Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: To go to University - For the CISSP etc. - Good idea/Bad idea???

From: Derek Fountain <derekfountain () yahoo co uk>
Date: Mon, 10 Aug 2009 15:14:23 +0100
Adriel T. Desautels wrote:

Getting a degree in Computer Science and similar areas of study is
almost pointless because the knowledge that you collect will be dated
by the time you graduate.  Can you argue that point? Can you tell me
that its not true?


It's not true, not in the slightest.
I graduated in 1995, just as the WWW was beginning to gain traction. Let me have a think back to what I studied and what's still useful today.
Well, the underlying networking stuff hasn't changed a great deal. We looked in great depth at low level protocols, and IPv4 and ethernet are still largely as they were then. Higher level protocols have been added of course, and IPv6 wasn't on the radar back then, but the basics are still the same. Principles like latency are still relevant regardless of protocol.
Most of the programming is still relevant. All the very low level stuff is the same; binary and hex haven't changed any. Concepts such as memory management (heaps vs stacks, etc.) and algorithms are still the same. Garbage collection is the only major thing I can think of that's appeared since I studied these things. A modern buffer overflow in 'C' still looks very much like it did in 1992. SQL has improved a lot over the years, but is still fundamentally SELECTs and UPDATEs. Object orientation has moved on a long way, but they taught me enough of the basics to know I didn't like it, and I still don't.
The business stuff we covered is still relevant - clients, cost vs expenditure, hiring, etc. Given I've been running my own business since '96 I rather wish I'd paid more attention to this content. All the "information analysis" remains relevant: applied mathematics basically. Plus I got taught concepts like language grammar, data normalisation, requirements analysis, etc., which are still completely relevant.
In the interests of fair debate I'll consider what has changed. The "Computer Interaction" part of "Human Computer Interaction" got left behind pretty quickly as GUIs developed and the web became mainstream. The "Human" part is still the same though: the psychology of using complex machines hasn't changed a great deal. The operating system stuff dated very quickly. The UNIX material is probably still relevant, but not the DOS or VMS. Underlying principles of system programming, like IPC, locality of data, etc., remain useful, even though things have moved on.
I'd go as far as to say that the vast majority of what I studied is still useful. Had I chosen a course that taught me the intricacies of Wordperfect and only how to be a Pascal programmer it would undoubtedly been a waste of time. As it was, when I started out, I wanted to be an systems or application level programmer. My degree set me up for that very nicely, and things continued to work out well when I started to get interested in security.
So, on reflection, I'd say that your assertion that getting a degree in Computer Science is almost pointless because the knowledge dates too quickly is wrong. 

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board
Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. 
http://www.iacertification.org
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: