Here’s my take on a question I got recently that I wanted to share here.
* If you’re an individual contributor (IC) today who wants to be more technical, go the master’s in cybersecurity route, but there’s many other non-degree ways to get more technical.
* If you’re a people manager today, go the MBA route if you’re trying to lead functions or become a CISO.
Pursuing a master’s degree/MBA can be a great challenge and personally rewarding, but neither can guarantee advancement.
Neither track is guaranteed paths to “manager levels” or achieving a CISO role. Both paths depend on your current role and how your company views advanced degrees. Some view it as a checkbox to higher levels, and some put no stock in either degree.
**Master’s in Cybersecurity for IC**
If you’re an individual contributor (a person who is not directly responsible for HR hiring, performance reviews, firing, etc.) today, a master’s in cybersecurity could help you go deeper technically into the field. This could set you up for higher-level individual contributor roles, like a principal/distinguished engineer.
Of course, getting an advanced degree is never really about where you currently are in life or your current employer. You get an advanced degree to set yourself up for success down the road. It’s more like compound interest.
*It’s for the job after the next job.*
**Master’s in Cybersecurity for Manager Level**
If you’re at manager level already, a master’s in cybersecurity isn’t likely to do much for your advancement, at least not directly. It won’t hurt your chance for advancement, but you’re already expected to be more business-focused and less tech-focused.
You can still get value from a master’s in cybersecurity, especially those focusing on program building and structures. However, unless you come in a CISO, you’re going to have to work within an existing system that may not fit how your courses were set up.
If you’re a manager and using a master’s in cybersecurity as a way to “stay technical,” there are a lot better ways to get technical without a master’s:
* Make something and ship it.
* Do A Cloud Guru or TryHackMe.
* Do the Cloud Resume Challenge.
* Submit a conference talk.
* Write a newsletter.
* Start a blog about any of the above.
* Start a YouTube channel about any of the above.
As you move up in cybersecurity, things become more about the business of running a function and less about the tech work itself. Getting a master’s in cybersecurity as a manager won’t hurt you, but it may not give you the return you hope for.
**MBA for an IC**
On the other hand, if you’re an IC today who wants to be a manager and pursue an MBA, it’s not likely to help you get your first manager role. Landing your first manager role is a whole lot more about timing, who you know, and someone willing to take a risk on you.
Getting an MBA as an IC in cybersecurity won’t hurt your chances of advancement, but it won’t immediately pay dividends in your climb either.
**MBA for Manager Level**
When you’re already at the manager level in the cybersecurity field, getting an MBA is a different story.
1. Getting an MBA while a manager, the classes will be a bit more relatable to what you actually do day-to-day.
2. You’ll start to get associated more with the “business side of things,” and you can play that up.
Understanding, communicating, and enabling the business through cybersecurity should be the ultimate goal of cybersecurity. Businesses don’t exist to be secure. They exist to serve customers and make money.
The goal for cybersecurity is to support the business to be as secure as possible while enabling that main goal. As you advance, keep this business framing in mind. Remember, being a CISO is not a technical role; it’s a business role.
**How do you decide?**
That part is a lot harder to decide which path you want to take. You’ve got to think about your career a few years out and what you might want to do to know how to answer this question for yourself. That requires a bit more methodical thought and planning to get yourself on the right path. I made a tool that I’ve used for years to help me decide this stuff if anyone is interested in seeing that.
Of course, if you want to pursue either (or both!), I’d never advise against it. Many, many paths can get you to your goals. This is just my take from my own path and biases, so take that as you will.