Penetration Testing mailing list archives
Re: University plan
From: Todd Haverkos <infosec () haverkos com>
Date: Sat, 18 Sep 2010 10:57:55 -0500
kalgecin <kalgecin () gmail com> writes:
hey guys, I'm in my final year of high school and I'm planning to go to university. As all people, I have trouble finding the right one ( or a good one ). So I'm asking you people to recommend any nice universities that teach good computer security, that is more practical than theoretical. Please also tell me to which university you attended and how was it? and any other general advice
First, I entirely disagree with the "college vs university" comment made by another poster. The theory vs practicality of a given program varies WAY too much by individual institution/program to make such generalizations of much use in narrowing down your search for a school that's right for you. I'll start with a specific recommendation: I've been impressed with DePaul's program in information security, or at least the many many excellent people I've met who are recent graduates. Had I known in HS that there was a market for the field I'm now in many years later, I'd definitely put that one on my short list to check out. Depaul is in Chicago, IL USA (you don't mention where you're looking to go to school). Myself, I have electrical and computer engineering degrees that (sometimes indirectly) led to my multi-platform computing with many flavors of unix, DOS, windows and specialized embedded OS's, as well as networking experience, knowledge of how integrated circuits, CPU's, systems, RF technologies, and computer architectures work both theoretically and from the transistor level all the way up to the system level. I've programmed in C, C++, Verilog, and written microcode and can visualize how it does its magic because in my computer engineering work, I've had to implement a microsequecer. From my EE work, I know the pointy end of a soldering iron and how to get around an oscilloscope. It's all excellent background to understand hacking and security and more generally to think in a manner that takes a methodical approach to solving problems and inventing solutions. But what's cool about infosec is our diversity--I've met top shelf infosec folks from all sorts of backgrounds. I've got a coworker that works professionally as an excellent penetration tester with a Theology degree, for example. So as Larry Wall says about Perl, "there's more than one way to do it." It'll be your desire and self teaching that's likely to propel you the most, and allow you to get the most out of whatever education you pursue. It's also worth mentioning the contribution of employers and future coworkers to your training. I've been fortunate to have worked for companies that (at least initially) had excellent commitments to employee development and provided focused industry training on skills directly needed for the job. The most relevant and current techniques are not something you're likely to learn in a University/College setting, but industry training, having the opportunity to work with Really Smart People, and keeping current with infosec via podcasts, twitter, mailing lists like this are what will keep you closer to the leading edge. This may be worth keeping in mind when you choose your first employer. Also think about universities that have good intern and co-op programs with companies that do work you're interested in doing. Finally, no discussion of this level of education juxtaposed into security would be complete without acknowledging that this industry -- more than most-- has a very large number of outstanding practitioners in it who don't have a college degree. I'm still a strong advocate of pursuing a degree as it's a prerequisite to employment at so many organizations, but if you hear folks who say "you don't need a degree to be great at security" or "you won't learn current attacks and defenses in school" well, there is something to what they say. All the same, the discipline and the credentialing of a quality university program is education that no one can ever take away from you, and will remain a differentiator for you among those who didn't choose that path. And for better or worse, the folks in human resources making hiring decisions in many cases will often take an easy road in sending resumes to the trash. Good luck in your decision, and kudos on having a strong idea of what you want to do! Best Regards, -- Todd Haverkos, LPT MsCompE http://haverkos.com/ ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Re: University plan, (continued)
- Re: University plan Brian Boyter (Sep 17)
- Re: University plan Riley, Jack W ERDC-ITL-MS (Sep 19)
- Re: University plan Alexander Chayka (Sep 17)
- Re: University plan Blyth A J C (AT) (Sep 18)
- RE: University plan Jalal Atik (Sep 18)
- Re: University plan Tim (Sep 18)
- Re: University plan kalgecin (Sep 18)
- Re: University plan Mark Miller (Sep 18)
- RE: University plan Cathryn Olds (Sep 18)
- Message not available
- Re: University plan kalgecin (Sep 20)
- Message not available
- Re: University plan Brian Boyter (Sep 17)
- Re: University plan Todd Haverkos (Sep 18)