the undergrads in the US are capable of this feat. Anyone who taught themselves this shit (gaping holes or not) can kick some serious ass. Sounds fair to me.
The idea is that any one who masters some obscenely difficult area can easily be taught anything they are missing. Hell, you can tell them to pick up whatever you need them to know on the weekends. The book and the subject matter I suggested so happen to be brutally difficult. Anything they have to learn at your org will likely be trivial by comparison. Any one who learned this book on their own can easily walk in and out of any math PhD program (let alone other subjects).
As someone who did a bachelor's at GT, students constantly complained that none of the classes prepared you for Day 1 of a job.
GT's collective response was always that that wasn't their job. They expected you to pick up {new-js-library} while you were studying.
Their job was to "train you for the last job you'll ever have."
And there's a certain wisdom to that. I can learn a new library -- I'd be unlikely to learn the full networking stack, RDBS internals, the history of hardware / software development, or OS & processor memory handling.
How would you trust it compared to 5+ years experience with CISSP and possibly one of the more advanced ISC2 certifications or any of the SANS GSEC certs?
I understand that you are saying any accreditation is better than none. I am just playing devil's advocate with an accreditation alternative to formal education.
The two curricula are incomparable. A CT MS is academic; the courses are formal college courses, independent of a sponsoring corporation and its commercial S/W products. The role it prepares you for is IT management. Certificate programs prep you for staff level work, as an implementer.
Here are the 3 possible curricula for the GT program:
Core:
Introduction to Information Security (CS 6035)
Information Security Policies and Strategies (PUBP 6725)
Info Security Track:
Applied Cryptography (CS 6260)
Secure Computer Systems (CS 6238)
Network Security (CS 6262)
Information Security Lab (CS 6265)
Energy Systems Track:
Smart Grids (ECE 8803)
Introduction to Cyber-Physical Electric Energy Systems (ECE 8803)
Introduction to Cyber-Physical Systems Security (ECE 8803)
Computational Aspects of Cyber-Physical Systems (ECE 8803)
Policy Track:
Introduction to Information Security (CS 6035)
Information Security Policies and Strategies (PUBP 6725)
Information and Communications Policy (PUBP 6502)
Privacy, Technology, Policy and Law (CS/MGT 6726)
Internet and Public Policy (PUBP 6111)
Scenario and Path Gaming (INTA 6014)
Data Analytics and Security (INTA 8803)
Information Policy and Management (PUBP 6501)
Challenge of Terrorism in Democratic Societies (INTA 8803 G)
I think it's a valid question since the CISSP seems more geared to managers, not "staff-level work." The most common advice I've seen about answering questions for the CISSP exam is "think like a CEO."
You would trust the OMS to do what exactly? Opine on computer science theory? Perhaps. Do solid work for you? That's a much closer call, in my opinion.
I am a Senior Software Engineer in my mid thirties doing an Online degree at a local university of applied science in Germany. I am doing most of the work at home and just go there 4 times per semester and once for exams, but i have a lot of deadlines for assignments during the semester, while i work a fulltime job obviously. As far as i can tell, they apply the same standards to exams and grading than they do for normal on-campus students and I need to go much deeper into subjects than i would if i would self study for fun, to get good grades. I also need to study stuff that might not be on my list if i would only self-study, but in the end often is really valuable.
Maybe some people can go really deep into topics when learning by themselves, for me the fact that i need to pass an exam and want a good grade helps a lot to go the extra mile on some of the harder stuff.
So when someone says an Online degree equals "I read some books and here's a good portfolio of personal projects" i honestly get mildly offended.
In my case it's https://www.vfh.de/ which is a group of Universities of Applied Science throughout Germany that offer a selection of degrees. I myself am in Berlin, experiences may vary between different universities. I am doing a Medieninformatik Degree which equals something like "Computer Science and Digital Media", meaning some emphasis on Computer Graphics, Web/Mobile Development combined with CS fundamentals etc. If you want a Degree from a research University in pure Comp Sci, Fernuni Hagen is the only options for remote studies afaik.
I speak okayish german. Can definitely understand and work with it, but I think that writing a essay in German for me might be too much. So I've been delaying my MsC until I learn better German, but this will take forever.
I am german, so yes i guess you could say i am fluent. However, since the studies are mostly remote and a lot of communication is in written form, you should get by with okayish german during the semester and exams. There are quite some essays to write and presentations to hold though (more in the Master than in the BSc), so i am not sure how that would work out but could also see them being flexible and let you do it in english, since it's smaller groups and thus more personal mentoring. This is just a guess though.
Otherwise you'd need to try something like Internationale Medieninformatik at TU Berlin which is in english, but not remote unfortunately. Otherwise maybe the Open University Masters is something for you, or of course the GTech MSc which is quite a bit more expensive though.
How will this degree appear on my diploma and/or transcript?
The name "Online Master of Science" is an informal designation to help both Georgia Tech and prospective students distinguish the delivery method of the OMS program from our on-campus degree. The degree name in both cases is Master of Science in Computer Science.
The point stands that it would be relatively easy to know which version someone completed (you worked in New York but got a masters at Georgia Tech?). I personally believe the value to be roughly equal to a "real" degree.
I think the question is less whether the "online" part of the degree is problematic, and more whether the "masters" part is. Pay-for-play vocational masters degrees are kind of a known quantity in the field already. A BSCS from GATech is something! An "MS in Cybersecurity" is something else.
They aren't exactly the University of Phoenix, either.
Compared to the average cost for an online degree from a decent university, I can see a lot of people compromising over only 10K - even if some parts of the program aren't perfect.
They aren't, but, as someone who holds a non-academic Master's degree, I think I still support the distinction - MA and MS should be reserved for people who've defended a thesis. Conferring it to people who have completed a professional education program is muddying the waters.
Georgia Tech has a top tier CS program and I am not disparaging it. I'm talking specifically about vocational masters degrees like this Cybersecurity thing.
There’s a lot of money getting dumped into all things cyber, and its attracting waves of people like flies to a lightbulb.
It’s also a place where marginal people can burrow in or even thrive - either doing policy work (in the form of monk-like transcription of NIST documents), being a gatekeeper for exceptions and reviews, or doing threat intelligence. Figuring out how to measure and hire people is hard, and banks and Federal contracts need to fill thousands of chairs.
The racket of expensive certifications was restricting the talent pool, so these cyber security programs are sort of like a substitution for that. This isn’t going to ever produce real technical leadership — the smart people are ultimately engineers who do interesting security things. IMO it’s a waste of potential — smart kids are bypassing Computer Science or Engineering for a much less rigorous education.
