Re: Need for college, verses formal training and certifications, in the security field.

[Ray Davidson <gwrd3rd () gmail com>]

Disclaimer: I am a college professor, teaching networking and security so I have some biases, but not what you might 
think. 

I strongly suggest that you not let the lure of "practical experience" tempt you to go that route *instead of* academic 
training. However, you are absolutely right to try to *supplement* your academic training. As an educator and a 
sometime practitioner, I know that it is extraordinarily difficult to stay current oneself, much less sufficiently 
current to train others. This is not intended as a slight to your teachers; it is just a fact that class prepration, 
grading, drumming up research funding, chasing tenure, etc. get in the way. So while you shouldn't bail from academia 
at all (it teaches valuable skills), you will really differentiate yourself by studying for additional certifications, 
searching for ways to get practical experience (work for free if you have to; just keep your grades up). 

I am continually appalled at the percentage of my students who use Windows as their almost-only operating system. 
(Windows is a very fine, and pretty darned secure OS these days, and you better know it as a sysadmin, but some days a 
nancy boy has to man up, if ya know what I mean!). My best students use multiple OSs interchangeably. One of my best 
ones somehow got addicted to building his own *nix kernel, bless his heart, and only used Windows for staying in touch 
with the other half. Guess who had the internship at the National Salvation Army this summer? (At least that's what he 
said the three letter agency was.)

Do what you love. Find people that love it too, and hang out with them. You're going a long way being on this list; I 
recommend the podcast to my students all the time (though not through official channels; there are some "not safe for 
class" things occasionally). Ask questions; people love to help. If you get out of college with a degree, plus a cert 
or two, and some real live practical experience, you will have given yourself a real advantage.

SANS classes are a great way to addict yourself too - if there is a conference in your area there are ways to do it on 
the cheap

Good luck!

Ray


On Sep 24, 2010, at 11:36 PM, Brandon McGinty wrote:

> List,
> I am currently a sophomore in college.
> I have been studying firewalls, Intrusion Detection Systems (IDS),
> systems hardening, Cisco security (though I do not yet have equipment to
> test this), and general network, server, and workstation security.
> I am wondering what your collective thoughts are, in regards to
> university experience, verses practical experience in the security field.
> While university courses certainly give one a more broad understanding
> of the world, there is a good deal of preparation before one can take
> any security classes.
> I'm wondering if there are other possibilities that would help me gain
> employment, or at least a foot in the door.
> I am in a position where it would be possible to study, and become
> certified in several of the current programs, Security+,
> CISA, GIAC, and CISSP, to name a few.
> I have also considered trying to find some security professionals to act
> as mentors, but I am not sure where to start, or if that would be
> beneficial.
> What are your thoughts?
>
> Thanks,
> Brandon McGinty
>
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom () mail pauldotcom com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com

-- 
G W Ray Davidson, PhD
CISSP, CEH, GSLC, GSEC, GCFW, GCFA, GCIH, GCIA

http://www.linkedin.com/in/raydavidson

 : ray () kzodavidsons org

AOL: gwraydavidson3
Twitter: RayDavidson

PGP Key ID 0xD3528EF5

http://www.sans.org/info/30893

_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com