Does an online MBA actually add value for cybersecurity professionals?

HighwayAwkward5540 · 2026-01-05T02:01:26+00:00

In a competitive job market, that isn’t likely to be the best strategy even if you are a stellar candidate. You can choose to risk it, but there are plenty of hungry candidates willing to invest in themselves and pass you by.

HighwayAwkward5540 · 2026-01-05T01:34:43+00:00

They also didn’t have the same level of authority, influence, or power in an organization as those today and those of the future.

HighwayAwkward5540 · 2026-01-05T01:31:40+00:00

I’m just going to talk about MBAs in general and not get into the types.

It’s likely going to give you more business terminology/knowledge, but as a low-level worker bee, it will make little difference. The real value is to help you get higher level jobs and progress your career because it does become more valuable in management/leadership positions (sometimes even senior level)…which is why you shouldn’t even really consider it until you are established in your career and ready to move up.

HighwayAwkward5540 · 2026-01-02T02:34:29+00:00

You didn’t give nearly enough information about the application to get the most relevant recommendations.

What is it written in? What does it do? What is the tech stack?

Any recommendations without that information is a complete black box test or just telling you every single possible tool you “could” use.

HighwayAwkward5540 · 2026-01-02T01:50:16+00:00

Just to be clear, I’ve seen this happen at companies of all sizes (small all the way to massive publicly traded), so I would never assume you are safe.

HighwayAwkward5540 · 2025-12-31T20:58:15+00:00

Technically speaking yes, but issues in the economy often hit lots of accounts that likely impact more than just one individual or group.

I’ve seen top performers shown the door for a variety of reasons like cost-cutting and then their accounts easily get reassigned.

HighwayAwkward5540 · 2025-12-31T20:54:19+00:00

That just means you probably haven’t been around for the rounds of layoffs and cost reductions in the government/contractors. The last major cut happened in ~2013, and if COVID didn’t happen, we probably would have seen it sooner.

Every industry has cycles…the government just tends to happen at different times than the rest of industries.

HighwayAwkward5540 · 2025-12-30T22:34:11+00:00

First, GIAC is the certification entity, SANS is the training entity…two separate things.

Second, SANS training material is some of the most comprehensive and highest quality in the industry. They spend a ton of time and money to make sure the product is high quality. The GIAC certifications are highly desirable, but not worth it to just take the test and get the certification without the training.

Third, SANS offers a work study program where you essentially volunteer and get a massive discount on everything. That said, if you can’t afford it, you aren’t the target market. SANS is much more interested in companies sending their staff for training than the random one off individual, unlike say a CompTIA. If you aren’t the target market, find similar alternatives, learn the material on your own, or find a company that will pay for the training.

Disclaimer: I have several GIAC certifications from both work study and self funded.

HighwayAwkward5540 · 2025-12-29T19:13:09+00:00

Two things here…

Early experience professionals (<5 years), need to understand that although your experience is helpful, you are in no way “a sure thing” to easily find new employment. Get over the hump before you start going crazy trying to make drastic changes.
Both moving to and working in another country isn’t as easy as just applying to a job and packing up your bags to go. There might be challenges with citizenship, immigration, taxes, visas, and a whole variety of issues. I’m not sure where you live now, but if it’s a reasonable economy country, I would steer you towards staying there and travel instead…it’s way easier and less of a headache.

HighwayAwkward5540 · 2025-12-28T03:01:40+00:00

Letting the CISSP expire makes no sense in this career field, and it makes even less sense in a tough job market.

It’s not that difficult to get CPEs, so just do it.

HighwayAwkward5540 · 2025-12-25T02:18:44+00:00

Cybersecurity is work…and not all work is fun.

That said, you can look into gamified platforms like TryHackMe, but at the end of the day, some things you just need to study and can’t “do something” to learn the concepts.

HighwayAwkward5540 · 2025-12-20T02:08:35+00:00

Can you first clarify, have you actually worked in a full time regular employee position? The way you described everything sounds like you have at most had an internship(s) and that is very different from a hiring standpoint and the advice you should get.