> IMO it’s a waste of potential — smart kids are bypassing Computer Science or Engineering for a much less rigorous education.
There are some opposing forces at play that students and new grads may not quite understand: Computer Science and Software Engineering (boot camps by extension) are basically branching paths to the same entry entry level job, but where you go beyond that can have a stark difference.
I always ask our interns a few questions about their education when they start. One of the chief complaints for CS students is that they don't learn enough practical knowledge to enter the work force. They talk about people who went to a boot camp or were self-taught, and they always express that those people are much more prepared for a given position. Thus we have students who are looking for SWE courses but are taking a CS curriculum. In my experience, no one bothers to make the distinction until it's too late.
True story that drives this home: Our client hired an intern who didn't think a CS degree was practical. He clearly had gaps in his skill set, but I chalked it up to him being a college junior. He was given a small task to parse some text, and I suggested regular expressions (the programming construct) - something he said he had experience with. He came back to me a hour or so later utterly confused on how people could catch all of the edge cases and branching paths that a small regex can generate. Turns out he hadn't taken formal languages yet. I sat him down to build a DFA and talk regular expressions (the formal language concept) with JFLAP[0], and it blew his mind. That conversation changed his entire outlook on CS degrees.
I think it depends on how it's done and who it's offered by. Georgia Tech is one of the best US overall engineering programs in the US and I'd hope they would take this seriously and employers or other credentialists take it seriously.
I took a master's course in cryptography at a university as part of a job perk. The IRL aspect was lectures and office hours sometimes. The professor did not have a great grasp of the English language so I had to work with other students and do extensive internet research to understand things.
I also did one of Udacity's FEND program. It had a Slack channel and pretty cool feedback mechanisms for homework and tests. If the grad school class had that I think I would have enjoyed it more and had greater mastery of the subject.
I think it's past time for us to consider OMS legit instead of automatically second-guessing them.
The FAQ on EdX says the certificate is identical to the on-campus one, it doesn’t mention “online”.
In the UK we have had “distance learning” for a long time (Open University) and there is no stigma attached, OU is probably actually more prestigious than most ex-polys.
To the business world, open source is just a business calculation and HR really doesn't care about it except when it's useful as a recruiting tool. The same is true of hiring decisions and open education. Degrees from well known universities are part of a cost/benefit/cover-your-ass strategy in hiring decisions so when open education has proven itself to the degree that open source software has, then it will be as widely accepted.
It probably depends on the market where you’re job-hunting. In tech worker starved areas like the Midwest and South, it’s probably a sufficient credential. Either of the coasts, obviously less so.
Hopefully they will have something more advanced in the future, possibly calling it Masters of Science in Cyber Engineering with course work similar to the following:
[*]Introduction to Graph Design and Theory
[*]Secure Network Design, Theory and Implementation
Introduction to Analog and Digital Signal Processing
[*]Assembly for IA-32 and x86_64
Assembly for PowerPC, MIPS and ARM
[*]C/C++ Programming for Windows, Linux and MacOS
C/C++ Programming for Android, iOS and Embedded Systems
[*]Python Programming
[*]Advanced Python Programming
[*]Automated Testing Theory and Implementation
Advanced Graph Theory
Introduction to Game Theory
Advanced Game Theory
Building Secure Scaleable Systems and Networks
Building Big Data Analytics Systems
[*]Automated Defense and Offensive Systems Theory and Implementation
[*]Information Assurance Policy
[*]Reverse Engineering Windows, Linux and MacOS
Reverse Engineering Mobile Devices and Embedded Devices
Reverse Engineering SCADA Systems
Advanced Analog and Digital Signals Processing
Cryptography for Engineers
[*]Vulnerability Research Theory and Methods
Updated - [*] Core courses.
If the individual could make it through the above, they would be very knowledgable, experienced and ready for many of the hard problems in the realm of cyber that employers are wanting in extremely high demand.
Yeah, many would probably have to be broken down into electives, but if all of them were taken the graduate would be an extremely strong cyber engineer versus the current easy cyber degrees that are available now that do not really cover what cyber engineering employers are looking for. Most of the degrees are very general and do not go into depth or build a strong engineer during the process.
I would have to guess a Ph.D. in Cyber Engineering to start off near the Vulnerability Research work. Starting with a higher emphasis on research in cryptography, building tamper resistant systems, maintaining integrity and confidentiality on mobile desktop, server, SCADA and embedded systems.
Then kernel development, in depth work with creating custom applications that deal with TCP and UDP security and analysis, deep dives into the inner working on how various IoT devices work, building autonomous cyber reasoning systems, automated cyber ranges, and or automated policy client/server enforcement systems.
> A PhD is about doing novel work and pushing the state-of-the-art, you can't get a coursework based PhD.
That's the USA philosophy of advanced degrees; it does not reflect the practice of every country.
And given standard scholarly impact statistics for completed theses, it arguably doesn't reflect reality either. Maybe we should start admitting that most PhD candidates haven't made a significant contribution to the state-of-the-art, most future candidates aren't going to, and the nominal requirement to do so isn't helpful?
A Ph.D. is mainly about research, the courses you take leading up to your dissertation should still teach you more in-depth technology to help insure you are an expert in the field of the degree at the graduate level. Without this in-depth course load you will have weak research and would not have a good in grasp to be able to create anything new, state of the art that helps push the industry forward through advanced research along with being employable.
If you come in the door with these credentials you will be highly qualified to be at least a principal cyber engineer. Your in depth research would makes serious waves in the industry and with real world experience it would be an amazing win-win situation for you and the company that hires you, or even better your own business doing cyber research.
Is that supposed to be cheap or affordable? As far as I knew online courses are up to a few hundred to get an official certificate. And I just graduated last week from a similar master's for €2k in a brick and mortar school. What's special about "under 10k" for an online study?
Edit: from elsewhere in the thread, I understand that a degree is more usually more expensive than 10k in the USA? I guess a lot more, since this is making headlines? Is that also the typical case for online degrees?
Which is to say, you might actually have to learn something if you go to CMU, UCB, MIT, Stanford or UIUC; instead of just leeching off of your group-project teammates.
(Not that I've ever had any experience on the receiving end of this... /s)
For comparison I briefly took online masters classes from my alma mater, a state school that is not especially heard about often, and it was approximately $2000 per class.
As anecdotal data: The Masters program I took (not in Cybersecurity) is offered online for the same price as it is in person (I did it in person). If I were to do it again today, according to its website, the program would cost a total of $37,000 (€32,5k) in tuition, not including books, etc.
