Re: Re: University Degree or CISSP

[Harrison Holland <harrisonholland () gmail com>]

Hello,

I've been following this thread for a while, and I finally decided to
give my personal opinion.  Whether or not you learn anything at a
university that will actually help you in the job market, companies
have way too many applicants and not enough jobs.  In general they
need some way to screen applicants and weed certain ones out.  You can
be the most talented security expert in the world, but many companies
will throw out your resume if you don't have a degree from a standard
university for the simple fact that there are 20 other people who have
just as much experience as you and do have a degree.  While the paper
may mean nothing as far as your ability to perform a job, it does show
that you know how to learn, are well rounded, organized, and able to
perform on a deadline.

The other benefit of a standard university is the fact that many of
them will help you get internships with companies that you may not
have been able to work for otherwise.  If you do an internship while
finishing up your degree, you will have real work experience and a
peice of paper that tells recruiters that you can learn and perform. 
I don't think there is any replacement for a standard degree.  CISSP's
can supplement a degree, but not replace it.  For anyone that has
already gotten a degree from a university, getting a CISSP is a peice
of cake.

Hope I didn't step on anyone's toes, I just wanted to throw my opinion in here.

Harrison

On 1/26/06, Greg van der Gaast <gvandergaast () yahoo com> wrote:
> Flames in your face? Actually I couldn't agree more.
>
> I don't have a degree and the certifications I did get
> I've never really leveraged. IMHO, what matters in
> information security is getting the job done and
> having the insight and ability to do so. Being able to
> see trends and learn new things as they emerge is far
> more important than any paper you can bring to the
> table. And that includes the static knowledge base
> associated with that paper. Heck, by the time
> something is put into a curriculum and then taught
> again it is over 2 years old. That's a lifetime in
> this business.
>
> It could even be argued that the static mentality and
> unified method of thinking applied in university,
> college, and many certification programs limits one's
> thinking in ways that I consider crucial in the
> InfoSec world. I won't make that argument myself as
> it's very much up to the indivudial's mentality to
> remain objective. Unfortunately plenty of people take
> what they hear in school as law without question.
>
> I know enough brilliant people in information security
> that have gotten quite far without any paper. Granted
> it is harder for these people to get their foot in the
> door and to obtain that crucial initial recognition of
> their skills. Then again the time lost trying to get
> the initial work and the lower salaries they had to
> contend with probably represent less time and money
> than they would have sunk into a "classical" education
> anyway.
>
> My 2 cents.
>
> Cheers,
>
> Greg van der Gaast
> Senior Consultant
> CGI Group
> CCE Montreal
>
> --- Toby Barrick <tbarrick () cox net> wrote:
>
> > Ken,
> >
> > With you as a degree holder (I assume that you are)
> > I'm sure that you
> > feel that way about a degree. The fact of the matter
> > is that a degree is
> > a piece of paper, a mark on a stick as to what you
> > have spent in dollars
> > and time. A CISSP is a mark on a stick as to what
> > you know (memorized)
> > about security related issues (plus whatever money
> > was spent). Neither
> > of which, in the real word is worth it's weight in
> > paper.
> >
> > I know lots of folks that have PhD that are
> > worthless. Yeah they bang
> > down the bucks due to the paper on the wall, but
> > they are totally
> > clueless. I know mechanics that make more than I do
> > investing in futures.
> >
> > I'm not a big fan of the guy but take Bill Gates for
> > example. He does
> > not have a degree, he dropped out of college. I'd
> > actually be surprised
> > if he even has any certifications.
> >
> > The bottom line counts in this world is vision,
> > insight, intuition, hard
> > work, and a feel for situations that whisper "this
> > is not right," I can
> > fix it - then acting on that thought.
> >
> > Ok - I'm sure the flames will fly in my face, but
> > that is my opinion.
> >
> > Have a great day.
> >
> >
> > Ken Kousky wrote:
> >
> > > This is the craziest conversation I ever heard of
> > - there is NO comparison
> > > between a REAL degree and CISSP. CISSP is great,
> > valuable and vital but it
> > > isn't in any way comparable.
> > >
> > > Simply put, if you don't have a degree - get one
> > and get the best one you
> > > can.
> > >
> > > -----Original Message-----
> > > From: Huang, John, GCM
> > [mailto:John.Huang () rbsgc com]
> > > Sent: Monday, January 23, 2006 1:41 PM
> > > To: security-basics () securityfocus com
> > > Subject: RE: Re: University Degree or CISSP
> > >
> > > Degree or CISSP? It depends on where you are in
> > life. A degree helps you
> > > in the door and advancement into a management
> > position usually require a
> > > college degree. But if you're already in the field
> > and don't have a
> > > college degree, a CISSP cert is easier to obtain
> > in a shorter amount of
> > > time, and provide more immediate benefit since you
