By the end of 2008 I’ll have completed the workload for my Master’s in I.S & T, and I’ll be packing an advanced degree to go along with a bucket of experience dealing with IT problems. I’ve enjoyed the workload, and I’ve learned quite a bit even in the classes that covered material for which I already had a pretty good knowledge base.
In the last year, I’ve been thinking more and more about progressing on after the Master’s degree and buckling down for the Ph.D. There are a lot of different reasons for this, among them the fact that I generally enjoy research and I like teaching. I’ve spent a lot of time in academia as a support member (both at the secondary and higher levels) and in business, so I’m well aware of the general differences between The Ivory Tower and Corporate America.
The tricky part isn’t the coursework; taking classes pretty much blows away my ability to have anything resembling idle time for braindead fun, but there is an entertainment value in the coursework too, so that’s not a problem (part of me wishes I had realized this back when I was working on my undergraduate degree, but I can’t say I’d willingly trade the last two decades of my life for something different, either).
No, the tricky part is the dissertation. It’s not the work involved, mind you. Most Ph.D. students go from their undergraduate degree straight into advanced academia and the dissertation is a pretty daunting logistical event for them. For people like me who have had a decade plus of dealing with the task management problems of being a member of the workforce, though, a dissertation is just another project, albeit one with a significant amount of work involved.
The tricky part of the dissertation is figuring out *exactly* what you want to dedicate roughly a year of your life to producing. Completing a dissertation shows you are one of the world’s foremost experts on something (at least it ought to show this if your academic program is any good), so you have to absorb and digest a staggering amount of detail. It also shows that you can actually contribute to the field, so not only do you have to absorb and digest all this stuff, you have to actually be able to produce something of value out of all of it when you’re done. Finally, if you’re considering using your Ph.D. directly (in other words, you’re going to be a researcher after you get the degree), you have to consider the fact that not only do you want to study this subject intensely enough to get your degree, you want to study it for the next 30 years or so.
When I started the Master’s program, I always considered the possibility that I would want to go on for the Ph.D. I did think it was pragmatic to start with a Master’s, since at the time I was starting the adventure of parenthood, and I wasn’t sure that diving headlong into a Ph.D. program was either practical or responsible given my current stage of life. However, things have turned out to line up nicely, and (although it may take a little longer than I would like) it seems reasonable that I can tackle a full-on doctorate track without severely damaging my quality of life, my relationship with my family, or my ability to earn a living in the meantime.
Practicality thus covered, I’ve finally started to give serious consideration to what the focus ought to be for my research. Anybody who has read this blog would probably assume that I’d be working on research in InfoSec, since I do spend a lot of time reading about security and it’s a topic I generally like. Here’s the problem… IT InfoSec research leans *heavily* towards cryptographic research, and in spite of my background in mathematics I really don’t personally find cryptographic protocol analysis to be the fascinating area of security. The security problems I find interesting are where people and process interact with bits and hardware, like key management, audit, human-machine security problems, etc. Sure, there’s programs where you can focus on this aspect, as well. After careful thought, though, I decided that while I’ll always be interested in security, it’s not the subject that I would want to dedicate myself towards studying; security is a necessary part of everything you do in IT, but there’s a difference between being interested in something and being one of the few real experts.
I’ve read maybe 400 articles in IS research since I started the Master’s degree, and one of the ones that stuck most in my head is the writeup (registration required but free) of the Rimsat project that I came across in our knowledge management class. Summary of the project writeup is here. Crisis management and disaster response are incredibly interesting to me, have a number of unique obvious real world applications, and have ties to organizational science, security, cognitive theory, and information science. It’s a complex problem with complex dependencies and agendas, and there’s a million things to learn and a million things to discover.
So, my resolution for this year is to read enough literature on the subject to decide for certain if this is what I want to spend the next few years focusing on, and (most likely) the rest of my working life dealing with. Hopefully it won’t take a year to answer these two questions. I’m not going to get a Ph.D. just to get the degree, so if I decide after careful consideration that this isn’t what I want to do, I’d like to have enough time to explore other possible subject areas before 2009 rolls around.