Exactly. Most MS degree programs in the US cost $5000 per course, and 10 courses are required. That's $50,000 in tuition, so $10K is a great price. GT's MS degrees are easily the most affordable grad degree from an elite school in America.
10k is extremely affordable at an elite CS school worldwide. No offense to wherever you went, but Georgia Tech is almost assuredly higher rated for US private sector by quite a bit. This even applies if you went to TU Delft based on your bio.
Worldwide it holds less prestige but in the USA for the major companies, GT is very highly regarded and the students are heavily recruited.
I think this 31337 school thing is also USA-specific and not as important in the rest of the world.
When I interned at Deloitte (here in the Netherlands), there were a lot of employees from two particular IT security studies. There was teasing and slight rivalry back and forth of course, but it definitely wasn't that one camp got paid more or was hired more easily than the other.
In fact, if you were to ask, most people would tell you that any vaguely relevant master's would do (and get paid similarly) since the company has to teach you the specifics anyway. Now I've noticed that's not entirely true, they will definitely frown upon a network engineering graduate applying for a security job, but you'll still get the job if you can convey your interest in the field.
Job market for GT BSCS grads is the same bollocks as most anywhere else. I say, save your money and go someplace else (or self-teach) and then use a recruiter that knows wtf they're doing; that's what will make the difference.
It sounds like you just have no regard for a formal education -- which is fine. However, for many, it's still a great indicator that you have had at least some training on the fundamentals of your practice area.
The job market for GT grads is the same as everyone else, yes, because it's unlikely a job is going to magically open just for a GT grad. However, I guarantee saying you hold a GT BSCS catches the eye of recruiters more than a certificate from Udemy or no education but some experience.
I spoke and speak from personal experience; and I'm not going to copy-paste my HN profile.
I do in fact hold rigorous formal education in high regard. But I doubt that more than about 70% of GA Tech BSCS holders have actually received such a thing; and a result from a 70/30 binary distribution is not a very informative piece of evidence.
I don't doubt that a Udemy cert alone is as close to bubkes as you claim. I do doubt that an Anytown State University degree is in the same bucket as Udemy certs, rather than the same bucket as a BSCS from GA Tech. I have also seen recruiters that can very easily convert autodidacts' and Udemy grads' raw experience and competence into employer signals.
I'd really like to see them do this for an undergrad. I never finished mine, which hasn't really held me back in my career except for wanting to pursue a masters. I've looked around, and I've never really found what I consider to be a respectable online undergrad for less than about 50k worth of tuition.
All of these Master’s will admit students with enough relevant work experience without a Bachelor’s degree. If your work experience is tangential to what you want to study they might tell you to go do a MOOC and apply again with proof you did well in it.
GA Tech does admit some students to the Masters programs who don't have bachelor degrees. The Micro Masters programs at edX may be a way in to the MSCS programs without the undergrad step. One benefit of the MM programs is that they're basically open access. You do what is essentially 1/4 of the degree online first, and if you do well you may be admitted to either the residential Masters program or the online program. Disclosure: I work at edX.
Unless I misread the below they prefer a Math, CS or Engineering Bachelor’s and a Bachelor’s of some kind is an absolute requirement.
> Preferred qualifications for admitted OMS CS students are an undergraduate degree in computer science or related field (typically mathematics, computer engineering or electrical engineering) from an accredited institution with a cumulative GPA of 3.0 or higher. Applicants who do not meet these criteria will be evaluated on a case-by-case basis; significant professional or other work experience with supporting recommendations may qualify as an adequate substitute for the appropriate academic credentials, however work experience will not take the place of an undergraduate degree
I know people who have been admitted to MS programs without an undergraduate degree. Both had significant progress towards their BS/BA (one had an AA) and seriously good private sector work done (one at Microsoft, another at a startup) with either published papers or extensive open source contributions.
A lot of schools including GT will accept 3 years' worth of credits from a junior or community college. You can then finish 1 year's worth of additional credits and get the degree from the final institution.
A working person might be able to space out classes so that they can continue their full-time job, but I'm not sure.
I'm currently in an online MS Information Assurance program offered by Iowa State University. It's both more expensive than this offering (although not by a lot) and from a university with a lot less name recognition. I mean, besides that it's probably in Iowa.
So on the surface the GATech offering looks superior. However, I can't help but wonder how the "at-scale" model changes that. At IA State I'm "in" rather small classes and have very ready access to the instructor by email and phone. My work is also almost all graded by the instructor directly, most courses aren't big enough for a TA to have been hired. So I feel like it's a fairly personal experience, despite my physically being several states away and watching lectures recorded. I'm working on forming a committee for my thesis this semester so I'll be conversing directly with the faculty even more.
I wonder how an "at-scale" program like this, which seems to get built more on a MOOC model, will compare. Will it feel nearly as much like receiving direct instruction from an expert, which is what I would want a graduate program to be, or will it feel more like an off-the-shelf mass produced training package? That's a big concern to me.
Edit: I also feel like it's worth noting that my program confers an MS, with either thesis or creative component at student choice. I suspect this will be viewed more favorably by employers and others than an "OMS," even with a big name on it.
I looked quickly at some online master offering and you are exactly describing the struggle.
Some places seem to charge an enormous amount of money (>40k$) and some other a fairly small amount of money (<5k$).
Unrelated to the price, some are simply a glorified version of a Coursera MOOC with a non personalized experience while some other seem to offer a lot of 1:1 and side project opportunities directly with the TAs and teachers.
This field is in full revolution, but it feels like a lot of universities see this as an easy way to get a couple thousands extra dollar for only posting the lecture videos online.
You would still have to look into how these courses are structured. A lot of these online courses/MOOCs tend to be heavily watered down, even when they're offered by major universities.
No. A BIG no. Stanford has been offering an on-line MS in CS for about 30 years using videos of the same courses taught on campus. Same tests. Same grades. The degree is exactly the same, on-line or not. Same for U of Illinois. Same for Ga Tech. The word "online" does not appear on the diploma. THESE ON-LINE DEGREES ARE EQUAL IN EVERY WAY TO ON-CAMPUS DEGREES.
Yes, there's a HUGE range of quality in on-line degrees these days. Many of the degrees are sold by degree mills calling themselves universities and cheating the hell out of their students. Almost all MOOCs are watered down subset of an on-campus course.
But the on-line degrees from these top tier schools do not suffer from that.
