PaulDotCom mailing list archives
Re: Pauldotcom Adrian, degrees
From: "Chesmore, Michael [DAS]" <Michael.Chesmore () iowa gov>
Date: Wed, 2 Feb 2011 09:51:43 -0600
All, This is a great question. I think that post grad work has some benefits depending on your career path. You will certainly learn to write at a much higher level. You will learn to read and comprehend faster (or perish during your PhD program) and these are great skills for a CISO or Security Manager. I respect and envy them. For a Security Engineer or Architect we look for someone with hands on skills. What we see during the hiring process is more and more people with a MS in Security but no hands on experience as a developer, or network admin or Cisco guy. Just education. What we want is someone who has a BA in anything, has been a dev or SysAdmin and then went back for a MS/PhD. But even then they are going to get one of our entry level security positions. Doublewood -----Original Message----- From: pauldotcom-bounces () mail pauldotcom com [mailto:pauldotcom-bounces () mail pauldotcom com] On Behalf Of Joshua Smith Sent: Wednesday, February 02, 2011 8:16 AM To: pauldotcom () mail pauldotcom com Subject: Re: [Pauldotcom] Pauldotcom Adrian, degrees Adrian, I'm not very vocal on the forums (tho the metasploit IRC might disagree ;), but this is up my alley. I don't have advice, but I can tell u some if what's going on. I'm in a similar sitcho, except I do have a token masters in MIS. I work at a lab associated with a major university after spending 10 hrs in the military. My starting salary was higher due to the masters (keep in mind we do real work, but ultimately the roots are academia) but I'm respected at work because of what I know about attacking systems and telling people how they can solve problems, often implementing the solution myself. I had started a second masters, in comp sci, as it was free and my undergrad was aero engr, not CS or similar. I had to take prereqs, computer org and data structs, which were very informative and set me up well to get a lot better at writing code and exploits. That coupled with self study really got me going the direction I wanted. However I stopped during my first real grad class as my young son was getting old enough to play and what not and I felt my time was better spent with the fam, and doing security stuff on my own. There is a foundation one can gain thru education, but I think every good security specialist got most of his/her real applicable knowledge from other specialists and self study. I'm really at the crux of academia vs hands on as I've been lobbying the crap out of management because we offer free degrees but we don't pay for much technical training. Our Training group had never even heard of sans. It's an uphill battle tho, I heard they are cutting tech training funding, but they KNOW it's those people who are doing the heavy lifting. Ultimately I respect you and others because of what you can do, not what degrees you have, but most employers don't follow suit. However the good ones do. When I interview I could care less about a cissp (and I am one) but would gush over an OSCP or even an RHCT. Ultimately the people leading this field don't have many degrees, if any, but they aren't always getting paid for it. Tho I really like my job, I'd take a paycut to get that metasploit job ;) I'll probably return to the CS masters at some point, but not anytime soon. _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- Re: Pauldotcom Adrian, degrees Joshua Smith (Feb 02)
- Re: Pauldotcom Adrian, degrees Chesmore, Michael [DAS] (Feb 02)