Re: [PEN-TEST] Education. Formal or not?

[Erik Tayler <erik () DIGITALOFFENSE NET>]

> My questions are:
>
> 1.Is college a waste of time for pen-test/auditing/risk assessment
> professionals?

For me, it was a large waste of my time, learning nothing related to my
field. As you had stated in your message body, most of the time was
spent correcting the inferior knowledge of the teachers. The curriculum
was poor, and far behind the time. Whilst not related at all to
security, they offered information technology classes
[networking,programming,etc], and those classes were lagging in
potential.

> 2.If so how does one prove what they know to a perspective employer?

Experience is a big plus, be it in the security industry or not. Systems
administration, programming, basic knowledge of a wide variety of
things, et cetera, will help you. While not having a degree will
probably disable you from entering a company at a very high level [in
some cases], it doesn't at all prohibit you from getting a job.

> 3.What is the practical value of a college degree in our field? What about
> in the long run?

In the security industry, there really are no specific applicable
degrees [as far as I know]. But don't let that stop you from getting a
business degree, or whatever your interests are, it will help you in the
longrun.

I felt that I could reply to this e-mail because that sounds somewhat
like the predicament that I was in. I recently "stopped" college, and
got a job in the security industry... and while I am not entering in the
highest of positions, there is high potential.

Erik Tayler
http://www.digitaloffense.net