It's not true in Georgia Tech, at least in OMSCS. After you finish 10 classes you will have done 20 to 40 projects and as many exams, in addition to homework and papers.
You will at least have a rich gitHub repository if you go through it. If you try your best you will also learn a lot and make connections.
The advantage of a part time masters is that the connections are of a much higher value. During your undergrad you and all your connections will go on the job hunt. In a part time masters some of your connections will be hiring.
This is a phenomenal field choice for an online degree. I'm a little surprised that they didn't have a professional institution co-sponsoring it (like AT&T did for another GT program). One of the big players like Splunk or Symantec seems like an ideal fit for this.
It is offered by a British university. Undergrad degrees are more specialized here than in the US, a BSc in Computer Science is a completely normal thing and is what the majority of British CompSci grads would have.
They’re well on the way to solving the accessibility problem in terms of having all the materials available to cover a Bachelor’s in CS if they’re not there already. Coursera have partnered with the University of London to provide a Bachelor’s in CS. And the company launched in April 2012. The different MOOC providers may not have disrupted education but they’re off to a good start.
This program was just announced. So the first cohort hasn't started yet. There are a bunch of OMSCS students in this thread though who have taken some of the classes.
GATech brought in $68M from their $6,800 CS degree?
"OMS Cybersecurity is Georgia Tech’s third at-scale online degree program. It will follow the same model as the groundbreaking online Master of Science in Computer Science (OMSCS) program, which launched in 2014 on Udacity with support from AT&T and has enrolled approximately 10,000 students overall for the $6,800 degree."
You don't pay the full cost up front, and there is a substantial dropout rate + it typically takes at least 3 years to finish OMSCS. So the real number is probably a fair bit below $68M right now.
Also, $6800 is on the optimistic side, probably achievable only by maxing out the number of courses that can be taken simultaneously (I believe the concurrent limit just went down, too). For the average person taking it one-class-at-a-time, it's a bit over $8K.
Same here. Did the degree previously require 12 courses instead of the current requirement of 10? I feel like when I first started looking into the program before I joined it was 36 credit hours, not 30.
As the home site I used to go to for the hacking zine Phrack, it seems very appropriate they would do this. The courses though seem more generic than I'd expect. I tried to find the old gatech.edu site for phrack to ad the url here, but all I find now is phrack.org.
Another poster listed the curriculum. As a security professional from a top software company I am not really impressed.
The curriculum is as follows (tech specialization, the others are worse):
1 intro to security
1 intro to policy
1 hands on lab
1 crypto
1 netsec
2 it security
choice of (2):
basic CS courses (i.e. mobile apps, operating systems)
None of that will help you get a job at any company with a serious security org. All of those courses from what I could find are the same introductory level electives you can get in your BS degree in CS.
It is not a specialized program, it is more of an introduction to security and CS at the MS level.
Things that would help:
Client XSS, Authentication / Session Management, Secure client/server architecture, defining access boundaries, phishing / social engineering, red team / blue team setup, automated vulnerability regression tests, SSDL, threat modeling, etc.
Your list of "things that would help" are topics that (I imagine!) should be covered in intro to security, netsec, or IT security -- e.g. as 1-week or 2-week sections during the respective courses. Very few of your topics should be dedicated courses.
Agreed. Those topics are very specific instances of general principles that are usually taught in a security course.
What did OP mean by "secure client/server architecture" though? What are the basic/fundamental principles behind it, that are NOT covered in cybersec education?
"Client XSS, Authentication / Session Management, Secure client/server architecture, defining access boundaries, phishing / social engineering, red team / blue team setup, automated vulnerability regression tests, SSDL, threat modeling, etc. "
^ I am in no way trying to be offensive here. But if you are already a programmer, with the exception of "threat modeling" and "regression tests", it seems all those topics combined would take a week to learn?
If "learn" is "has seen and memorized a checklist", then maybe. Don't expect people that "learned" like that to be able to do much in practice with that though.
Yeah. Security is best learned after creating software for four or five years. Before that you're not going to have enough of the pieces to think about it creatively. Things turn into "rules-games" where everyone else has to tell you the rules. Also, I think studying data science is underrated for cybersec.
As a cybersec consultant with experience working with many security organizations, I wholeheartedly disagree. There is a lot more to security than things that have to do with software engineering. In my experience, the companies with the worst security are ones that primarily employ current or former software engineers as leaders of their security teams with a misguided mentality that security is just a subset of software engineering. Because of that mentality, they tend to focus on a very small portion of security principles.
Most vulnerabilities include or source from some sort of poor software engineering though, which may root from said issues, among other things. Most of these vulnerabilities (including some hardware vulnerabilities) are discovered and exploited with clever, creative software engineering / exploit development.
I know cybersec is extremely broad, but I think software engineering plays an extremely important role.
I certainly agree it's an important part of security, but that's vastly different from "you should have 4 years of engineering experience before you can start learning security".
Speaking practically, the vast majority of companies that experience one of the vulnerabilities you are referencing are not going to be patching the code themselves - they're going to be updating their infrastructure with code that was written by someone else. And before they even get to that point, they are going to have to have policies/procedures that alert them of that vulnerability, that assess how important patching that vulnerability is, that determine cost of patching/not patching, that determine how to receive that patch, and that determine how to apply that patch. And all of those things involve much more than programming.
One of the other largest parts of defending a company from being hacked is training and protecting employees from social engineering/phishing attacks, and that's something that doesn't involve writing any code (or even knowledge of code) at all.
> There is a lot more to security than things that have to do with software engineering.
I didn't say there weren't?
> In my experience, the companies with the worst security are ones that primarily employ current or former software engineers as leaders of their security teams with a misguided mentality that security is just a subset of software engineering.
Wasn't what I was advocating for.
I'm advocating for learning security after you have a base of software development. Not leading a security team with no experience learning or practicing security. Also, this is a huge and growing field, so I'm speaking generally, but I'm sure there are sub-areas where there are counter examples.
Training and awareness, asset management, third party management, policies and procedures, legal (you should have lawyers looking over HIPAA/PCI/GDPR stuff, not a programmer), identity management, incident response, recovery & business continuity, communications plans, PR...
I could keep going. All of these things could have some software engineering component, such as with identity management: there is a component there that deals with (for example) writing code to integrate your web app with multi-factor authentication, but identity management also encompasses things like writing good access control policies, managing the legal requirements for access, training people on how to use that multi-factor auth, etc.
Engineering skills are of course of great use if you are talking about the security of a specific codebase or doing penetration testing or doing the nitty-gritty customization of a security application, but "cybersecurity" is much more than that.