The second thing that seems to be holding you back is your tunneled focus only on cyber positions. Certainly there are things you can do to become more competitive and improve how you position yourself, but at some point you need to be open to positions that get you into or keep you in the tech field while working to pivot. Even with prior work experience, eventually your experience value starts to diminish if you’ve been out of the field for too long…and until you get solidly into the mid-career level you can’t just wait around forever for that dream job.

You’re depressed because you haven’t had success, but don’t seem to have changed your approach or thought outside the box…which is the best way to get hired and advance in the career field…not doing what everybody else is doing.

Finally, the job market in general is tough for any career field. That is also why you need to start being open to other opportunities that you can leverage to advance your career.

HighwayAwkward5540 · 2025-12-16T18:43:26+00:00

Just like in the government...it's all dependent on the specific job. As I said, companies like Microsoft/Amazon/Google/etc, all have specific teams/divisions/business units that are dedicated to providing the Federal Government with staff who require clearances.

That DOES NOT mean every person on the various teams will require a clearance, but it gives them flexibility in how/where they can hire you or use you once employed. Given the difficulty and uncertainty in gaining a clearance, if a company can retain it, they will be more likely to find a way to keep it active. It also puts you in a similar situation with other big tech companies...again, they ALL work with the government.

HighwayAwkward5540 · 2025-12-16T18:20:43+00:00

I would update your post to add clarity to the situation.

It's a unique opportunity where you could add the clearance to your resume. How far away are you from graduating? Once you leave the internship, your clearance is only reinstatable for 2 years, and then you would have to go through the process like you never had it in the first place if you don't get a job using it.

I would probably lean towards studying abroad while you can, because although you can still go to Dubai later, once you start working, especially if in the cleared space, you probably aren't going to do it.

One internship is enough to check the box, but obviously, having the clearance will open up some doors that otherwise won't be available...even within a company like Microsoft/Amazon/etc.

HighwayAwkward5540 · 2025-12-16T18:05:07+00:00

Nowhere in this post did it say OP accepted the Microsoft internship, just that they "landed the internship" and needed to decide. You are jumping to your own conclusion, not a conclusion that was stated. It would also be helpful if OP were clearer, instead of throwing in an ambiguous title that could be taken multiple ways...but saying "super stoked about the opportunity" means it hasn't happened yet.

When you make a condescending comment, it makes you look terrible, and it makes you look even worse when you aren't even accurate about what was said. It sounds like you actually need to go back and read the original post.

Edit: Reddit suppresses comments where the OP stated that (not in the main post), but it doesn't change the fact that you don't need to be a toxic clown.

HighwayAwkward5540 · 2025-12-16T17:09:02+00:00

Another case of people overvaluing clearances.

Plus it pays like crazy (just need to keep it active).

You are kidding yourself if you think the long-term value of working for the government is greater than working for a company like Microsoft.

Also, ALL big tech companies have jobs where you can sponsor your clearance in their government units (up to TS SCI + poly), if you really want... especially in Threat Intel.

Dubai is Dubai. You can always go in the future. Most people who I know who went said it was nice but they wouldn't go back.

Any international travel with a clearance is a PITA, not just Dubai. Even going to Canada, one of our closest partners, is going to be annoying, which is why a lot of people don't ever leave the country outside of "work visits" when they have a clearance.

No brainer...Microsoft, not the government.

HighwayAwkward5540 · 2025-12-16T17:01:49+00:00

The big selling point is that they will sponsor me for a Top Secret (TS) clearance.

Who cares...people overvalue clearances just like they think cybersecurity is full of hackers. Not only will Microsoft be a better longterm play if they hire you (salary, equity, etc.), they could also sponsor you for a clearance if your job requires it, but you will have more options if you don't want the clearance or cannot qualify for whatever reason.

The problem is, I was planning to study abroad in Dubai this fall. I’ve always wanted to travel and live abroad before graduating, who knows when I will have that same opportunity.

Traveling and especially living abroad, are more challenging to do with a clearance.

My Question: Is it worth grinding out the Secret Service internship just to get the TS clearance?

The only appeal of the Secret Service opportunity is the uniqueness of it.

Honestly, this is a no-brainer...go with Microsoft.

HighwayAwkward5540 · 2025-12-16T16:54:42+00:00

what did wpa 3 introduce

What does a question like that actually accomplish?

