I would be interested in any feedback from others who have done online Infosec programs. I’m especially interested in details regarding the various MS programs; I’m planning to begin pursuing an MS in January, possibly at UMUC. I’ve also considered Norwich, Lewis University, James Madison University and Northeastern (expensive).
I earned an A.A. from a community college in California, attended classes online at another CC, took some courses by distance from the University of Leicester (UK) and attended law school for a year (despite not having a B.A. in hand yet). I’ve been in IT for ten years full-time and four years part-time before that. I’ve worked as a programmer, network engineer, and manager. I’ve never had a dedicated security job, but it’s been a primary interest for me. I read a lot, I’ve published some papers, and I consider myself knowledgeable in the area. The only certification I have is the Security+.
The curriculum is pretty solid. Currently, it requires lower division courses in databases, programming, networking, and web technologies. I didn’t have to take any of those because of my prior coursework and work history so I don’t know what those classes are like. Some of my classmates really had trouble in Software Architecture (which has a weekly programming lab) so my suspicion is that the single programming course just isn’t adequate. I’d rather see a two-semester lower division programming sequence. I’d also like to see system administration (Windows, Linux, or both) as a core course in the IT program.
The upper division coursework is split between general IT courses (communications, software architecture, network architecture, project management, etc) and security courses (forensics, ethical hacking, security management, OS security, application security, etc). I don’t know that I’d change anything. It would be nice to have a dedicated course in malware or wireless security, but I don’t think any of the current courses are wasted so this would really be a matter of swapping one elective for another to fit my interests/strengths.
The courses do cover technical material, but there is a strong emphasis on management and procedure. If you want to be a vulnerability researcher, malware analyst, or application security guru, you’d be better of majoring in CS at another school. This program is geared toward people who want to be in management or consulting roles that bridge the gap between the business and technical sides, not toward people who want to be in purely technical roles. I’m in a low-end IT management role right now and am hoping to snag a higher position as a security manager or IT director down the road.
You get out what you put in. The instructors are facilitators. They participate in and comment on the discussions and are available to answer questions, but most of your learning takes place from assigned readings, labs, and training videos/lectures. The textbooks are supplemented with outside articles, NIST documents, short video lectures, chapters from other books (available electronically within the class), as well as training materials from courses from Microsoft, EC-Council and others. I didn’t find the training materials very useful; I learn better from reading on my own and the training tends to provide less detail than a book. The e-books are nice and help students avoid having to buy a second or third textbook.
The assigned readings are usually enough for you to do well on assignments and labs, but, as with any class, you’ll learn a lot more if you do additional testing/reading on your own.
A lot of people had trouble with Discrete Math, but the school provides a tutor to lead a live supplemental instruction session every week and that seemed to help people a lot. I didn’t use the supplemental sessions so I can’t comment first-hand. I don’t know of any other courses with supplemental instruction.
The labs are too step-by-step and don’t require enough critical thinking/deductive reasoning. They can teach you some of the features of a tool, but won’t do a lot to help you to understand how to solve real-world problems using the tool.
The papers sometimes focus on a purely academic question, but most of them are tied to a project scenario, i.e. creating an incident response plan for the fictional Mega Corp or designing a network architecture for Happy Health Systems. There is a grading matrix for each assignment. If you read those ahead of time you will know what areas your paper needs to cover.
The program is more work than I expected. I already have strong technical skills so learning the material is easy, but the required work output is high. Most courses require you to write a paper every week and, in most of those, you’ll need to write 5-10 pages for a good grade. Occasionally, I write papers as short as 3-5 pages, but my average is about 12 pages and my longest single paper was about 20 pages. The only course I took with consistently shorter papers was a literature course I needed to fulfill a missing requirement. Most courses require a final paper that is made up mostly of your previous papers with a small amount of new material. My final papers have ranged from 35 to 68 pages.
At Capella, I write close to 100 pages of original material per course. By contrast, I don’t think any of my community college classes required a paper longer than five pages. I might have had to write a ten page paper somewhere along the line, but it was at least a rare event. The most writing intensive courses I took outside Capella were in archaeology and physical anthropology: I had to write five three-page papers and two in-class essays for both of those. My wife attended a nearby state university and she says that she probably wasn’t required to write any papers longer than about ten pages and not more than five papers per course.
If your writing skills are poor or you have trouble organizing your thoughts on paper, this probably isn’t the program for you.
As a former software developer, I thought the programming assignments (for Software Architecture) were really easy. Some of my classmates who had little or no prior experience had a much harder time. I think they should add another lower-division programming course so that the upper division programming assignments can be at a more appropriate level. I don’t think the program would be too challenging for someone with no experience, but I recommend learning some Java ahead of time if your work schedule will limit your study time during school.
Capella’s student services are decent. I’ve never had a problem with academic advising. I transferred in units from two different schools, placed out of a few pre-requisite courses based on professional experience (I didn’t get college credit for those), and also completed a “prior learning assessment” for two other courses (which I did get credit for). All of this went smoothly.
I had a major financial aid problem one year when Capella insisted that my FAFSA was not completed. After talking with a couple of financial aid advisers I was told to contact the FAFSA people to get them to fix a problem that was supposedly on their end. After several more calls with both sides I found an adviser at Capella that was able to figure out the problem (on Capella’s side) and I got the problem resolved. It was extremely frustrating, but I haven’t had any problems before or since.
I think Capella has been worth my time. I haven’t grown my technical skills much, but I didn’t expect to. For someone just starting out, the technical aspects of the program would be much harder. I will leave with better management and planning skills. Management is challenging, but underrated. It’s hard to plan, coordinate, organize, and document large projects. Capella has given me a lot of practice developing plans for various information security programs and I think it will come in handy for me.