There are a number of organizations that apply data science, ML, and HPC to support cybersec operations. The ones I am familiar with would likely consider an MS in CS to be a good entry point. A candidate that also had another substantial degree would be of even greater interest.
>Also, I think studying data science is underrated for cybersec.
Can you elaborate? I know a lot of security teams will have large amounts of machine data thrown into ELK or Splunk, but that seems like qualitative data and so there's not a lot of number-crunching to do.
There's just so many things that are helpful from data science.
Graph Analysis => Saw some guys turn the Android codebase into a graph and use that to turn a dozen minor exploits into a chain that gave them root. Pwn2own IIRC.
Statistics => Great for detecting anomalies / understanding how to evaluate manipulation of cyber adjacent systems. For example, understanding the beta distribution lets you figure out how someone will game ratings in your app store to beat out legitimate apps with similar sounding ones. And of course all of these things cut both ways: if you're on red team it helps you masquerade more effectively.
Recommenders => Obviously useful to understand from attack detection, spam filter evasion, etc.
Linguistic analysis => De-anon attackers by the language they use. Figure out automatically which email accounts have been owned by sudden changes in speech usage.
Things like fraud detection come to mind. Being able to build a model based on previously detected bad actors and then use that model to detect possible additional bad actors is a specialized but useful skill in some contexts.
The "already a programmer" thing is quite a misconception here. Security has many topics and domains that have nearly no crossover with being a programmer. It's possible that many people entering this degree program have no past (or future) experience writing code.
Anecdotally, at my (one of the largest in the world) security consulting firms that hires from similar degree programs, a very small minority of people have any experience as a programmer, and a similarly small minority of our work involves writing/reading any code.
Your list of "things that would help" are likely found in:
"Introduction to Information Security (CS 6035)
A full spectrum of information security: threats, software vulnerabilities, programming for malice, basic cryptography, operating systems protections, network security, privacy, data mining, computer crime."
I disagree, every year I go over a hundred of new-grads resumes from top schools and interview for dozens of security engineer and researcher positions. My basic impression is that no undergrad program has any worthwhile undergrad-level security emphasis. I would definitely give someone with such a masters degree a second or third look.
It's my observation that a master's is often a "second field of study" after getting a bachelor's. Whether that should be or not is debatable. But I know people in the field of infosec that have less experience than this, so if someone really gross the content of these courses, I'd hire them.
Yes. When I did my undergrad in CS, the people doing Masters degrees were taking many of the same classes. Different course catalog numbers, but they were sitting in the same room with me, hearing the same lectures, and doing the same homework.
As this is a masters-level course, arguably readying people for management, I would add a course or two on compliance. Too many security pros know how to secure a system but know nothing about security standards. If you cannot explain how what you have done complies with various standards, all your effort will be torn down.
A course on documentation would also be prudent. Knowing the difference between policies, standards, and procedures will help you in any interview for positions above entry level. Knowing qualitative from quantitative, and being able to talk about abstract security theory, would be good too.
And some law. Some basic course so you can talk about negligence and liability without sounding like a wikipedia page.
As non-degreed developer who is looking to transition to security work, I was initially excited to see this program but had a similar reaction after looking at the curriculum.
Potential gems on the list might be the OS or networking course if they are run something like MIT's 6.828 with lots of lab coding and perhaps a bit of hand-holding, but if you can just clone last semester's 6.828 repo and get osdev'ing, why drop 10k to spend most of your time on courses that look like yawn central?
I think what I really wanted to see was a lab-focused curriculum for aspiring vulnerability researchers, so perhaps I was bound to be disappointed.
a lab-focused curriculum for aspiring vulnerability researchers
A MS is an academic degree so of course it will be heavy on the theory, and you will mainly be expected to do practical work independently on top. Same as an undergraduate degree actually, at least a good one. That stuff you call “yawn central” is the principles that will last your entire career, the stuff you learn in the lab will be obsolete in a few years.
Your list of topics sounds like what should be covered in security in a software engineering context more so than a computer science context. In computer science I would expect more of a deep dive in to the crypto math stuff.
Intro to Information Security, for example, has four hands-on projects:
1. Exploit a buffer overflow in a C program
2. Use Cuckoo to understand a malware attack
3. Implement CBC encryption algorithm and a brute-force algorithm to crack it
4. Demonstrate an XSRF, XSS and SQL injection attack
Remember this is an intro course and there are about 2-3 weeks per project so you won't be an expert but I'd say it makes you aware of some of the basic security attacks and how to prevent them.
Georgia Tech biases heavily towards hands on project design. It was also rated the worst school in terms of work life balance while I was there. Grad level courses will easily suck up a substantial portion of your life, even if the content seems 'simple.'
> None of that will help you get a job at any company with a serious security org
Most of the jobs are with non-serious orgs. But yeah, paying $10k to get a basic bootcamp on security probably isn't going to inspire tons of confidence by employers.
Here's the requirements for GATech's standard Cybersecurity MS:
Core:
CS 6035 Intro To Info Security
PUBP/CS/MGT 6725 Info Security Policies
CS/ECE/PUBP 6727 Cyber Sec Practicum
Elective (CS/PUBP/ECE 6000-level)
Tech Specialization:
CS 6260 Applied Cryptography
CS 6238 Secure Computer Systems
CS 6262 Network Security
CS 6265 Information Security Lab
Any 2:
CS 6210 Adv Operating Systems
CS 6250 Computer Networks
CS 6255 Network Management
CS 6300 Software Dev Process
CS 6310 Software Arch & Design
CS 6340 Software Analysis & Test
CS 6365 Intro Enterprise Comput.
