My educational journey has been a long and interesting one. But this little vignette concerns my experience with researching and starting my Ph.D.
I have to thank friends, educators, teachers, and colleagues who had shared many of their own experiences with me, both good and bad because without them, I would not be as close to starting the education that I envisioned when I finished a Masters in Information Assurance in August of 2009. What follows here is a summary of our combined experiences.
When I finished the Masters of Science in Information Assurance at Norwich University, my mentor and friend, Dr. Mich Kabay, strongly encouraged me to take a Ph.D. I took his advice to heart and started looking for suitable online colleges. I felt that the Masters in Information Assurance from an NSA Center of Academic Excellence in Information Assurance (NSA CAE IA) had fit my goals perfectly, so it seemed logical that I continue by taking a Ph.D. in Information Assurance from an NSA CAE IA as well. My goal presented fewer choices for online Doctor of Philosophy degrees than say, a Ph.D. in Education because Information Assurance (IA) is a relatively young discipline. Having fewer choices did NOT make the selection process easier. Quite the contrary, it has been tough balancing the options and finally alighting on a program that seems most likely to allow me to follow through and fully complete the program, as well as will fit in with my current life situation.
Here were the schools that I found that offer Ph.D. degrees online that are NSA CAEs:
- Dakota State University, Madison, South Dakota[1]
- Nova Southeastern University, Ft. Lauderdale, Florida[2]
- Capella University, Minneapolis, Minnesota[3]
There is one more university that is an NSA CAE, but does not offer a full Doctor of Philosophy degree(s); rather, they offer a Doctorate degree in Information Assurance.
- Colorado Technical University, Colorado Springs, CO[4]
One more online university offers a Ph.D. in Management, with an emphasis on Information Security, but they lean heavily toward management and pull the student in that direction. Walden University is not an NSA CAE, and they also offer Doctorates rather than full Ph.D. degrees.
- Walden University, Minneapolis, MN[5]
It is worthy of mention here that all of the above-listed universities are regionally accredited by the US Department of Education for their respective regions\states. I mention this because there is another player in the Information Assurance Ph.D. field, the University of Fairfax[6]. The problem is that the University of Fairfax lacks the accreditation that the five above-listed institutions possess. They obtained a ‘distance education’ accreditation from the Accrediting Commission of the Distance and Education Training Council (DTEC) in January of 2012[7], which is nice for them, but for me, I will only attend a fully regionally-accredited institution. I think that it’s interesting how the U. of Fairfax dedicates its focus on cybersecurity and manages to thrive by attracting students, but they will have to be regionally accredited before I launch a Ph.D. under their aegis. I found out about the University of Fairfax in 2005 and have been watching them since then as they go through the process of applying for regional accreditation.  I doubt that they will attain regional accreditation in February or March of 2013, which is when I plan to start classes.
 Doctor of Philosophy versus Doctorate
This was a distinction that took me a while to learn about. I think it was because I didn’t know that there were different ways that one could obtain a terminal degree and be able to put Ph.D. after one’s name. The main difference, as I understand it, is that the Doctor of Philosophy requires that your research and dissertation be based on your own original proposal and research. For the full, research-based Ph.D., you are exploring new ground and defining new territory in your area of expertise. In contrast, the Doctorate can be based on other’s research and ideas. The Ph.D. candidate in a Doctorate program can take ideas and concepts from prior work in the same field and expound on it. The Doctor of Philosophy is more of an academic focus, while the Doctorate is a professional degree, similar to the Juris Doctor for lawyers.
I prefer the full-blown Doctor of Philosophy and hope to be able to pursue it, despite several obstacles that I see in the way.
 The University Comparisons
The first three schools below offer the Ph.D. which is the full Doctor of Philosophy. The last two offer Doctorate Degrees.
Dakota State University
Dakota State University is the least expensive of the schools, offering a full Doctor of Philosophy in Information Assurance costing around thirty-three thousand dollars when I checked in 2010. I mention them first because they are still my first choice to attend. But, despite a better than 4.0 GPA in the Masters and the fact that I was already teaching Information Assurance at the masters level, DSU turned down my application for their Ph.D. program. The feedback I received was that I could apply again, but ‘something would have to change’ between my first application and my second. They did not expand on exactly what they meant. DSU does prefer students who have taken the Graduate Record Examination (GRE), which I have not done. I also know that in 2010 there was a record number of Ph.D. in Information Assurance applications at DSU, so they could be more selective as to which students they admitted. I have a feeling that DSU wants to emphasize deeply technical subjects related to Information Security, like reverse engineering malware.
