Executive Summary
There comes a point where you ask yourself whether you are done learning or just done being uncomfortable.
After finishing my bachelor’s degree at WGU, I decided I was not done yet. I wanted to earn my master’s degree in Cybersecurity. Part of that decision was professional, but a large part was personal. I wanted to prove to myself that I could do it. I also wanted to add one more credential to my toolbox in case it opened doors later.
Now that I have finished the program and officially graduated, I wanted to write about the experience from a real-world perspective. Not the marketing version. The honest version. What the process was like, what the classes were like, what frustrated me, what helped, and what I would tell someone else who is thinking about doing it.
Why I Decided to Go Back
I have been in IT and cybersecurity for a long time, so this was not about getting my foot in the door. I already had experience, certifications, and a career. For me, this was about finishing something I wanted to do for myself.
After I completed my bachelor’s degree, I felt proud of it, but I also felt like I had more left in the tank. I had set a goal to earn a master’s degree, and I did not want it to become one of those things I kept talking about but never actually finished.
I also liked the challenge. There is something satisfying about picking a target, putting your head down, and getting it done. And honestly, during a cold Wisconsin winter, grinding through graduate school is not the worst use of your time.
Getting Admitted
The process starts by applying to WGU and being accepted. Once that happens, you work with an admissions counselor to get enrolled, review transfer credits, and choose a start date.
I am just going to be straight about it: my admissions counselor was not great. He ignored meeting dates more than once and had a habit of calling at random times the next day. He also didn't seem especially organized, and I had to repeat myself several times.
Still, I would not let that stop anyone. Sometimes the person guiding the process is not exactly a Swiss watch. That does not mean the program is bad. It just means you need to stay on top of your own details and keep things moving.
The master’s program requires 35 credits across 10 classes. If you already have certifications such as CISSP, CEH, or CISM, some of those can count toward the degree. That can save you time and money. WGU does require that you complete at least 15 credits through them, so you cannot transfer in everything.
Once your transfer credits are evaluated, you will have a clear picture of what remains. From there, you pick your start date. WGU starts new students every month, and each term lasts six months.
One of the biggest advantages of WGU is its competency-based approach. If you already know the material, you can move quickly. If a class requires an exam and you are ready, you can take it. If it requires a paper, you write it and submit it. That flexibility makes a huge difference if you already have experience and do not want to waste time sitting through a rigid semester schedule.
Starting the Program
Before your term begins, you need to handle payment. You can usually pay it all at once, split it into two payments, or pay monthly. Once that is squared away, you are ready to start.
You are also assigned a mentor. My mentor was solid. Straightforward, practical, and not interested in wasting time. That worked well for me. We set up a regular cadence for check-ins, and that helped keep me moving.
Your mentor plays a bigger role than I expected. They help you stay accountable, talk through pacing, and make sure you are progressing. They also help you decide how aggressively you want to accelerate.
Typically, students start with a smaller course load, but if you want to move faster, your mentor can release more classes. That is helpful, but you also need to be smart about it. Once you start a class, the expectation is that you finish it in that term. Opening too many classes because you are feeling motivated for five minutes is a good way to create your own pain.
What I Transferred In
Because I already held the CISSP, CISM, and CEH, I was able to use those certifications to satisfy D484 Penetration Testing, D481 Security Foundations, and D489 Cybersecurity Management.
That left me with 24 credits to complete at WGU.
I also considered taking the CySA+ before starting the program and transferring it in, too. In the end, I decided not to. I bought books and started studying ahead of time, but if I were doing it again, I would skip buying the extra material. WGU provides resources, and I probably did not need to spend the extra money.
The Classes
D487 – Secure Software Design
This was the first class I took, and I passed it the same day I started it.
WGU gives you a readiness assessment so you can see how prepared you are before taking the actual exam. I did well enough on that that I decided there was no reason to drag it out.
If you already have certifications like CISSP or CISM, a lot of this material will feel familiar. It covers secure software design concepts, development practices, and the software development lifecycle. For me, it was a good way to get an early win and build momentum.
