MSCIA Done in 4.5 Months - My Thoughts

Reposting with edits to follow the subreddit rules this time, oops :P I completed the MSCIA in just over 4.5 months, having started the first of July 2022 and finished the coursework on the 19th of November 2022. I have a BS in Cybersecurity from a different university and almost 1.5 years of experience in a cybersecurity/blue team position. I initially was planning to complete the program over two terms but found I was able to accelerate using knowledge I had from both my BS and my work experience. I’ve included various resources, tips, and my thoughts on the classes I took. I didn’t transfer in any credits so it’s a full discussion of all 9 classes in this degree program.

General Notes

  • Do a little bit of work every day. Even if it’s just writing one rubric item for a PA or studying a few flashcards, putting in work every day helps keep momentum going. I only took breaks between classes when I was waiting for my program mentor to open more classes for me (which usually took a day or so since most of my courses I would complete on a Saturday). I definitely started feeling burnt out near the end of my program since I had been going nonstop, but I was so close at that point it gave me the motivation to keep pushing to the end.
  • Use the course chatter for every class. I found that a lot of students would drop helpful hints or resources they used to pass their classes, and it gave me motivation to keep working at it. Also look at announcements and course tips as they can contain useful resources.
  • Search for the class number (C7XX) within both r/wgu and r/WGUCyberSecurity. A lot of students will post their own writeups on how they studied for or passed the courses that will usually have great resources. This was one of the first steps I would take each time I started a new class. I would bookmark or send myself the links to the most helpful threads so I could find them again.
  • To be honest, I didn’t watch the cohorts. I’ve heard they are helpful, but I have a short attention span (ADHD lol) and I found I didn’t need to watch the cohorts to be successful in my courses. The only cohort I attended for the capstone and that is because it is required to get topic approval from your course instructor.
  • The most helpful book across all courses is the CISSP (ISC)2 certified information systems security professional official study guide by Chapple, Stewart, and Gibson. Pretty much everything you need to know is in that book as the program is based off of the CISSP exam. Do the end of chapter questions for relevant chapters in that book. I made myself a study guide based on it with the right and wrong answers explained in order to help increase my understanding and retention of the material.
  • For courses with an OA, go ahead and do the pre-assessment first before reviewing any of the material. This will help you target your studying towards your weaker knowledge areas, and the pre-assessment can be taken as many times as you need to review and check your knowledge. Note that the questions for the pre-assessments don’t change, so if you’re anything like me you’ll be at risk of just memorizing the answers and not actually having a gauge for your knowledge if you take it more than twice.
  • For courses with a PA, STICK TO THE RUBRIC. I hate to beat a dead horse here, but as long as you follow the rubric and include everything they ask for, you should pass no problem. I used heading for each rubric item in order to ensure that the graders knew where to look for each item. If the rubric says to give 2 examples, only give 2 examples. Don’t create extra work for yourself. When you’re revising your paper, compare it against the rubric to make sure you’ve included everything they’re asking for. It really is that simple.

C700 - Secure Network Design (8 days)

This was the first class I took. I found it to be pretty easy, with my least favorite part being the network diagram. I find that the instructions for PAs are always fairly vague when detailing requirements for diagrams, which is annoying but also allows for a bit of leeway when creating diagrams. I don’t remember using any of the materials provided to help me through this course, since I already had experience through my job, but I did use some reddit posts to help guide me through the rubric. My paper ended up being 16 pages.

C725 - Information Security and Assurance (15 days)

This class is an OA that, for me, required covering a lot of content. The course itself goes over most of the 21-chapter CISSP book. I did not read all of those chapters. Instead, I made a study guide for myself using the end-of-chapter questions and identifying the explanation of both the right and wrong answers. This took me close to two weeks (with a few days to study the finished guide) and is what got me through the OA. I would share my study guide but I don’t want to get the post removed because the questions belong to Sybex. The OA itself is very much “mile wide, inch deep” but it still requires a pretty wide breadth of knowledge.

C727 - Cybersecurity Management I: Strategic (19 days)

This is one of two classes with both an OA and a PA. I could have finished this one more quickly if I wasn’t on vacation during part of it, which slowed me down as I did want to enjoy my time off work. I chose to do the PA first, that way I would have gone over the material that would be covered in the OA. My paper ended up being 31 pages total and is essentially a paper on compliance to PCI DSS, HIPAA, GDPR, etc. For this paper, I first made bullet points for what I planned on discussing in each item of the rubric then went to work on actually drafting it out. I found that this method helped a lot for this paper due to having to identify the different areas of compliance required to address (and why) in the PA. I don’t remember much about the OA, but I passed it with a fairly high score and studied for it for about 6 days. I used the study guide I had created for C725 and added the review questions from any chapters missing in order to study the material.

C795 - Cybersecurity Management II: Tactical (12 days)

The other class with both an OA and a PA. This class aligned pretty closely to my IRL job, so I was able to breeze through the PA. The PA requires you use a template but the instructions in the rubric and the template are both pretty clear. My paper was only 5 pages and passed without issue. The OA was also pretty easy, I used the study guide I created (and added chapter review questions where necessary). The majority of the course time I spent was studying for the OA to ensure that I’d pass.

