career

MBA vs. Master's in Cybersecurity

Dive into our comprehensive comparison of an MBA and a Cybersecurity Master's degree. I'll discuss the benefits, drawbacks, and career outlook for each, helping you make an informed decision. Which is better for your career aspirations? Let's explore!

Mike P

Apr 28, 2021 • 3 min read

The TL;DR

For technically inclined individual contributors (ICs), a Master's in Cybersecurity is beneficial.
Current people managers should consider an MBA for leadership roles, such as CISO.
Neither an MBA nor a Master's degree guarantees career advancement, and organizational views on these qualifications can vary.
These qualifications can be seen as stepping stones to future roles rather than immediate career boosters.
There are many other ways to get technical or go deeper outside of an advanced degree.

Considering a Master's in Cybersecurity

For Individual Contributors

If you’re an individual contributor - a person who is not directly responsible for HR hiring, performance reviews, firing, etc. - today, a master’s in cybersecurity could help you go deeper technically into the field. This could set you up for higher-level individual contributor roles, like a principal/distinguished engineer or an architect.

Of course, getting an advanced degree is never really about where you currently are in life or your current employer.

You get an advanced degree to set yourself up for success down the road. It's more like compound interest.

It's for the job after the next job.

For Manager Level

If you’re at the manager level already, a master’s in cybersecurity isn’t likely to do much for your advancement, at least not directly. It won’t hurt your chance for advancement, but you’re already expected to be more business-focused and less tech-focused.

You can still get value from a master's in cybersecurity, especially those focusing on program building and structures. However, unless you come in as a CISO, you're going to have to work within an existing system that may not fit how your courses were set up.

If you're a manager and using a master's in cybersecurity as a way to “stay technical,” there are a lot better ways to get technical without a master’s:

Make something and ship it.
Do A Cloud Guru or TryHackMe.
Do the Cloud Resume Challenge.
Submit a conference talk.
Write a newsletter.
Start a blog about any of the above.
Start a YouTube channel about any of the above.

As you move up in cybersecurity, things become more about the business of running a function and less about the tech work itself.

Getting a master’s in cybersecurity as a manager won’t hurt you, but it may not give you the return you hope for.

Considering an MBA

For Individual Contributors

On the other hand, if you’re an IC today who wants to be a manager and pursue an MBA, it’s not likely to help you get your first manager role.

Landing your first manager role is a whole lot more about timing, who you know, and someone willing to take a risk on you.

💡

Employers typically want to see a "sure thing" when it comes to management roles. Employers don't like to take chances on training managers; they just want to bring people in who already have the skills.

This is what makes landing your first manager job so hard, but more on that metamorphosis in a later blog post.

Getting an MBA as an IC in cybersecurity won’t hurt your chances of advancement, but it won’t immediately pay dividends in your climb, either.

For Manager Level

When you’re already at the manager level in the cybersecurity field, getting an MBA is a different story.

Getting an MBA while a manager, the classes will be a bit more relatable to what you actually do day-to-day.
You’ll start to get associated more with the “business side of things,” and you can play that up.

Understanding, communicating, and enabling the business through cybersecurity should be the ultimate goal of cybersecurity. Businesses don't exist to be secure. They exist to serve customers and make money.

The goal of cybersecurity is to support the business to be as secure as possible while enabling that main goal. As you advance, keep this business framing in mind. Remember, being a CISO is not a technical role; it’s a business role.

Deciding between an MBA and a Master's in Cybersecurity

That part is a lot harder to decide which path you want to take.

You've got to think about your career a few years out and what you might want to do to know how to answer this question for yourself. That requires a bit more methodical thought and planning to get yourself on the right path.

Of course, if you want to pursue either (or both!), I’d never advise against it. Many, many paths can get you to your goals.

This is just my take on my own path, filled with my own biases and goals, so take that as you will.