> > can put the things
> > > you learn into use.
> > >
> > > -----Original Message-----
> > > From: shyaam () gmail com [mailto:shyaam () gmail com]
> > > Sent: Friday, January 20, 2006 10:25 PM
> > > To: security-basics () securityfocus com
> > > Subject: Re: Re: University Degree or CISSP
> > >
> > > Yes,
> > > Very true. Nothing counts equivalent to
> > experience, but experience comes
> > > only when someone starts somewhere. I have seen
> > one big thing happening
> > > around. People in the industries shifted from
> > technology to business,
> > > that is the point when they lost the security and
> > created more loopholes
> > > in their own products as they reduced the time
> > needed, reduced budgets
> > > and spent more on advertisements and marketing.
> > > How does that reflect on people. They need people
> > already with
> > > experience. But how is that possible. Everybody
> > needs to start
> > > somewhere. So experience does count, but I would
> > say some foundation,
> > > some added qualification and some experience is
> > good for a cool job. For
> > > a startup job, some degree and some cert is
> > essential.
> > > PS: This is my opinion, I am not pointing out any
> > company or any private
> > > organization.
> > >
> > > -S-
> ------------------------------------------------------------------------
> > > ---
> > > EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE
> > - ONLINE The Norwich
> > > University program offers unparalleled Infosec
> > management education and
> > > the case study affords you unmatched consulting
> > experience.
> > > Tailor your education to your own professional
> > goals with degree
> > > customizations including Emergency Management,
> > Business Continuity
> > > Planning, Computer Emergency Response Teams, and
> > Digital Investigations.
> > > http://www.msia.norwich.edu/secfocus
> ------------------------------------------------------------------------
> > > -----------------------
> ********************************************************************
> > > This e-mail is intended only for the addressee
> > named above.
> > > As this e-mail may contain confidential or
> > privileged information,
> > > if you are not the named addressee, you are not
> > authorized
> > > to retain, read, copy or disseminate this message
> > or any part of it.
> > >
> ********************************************************************
> > >
> ---------------------------------------------------------------------------
> > > EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE
> > - ONLINE
> > > The Norwich University program offers unparalleled
> > Infosec management
> > > education and the case study affords you unmatched
> > consulting experience.
> > > Tailor your education to your own professional
> > goals with degree
> > > customizations including Emergency Management,
> > Business Continuity Planning,
> > > Computer Emergency Response Teams, and Digital
> > Investigations.
> > > http://www.msia.norwich.edu/secfocus
> ---------------------------------------------------------------------------
> > >
> ---------------------------------------------------------------------------
> > > EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE
> > - ONLINE
> > > The Norwich University program offers unparalleled
> > Infosec management
> > > education and the case study affords you unmatched
> > consulting experience.
> > > Tailor your education to your own professional
> > goals with degree
> > > customizations including Emergency Management,
> > Business Continuity Planning,
> > > Computer Emergency Response Teams, and Digital
> > Investigations.
> > > http://www.msia.norwich.edu/secfocus
> ---------------------------------------------------------------------------
> > >
> ---------------------------------------------------------------------------
> > EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE -
> > ONLINE
> > The Norwich University program offers unparalleled
> > Infosec management
> > education and the case study affords you unmatched
> > consulting experience.
> > Tailor your education to your own professional goals
> > with degree
> > customizations including Emergency Management,
> > Business Continuity Planning,
> > Computer Emergency Response Teams, and Digital
> > Investigations.
> === message truncated ===
>
>
> __________________________________________________
> Do You Yahoo!?
> Tired of spam?  Yahoo! Mail has the best spam protection around
> http://mail.yahoo.com
>
> ---------------------------------------------------------------------------
> EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
> The Norwich University program offers unparalleled Infosec management
> education and the case study affords you unmatched consulting experience.
> Tailor your education to your own professional goals with degree
> customizations including Emergency Management, Business Continuity Planning,
> Computer Emergency Response Teams, and Digital Investigations.
>
> http://www.msia.norwich.edu/secfocus
> ---------------------------------------------------------------------------

---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Tailor your education to your own professional goals with degree
customizations including Emergency Management, Business Continuity Planning,
Computer Emergency Response Teams, and Digital Investigations.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------