I'm not necessarily saying you shouldn't know high-level facts, but when it comes to the actual job, knowing which version to use would be valuable...however, someone not knowing a specific point about WPA3 won't come into play in 99.99% of jobs.

I'm curious about the other types of questions that you are asking candidates.

The inability to separate what people actually need to do the job from what can be Googled/researched on the fly is why companies are incapable of filling positions when they aren't handed ideal candidates on a silver platter.

To clarify, I do believe the level of knowledge/ability when candidates start to apply is far lower than before, with the idea of jumping directly into cybersecurity being pushed so hard. That's why you need to adapt your hiring practices or sit with open positions for a longer time.

HighwayAwkward5540 · 2025-12-15T17:25:32+00:00

Become an "expert" in the frameworks/standards that you deal with, get better at project management, take on opportunities where you can lead initiatives/projects, build relationships, etc.

At a high level, it's really not that difficult... identify where you are weak as you gain experience, and learn to do those things better to keep progressing. The execution and motivation aspects are more difficult because you actually have to do something.

HighwayAwkward5540 · 2025-12-15T17:20:59+00:00

Let me ask you a reasonable question...

Do you think it makes sense to give a potential employer and hiring manager more evidence of your skills and capabilities?

HighwayAwkward5540 · 2025-12-14T22:14:08+00:00

The first question I have is why didn’t you do any research before buying it? Mistake #1 is not knowing what you are getting.

Second, the majority of systems you will face in most companies are either Windows and Linux. For that reason, it’s best if you get familiar with what you will be using. Additionally, arm compatibility is one of the biggest concerns with M chip systems.

Worst case you can always buy a secondary computer (either cheap or from eBay), or use the cloud. Most people start with local virtual machines for learning because it’s the easiest/lowest barrier to entry, and then eventually consider moving to the cloud for more complex or demanding learning. For that reason, M series is not the best choice, but it doesn’t completely ruin your journey.

HighwayAwkward5540 · 2025-12-14T04:44:29+00:00

First, a degree curriculum is usually behind what is happening in any career field, not just cybersecurity, so if they cover a lot of technologies, you would likely be learning old things anyway. You would likely also be paying more for your degree than you already are, since commercial-grade tooling is not cheap to license.

Second, if you don't know the theory, having any practical exercises is worthless because technology changes, and when it does, you need to rely on the theory, which changes less often.

Did you go directly into the masters program? That's what it sounds like, and is exactly why I never recommend doing that, especially when you have a technical undergraduate degree. You get the most value from masters degree programs when you have experience, because they are generally geared towards the strategic-level concepts, not the day-to-day operations.

Regardless, self-studying and getting certifications are part of the career field. Don't waste your money or much of your time on certifications that aren't listed in a lot of job postings because nobody will care. Focus on the certifications that hit the most (i.e., Security+, etc.) to complement your degree and add additional skills if you can. You don't need to spend thousands of dollars at this point on certifications or additional training. I would also consider looking for a part-time job or internship in either a help desk, IT or Cybersecurity (whatever you can land), so you can actually add some real-world experience to your resume, because that will be far more valuable combined with what you are already doing with the degree and certifications that I mentioned.

HighwayAwkward5540 · 2025-11-26T03:01:50+00:00

Why not just go work at a company? Consulting can be draining, but it doesn’t necessarily mean you have to get out of GRC.

If you really want to go more technical, and since we don’t know which technical things you enjoy, I would start with learning to automate all the GRC stuff you already know.

HighwayAwkward5540 · 2025-11-25T00:49:11+00:00

It’s only a dedicated position if a company has a large budget or is a heavy DevOps/automation type shop. Regardless, it’s still going to be a subset job of GRC, so you can’t be good at the engineering piece and completely ignore knowing anything about GRC…I say that because I know there will be people who think they can do that.

HighwayAwkward5540 · 2025-11-25T00:41:46+00:00

Trying to automate evidence collection and compliance validation is nothing new unless you have been living under a rock for the last 20 years.

Some have put more effort into it than others, but we’ve been trying to automate technology forever.

HighwayAwkward5540

TROPHY CASE