Re: [PEN-TEST] Education. Formal or not?

[Johann van Duyn <johann.vanduyn () APPLETON COM>]

Plus, a formal education teaches you to READ, and the value of that should
not be underestimated. My formal education is somewhat classical -- not at
all computer related -- and yet the disciplines I learnt during that
education stood me in very good stead when I turned my hobby into my day
job. In fact, it has enabled me to pick up on new stuff far quicker than
others who have been computer professionals far longer than myself.

As an added bonus, you learn far more than merely the nuts and bolts of the
technology you want to work with. The ability to write lucidly (have a look
around, and notice how many IT people on mailing lists are unable to
communicate their thoughts in a coherent fashion, even though those thoughts
might be profoundly insightful) is a must if you are to present the results
of a penetration test to a paying customer, and guess what you're learning
to do when you get (paper) assignments and take (written) tests? Also, the
ability to think 'outside of the box' is a major plus, although classicists
tend to do that better than physicists, generally speaking. And so I could
wax on.

No knowledge is wasted, but more important than the knowledge you assimilate
while undergoing a formal education, is the honing of you skill at
assimilating knowledge, something that will stay with you and serve you well
long after the knowledge you learnt at university/college/school/wherever
has become worthless in the marketplace.

Just my R0.02...

:-)

+----------------
| Johann van Duyn BA, MCSE, BCP-ISS
| Network Manager: The Appleton Group Ltd
| johann.vanduyn () appleton com
| tel. +27 21 7998026
| cel. +27 82 4588472
| fax. +27 21 7944677
+----------------

"Many that live deserve death. And some that die deserve life. Can you give
it to them? Then do not be too eager to deal out judgement. For even the
very wise cannot see all ends."
                -- Gandalf, in "Lord of the Rings" by JRR Tolkein


-----Original Message-----
From: Nicholas Harring [mailto:miniluv () MINILUV COM]
Sent: 08 November 2000 11:26
To: PEN-TEST () SECURITYFOCUS COM
Subject: Re: [PEN-TEST] Education. Formal or not?


Being in somewhat the same boat, but at an earlier stage in the career path,
I've come up with the following reasons for my decision to get a college
degree..but also why I'm not choosing CompSci or a directly related field.

1) Education of any kind is immensely valuable, if not necessarily
realizable at first blush. Case in point, my last job actively chose to
implement a token ring network, for a variety of reasons. This was a
technology at which I scoffed when I had to read about it for some general
certification I was working towards. Suddenly I was greatly blessed and
looked bright as can be to my employers because I had learned about token
ring already and thus was able to contribute to the project from day one.

2) Computers and their applications, and the risks/vulnerabilities these
inherit, are no longer limited to the hard science world of pure
engineering, pure CompSci or pure programming anymore. Increasingly business
issues are interfering with "best practice" decisions regarding security,
implementation, redundancy, etc. Having a broader knowledge of the business
world, and the fields you might encounter in your career, can definitely
give you interesting insight which might allow you to perform your job
better. For example, if your knowledge of an industry allows you to be
familiar with a quirk of that business that requires a less than perfect
security solution to be implemented, then you're one step ahead with what
was seemingly unrelated knowledge. This is particularly true in industries
that are only beginning to learn about connecting to the Internet and
allowing customers to become part of the data sharing process. In my
experience these are industries like small-run printing and air freight
forwarding. I've been involved in both industries, and some of the solutions
I saw were truly uhm, amazing.

3) I decided to learn about what interests me, and find corrolations into
the field I actually want to work in, namely security. I'm becoming a
physics geek the more I learn about the field, and I'm beginning to see the
tie-ins, especially in the world of crypto, but also in other areas. Besides
which, regardless of the degree, if it sounds geeky it'll look good on a
resume, and that DOES make a difference. Things like physics, mathematics,
number theory, CompSci, EE, these all impress employers...and we have to
have jobs eh?

Anyhow...hope that helps.
Nick Harring
Webley Systems, Inc.
-----Original Message-----

<schnippety-schnip!>


***The Appleton Group Ltd***

This message, including any attachments, is intended only for the individual
or institution to which it is addressed and may contain information that is
privileged, confidential or prohibited from disclosure or unauthorized use.
If the recipient of this transmission is not the intended recipient, you are
hereby notified that any use, reproduction dissemination, copying,
disclosure, modification, distribution and/or publication of this email
message or any of its attachments other than by its intended recipient is
strictly prohibited by the sender. If you have received this message in
error, please notify The Appleton Group Ltd immediately at
postmaster () appleton com and destroy the message and all copies thereof in
your possession.

****************************