A degree (if you actually apply yourself and use the experience to learn)
will provide you with a foundation that you do not obtain through real world
experience.
Although technology moves on, many of the underlying foundations do not. I
still use old techniques on a daily basis. Knowing the algorithms in a sort
function is actually still extremely useful in analysing packers for malware
reversing. This is not something that you pickup in a normal daily function.
You can learn it on your own, but the added structure often helps people
focus.
I for instance am both a quasi-academic (insert shameless plug for IT
Masters degree, digital forensics
http://www.itmasters.edu.au/WhichQualification/MasterofInformationSystemsSec
urity/DigitalForensics.aspx) as well as working in the "real world". I still
do degrees. I have lost count as to where I am up to, but I am completing
another doctorate, a PhD on the quantification of IS risk.
You can work and study. It is easier to at least complete one degree on
campus, but there are options afterwards that many people take. Even in
networking, a good understanding of the fundamentals can help. Knowing OSPF
in routing is one thing, but understanding how the Dystraka's algorithm
actually functions is a benefit to say the least.
There are many point and click IT people out there. These people can make a
good career which can take them into management etc. Here a degree still
helps (though one with a business/commerce focus is best). If you want to
really get into the depths of computing, work in a lab, design etc, then a
degree is definitely not going to hurt.
As for how fast the IT world changes, don't really believe it.
The foundations of systems and design are 80% the same today as they where a
decade ago. The interfaces and tools have changed, but the principles have
not. I come across the same software errors in code now, the same mistakes,
the same poor coding as I did 2 decades ago. It may be faster, bigger and
more colourful, but we are still making the same errors.
Regards,
...
Dr. Craig S Wright GSE-Malware, GSE-Compliance, LLM, & ...
Information Defense Pty Ltd
-----Original Message-----
From: ***@securityfocus.com [mailto:***@securityfocus.com] On
Behalf Of Adriel T. Desautels
Sent: Friday, 7 August 2009 11:19 PM
To: Adam K
Cc: James Copeland; Hy Zaret; pen-***@securityfocus.com
Subject: Re: To go to University - For the CISSP etc. - Good idea/Bad
idea???
1-) Fact, technology evolves so quickly that "new" technology is
considered "old" within the course of one year.
2-) Fact, security is one of the most rapidly evolving areas of
technology.
3-) Fact, most degrees take at least 4 years to attain.
If you are interested in becoming a security professional, what you
learn in school will be out-dated by the time you graduate. The only
thing that you will have that will be of any real value will be your
experience in performing research or in delivering security services,
or maybe in the creation of security technologies. A degree can not,
and will not make you a security expert... only hands on experience
and bleeding edge exposure can do that. You get that exposure by
doing and universities don't "do" all that well.
When I was in college I was also working full time making the salary
of a senior software engineer. In doing that I quickly realized that
college was useless for me as it wasn't teaching me anything that I
needed to know. I found that I was learning about the real and
current technology world while at work, and learning about the old and
dusty technology world while at school. Most of the skills that they
were teaching us at school, especially with respect to security, were
dated or becoming dated. The only thing that I found useful was C, C+
+, and the other programming languages that I learned. Mind you, I
wasn't taught by anyone, I was given a book and told to study it. I
don't need to pay $45,000/year to be told to read a book, I can do
that on my own. If you feel that you need to pay that much to read a
book then give me a call, I've got a lot of good reading material for
you.
With regards to technology, most of the time the only thing that a
degree will satisfy is the emotional and political requirement of the
old school mindset. The truth is that some of the best talent doesn't
come with a degree.
Naturally, degrees are required for doctors, lawyers, etc. I'm not
suggesting that they don't have a place. I am saying that specific to
security they are nearly useless when compared to real world experience.
Post by Adam KRight, Gates doesn't have a degree, but his career path is an
exception.
I liken him to a baseball player... Ball players that get drafted
early (standout players with skills and sometimes luck) usually
don't get to finish their degree. Those drafted later (not standout
players) have time to finish their degree.
I have never met an individual that regrets their time spent in
college or their work toward a degree. I know countless people that
regret not getting a degree. Not too mention you typically make
social connections that will last a lifetime.
On Thu, Aug 6, 2009 at 5:32 PM, Adriel T. Desautels
Bill gates doesn't have a degree.
What I have found is that school is the way to go. People will look
at you with your certifications but without the college degree to
"back them up" that is all that they will do. Another good reason for
college is that some employers will bump that pay up for just having a
degree, no matter even if it is underwater basket weaving. Good luck.
Jimmy
Greetings & Salutations to all!
I've been training myself for a while, and have recently came to the
conclusion that University would be my best choice.
The main reasons I made this decision are;
. Social reasons
. Educational advantages
. Takes years off the experience needed to take the CISSP
I'm writing on these mailing-lists for two reasons;
. To find out what you think of my choice (not locked in yet!!!)
. For advice on which course to go for (Sydney, NSW, Australia)
I am wishing sometime in the future to begin a career in IT Security.
Although being under 18, I have still found time to achieve various
certifications; including CompTIA's Security+, three Cisco
certifications & a Microsoft accreditation.
Also, for the last 4 months I've been working full-time on the 1st
Level of an IT Helpdesk.
Am very open to ideas, so would be interested in reading & answering
your replies!
Thank you for reading this,
Hy Zaret
------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification
Review Board
Prove to peers and potential employers without a doubt that you can
actually do a proper penetration test. IACRB CPT and CEPT certs
require a full practical examination in order to become certified.
http://www.iacertification.org
------------------------------------------------------------------------
------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification
Review Board
Prove to peers and potential employers without a doubt that you can
actually do a proper penetration test. IACRB CPT and CEPT certs
require a full practical examination in order to become certified.
http://www.iacertification.org
------------------------------------------------------------------------
Adriel T. Desautels
--------------------------------------
Subscribe to our blog
http://snosoft.blogspot.com
------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification
Review Board
Prove to peers and potential employers without a doubt that you can
actually do a proper penetration test. IACRB CPT and CEPT certs
require a full practical examination in order to become certified.
http://www.iacertification.org
------------------------------------------------------------------------
Adriel T. Desautels
***@netragard.com
--------------------------------------
Subscribe to our blog
http://snosoft.blogspot.com
------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board
Prove to peers and potential employers without a doubt that you can actually
do a proper penetration test. IACRB CPT and CEPT certs require a full
practical examination in order to become certified.
http://www.iacertification.org
------------------------------------------------------------------------
------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board
Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.
http://www.iacertification.org
------------------------------------------------------------------------