RE: To go to University - For the CISSP etc. - Good idea/Bad idea???

["Bob Bell (rtbell)" <rtbell () cisco com>]

Adriel, et al - 

While I agree with your assertion that the information gained in pursuing a
degree is dated from almost the outset, having the college degree card is A
major requirement to even get into the door. I know from my own experience
that the lack of same is a major handicap. So, yes, pursue the degree in an
engineering or CS or Network environment, but also study and learn on the
job. Having a couple of certifications (CCNA security, CSSLP, CISSP,
whatever) will allow you to standout in the crowd, but not having the degree
basically sinks both of your feet into a concrete block.

Bob 

> -----Original Message-----
> From: listbounce () securityfocus com 
> [mailto:listbounce () securityfocus com] On Behalf Of Adriel T. Desautels
> Sent: Friday, 07 August, 2009 07:19
> To: Adam K
> Cc: James Copeland; Hy Zaret; pen-test () securityfocus com
> Subject: Re: To go to University - For the CISSP etc. - Good 
> idea/Bad idea???
>
> 1-) Fact, technology evolves so quickly that "new" technology 
> is considered "old" within the course of one year.
> 2-) Fact, security is one of the most rapidly evolving areas 
> of technology.
> 3-) Fact, most degrees take at least 4 years to attain.
>
> If you are interested in becoming a security professional, 
> what you learn in school will be out-dated by the time you 
> graduate.  The only thing that you will have that will be of 
> any real value will be your experience in performing research 
> or in delivering security services, or maybe in the creation 
> of security technologies.  A degree can not, and will not 
> make you a security expert... only hands on experience and 
> bleeding edge exposure can do that.  You get that exposure by 
> doing and universities don't "do" all that well.
>
> When I was in college I was also working full time making the 
> salary of a senior software engineer.  In doing that I 
> quickly realized that college was useless for me as it wasn't 
> teaching me anything that I needed to know.  I found that I 
> was learning about the real and current technology world 
> while at work, and learning about the old and dusty 
> technology world while at school.  Most of the skills that 
> they were teaching us at school, especially with respect to 
> security, were dated or becoming dated.  The only thing that 
> I found useful was C, C+ 
> +, and the other programming languages that I learned.  Mind you, I
> wasn't taught by anyone, I was given a book and told to study 
> it.  I don't need to pay $45,000/year to be told to read a 
> book, I can do that on my own.  If you feel that you need to 
> pay that much to read a book then give me a call, I've got a 
> lot of good reading material for you.
>
> With regards to technology, most of the time the only thing 
> that a degree will satisfy is the emotional and political 
> requirement of the old school mindset.  The truth is that 
> some of the best talent doesn't come with a degree.
>
> Naturally, degrees are required for doctors, lawyers, etc.  
> I'm not suggesting that they don't have a place.  I am saying 
> that specific to security they are nearly useless when 
> compared to real world experience.
>
>
>
> On Aug 6, 2009, at 9:22 PM, Adam K wrote:
>
> > Right, Gates doesn't have a degree, but his career path is an 
> > exception.
> >
> > I liken him to a baseball player... Ball players that get drafted 
> > early (standout players with skills and sometimes luck) 
> usually don't 
> > get to finish their degree. Those drafted later (not standout
> > players) have time to finish their degree.
> >
> >
> > I have never met an individual that regrets their time spent in 
> > college or their work toward a degree. I know countless people that 
> > regret not getting a degree. Not too mention you typically 
> make social 
> > connections that will last a lifetime.
> >
> >
> >
> > On Thu, Aug 6, 2009 at 5:32 PM, Adriel T. Desautels 
> > <ad_lists () netragard com
> > > wrote:
> > Bill gates doesn't have a degree.
> >
> >
> > On Aug 6, 2009, at 3:11 PM, James Copeland wrote:
> >
> > What I have found is that school is the way to go.  People 
> will look 
> > at you with your certifications but without the college degree to 
> > "back them up" that is all that they will do.  Another good 
> reason for 
> > college is that some employers will bump that pay up for 
> just having a 
> > degree, no matter even if it is underwater basket weaving.  
> Good luck.
> > Jimmy
> >
> > On Thu, Aug 6, 2009 at 03:26, Hy Zaret<hyzaret () gmail com> wrote:
> > Greetings & Salutations to all!
> >
> > I've been training myself for a while, and have recently 
> came to the 
> > conclusion that University would be my best choice.
> >
> > The main reasons I made this decision are; . Social reasons . 
> > Educational advantages . Takes years off the experience 
> needed to take 
> > the CISSP
> >
> > I'm writing on these mailing-lists for two reasons; . To 
> find out what 
> > you think of my choice (not locked in yet!!!) . For advice on which 
> > course to go for (Sydney, NSW, Australia)
> >
> > I am wishing sometime in the future to begin a career in IT 
> Security.
> > Although being under 18, I have still found time to achieve various 
> > certifications; including CompTIA's Security+, three Cisco 
> > certifications & a Microsoft accreditation.
> >
> > Also, for the last 4 months I've been working full-time on the 1st 
> > Level of an IT Helpdesk.
> >
> > Am very open to ideas, so would be interested in reading & 
> answering 
> > your replies!
> >
> > Thank you for reading this,
> >
> > Hy Zaret
> ----------------------------------------------------------------------
> > -- This list is sponsored by: Information Assurance Certification 
> > Review Board
> >
> > Prove to peers and potential employers without a doubt that you can 
> > actually do a proper penetration test. IACRB CPT and CEPT certs 
> > require a full practical examination in order to become certified.
> >
> > http://www.iacertification.org
> ----------------------------------------------------------------------
> > --
> ----------------------------------------------------------------------
> > -- This list is sponsored by: Information Assurance Certification 
> > Review Board
> >
> > Prove to peers and potential employers without a doubt that you can 
> > actually do a proper penetration test. IACRB CPT and CEPT certs 
> > require a full practical examination in order to become certified.
> >
> > http://www.iacertification.org
> ----------------------------------------------------------------------
> > --
> >
> >
> >
> >
> >        Adriel T. Desautels
> >        ad_lists () netragard com
> >        --------------------------------------
> >
> >        Subscribe to our blog
> >        http://snosoft.blogspot.com
> ----------------------------------------------------------------------
> > -- This list is sponsored by: Information Assurance Certification 
> > Review Board
> >
> > Prove to peers and potential employers without a doubt that you can 
> > actually do a proper penetration test. IACRB CPT and CEPT certs 
> > require a full practical examination in order to become certified.
> > http://www.iacertification.org
> ----------------------------------------------------------------------
> > --
>
>
>
>       Adriel T. Desautels
>       ad_lists () netragard com
>          --------------------------------------
>
>       Subscribe to our blog
>          http://snosoft.blogspot.com
>
>
> --------------------------------------------------------------
> ----------
> This list is sponsored by: Information Assurance 
> Certification Review Board
>
> Prove to peers and potential employers without a doubt that 
> you can actually do a proper penetration test. IACRB CPT and 
> CEPT certs require a full practical examination in order to 
> become certified. 
>
> http://www.iacertification.org
> --------------------------------------------------------------
> ----------

Attachment: smime.p7s
Description: