Penetration Testing mailing list archives
Re: [PEN-TEST] Education. Formal or not?
From: Nicholas Harring <miniluv () MINILUV COM>
Date: Wed, 8 Nov 2000 03:25:59 -0600
Being in somewhat the same boat, but at an earlier stage in the career path, I've come up with the following reasons for my decision to get a college degree..but also why I'm not choosing CompSci or a directly related field. 1) Education of any kind is immensely valuable, if not necessarily realizable at first blush. Case in point, my last job actively chose to implement a token ring network, for a variety of reasons. This was a technology at which I scoffed when I had to read about it for some general certification I was working towards. Suddenly I was greatly blessed and looked bright as can be to my employers because I had learned about token ring already and thus was able to contribute to the project from day one. 2) Computers and their applications, and the risks/vulnerabilities these inherit, are no longer limited to the hard science world of pure engineering, pure CompSci or pure programming anymore. Increasingly business issues are interfering with "best practice" decisions regarding security, implementation, redundancy, etc. Having a broader knowledge of the business world, and the fields you might encounter in your career, can definitely give you interesting insight which might allow you to perform your job better. For example, if your knowledge of an industry allows you to be familiar with a quirk of that business that requires a less than perfect security solution to be implemented, then you're one step ahead with what was seemingly unrelated knowledge. This is particularly true in industries that are only beginning to learn about connecting to the Internet and allowing customers to become part of the data sharing process. In my experience these are industries like small-run printing and air freight forwarding. I've been involved in both industries, and some of the solutions I saw were truly uhm, amazing. 3) I decided to learn about what interests me, and find corrolations into the field I actually want to work in, namely security. I'm becoming a physics geek the more I learn about the field, and I'm beginning to see the tie-ins, especially in the world of crypto, but also in other areas. Besides which, regardless of the degree, if it sounds geeky it'll look good on a resume, and that DOES make a difference. Things like physics, mathematics, number theory, CompSci, EE, these all impress employers...and we have to have jobs eh? Anyhow...hope that helps. Nick Harring Webley Systems, Inc. -----Original Message----- From: Penetration Testers [mailto:PEN-TEST () SECURITYFOCUS COM]On Behalf Of ph00dy Sent: Tuesday, November 07, 2000 11:01 PM To: PEN-TEST () SECURITYFOCUS COM Subject: [PEN-TEST] Education. Formal or not? I apologize if this is inappropriate, but I have no other qualified party to address this to. Both myself and others that I know are in a bit of a dilemma . I'm a younger member of the information security community. I am working as a security administrator and attending college nearly full time. While at school I learn nothing about what I am interested in. Sure we do have programming and networking classes, but it is all very behind what is going on right now. Most of my time is spent correcting the teacher with "that was 3 years ago" or "read this book and you'll see what I'm talking about". On the whole I am wondering if it is actually inhibiting me from learning more important and valuable things. While at home and at work I am able to stay on top of what is going on now and advance my knowledge. This practice of learning important and pertinent information is heavily bogged down by the work load caused by the inferior curriculum of college. Meanwhile my non-college attending peers are advancing faster than I can due to their lack of time restrictions. So I decided to ask you, the more seasoned members of infosec community what your thoughts and experiences are concerning this matter. My questions are: 1.Is college a waste of time for pen-test/auditing/risk assessment professionals? 2.If so how does one prove what they know to a perspective employer? 3.What is the practical value of a college degree in our field? What about in the long run? Thanks in advance.. Phoodrow Wilson.
Current thread:
- [PEN-TEST] Education. Formal or not? ph00dy (Nov 08)
- Re: [PEN-TEST] Education. Formal or not? Erik Tayler (Nov 09)
- Re: [PEN-TEST] Education. Formal or not? Gregory McCann (Nov 09)
- Re: [PEN-TEST] Education. Formal or not? Nasir Farhat Khan (Nov 09)
- Re: [PEN-TEST] Education. Formal or not? Nicholas Harring (Nov 09)
- Re: [PEN-TEST] Education. Formal or not? Shetron, Richard (Nov 09)
- <Possible follow-ups>
- Re: [PEN-TEST] Education. Formal or not? David Ford (Nov 09)
- Re: [PEN-TEST] Education. Formal or not? Johann van Duyn (Nov 09)