Is a Masters of Business Administration (MBA) worth it in Security?
I’ll start this off by sharing that I have an MBA, and I don’t necessarily think that is a bad thing. But if I could do it all over again, would I still get one?
One of the main reasons I got an MBA at the time was that I was working in engineering and data science. Primarily, my day to day was project management and data science and, with having an undergrad in Business, I was a little limited to which programs would accept me. When I decided I wanted to attend grad school, I looked at a lot of master’s in science degrees – Cyber, Data Science, etc. but many of them were requiring undergrad degrees in science and/or prior C/C++ classes. My undergrad degree was in arts as a business degree, not ideal for being competitive in technical fields.
I was also a former cop who had just left law enforcement and didn’t necessarily have the educational background or work experience to be competitive for many desirable programs. I had taken several courses in Python and R which had landed me in the data science and project management role I was currently doing. Unfortunately, that didn’t hold much weight to the college admin boards for the programs I was looking at.
However, I did find finance and economic intriguing and began looking at MBA degrees with a focus on data analytics and data science. Now, I’m sure you are well aware that about anyone has an MBA program and most of them are nothing more than degree mills with little focus on the actual curriculum. I wanted to make sure that if I was going to spend my time and money on returning to college that I got something out of it that was going to be beneficial in my future career, and I wanted to make sure that it was an accredited business school. I began looking strictly at AACSB accredited programs with a focus on data analytics.
I found an MBA program that had a focus on business analytics with emphasis in R and Python language along with database design. Although the coding portion of the program was a smaller portion, the knowledge I learned greatly impacted my career path. I enjoyed programming and was able to use R and Python to automate much of my day to day. This also piqued my interest in other python projects outside of data science.
So, how did an MBA affect my career? Well in engineering and management I think it helped out a lot. I was able to “talk the talk” when we were doing large projects, and I think that having those three letters behind my name gained me a little respect from senior leadership. Honestly, I think the accounting and financial classes were the most beneficial for project management and looking at projects holistically. I was also able to take a PMP prep course during my degree which I found beneficial. The MBA program I was in had another focus option in Project Management which several of my classmates had selected.
But now I am in corporate security, and do I still think that the MBA is relevant? I would say that it really depends on where you want to go in your career and what other certifications you have to complement your degrees. I’m not one of those people who think that you have to have a degree but I’m also not on the other side of the spectrum where I believe that degrees are worthless. I’m a firm believer that degrees, experience, and certifications all complement each other and should be looked at holistically.
Again, having the three letters behind my name certainly gains me some respect from senior leadership, who I deal with daily. I will also say that being a global company (that deals with a lot of commodity trading) and dealing a lot with China, South America, and Europe, understanding economics has its benefits.
My position is somewhat unique in that I oversee our technology side and report to the CSO. With this responsibility, having the knowledge from business school, both undergraduate and graduate, has helped me in
Strategic Thinking & Business Integration
An MBA can help you elevate physical security from a cost center to a business enabler. I have talked about this with moving the GSOC from reactive to proactive.
You’ll learn to:
Align security programs with business goals — such as protecting brand reputation, operational continuity, and shareholder value.
Develop risk-based security strategies tied to enterprise priorities.
Present security investments in financial and operational terms executives understand.
Example: Instead of saying, “We need more guards,” you’ll say, “A $250K investment in access control technology reduces theft-related losses by 40% and lowers liability exposure.”
Leadership & Organizational Influence
Physical security leaders often manage diverse teams and must gain buy-in from operations, HR, and executives.
An MBA strengthens:
Leadership and communication — essential for motivating contract and in-house personnel. This can become even more essential if you’re managing staff in a regional or global footprint where you may not interact with them every day.
Negotiation and conflict resolution — for vendor management or policy disputes.
Strategic influence — turning compliance requirements into operational value.
Result: You’re seen not just as the “security person,” but as a trusted advisor in corporate risk and resilience.
Financial & Risk Management Skills
Physical security decisions often carry high costs — personnel contracts, surveillance systems, insurance implications, etc.
With MBA-level financial literacy, you can:
Build cost-justified proposals for technology upgrades or staffing models.
Measure the ROI of security initiatives in terms of loss prevention, downtime reduction, or compliance savings.
Collaborate more effectively with finance, audit, and procurement teams.
Example: You can show how a $100K perimeter upgrade reduces potential theft exposure worth $1.5M annually.
Cross-Functional Collaboration
Physical security intersects with almost every department:
HR: workplace violence prevention, insider threat management.
Legal: liability, investigations, compliance.
Facilities & Operations: emergency response and safety.
IT: convergence of physical and cybersecurity systems.
An MBA helps you communicate and partner with these departments effectively — using shared business metrics and terminology.
If I could do it all over again, I think I would look at something more technical and focused more on cyber, computer science, or networking for my undergraduate degree. When we look at insider threats, most of our investigations lead to data exfiltration and having knowledge around IT and Cyber greatly benefits that. The one caveat I will say is that there are some really good certifications through ISC2, ISACA, and CompTia that you can get to complement your MBA and technical knowledge. This is what I have done. You can see my path on IT certifications here.
I think if you are considering an MBA and work in security, you need to ask yourself what your career path looks like. Do you want to work in management and run a security team, like I do? Or do you want to stay on the technical side?
If you are wanting to stay on the technical side, I would recommend you look at some technical certifications or degree to complement your work experience, if possible. If you want to move into senior leadership, having a MBA could greatly enhance your chances and allow you to communicate more effectively with other departments.