CS 6390 Programming Languages
CS 6400 DB Sys Concepts& Design
CS 6675 Advance Internet Comput
CS 7210 Distributed Computing
CS 7230 Software Dsgn,Impl& Eval
CS 7260 Internet Arch& Protocols
CS 7270 Networked Apps&Services
CS 7292 Reliable Secure Comparch
CS 8803 Mobile Applications and Services
Energy Systems Specialization:
ECE 8813 Smart Grids
ECE 8813 Introduction to Cyber-Physical Electric Energy Systems
ECE 8813 Introduction to Cyber-Physical Systems Security
ECE 8803 Computational Aspects of Cyber-Physical Systems
And any 2:
ECE 6550 Linear Sys and Controls
ECE 6607 Computer Comm Networks
ECE 6615 Sensor Networks
ECE 6102 Dependable Distribut Sys
ECE 6320 Power Sys Ctrl&Operation
ECE 6323 Power System Protection
ECE 8813 Advanced Computer Security
ECE 8813 Network Forensics
Policy Specialization:
Select 4 courses:
PUBP 6502 IT/Comm/Telecom Policy
MGT 6726 Privacy Tech Policy Law
PUBP 6111 Internet & Public Policy
INTA 6014 Scenario and Path Gaming
INTA 8803 Data Analytics and Security
PUBP 6501 Information Policy & Mgt
INTA 8803 Challenge of Terrorism in Democratic Societies
And any 2:
PUBP 6701 Energy Technol & Policy
PUBP 6014 Organization Theory
PUBP 6401 Sci,Tech & Public Policy
INTA 6103 International Security
INTA 6015 Technology& Military Org
I'm pretty meh about this. In particular: when we think about the "cybersecurity talent shortage" (I don't believe that one exists, but whatever), we're thinking about what this degree program considers "technical specialization" roles. I don't look at that course list and think of a consistent cohort of people it produces that are especially ready to take on jobs in my field.
I'm also: why do they make Cybersecurity MS candidates take that pointless Applied Cryptography class? I read the lecture slides for it, and, like most university crypto classes, it's "just enough cryptography to make you dangerous, with just enough math notation to make you think you learned something really hard that you didn't really learn".
The MS core classes are an intro to computer security that might be workable as a 100-level class in a serious CS program, a "policies" class that looks just absolutely deadly (1 week on "HIPAA, GLBA, FISMA", then a week on the "NIST cybersecurity framework", then a week on "cybercrime and cyberwar"), and a capstone independent study program.
My advice: get an internship and skip the MS. They'll pay you to learn this stuff.
What makes you think that a 600 level course at a top 10 CS program is equivalent to a 100 level course at a "serious" CS program?
(I graduated from GT but didn't take the undergrad version of intro infosec, which is 400 level and is likely crosslisted with the on campus 6035. I also don't think infosec was the most rigorous of courses from what I heard, but still)
I guess my point is, if you consider GT to be a top CS program, then the fact that undergrad intro infosec is a 400 level course (on the easy side, but 400 level), would imply that infosec isn't a 100 level concept (this makes sense, before you can start to understand secure vs insecure X, you first should just understand X, without security being an implication).
My son just finished UIUC CS 125 (the programming intro class for non-majors) and he'd be fine with all the material I see in 6035. That's I guess how I'd sum it up.
If this is anything like the courses I did at GT, the courses might look simple, the content might not seem deep, but the meat of the learning will be done in the constant onslaught of deep diving practical assignments. Applied Cryptography definitely seems like it will fit the bill here. The Energy Systems Specialization looks like it dives deeper than the other tracks, though.
I agree that the credentialism is the real issue here. I wanted to go into security after graduating and couldn't find anywhere offering jobs with less than 3 years of work experience or a graduate degree, lucky if it was only a MsC requirement.
Not commenting on the class, but the talent shortage. It is definitely real. However, it is actually easier to find security engineers than product managers FOCUSING on security, leaders who are also good at security & can speak "past security" to the business. Security is often a dead end in the C-suite area... because of the personality quirks.
Can you elaborate more on product managers focusing on security? I just graduated with B.Sc in CS but am in a networking job now there is a lot to learn, am planning to branch into the security field after getting more experience (2-3 years)
From this, I can trust that any GA Tech OMS graduate has covered those subjects to the satisfaction of an expert on the subject. Maybe "covered" is kinda thin, yeah, but at least I know they've been covered to at least a sensible minimum.
That vs having to interrogate a candidate on 22 subjects, identifying what constitutes sufficient coverage. I've seen enough self-taught developers who clearly haven't covered the basics to be concerned.
You should do both, the MS and the internship. Many cybersec practitioners that I have known are particularly poor at communicating their expertise to others.
"Easy" isn't the word I'd use. Dated and not especially useful, maybe. What practical work did they have you do? I'm only going from the course slides.
Practical depends on how you end up using the knowledge right? For people into protocol development/exploitation it was a valuable course which taught many fundamentals of discovering cryptographic operational methods, flaws, procedures, and how to design or fix. The reason you always hear people say "never roll your own crypto" is because this is a difficult subject matter, but is necessary if you're trying to build a properly secure cryptographic schema.
CIA, MI5 offer the best courses, plenty of paid for field work in interesting locations around the world. Just answer strange adverts, like Godolt is not coming, or be observant when out walking.
I wonder which schools will be offering the CS, EE, and Accounting Master's. Hopefully MIT, MIT, and UT-Austin, respectively. Does anyone know anything beyond what's already posted?
Man I would go back to get a brass rat! Wonder why Rensselaer Polytechnic Institute isn't on your list? Then again an online degree takes all the fun out of living in the "asshole of the universe" as the students allegedly dub Troy, NY.
I completed this online MS InfoSec program in 2013 back when it cost $40k (out of state). Who do I talk to in order to get a refund for the difference since now Georgia Tech are effectively admitting they were price gouging me by $30k?
I thought it was a fantastic and quite challenging program from a curriculum standpoint. From a logistical standpoint organizing group project work across time zones was difficult at times. Not being able to ask the professor follow-ups in real time is a bit of a bummer, but they were all very responsive via email. Best of all is being able to kick back with a beverage in comfy clothes to watch the lectures in the comfort of your home. Worst part was the prices. I double checked and it cost me exactly $55,080 in total. So at $10k this is an absolute steal. I just wish they'd refund me the difference now.
Because someone figured that they will make the most profit at that price point taking costs into account. Keep in mind that there are also presumably per student costs for things like grading assignments, exams, virtual office hours, etc.
edit: Profit as institution, not just on this program, devaluing their in-person MS programs by charging very little for the online version would be a net negative in profit for example.
This is a complete waste of time and money with the usual bullshit material taught by people who don't really have a clue and completely-out-of-touch-with-reality academic focus (write a buffer overflow!).
If you really want to learn invaluable cybersecurity skills,
start playing wargames. I suggest (1) which is one of the best. If you manage to reach level 25 on your own, then you are elite and the knowledge you gained doing so is not only extremely valuable but something you can be proud of.
(Sidenote: I would hire anyone who reached vortex level 25 on the spot and pay him a six figure salary, without looking at any of his other qualifications/degrees/past experience)
Additionally, read every single phrack (2) magazine from the past 20 years and try to understand most of the material within.