D482 – Secure Network Design
This class required a written paper and a Visio diagram for designing a secure environment for two merging companies.
I liked this class because it felt like real-world work. You had to think about architecture, integration, and security design in a practical way rather than just memorize definitions.
I had the assignment kicked back once, but not because my content was wrong. I used the wrong template. That was annoying, but it taught me an important lesson about WGU: the rubric matters, the template matters, and sometimes the issue is not knowledge. Sometimes it is just a process.
Once I fixed it, I passed. It took me around eight hours total.
D485 – Cloud Computing
This course focused on reviewing an incorrectly configured Azure environment and writing a paper explaining the issues and how to address them.
This one also felt practical. It was less about abstract cloud theory and more about reviewing a flawed environment and figuring out what should have been done differently. If you have worked in cloud or architecture, it is very manageable.
It took me about eight hours to complete.
D486 – Governance, Risk, and Compliance
This course was focused on identifying security gaps and recommending how to address them through governance, risk, and compliance practices.
Some technical people roll their eyes at GRC, but the truth is that if you stay in cybersecurity long enough, especially in leadership or architecture roles, this becomes part of the job whether you like it or not. You need to know how to frame risk, identify gaps, and explain what should be done.
This paper took me around 12 hours, and I received an excellence award for it. That was a nice surprise and one of the more satisfying moments in the program.
D488
I registered for this class and passed it the same day.
At this point in my career, I have taken enough exams and worked in security long enough that some assessments are more about validating existing knowledge than learning entirely new material. That was the case here.
This class also included a voucher for CompTIA SecurityX, which is a nice added bonus.
D483 – CySA+
This was the class I was least excited about.
Not because it was impossible, but because I had already debated taking the certification before I even started the degree. In the end, I decided it made more sense financially to take it through WGU.
I studied for about two weeks, scheduled the exam, and passed it. This was one of the few classes where I felt like I needed to deliberately sit down and prepare rather than just rely on work experience and prior certs. Experience helped, but CompTIA exams are still their own beast.
Once it was done, though, it was a relief to have it behind me.
D490 – Master’s Capstone
The capstone is the final course and the one that makes everything feel real.
It is broken into three tasks. First, you submit a topic for approval. Next, you write the proposal. Finally, you complete the post-implementation report.
My capstone focused on limiting lateral movement and improving ransomware protection using micro-segmentation, jump boxes, and endpoint anti-ransomware controls. I wanted to write about something tied to real cybersecurity work, not some made-up academic idea that would never survive contact with the real world.
I had to rewrite Task 2 once. That was frustrating. I submitted Tasks 2 and 3 at the same time, passed Task 3, and had Task 2 kicked back. After I revised it, I passed.
That final stretch felt like the longest part, mostly because by then I was ready to be done. But once it was over, that was it. Finished.
Crossing the Finish Line
Once you pass the capstone, your mentor submits you for graduation. After that, you get emails confirming your information, and then a few days later, the official graduation notice arrives.
From there, WGU confirms the details on your diploma, mails out the physical copy, and gives you access to a digital transcript and digital diploma. That part was pretty smooth.
There is something satisfying about that final moment. You go from “working on it” to “done.” That matters.
Final Thoughts
Overall, I thought the program was worth it.
The courses covered real cybersecurity topics at a level appropriate for a master’s degree. The writing assignments were generally practical and focused on the kinds of things security professionals actually deal with, especially if you work in architecture, cloud, consulting, or leadership.
For me, this was about more than another line on a résumé. It was about proving something to myself. I set a goal after finishing my bachelor’s degree, and I followed through on it. That matters to me more than the paper itself.
Was every part of the process smooth? No. Some of it was clunky. Some of it was annoying. Some of the people involved were not exactly models of organization. But the program's structure worked well for someone like me, who already had experience, certifications, and a strong reason to move quickly.
At the end of the day, I got the degree, hit a personal goal, and came out of it with something I am proud of.
That is a win.