What's next after the Master's degree?

After two years of hard work, I recently earned my Master of Science in Cybersecurity from Excelsior College. So now the question I am getting from everyone is what are you going to do next? Some have asked if I was going to pursue a PhD. At this point of my life, a PhD is not something that I desire to pursue (at least in the foreseeable future). 

My next pursuit will be earning the Certified Information Systems Security Professional (CISSP) certification. The CISSP was developed by and is governed by the International Information Systems Security Certification Consortium, also known as (ISC)². In order to gain CISSP certification, you need to have five years of information security (infosec) experience (or four years and a degree) and an endorsement from another current CISSP. Oh yeah, did I mention that you have to pass a six-hour, 250 question multiple choice exam with a score of at least 70 percent based on eight different areas of knowledge (domains):

  • Security & Risk Management (Security, Risk, Compliance, Law, Regulation, Business Continuity)
  • Asset Security (Protecting Security of Assets)
  • Security Engineering (Engineering and Management of Security)
  • Communications and Network Security (Designing and Protecting Network Security)
  • Identity and Access Management (Controlling Access and Managing Identity)
  • Security Assessment and Testing (Designing, Performing, and Analyzing Security Testing)
  • Security Operations (Foundational Concepts, Investigations, Incident Management, Disaster Recovery)
  • Software Development Security (Understanding, Applying, & Enforcing Software Security)

As you can see, preparing for and passing the CISSP will not be a walk in the park. Given that I just completed my graduate work in cybersecurity, much of the material should still be fresh in my mind. I will be using the following books to prepare for the exam:

Ultimately, once I pass the CISSP, my plan is to focus on mastering one of the eight domains to become a knowledge expert in that particular area. It’s not just about getting the certification. It’s about knowing the certification and being able to apply it successfully in the workplace. Wish me luck!