> (Sidenote: I would hire anyone who reached vortex level 25 on the spot and pay him a six figure salary, without looking at any of his other qualifications/degrees/past experience)
This is a strong statement. I remember reading somewhere that Bill Gates said he would hire anyone who has read The Art of Computer Programming by Knuth.
I think these challenges should be collated and put up in a website where motivated individuals can grab the opportunity to prove themselves.
I take the same approach. Have been around many well qualified people who lack critical thinking and thus suffer poor output. There is no amount of education that can correct for this.
My coworkers who stayed in security all did the master's route instead of the competent pentester route..
There are a lot of jobs and they are a lot more stable for people who have studied the fields academically. There's some high pay for those who haven't, but a lot of it ends up being temporary.
Most of the comments I see are about the reputability of an online degree, the value of getting a degree, and comparisons to other similar options. I'm not even sure we're reading the same comments section.
+1 to vortex. I participate often in CTF competitions and it's my go to recommendation for serious people looking to get more involved. Most of the early stages are great because they are no nonsense - they give you the papers explaining the solution, and just ask you to do the work of understanding and implementing them.
Stage 16 is one of my favorite challenges all time. It took me weeks to solve and the solution is very impressive.
I've been stuck for the last few years on stage 23. Unlike the rest of the challenges it is a stenography level, and I'm not convinced that it is still solvable today.
> I'm not convinced that it is still solvable today.
This sounds fascinating since progress does not tend to work that way. What is it about this problem that leads you to think it was solvable in the past but no longer?
The challenge in question is just a jpg of the logo of ruxcon 2004. The password for the next level is presumably steganographically encoded in it. The challenge is much easier (and perhaps only possible) given the original image, but the logo is no longer on the internet. After scouring web archive and using all Google fu at my command I found some instances of the image but all in different sizes/dimensions.
The name of the level is "the properties of a mirror" which hints that you need to find a mirror of the original site in order to solve the level, and I think that the mirrors are no longer online.
Note for anyone unfamiliar that this level is not at all representative of vortex - all the other levels are all hard core exploit implementation and not stego challenges. In general I don't like stego because I feel that it is more of "try to guess what I'm thinking" than solving interesting challenges.
> The name of the level is "the properties of a mirror" which hints that you need to find a mirror of the original site in order to solve the level, and I think that the mirrors are no longer online.
I would assume that if this were the case someone who has already completed that level could check if where they found it was still up? Perhaps this is not the interpretation of the level name that the writers had in mind?
> (Sidenote: I would hire anyone who reached vortex level 25 on the spot and pay him a six figure salary, without looking at any of his other qualifications/degrees/past experience)
It may be obvious but I'm currently drawing a blank. What are other possible non-programming examples of reaching a certain level in a game and that being worthy of an immediate hire (not including the video game industry)? Complete courses via gamified education is a cool concept.
I'm not currently in a position to hire people, see my previous reply to danesparza.
Doing these and other similar challenges and reading and understanding phrack articles would give you a solid foundation to start doing reverse engineering and vulnerability research and reap the rewards that come from successfully doing so.
> Sidenote: I would hire anyone who reached vortex level 25 on the spot and pay him a six figure salary, without looking at any of his other qualifications/degrees/past experience
Anyone reaching 25+ would either:
1) Command significantly more than just (low) 6-figure salary
Having done 25 myself, I was willing to get hired as an employee doing reveng a long time ago. But that was before 2010 and you're probably right today. Good reverse engineers can print money and don't have to work for pointy hair bosses. Good point.
I appreciate your mentioning overthewire and claiming that you'd hire someone on the basis of their ability to make it through these challenges.
I do wish more CTFs kept their challenges online after the competition: good ones and these wargames form what are essentially the problem sets for a top-tier exploit engineering program.
I cut my teeth on these wargames, as well as pwnable.kr/tw and, of course, microcorruption. While working through some of these challenges and finally popping a shell was definitely satisfying, I'm not sure I'll feel "elite" until perhaps I take home master of pwn at cansecwest.
The cost of a master's or doctoral program is significant. It's not just the price of admission, but also the opportunity cost. Most employers who will do education reimbursement only cover a small portion of the cost.
If you leave the workforce to study full-time, then it's often free (with the caveat that you must have a research assistantship or teaching assistantship), but then you lose out on multiple years' worth of salary.
Thanks for sharing. Just out of curiosity, are you in a position to hire somebody -- or are you just suggesting that you would be a willing teammate for somebody with these criteria?
I am, and I disagree with a lot of what the OP put forward.
Security academics, self-taught pentesters, and people who simply gained hard security experience in their day to day jobs each bring something unique to the table. I'm far more likely to pick up the principal engineer with a security MS for a security architect role than I am someone who can prove to me they passed an OSCE.
That said, for the person who can prove to me they passed an OSCE, I'll knock two years off the pentest experience requirement for any such role.
I'm not currently in a position to hire people, but having served in that role in the past, I would given the opportunity not hesitate to follow through with what I said
(practical concerns aside such as figuring out if someone went through the challenges on his own).
So my comment was mostly trying to illustrate that the skills one learns by going through these kind of challenges are extremely useful in practice and the skills one learns by doing an Msc of the sort advertised here pretty much completely useless, assuming one wants to do reverse engineering and vulnerability research and not just push paper, point at his Master's and call himself a "security expert".
Or move to Belgium/Germany where university education costs less than a thousand per year.. And you may enjoy a proper beer as a student.. Afterwards universal health insurance and unionized labour.. All debt free.. Cheers!
Maybe those German universities should get in on this online action! I could do an online masters from Germany just as easily as I do one in Georgia...
That's actually a very interesting idea for a country with socialized education wanting a large academic footprint in the world: also open up your classes to online and service the world. I don't know how expensive it might be, but it's got to be a lot cheaper per student for the university.
The universities in many European countries, are subsidized by the state because education is considered a human right. Having a proper set of teachers, brick and mortar universities, research, etc. costs a lot more than 1k/year per student. While allowing a 5-10% foreign students is good for the remaining 90% because culture, variety, etc., opening up the lectures to people who effectively do not pay taxes, makes no sense.
This is why in Bulgaria, Cz and other countries you see locals paying low rates while other Europeans paying private college fees.
> This is why in Bulgaria, Cz and other countries you see locals paying low rates while other Europeans paying private college fees.
That's incorrect. In EU you can't price-discriminate, based on nationality, regardless of the product or service you're offering. Of course, that applies to EU citizens only. Non-EU citizens do indeed pay higher university fees than locals.
