Penetration Testing mailing list archives
Re: To go to University - For the CISSP etc. - Good idea/Bad idea???
From: Todd Haverkos <infosec () haverkos com>
Date: Sat, 08 Aug 2009 10:36:56 -0500
Hy Zaret <hyzaret () gmail com> writes:
Greetings & Salutations to all! I've been training myself for a while, and have recently came to the conclusion that University would be my best choice. The main reasons I made this decision are; Social reasons Educational advantages Takes years off the experience needed to take the CISSP I'm writing on these mailing-lists for two reasons; To find out what you think of my choice (not locked in yet!!!) For advice on which course to go for (Sydney, NSW, Australia) I am wishing sometime in the future to begin a career in IT Security. Although being under 18, I have still found time to achieve various certifications; including CompTIA's Security+, three Cisco certifications & a Microsoft accreditation. Also, for the last 4 months I've been working full-time on the 1st Level of an IT Helpdesk. Am very open to ideas, so would be interested in reading & answering your replies!
Hi Hy, It depends. There have been many good points raised by the flurry of responders your topic has gathered. It's a hot button issue in the industry since o there are a bunch of really really sharp security folks out there who happen to not have a degree but nonetheless are outstanding o there are also a bunch of folks with degrees and lots of letters behind their names who still manage to stink (i.e. "paper tigers") The reasons for this situation is that the skills needed to be great at security are not taught in colleges, and what's worse, it's hard to find a college whose curriculum might even make you even _passable_ at security as a fresh out. But, since the same can be said of so so many professions that require niche skills, this shouldn't be tremendous news to anyone. A few bits I'd add to the discussion: o You may have heard the economy (at least where I live) isn't so hot right now. It's really not a bad time to hide out doing something useful in school... o Sadly, there are some employers who simply won't consider someone for a new hire without a degree. If you want to be part of a mid - to - big company at some point, consider that. Conversely, I can't think of situation where having a degree is ever a minus. o Unless you actively seek out a school that actually has a faculty that knows jack about computer security, don't expect to learn much directly applicable security in your computer science course work. You will gather useful skills and background, no doubt, but the odds of you graduating and being useful to a security consultancy immediately based on what your professors may teach you is next to 0. So don't lose that intellectual curiosity, do take every opportunity to learn the coding skill, take an OS course, take an assembly course, take a computer architecture course, take and information theory or systems course, hell take a digital design course. But keep active on the side too, because by the time yer done you might have the next killer must have security tool or appliance to uncork on the world. It seemed to work for Chris Klaus. o Don't go to college with the thought of shaving a few years experience off some certification's requirements. CISSP won't hurt ya, and it's probably the certification out there with the biggest name recognition, but going to college with the CISSP in mind is not a good reason alone. Countless other good reasons to get a degree and go to college, but to shave years off an industry cert is not one of them. You seem to have a good handle on the other benefits, though. o If you are in emerging market where the security space I'm told is still quite hot, and if you have any strong "start your own business" or "get involved in a startup" leanings... you might consider the opportunity cost (in terms of time and startup capital) of being in school for 4 years Finally, o If you're truly outstanding at what you do and network effectively, you'll be hired and useful in any economy, with or without a degree. I also don't see security as getting any less important market wise in the next 6 years. Businesses don't like losing money or being sued, so they'll continue to be seeking these skill sets. The skills I learned in college that I use directly daily are: o the discipline to slog through and finish something even if it's a pain o the ability to quickly determine what I do and don't know (and to sense when someone doesn't know what they don't know!) o how to learn/research what I don't know quickly o technical problem solving o English written communication There's a long long list of other things I learned in college that have enriched me, but don't get used on the job every day of course, and if I had it to do all again, I'd probably do it similarly, except getting into security much earlier! Best of luck in your decision! Best Regards, -- Todd Haverkos, LPT MsCompE http://haverkos.com/ ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- RE: To go to University - For the CISSP etc. - Good idea/Bad idea???, (continued)
- RE: To go to University - For the CISSP etc. - Good idea/Bad idea??? Bob Bell (rtbell) (Aug 09)
- Re: To go to University - For the CISSP etc. - Good idea/Bad idea??? R. DuFresne (Aug 09)
- Re: To go to University - For the CISSP etc. - Good idea/Bad idea??? Adriel T. Desautels (Aug 09)
- Re: To go to University - For the CISSP etc. - Good idea/Bad idea??? Derek Fountain (Aug 15)
- Re: To go to University - For the CISSP etc. - Good idea/Bad idea??? Robin Wood (Aug 15)
- Re: To go to University - For the CISSP etc. - Good idea/Bad idea??? Jay Dyson (Aug 07)
- RE: To go to University - For the CISSP etc. - Good idea/Bad idea??? Gorgon Beast (Aug 09)
- Re: To go to University - For the CISSP etc. - Good idea/Bad idea??? Webmaster (Aug 09)