RE: Security Universitites and Certifications

["Hagen, Eric" <ehagen () DenverNewspaperAgency com>]

Well, first of all, make sure you can pass the A+, even if you don't take
the test, that level of knowledge is basically required for more advanced
level certs and experience.  I like the CompTIA track for an intro-level
certifications.  A+, Network+, Security+, Server+.  Some people argue that
they're not as valuable but I like them for the fact that they are a broad
base.

Other than that, build a PC, install Linux, learn to program (I think this
is a very important and oft-overlooked area that all GREAT pen-testers and
hackers are very skilled at).  

I'd offer to let you shadow here, but I live about 2500 miles away.  :-)
But good luck anyway!

Eric Hagen

-----Original Message-----
From: Chris Saulnier [mailto:chris.saulnier () ns sympatico ca]
Sent: Wednesday, October 08, 2003 6:01 PM
To: security-basics () securityfocus com
Subject: Security Universitites and Certifications


First a little bit about myself, I'm a grade 10 student at a public school
in Dartmouth, Nova Scotia, Canada. I've had an interest in computers for a
long time, and after delving into the darker side of things I joined this
list and have been reading it for a bit. I want to start planning for my
future, and I've been doing allot of thinking on the subject. I would like
to have a degree in some form of computer science, and right now I think
that security is the area which I would like to focus on. What I would
really like to be is a pen tester for a computer security consulting firm,
and hope to start on a path that will allow me to do that.

I don't really want to be a drone at a big software company, I've come up
with two general ideas of what I would like to do for my education. I could
go to a prestigious ( read as expensive ) school, something like MIT, for
some form of computer science (security related), and then if I can afford
it, get a masters, then enter the workforce. Or, plan B which I would also
like to do, would be
to go to a less expensive school for computer science and then attend a
school for a law degree, and deal with computer law, which I believe will be
a very big 'industry' by the time I get of out school, and something I would
be interested in doing. Also, it would be a good degree to have if I decided
to follow my 'dream' of being a pen tester, with the legalities of it all.

Right now, I'd like to start looking into universities a little so I can get
an idea what's out there, and I would like to start working towards some
security certifications. I am somewhat working towards an A+ certification
with an
outdated book, so I will have to purchase a newer book before I can take the
new exams. While Hardware isn't my main (or even second last *wink*)
interest, reading this book is really giving me a better insight into how
computers work on the lowest level, which helps to also understand how some
exploits work. I hope to do more security related certs, and am looking for
some help in deciding which ones would be the best for me right now.

I've been trying to lead a rounded life, playing sports, volunteering (of
course computer related *grin*), and doing well in school, in Grade 9, which
doesn't matter, I got 100% on both my science and math exam, and 90%+ on all
of my other exams, and plan to continue this through school. I also plan to
have a academically heavy course load through all three years of school,
taking all the honors courses I can, so I can hopefully choose what
university I want to go to.

I plan on traveling to attend university. While the United States or Canada
is the plan, European Universities are not out of the question. First off,
one question I have is does having a second language count for allot in a
computer science school? This year I'm taking French, but it won't really
fit into my schedule for the next 2 years.

So If you guy's could send me some names of good universities that have a
strong reputation in computer security and a little bit about them that
would be great. While I realize that this is a very generalized question, I
still have two years to figure out what I want to do, so I have a long time
to look through all of your answers.

Before I go to university, I would also like to get some certs. I hope to
get A+ soonish, so but instead I may just start on other certifications more
related to security, my field of interest. I just heard about the CEH cert
today on the list, and I was
wondering if it was any good? (http://www.eccouncil.org/CEH.htm)  It covers
topics that I would be interested in, but like I've read, it should be
called certified script kiddie as it's mostly using prewritten tools and
exploits. Although getting a base semi-professional 'how to hack' cert would
be nice I think. Also what do you guys/girls think about Security+.

Any other certifications you think would be good for me, please point me
towards them.

If anyone would be interested in a more in-depth discussion with a security
n00b, or
if anyone who lives around me works in the computer industry, please contact
me, as I have to do a job shadowing project soon and would love to shadow
someone in the industry -grin-


Chris Saulnier
chrisDOTsaulnierATnsDOTsympaticoDOTca



---------------------------------------------------------------------------
----------------------------------------------------------------------------

---------------------------------------------------------------------------
----------------------------------------------------------------------------