Penetration Testing mailing list archives
Re: RE: Requesting Informational Interview
From: Justin Ferguson <jnferguson () gmail com>
Date: Tue, 23 Jun 2009 07:23:49 +0700
On Fri, Jun 19, 2009 at 4:56 AM, <rracic () gmail com> wrote:
I tend to agree with your statement as well, Erin. It has been my experience that many of my colleagues with no formal education lack the expert understanding of how things work behind the scenes.
Not to disagree with the points that a person should really understand what they're doing; I'm disagreeing that you find that in academia. What I've seen from academia in general is a whole lot of theory and very little application. The one exception I would truly make here, and this is off of limited first hand experience would be Ruhr-Universität Bochum. I would've said the exact opposite, people with formal educations tend to lack basic comprehension of matters because by and large they did their course work and that was it; whereas self-taught people found their own motivation and thoroughly explored and *applied* the knowledge. Truthfully, after working at some of the top rated jobs in this industry, I'd have to say that probably somewhere around 30% of my competent colleagues had a formal education, or even one that's related (i.e. neel mehta & biology). When I do hire for security and looking at someones CV, I pretty much disregard most all security related training, and throw out CS degree'd applicants, I tend to look for electrical engineers as they've worked closer to what the subject matter is than any other subject. With a few rare exceptions (i.e. immunity's offerings), most of the trainings you find out there related to security are rubbish and put on by people who've never written an exploit or broken into a box. Those who can't, teach.
Furthermore, understanding how to run tools is great for the pen-tester but of no value to the community.
I hate 'for the community' type arguments as they're often made by people who have contributed next to nothing and filled with feel-good but ultimately empty meaning. Pressing enter doesn't make you competent, you're right, neither does your degree. A person will learn more in the time it takes them to find their own bug, write their own exploit and pop a box than anything they will learn in (most) universities (imho). ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Requesting Informational Interview Rob (Jun 15)
- Re: Requesting Informational Interview Anthony Cicalla (Jun 16)
- RE: Requesting Informational Interview Teodorski, Chris (Jun 16)
- RE: Requesting Informational Interview Rob (Jun 17)
- Re: Requesting Informational Interview Stephen Mullins (Jun 18)
- RE: Requesting Informational Interview Erin Carroll (Jun 18)
- Re: Requesting Informational Interview Stephen Mullins (Jun 19)
- Re: Requesting Informational Interview Rob (Jun 22)
- RE: Requesting Informational Interview Erin Carroll (Jun 18)
- <Possible follow-ups>
- Re: RE: Requesting Informational Interview rracic (Jun 18)
- Re: RE: Requesting Informational Interview Justin Ferguson (Jun 24)
- Re: RE: Requesting Informational Interview Radmilo Racic (Jun 24)
- Re: RE: Requesting Informational Interview Justin Ferguson (Jun 24)
- Fwd: Re: Requesting Informational Interview Rob (Jun 22)
- Re: Requesting Informational Interview Rob (Jun 22)
- Fwd: Re: Requesting Informational Interview Rob (Jun 24)