Re: Advice for someone interested in a security career?

[Eric <eric () sandpile net>]

Chris Rodgerson wrote:

> Hi all,
>
> I'm a student nearing the end of my degree course in Computer Science
> (currently on sandwich placement year, hence the @oracle.com email address),
> and I have decided that computer, and network security in particular, is the
> career I wish to pursue. I have a few options:
>
> 1) Finish my MEng Computer Science, and try to get a job (without any
> security-specific qualifications, save for a couple of courses completed as
> part of my degree)  (2 Years more study)
> 2) Finish my degree a year early, qualifying with a BSc Computer Science,
> and then apply for Masters degree in a more specialised Security-related
> topic. (3 years)
> 3) Finish my MEng and then do a PhD in a more specialised Security-related
> topic.(4-5 years)
>
> In your opinions, which would be the better option in furthering my career
> in Security? Would more on-the-job experience be preferable to employers, or
> would they rather have someone with more (relevant) qualifications? I'm not
> sure if I would have the patience to complete a PhD, but then again you may
> think it's worth it.
>
> As a sidenote, I am based in Europe (specifically Ireland), which may or may
> not influence your answers.
>
> Thanks in advance,
> Chris
>
>
> ---------------------------------------------------------------------------
> ----------------------------------------------------------------------------
>
>
>
>  

Chris,

First of all, it's easier for those of us who read with threaded mail 
clients, if you post a new message rather than reply to someone else's 
and then erase their comments.

As for the degrees required.  I rolled those thoughts around for awhile 
myself.  I was about to finish a BS degree in Computer Engineering when 
I realized I wanted to pursue a career in IT & security.  The University 
I was attending (Iowa State) actually has a very specific MS program 
called "Information Assurance" and is very highly regarded.  I have been 
a bit disappointed by other University's courses and degrees in the 
area.  Many will give you a MS in Computer Science and just tack on a 
"focus" on security, which is not what I was interested in.

In any case, I opted to take a job offer doing general-IT work 
immediately after finishing my BS degree.  This was partially motivated 
by my debts, which were starting to rack up (it pays reasonably well) 
and partly motivated by several managers and other indicators that 
seemed to show me that the MS in security, while helpful, was not well 
understood by employers.  In addition, there is NO substitute for a 
strong portfolio of certifications and work experience.  Ideally, you 
would have both, but in my situation I decided it was best to get to the 
more practical experience as soon as I could.

However, because the market was (and still is) fairly rough, I had 
always planned to enroll in the MS program if I could not immediately 
find a job upon graduation.   So, if this offer had not come up, I would 
be finishing my MS in "Information Assurance" sometime this year, 
instead of looking at a promotion to a more security-focused job and 
even higher pay.

Take it with a grain of salt, I don't have nearly as much experience as 
others, but I really feel like i made the right decision.

Eric Hagen


---------------------------------------------------------------------------
----------------------------------------------------------------------------