Earn a Master of Science in Information Security
SANS Technology Institute Master of Science degree programs offer candidates an unparalleled opportunity to excel in the two aspects of security that are most important to the success of their employer and their own careers: technical mastery, and managerial competency.
The technical mastery comes from the combination of
- An uncompromising, research-based technical curriculum that allows you to master the most current threats, the most effective techniques to block them, the underlying principles on which those techniques are based, and the leading edge of research in each area.
- A faculty that includes the most highly rated instructors in the security field - people who have written the best-selling books, people who are shaping the future of security, people who bring practical, real-world experience and case studies to the class and help you gain confidence in your mastery; and
- Research assignments that involve you in current, important areas of security, and enable you to publish research that can help move the field forward.
The second area in which SANS degree programs help you excel is in management skills that are so often lacking in otherwise effective technical professionals. Technology initiatives, and particularly security initiatives, are too often destined to fail because of missing management and communications skills. Both programs are writing intensive with technical research papers required for most courses.
Management skills that are central to success in information security include the following:
- Effective advocacy of information security
- Management, motivation, and evaluation of technical staff
- Budgeting and finance
- Project management in information technology
- Effective spoken and written communication
- Teaching and mentoring skills
These skills are taught in special courses focusing on them, but they are also reinforced in special add-on activities that are woven into other courses the student takes.
Corporations are desperate for security professionals who are both technically advanced and who have effective communications and management skills. While reviewing the SANS Technology Institute application to establish new Master of Science degree programs, the Maryland Higher Education Commission received input from several individuals, academic institutions, and associations. Three of those inputs provided overwhelming evidence that the demand for SANS Technology Institute graduates is very real and not being filled by other institutions:
The chief information security officer at one of the largest defense contractors wrote,
I understand the State of Maryland is potentially looking at a program to train information security personnel into management roles. I feel this is a critical issue that needs to be addressed in order to develop the right security managers for the future.
In upgrading the staff and in hiring new people for security management positions (we'll be hiring at least ten more over the next two years) the most difficult problem I face is finding technical security people who also have good management and business and communication skills. The success of our security programs depend on our finding those people. I have had to remove purely technical security people in management roles because they had never learned how to make the business case in language the business leaders (CIO's) can understand.
I teach information security courses at George Washington University and at Georgetown University. The programs at GW and Georgetown, like those at every other university of which I am aware, is almost entirely technical. I know of no program, other than the efforts of the SANS Technology Institute, that seeks to train the multifaceted managers we so critically need to improve security in this country.
The Chief Information Security Officer for the State of Maryland concurred,
Security leadership is challenging because it demands a combination of skills that are not commonly developed in IT professionals and that are not commonly taught in undergraduate or graduate programs.
First, execution of a security program requires mastery of the technical details of networking and security. Security is implemented on computers by system administrators and on networks by network administrators. Security leaders lacking deep and current technical knowledge, too often, see their initiatives blocked by more technical people who use their technical knowledge to say an initiative is impossible or will harm applications. That might lead one to conclude that technical experts make great security leaders. Technical mastery is necessary but not sufficient.
A second requirement for successful security leadership is not technical. Security programs often fail when the security leaders cannot present their proposals, both in writing and in speaking, in credible and persuasive ways to non technical agency heads. Moreover, security leaders who do not understand the legal, regulatory, and ethical constrains under which they operate can be caught up in legal difficulties that overwhelm the technical initiatives. And security leaders who have no project management skills especially project management involving multiple independent groups working together cannot hope to execute complex security initiatives successfully.
The Chief Information Security Officer of the Department of Energy's Office of Science wrote,
I am writing to say that we at the Department of Energy have a huge requirement for computer security managers who combine technical security skills with management, communications and business skills. I have seen too often in my career, technical people getting promoted to management positions because they understand the technology. Understanding the technology is just one part of the equation. Communication and business skills combined with good project management principles provide the foundation for success. In my opinion, when security projects fail, it is because one or more of the basic skill sets are lacking. This makes the organization fail and our Department less secure.
Over the next 20 years, information technology will become so central to all aspects of our lives, from recreation to warfare, that information security will rise in importance and scale. It will become a profession with more than 500,000, and perhaps 1,000,000 people employed in positions in which they have significant roles in shaping the security of their employers' systems. Those people need managers - technical directors and chief information security officers who are deeply skilled in the technology and who have excellent management skills.
If you aspire to help lead your organization's or your country's information security program, and you have the qualifications, organizational backing, and personal drive to excel in these challenging degree programs, we will welcome you into the program.