Re: [PEN-TEST] Education. Formal or not?

[Nicholas Harring <miniluv () MINILUV COM>]

Being in somewhat the same boat, but at an earlier stage in the career path,
I've come up with the following reasons for my decision to get a college
degree..but also why I'm not choosing CompSci or a directly related field.

1) Education of any kind is immensely valuable, if not necessarily
realizable at first blush. Case in point, my last job actively chose to
implement a token ring network, for a variety of reasons. This was a
technology at which I scoffed when I had to read about it for some general
certification I was working towards. Suddenly I was greatly blessed and
looked bright as can be to my employers because I had learned about token
ring already and thus was able to contribute to the project from day one.

2) Computers and their applications, and the risks/vulnerabilities these
inherit, are no longer limited to the hard science world of pure
engineering, pure CompSci or pure programming anymore. Increasingly business
issues are interfering with "best practice" decisions regarding security,
implementation, redundancy, etc. Having a broader knowledge of the business
world, and the fields you might encounter in your career, can definitely
give you interesting insight which might allow you to perform your job
better. For example, if your knowledge of an industry allows you to be
familiar with a quirk of that business that requires a less than perfect
security solution to be implemented, then you're one step ahead with what
was seemingly unrelated knowledge. This is particularly true in industries
that are only beginning to learn about connecting to the Internet and
allowing customers to become part of the data sharing process. In my
experience these are industries like small-run printing and air freight
forwarding. I've been involved in both industries, and some of the solutions
I saw were truly uhm, amazing.

3) I decided to learn about what interests me, and find corrolations into
the field I actually want to work in, namely security. I'm becoming a
physics geek the more I learn about the field, and I'm beginning to see the
tie-ins, especially in the world of crypto, but also in other areas. Besides
which, regardless of the degree, if it sounds geeky it'll look good on a
resume, and that DOES make a difference. Things like physics, mathematics,
number theory, CompSci, EE, these all impress employers...and we have to
have jobs eh?

Anyhow...hope that helps.
Nick Harring
Webley Systems, Inc.
-----Original Message-----
From: Penetration Testers [mailto:PEN-TEST () SECURITYFOCUS COM]On Behalf
Of ph00dy
Sent: Tuesday, November 07, 2000 11:01 PM
To: PEN-TEST () SECURITYFOCUS COM
Subject: [PEN-TEST] Education. Formal or not?


I apologize if this is inappropriate, but I have no other qualified party to
address this to.

        Both myself and others that I know are in a bit of a dilemma . I'm a
younger member of the information security community. I am working as a
security administrator and attending college nearly full time. While at
school I learn nothing about what I am interested in. Sure we do have
programming and networking classes, but it is all very behind what is going
on right now. Most of my time is spent correcting the teacher with "that was
3 years ago" or "read this book and you'll see what I'm talking about". On
the whole I am wondering if it is actually inhibiting me from learning more
important and valuable things. While at home and at work I am able to stay
on top of what is going on now and advance my knowledge. This practice of
learning important and pertinent information is heavily bogged down by the
work load caused by the inferior curriculum of college. Meanwhile my
non-college attending peers are advancing faster than I can due to their
lack of time restrictions. So I decided to ask you, the more seasoned
members of infosec community what your thoughts and experiences are
concerning this matter.

My questions are:

1.Is college a waste of time for pen-test/auditing/risk assessment
professionals?
2.If so how does one prove what they know to a perspective employer?
3.What is the practical value of a college degree in our field? What about
in the long run?

Thanks in advance..
Phoodrow Wilson.