C701 - Ethical Hacking (28 days)

I spent about a month on CEH. I could have spent much less time but I wanted to be sure I was ready for the exam. I did not use Boson at all since it was more than I wanted to spend. Instead I used Viktor Afimov’s Udemy practice tests which I got for $15. They go on sale basically every week so just wait for a price drop rather than paying the full amount. I also supplemented with free test dumps. I ended up with a 95% on the CEH as Viktor’s practice tests were essentially the exam.

C726 - Cybersecurity Architecture and Engineering (13 days)

This was my least favorite class of the program. I felt the rubric and the instructions within the template were vague, and information asked for within the template were not covered in the resources. I didn’t use the books at all for this class as they didn’t really have the information I needed. Instead I used a lot of write ups from other folks on the subreddit and made the rest up as I went. Task 1 was 15 pages, and task 2 was 18 pages.

C702 - Forensics and Network Intrusion (11 days)

I spent a little less than two weeks on this course. I’m not a huge fan of forensics so I wanted to get through it quickly. I took the PA right off the bat and passed, but didn’t feel comfortable enough to take the OA. I didn’t want to read the entire book since it was lengthy, so I used the practice questions at the end of each section, the PA, and the study notes compiled by a WGU grad. That was enough to carry me through the OA and pass by a comfortable margin. The OA is generally a lot of memorization on different facets of the technological or legal aspect of forensics.

C706 - Secure Software Design (6 days)

I found this class to be pretty straightforward. It was mostly a review of stuff that I had already covered for C725, C727, and C795. I reread chapters 20 and 21 in the CISSP book and went through some of the content in the other book as well. I used a couple of quizlets to study and refresh. The OA aligns pretty closely with the pre-assessment and there were no unexpected surprises in the OA. Know the software development models, types of attacks, and least privilege. Also brush up on your access control models. The questions themselves do not go that deep into the content (in my opinion). Overall, pretty easy course and a nice break before the capstone.

C796 - Capstone (20 days)

Phew, this class was a beast. It wasn’t that it was more difficult than the others, but it did require a lot of work. This class took me longer to complete due to me being out of town for 3 days over Veterans day and the requirements involved.

  • Task 1: 7 days to complete. It could have taken less time but I had to choose a topic, attend the cohort (which is required), ensure the topic hit all the requirements, complete the topic approval form, and get it approved by my course instructor before I could submit. Overall the process is pretty painless, it just takes time. My main piece of advice is to go ahead and outline (using the requirements for tasks 2 and 3) what you’ll write for each rubric item. That way you can ensure your topic will cover all the points with the added bonus of the paper being easier because you already know what you are planning on writing for each of the rubric items.
  • Task 2: 5 days to complete. I started the second task while I was waiting on the evaluation for the first task, which should work for most people since your CI has to approve your topic proposal before you can turn in task 1 for evaluation. My paper ended up being 34 pages long, which includes a cover page, table of contents, and 4 pages of references. So in total I wrote about 28 pages. The cohort helped a lot in understanding the requirements, though I did reach out to my CI once to get some further clarity. This is where my outline really helped, because I already knew what I was going to write for almost every point of the rubric. How much you write is going to depend on the topic, but make sure you fully understand what the rubric is asking and hit every required point. Overall the requirements are fairly straightforward (once you attend the cohort) so it should not be too difficult to knock out.
  • Task 3: 6 days to complete. I took a three day break in between submitting task 2 and starting task 3 because I was out of town. This paper ended up being longer than my task 2 paper at 36 pages, including a cover page, table of contents, and 2 pages of references, equaling out to a written 34 pages. The paper itself I felt was easier than the previous task, mostly because this one was a lot more repetitive. The key is really understanding your solution and explaining minorly different facets of it. For my final deliverable I did a network diagram, which was the easiest choice for my project, but what you choose will really depend on your topic. Be sure to carefully read the rubric to ensure you’re hitting every point they require, that way your paper doesn’t get kicked back. I always review my papers against the rubric and I never had a paper returned for revisions. The final task was fairly straightforward and I received my feedback with a pass on the same day.

Overall, I didn’t find the capstone to be difficult. It was certainly a lot of writing, but honestly I felt the instructions were clearer and the assignments themselves easier than other classes (such as C726). Definitely use the capstone archive to get an idea of what kind of topic you can choose to write on and how to structure your paper. Overall, be creative and have fun with it- it’s your victory lap!

Final Thoughts

I enjoyed this program overall. It was a great option for me to work at my own pace since I often feel that college moves too slowly for how I learn. I was certainly frustrated at times, but I was able to use a variety of resources to find the answers I needed and do well in the program. The program covers a variety of topics but is very policy-heavy (as one would expect a master’s program to be). I think my next goal will be getting CISSP sometime within the next couple of years. I’ve had enough studying for a while though, I think!

Lastly, a huge thanks to everyone who has helped me through this degree, especially my fellow night owls on reddit and the course chatter who helped make sense of some of the more convoluted class requirements. You have my gratitude and I hope that, by writing my thoughts and methods, I’m able to help someone else in the same way you all helped me.

If you have any questions, let me know! I’m happy to help and contribute knowledge in any way I can. Now to wait on my graduation application!