As far as I can tell, the price here (Czechia) is based on language of the study programme not nationality. You can study in Czech for free even as a citizen of another EU (not sure about not-EU) country. I don't think it's particularly practical idea though. The fee for the english version was about 5-6k$ for academic year last time I checked.
Come to think of it, they probably discriminate on the basis of the program language: If you take the English course you have to pay high tuition fees, while if you take the local language program, you don't.
> In theory or in practice? :-) You're right (in theory), in practice I can assure, it happens.
If you're foreigner, haggling at a local flea market, of course it can happen. But in "official" places, this is simply not possible.
And yes, that program discriminates based on language. If you take the version in Bulgarian, you'll pay same fees as locals, though you're usually forced to undergo a paid language course before enrolling.
As someone currently working my way through OMSCS, I imagine that the incremental cost of adding students is very low. I don't know exactly what ratio GT uses, but the only non-digital scaling they do is TAs. With more polishing of the online content and improvement of the auto-graders, they could probably push the ratio down pretty low. Just have to figure out how to do it without compromising the perceived quality of the education. And TAs aren't expensive in any case, I'm pretty sure they are compensated pretty poorly.
I imagine they would just teach it in English. I believe it's pretty standard for Western European students to learn English fluently. Maybe dual language? OMSCS gets a fair number of foreign students from around the world and only teaches in English AFAIK.
Dutch master's are all English for a while now. You don't get the same subsidies as EU residents, though, but it's also no more expensive than this online business and you get to have an actual classroom (for many that's a plus).
I mean I studied Physics at a good UK Uni but it isn't like one of the best in the world or anything.
Then I did Neuroinformatics at Edinburgh which is really competitive due to their reputation in AI etc.
It was fine, ultimately linear algebra etc. are the same wherever you learn it. I think in less objective and more qualitative fields the reputation of the University etc. counts a lot more.
As someone who's taken two linear algebra courses at different schools -- it's really not. When the expected level is familiarity with basic concepts vs. being prepared for a top-tier graduate degree program, the course content becomes very different. When this is aggregated over all of your courses, then you start to get a gigantic disparity.
>The quality of education you'll get there is questionable, though
Why would you think this? From my experience technical universities in Europe do a lot less hand holding and a lot more practical courses than American ones do.
> Belgium/Germany where university education costs less than a thousand per year.
France too, and I suppose most(?) European countries. Many universities have international masters where classes are taught in English. Students come from everywhere, including the US. It's easy to get a student visa.
I know this is an online degree, but just going to throw out there that the states has better beer than Europe these days. And Atlanta is one of the new up and coming stars. My brother in law's brewery went home with a silver GABF medal last year.
Can't speak about Germany, but we have 100Mb/s symmetric internet for about 5$/month at the Charles University student dorms here in Prague.
Technically, there is supposed to be some fairly brutal bandwidth sharing and the speed is not guaranteed in any way but I never had my speedtest drop under 90Mb/s
Universities are a bit of a different bag in general, and yes, I was specifically talking about Germany. There's large differences between European countries when it comes to internet speeds and costs.
Just asking to gauge the community: I'm about to start a full time in person MS CS program at an Ivy League school. The school I'm studying at is not recognized as having an elite CS program, but it is top 20. Will the general prestige of the school I'm studying at help with getting internships and jobs after graduation?
Totally as an aside, but for what it’s worth, 20 years ago when I did my degree I gave myself a rule that I would do 1 extracurricular activity every year that I could talk to for 5 minutes in a job interview.
I theorised that over the course of 4 years (5 as it turned out) would give me 20 minutes of talking time.
It worked. Even with average scores (and a handful of fails) I got a well paying job at a top company. Even back in the late 90’s many hiring managers valued experience and personality equally to academic transcripts.
The extracurricular activities were:
* organised LAN gaming days for 100 people to teach myself networking, event management, marketing etc. Quake was the game by the way :)
* half a day a week work experience for a year at a relevant employer
* involvement in a paid capacity at the student association, taking on leadership roles
* something else I cannot remember now!
It'll help if you learn to network with alumni and pull together a good portfolio for you resume. Consider how balanced your resume looks today and what it's going to look like with only that MS CS program. As you go, investigate what companies are currently looking for and try to balance it with some practical skills that are related to what they are doing. You don't have to program the exact same language, but try to match at the conceptual level. Example: if they used Scala then your Clojure and Java experience is likely enough for them to take a bet on you assuming other fundamentals match up. Things like hackathons etc. might be a good start if you have real world experience today.
It's also good to look for any sort of volunteer position that'll help development of leadership skills. With a master's degree expectations will be that you can develop into a leadership role which doesn't necessarily mean management.
maybe, but you'll still have to interview and do okay. It matters if you are cmu, mit, stanford, berkely, uw (maybe?) but who knows the next tier. this will probably be unpopular but there's so much more demand than available students that just doing a decent job in an interview will yield you all the jobs you could ever want.
Cybersecurity is something that I feel is best self-taught.
Set up a small network at home. Go crazy with nmap. Set up a few VMs. Go crazy with gdb or windbg. The best way to learn is to break things.
If you have an old application or game with serial #. Try to crack it.
Set up an webserver + sql backend, try injections or other exploits. Profile/audit it to see what is happening.
There are websites that document OS, Database, Webserver, etc vulnerabilities. Install older versions and try these vulnerabilities.
Then you can look into worms, trojans, etc. See their code and how they work. And see if you can come up with ways to stop it. Then see how you would bypass your fix.
You can also look at security ( white hate/black hat ) software that audit, pentest, etc. If it is open source, read the source.
The only reason to shell out the $10K is if you are looking for a job.
Looking at all the comments here, I imagine this is more of just a cash grab. They see the trend and the opportunity to make some money using their name. Serious employers would look for OSCP, less serious employers would look for CISSP, or either one for management positions.
I agree that employers are looking for those certifications, but I doubt they are finding them as frequently as they would like. In addition those certifications don't guarantee that a person is the right fit for a particular organization.
So would this Master's degree be a better alternative in an employer's eye or show that someone is a good fit? That's the important question. Otherwise why not get the certifications instead?
NordVPN use these guys as a node along with MIT, plenty of businesses and plenty of *.io domains to pop out in different parts of the world. Would not be surprised to learn there are various analysis of the traffic popping out of NordVPN's openVPN vpn's. Of course if you have 14 eyes, you can watch the encrypted traffic passing along the wires like waves travelling an ocean.
I'd love if there were a CS masters that either let you apply directly or complete a specification to get automatic admission. Perhaps after completing foundational courses with a B average. That would greatly increase access and should be sufficient to weed out unprepared candidates.