Thus, even though they are in the same time zone and are within (two days’) driving distance, I have discarded the idea of re-applying at Dakota State.
Nova Southeastern University
Nova Southeastern University was an attractive choice, or so I thought when I found out about that school. The total stated price for a full Doctor of Philosophy from Nova Southeastern was in the forty-five thousand dollar range. One of my Norwich University professors from the MSIA program was attending Nova Southeastern when I was his student in the MSIA program in 2008. By 2011, he was seeking another school to attend to work on his dissertation because he left Nova in what is called ‘ABD’ (All But Dissertation) status (more on this person later). I submitted my application for the Ph.D. in Information Technology with an emphasis on Information Security at Nova Southeastern in the summer of 2010 and was accepted into the program on October 10th, 2010. Now, I am going to let that acceptance drop.
I am declining to attend Nova Southeastern because their colloquia meetings require frequent air travel to Florida, which was a cost-prohibitive factor for me. But the main reason that I struck Nova Southeastern from my list is that my colleague and the former instructor had informed me in an email that Nova left him and thirty students hanging in ‘ABD’ status with no further support, assistance, or guidance. So he sought other options. He did take the time to post a review about Nova Southeastern at onlinedegreereviews.org.[8]
Capella University
I found out about Capella University so long ago that I forgot how the circumstance came about. It was in the year 2000, and all I can remember was that Capella offered to help me to finish an Associate of Science Degree for ‘just’ twenty thousand dollars. That said, they do offer the research-based Doctor of Philosophy degree in a fully online format except for the colloquia seminars. They require that the student attend colloquia sessions around the country from time to time throughout the degree program, and they put the same cost schedule on each semester, no matter how few or how many classes the student takes. To me, the colloquia travel makes it prohibitive, as the costs and time investment could add up. The Capella program advisors note that the Capella University Ph.D. in Information Assurance program will accept thirty-two credits from a student’s master’s degree in IA, which leaves eighty-eight credits to complete for the Ph.D. A Capella advisor will tell a prospective student that the program will take about four-and-a-half years to complete.
Colorado Technical University
Colorado Technical University (CTU) offers a Doctorate program in Information Assurance fully online. While not the full research-based Ph.D., a professional degree may have merit in the still-developing Information Security arena. The cost for CTU and Capella is roughly the same, around sixty thousand dollars for each respective program. One benefit of CTU is that I personally know at least one person who has graduated with a doctorate in Information Assurance from CTU. That is promising from the viewpoint of a prospective student. The program advisors tell applicants that the program is designed to be completed in three years. That seems relatively short compared to Capella’s timeline.
Another advantage from the perspective of a Colorado resident is that one can attend the graduate meetings over a weekend without having to travel via air unless they want to fly from Denver International Airport to the Colorado Springs airport. Since I have driven Interstate 25 from Boulder to Colorado Springs dozens of times, flying seems appealing just now. However I get there, it’s still relatively inexpensive with short travel time.
Walden University
I mention Walden for three reasons; first, because I was accepted there in 2006 for their online Masters of Science in Information Security, but chose not to move forward with them. The second reason that I mention Walden is that they claim to offer a Doctorate in Management with an emphasis on Information Security.  And the third reason that I mention Walden is I have a colleague teaching Information Assurance at Regis University who has a Ph.D. from Walden. Here I draw on my former instructor for a reference. Eric Salveggio let me know via email that he felt that Walden’s emphasis was too much on the management perspective, so he completely gave up the idea of a Ph.D. in Information Assurance and is taking classes now toward his Juris Doctor.
Walden was more reasonably priced than Capella or Nova Southeastern and managed to merge their doctoral colloquia into an online format, eliminating the need for travel. I felt that a noteworthy item.
