Penetration Testing mailing list archives
Re: RE: Requesting Informational Interview
From: Radmilo Racic <rracic () gmail com>
Date: Tue, 23 Jun 2009 20:18:25 -0700
Not to disagree with the points that a person should really understand what they're doing; I'm disagreeing that you find that in academia. What I've seen from academia in general is a whole lot of theory and very little application. The one exception I would truly make here, and this is off of limited first hand experience would be Ruhr-Universität Bochum. I would've said the exact opposite, people with formal educations tend to lack basic comprehension of matters because by and large they did their course work and that was it; whereas self-taught people found their own motivation and thoroughly explored and *applied* the knowledge.
That's a bit of a generalization. You surely must be referring to the undergrad-level -- if that is the case, I totally agree. However, the story differs at the graduate level -- you basically ARE self-taught. In fact, I (and most other security grad students) was involved in numerous security projects that included writing buffer overflow shellcode and attacking web servers, engineering a secure web server from scratch (later to be scrutinized by a pen-test), modifying a virtual machine to track the flow of confidential information. etc. In addition, most grad students work on independent research projects which usually culminate in conference and journal publications. The amalgamation of knowledge gained from those projects is surely helpful.
Truthfully, after working at some of the top rated jobs in this industry, I'd have to say that probably somewhere around 30% of my competent colleagues had a formal education, or even one that's related (i.e. neel mehta & biology). When I do hire for security and looking at someones CV, I pretty much disregard most all security related training, and throw out CS degree'd applicants, I tend to look for electrical engineers as they've worked closer to what the subject matter is than any other subject.
Interesting observation. Good to know. ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Requesting Informational Interview Rob (Jun 15)
- Re: Requesting Informational Interview Anthony Cicalla (Jun 16)
- RE: Requesting Informational Interview Teodorski, Chris (Jun 16)
- RE: Requesting Informational Interview Rob (Jun 17)
- Re: Requesting Informational Interview Stephen Mullins (Jun 18)
- RE: Requesting Informational Interview Erin Carroll (Jun 18)
- Re: Requesting Informational Interview Stephen Mullins (Jun 19)
- Re: Requesting Informational Interview Rob (Jun 22)
- RE: Requesting Informational Interview Erin Carroll (Jun 18)
- <Possible follow-ups>
- Re: RE: Requesting Informational Interview rracic (Jun 18)
- Re: RE: Requesting Informational Interview Justin Ferguson (Jun 24)
- Re: RE: Requesting Informational Interview Radmilo Racic (Jun 24)
- Re: RE: Requesting Informational Interview Justin Ferguson (Jun 24)
- Fwd: Re: Requesting Informational Interview Rob (Jun 22)
- Re: Requesting Informational Interview Rob (Jun 22)
- Fwd: Re: Requesting Informational Interview Rob (Jun 24)