I have just recently been accepted in one of Europe's most prestigious universities to earn a Master of Science in Computer and Communications Security. I am currently happy with the work I am doing (broad IT -- systems admin, network admin, etc.), and I am planning to specialize in information security. I currently hold an MCSE, but I am really wondering if a Master of Science is really worth the time (12 months) and money. Should I go for professional certifications (CISSP) instead? Or would the ideal case be to do both?
If you plan to work in a primarily or all-Microsoft-oriented IT environment, the MCSE (or its successor certs, which will probably be announced in 2007 coincident with the release of Vista Server platforms) will probably remain useful for the foreseeable future. Otherwise, it's probably not necessary. Certainly, any serious InfoSec professional will want to obtain a CISSP and possibly other security certifications as well, perhaps from the SANS GIAC program. Perhaps you'll want to consider Security+ as a good starting point and then perhaps more senior certs such as those from ASIS International like the Certified Protection Professional (CPP), Professional Certified Investigator (PCI) and the Physical Security Professional (PSP).
If you want to do security in a Microsoft setting, then, MS certs remain relevant. Outside that context, however, they will probably add little value to your bottom line. HTH, and thanks for posting.