Re: Pauldotcom Adrian, degrees

["Chesmore, Michael [DAS]" <Michael.Chesmore () iowa gov>]

All, 

This is a great question.  I think that post grad work has some benefits depending on your career path.  You will 
certainly learn to write at a much higher level.  You will learn to read and comprehend faster (or perish during your 
PhD program) and these are great skills for a CISO or Security Manager. I respect and envy them.  For a Security 
Engineer or Architect we look for someone with hands on skills.  What we see during the hiring process is more and more 
people with a MS in Security but no hands on experience as a developer, or network admin or Cisco guy.  Just education. 
 What we want is someone who has a BA in anything, has been a dev or SysAdmin and then went back for a MS/PhD.  But 
even then they are going to get one of our entry level security positions.

Doublewood

-----Original Message-----
From: pauldotcom-bounces () mail pauldotcom com [mailto:pauldotcom-bounces () mail pauldotcom com] On Behalf Of Joshua 
Smith
Sent: Wednesday, February 02, 2011 8:16 AM
To: pauldotcom () mail pauldotcom com
Subject: Re: [Pauldotcom] Pauldotcom Adrian, degrees

Adrian,
I'm not very vocal on the forums (tho the metasploit IRC might  
disagree ;), but this is up my alley.  I don't have advice, but I can  
tell u some if what's going on. I'm in a similar sitcho, except I do  
have a token masters in MIS. I work at a lab associated with a major  
university after spending 10 hrs in the military. My starting salary  
was higher due to the masters (keep in mind we do real work, but  
ultimately the roots are academia) but I'm respected at work because  
of what I know about attacking systems and telling people how they can  
solve problems, often implementing the solution myself. I had started  
a second masters, in comp sci, as it was free and my undergrad was  
aero engr, not CS or similar. I had to take prereqs, computer org and  
data structs, which were very informative and set me up well to get a  
lot better at writing code and exploits. That coupled with self study  
really got me going the direction I wanted. However I stopped during  
my first real grad class as my young son was getting old enough to  
play and what not and I felt my time was better spent with the fam,  
and doing security stuff on my own. There is a foundation one can gain  
thru education, but I think every good security specialist got most of  
his/her real applicable knowledge from other specialists and self study.

I'm really at the crux of academia vs hands on as I've been lobbying  
the crap out of management because we offer free degrees but we don't  
pay for much technical training. Our Training group had never even  
heard of sans. It's an uphill battle tho, I heard they are cutting  
tech training funding, but they KNOW it's those people who are doing  
the heavy lifting.
Ultimately I respect you and others because of what you can do, not  
what degrees you have, but most employers don't follow suit. However  
the good ones do. When I interview I could care less about a cissp  
(and I am one) but would gush over an OSCP or even an RHCT.   
Ultimately the people leading this field don't have many degrees, if  
any, but they aren't always getting paid for it. Tho I really like my  
job, I'd take a paycut to get that metasploit job ;)
I'll probably return to the CS masters at some point, but not anytime  
soon. 
_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com
_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com