Penetration Testing mailing list archives
Re: To go to University - For the CISSP etc. - Good idea/Bad idea???
From: Robin Wood <dninja () gmail com>
Date: Sat, 15 Aug 2009 10:35:00 +0100
2009/8/10 Derek Fountain <derekfountain () yahoo co uk>:
Adriel T. Desautels wrote:Getting a degree in Computer Science and similar areas of study is almost pointless because the knowledge that you collect will be dated by the time you graduate. Can you argue that point? Can you tell me that its not true?It's not true, not in the slightest. I graduated in 1995, just as the WWW was beginning to gain traction. Let me have a think back to what I studied and what's still useful today. Well, the underlying networking stuff hasn't changed a great deal. We looked in great depth at low level protocols, and IPv4 and ethernet are still largely as they were then. Higher level protocols have been added of course, and IPv6 wasn't on the radar back then, but the basics are still the same. Principles like latency are still relevant regardless of protocol. Most of the programming is still relevant. All the very low level stuff is the same; binary and hex haven't changed any. Concepts such as memory management (heaps vs stacks, etc.) and algorithms are still the same. Garbage collection is the only major thing I can think of that's appeared since I studied these things. A modern buffer overflow in 'C' still looks very much like it did in 1992. SQL has improved a lot over the years, but is still fundamentally SELECTs and UPDATEs. Object orientation has moved on a long way, but they taught me enough of the basics to know I didn't like it, and I still don't. The business stuff we covered is still relevant - clients, cost vs expenditure, hiring, etc. Given I've been running my own business since '96 I rather wish I'd paid more attention to this content. All the "information analysis" remains relevant: applied mathematics basically. Plus I got taught concepts like language grammar, data normalisation, requirements analysis, etc., which are still completely relevant. In the interests of fair debate I'll consider what has changed. The "Computer Interaction" part of "Human Computer Interaction" got left behind pretty quickly as GUIs developed and the web became mainstream. The "Human" part is still the same though: the psychology of using complex machines hasn't changed a great deal. The operating system stuff dated very quickly. The UNIX material is probably still relevant, but not the DOS or VMS. Underlying principles of system programming, like IPC, locality of data, etc., remain useful, even though things have moved on. I'd go as far as to say that the vast majority of what I studied is still useful. Had I chosen a course that taught me the intricacies of Wordperfect and only how to be a Pascal programmer it would undoubtedly been a waste of time. As it was, when I started out, I wanted to be an systems or application level programmer. My degree set me up for that very nicely, and things continued to work out well when I started to get interested in security. So, on reflection, I'd say that your assertion that getting a degree in Computer Science is almost pointless because the knowledge dates too quickly is wrong.
I'd agree with this. I was at uni in the mid 90's and I still find myself doing things and knowing things that I was taught on the course. A really simple example, linked lists, they still work in exactly the same was as when I learnt them years ago. I think a degree gives you a very solid base to build things on and while some of it will date the basic building blocks will stay the same. I'd also say that 3 years at uni while being harder on the pocket now than when I did it, is 3 years well spent in learning life and independence in a safe environment. Robin ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Re: To go to University - For the CISSP etc. - Good idea/Bad idea???, (continued)
- Re: To go to University - For the CISSP etc. - Good idea/Bad idea??? R. DuFresne (Aug 07)
- Message not available
- Re: To go to University - For the CISSP etc. - Good idea/Bad idea??? Adriel T. Desautels (Aug 07)
- Re: To go to University - For the CISSP etc. - Good idea/Bad idea??? Brad Bendily (Aug 09)
- RE: To go to University - For the CISSP etc. - Good idea/Bad idea??? Craig S. Wright (Aug 09)
- Re: To go to University - For the CISSP etc. - Good idea/Bad idea??? Adriel T. Desautels (Aug 09)
- Re: To go to University - For the CISSP etc. - Good idea/Bad idea??? Adriel T. Desautels (Aug 09)
- RE: To go to University - For the CISSP etc. - Good idea/Bad idea??? Bob Bell (rtbell) (Aug 09)
- Re: To go to University - For the CISSP etc. - Good idea/Bad idea??? R. DuFresne (Aug 09)
- Re: To go to University - For the CISSP etc. - Good idea/Bad idea??? Adriel T. Desautels (Aug 09)
- Re: To go to University - For the CISSP etc. - Good idea/Bad idea??? Derek Fountain (Aug 15)
- Re: To go to University - For the CISSP etc. - Good idea/Bad idea??? Robin Wood (Aug 15)
- Re: To go to University - For the CISSP etc. - Good idea/Bad idea??? Jay Dyson (Aug 07)
- RE: To go to University - For the CISSP etc. - Good idea/Bad idea??? Gorgon Beast (Aug 09)
- Re: To go to University - For the CISSP etc. - Good idea/Bad idea??? Webmaster (Aug 09)