Open Enrollment
I have come across an interesting aspect of online institutions during my educational wanderings. I have found out about a concept called Open Enrollment. Most people are familiar with the concept of applying for an educational program and facing one of two outcomes: acceptance into the program or rejection.  As I mentioned, I was rejected by DSU. Back in 2007, before starting the MSIA program at Norwich University, I was accepted into three programs traditionally. What the meaning of Open Enrollment means is that if you apply at an open enrollment school, you are accepted automatically.
At least two of the schools covered in this short review are open enrollment schools. The two schools are Capella University and Colorado Technical University. I did start to go through the application process at CTU in mid-year 2011 and was not a little disconcerted when I found out that they are an open enrollment school. I guess that I like the idea that some applicants will be turned away or accepted based on an application review by an academic committee. I can say for certain that Dakota State University is not an open enrollment university.
Conclusion
For now, my first choice is Colorado Technical University. It’s close to home, it will take just three short years, and I can drive to Colorado Springs for the mandatory class meetings. I can still get a Ph.D.; it’s just a little different flavor than what I had anticipated. The final deciding factor is which degree will best meet the goals of my employer; I would love to find an area that they feel is critical and make it my study focus.
Notes Added After the Fact, 2018
First, Colorado Technical University is no longer an Open Enrollment University. They ceased that practice just after I was I was accepted in 2013. I do not know the status of Capella University if they are still an open enrollment school or not.
Second, I graduated with a Doctorate of Computer Science on June 9, 2018 and successfully defended my dissertation on best practices for starting an insider threat program on 21 June 2018.
[1] Dakota State University home page: http://www.dsu.edu/
[2] Nova Southeastern University home page: http://www.nova.edu/
[3] Capella University home page: http://www.capella.edu/
[4] Colorado Technical University home page: http://www.coloradotech.edu/
[5] Walden University’s home page at: http://www.waldenu.edu/
[6] The University of Fairfax home page: http://www.ufairfax.net/
[7] University of Fairfax Receives DETC Accreditation: http://www.ufairfax.net/about-us/news/
[8] OnlineDegreeReviews.org, Review by ESalveggio at: http://www.onlinedegreereviews.org/college/nova-southeastern-university-reviews/reviews/
Dr. Buitron is a long-time science geek, starting with desktop computers running DOS 3.3, IBM Mainframes, and IBM’s System 36 ‘Minicomputers.’ Her technical career includes IBM Managed Security Division, SecureWorks Consulting division, and work for a dozen (or so) different government agencies leading teams in Security Operations Centers (SOCs). In the government space, she has held titles of Information System Security Officer and Security Engineering Technical Assistant. Her specialties include Incident Management and Response, Network Security, Security project management and security governance.
Most recently, she completed a Doctorate of Computer Science with information security emphasis. Her zeal for the discipline carried her through to finish the DCS, which crowns her two Associates Degrees, a Bachelor’s in Information Systems and a Master’s of Science in Information Assurance from Norwich University, where she was class Valedictorian.Â
Dr. Buitron is a Certified Information Systems Security Professional (CISSP) since 2008. She holds the ITIL v3 Foundations certification and IBM Power Systems for AIX and Linux. Past certifications include ITIL v2 Foundations, CompTia’s Network+ and two Microsoft Certified Systems Engineer certifications in Windows 2000 and Windows NT.Â
Her chief interests in cyber are the insider threat and improving governance and management in information security. Her other interests include ethical hacking and growing good security practices in other countries, specifically South America. Dr. Buitron is gravely concerned about the upcoming personnel shortage in cybersecurity, so she is passionate about recruiting, training, mentoring, and promoting women in the cyber business.
Dr. S. J. Buitron
Doctorate of Computer Science, Colorado Technical University
MSIA, CISSP
Masters of Science in Information Assurance, Norwich University
Adjunct Faculty in the MSIA program at Regis University
MCSE in Windows 2000, ITIL v3, v2 Foundations Certified,
Network +, IBM Power Systems certified for AIX and Linux
 “Warfare only ends when one side quits, not when you shift domains because the war ends. Our enemies have moved into the social and political domains as a response to U.S. economic power.”
 Arthur Karl Cebrowski 1942 – 2005, Vice Admiral
 “Education is not the filling of a pail, but the lighting of a fire.”
 W. B. Yeats
Editor Note: Article edited on 9/24/2018. Removed offer for suggestions and return line above signature.
