Re: To go to University - For the CISSP etc. - Good idea/Bad idea???

Hy Zaret <hyzaret@xxxxxxxxx> writes:
Greetings & Salutations to all!

I've been training myself for a while, and have recently came to the
conclusion that University would be my best choice.

The main reasons I made this decision are;
Social reasons
Educational advantages
Takes years off the experience needed to take the CISSP

I'm writing on these mailing-lists for two reasons;
To find out what you think of my choice (not locked in yet!!!)
For advice on which course to go for (Sydney, NSW, Australia)

I am wishing sometime in the future to begin a career in IT Security.

Although being under 18, I have still found time to achieve various
certifications; including CompTIA's Security+, three Cisco
certifications & a Microsoft accreditation.

Also, for the last 4 months I've been working full-time on the 1st
Level of an IT Helpdesk.

Am very open to ideas, so would be interested in reading & answering
your replies!

Hi Hy,

It depends. There have been many good points raised by the flurry of
responders your topic has gathered. It's a hot button issue in the
industry since
o there are a bunch of really really sharp security folks out
there who happen to not have a degree but nonetheless are
outstanding

o there are also a bunch of folks with degrees and lots of
letters behind their names who still manage to stink
(i.e. "paper tigers")

The reasons for this situation is that the skills needed to be great
at security are not taught in colleges, and what's worse, it's hard to
find a college whose curriculum might even make you even _passable_ at
security as a fresh out. But, since the same can be said of so so
many professions that require niche skills, this shouldn't be
tremendous news to anyone.

A few bits I'd add to the discussion:
o You may have heard the economy (at least where I live) isn't
so hot right now. It's really not a bad time to hide out
doing something useful in school...

o Sadly, there are some employers who simply won't consider
someone for a new hire without a degree. If you want to be
part of a mid - to - big company at some point, consider that.
Conversely, I can't think of situation where having a degree
is ever a minus.

o Unless you actively seek out a school that actually has a
faculty that knows jack about computer security, don't expect
to learn much directly applicable security in your computer
science course work. You will gather useful skills and
background, no doubt, but the odds of you graduating and being
useful to a security consultancy immediately based on what
your professors may teach you is next to 0. So don't lose
that intellectual curiosity, do take every opportunity to
learn the coding skill, take an OS course, take an assembly
course, take a computer architecture course, take and
information theory or systems course, hell take a digital
design course. But keep active on the side too, because by
the time yer done you might have the next killer must have
security tool or appliance to uncork on the world. It seemed
to work for Chris Klaus.

o Don't go to college with the thought of shaving a few years
experience off some certification's requirements. CISSP won't
hurt ya, and it's probably the certification out there with
the biggest name recognition, but going to college with the
CISSP in mind is not a good reason alone. Countless other
good reasons to get a degree and go to college, but to shave
years off an industry cert is not one of them. You seem to
have a good handle on the other benefits, though.

o If you are in emerging market where the security space I'm
told is still quite hot, and if you have any strong "start
your own business" or "get involved in a startup"
leanings... you might consider the opportunity cost (in terms
of time and startup capital) of being in school for 4 years

Finally,

o If you're truly outstanding at what you do and network
effectively, you'll be hired and useful in any economy, with
or without a degree. I also don't see security as getting any
less important market wise in the next 6 years. Businesses
don't like losing money or being sued, so they'll continue to
be seeking these skill sets.


The skills I learned in college that I use directly daily are:

o the discipline to slog through and finish something even if it's a pain
o the ability to quickly determine what I do and don't know (and to
sense when someone doesn't know what they don't know!)
o how to learn/research what I don't know quickly
o technical problem solving
o English written communication

There's a long long list of other things I learned in college that
have enriched me, but don't get used on the job every day of course,
and if I had it to do all again, I'd probably do it similarly, except
getting into security much earlier!

Best of luck in your decision!

Best Regards,
--
Todd Haverkos, LPT MsCompE
http://haverkos.com/

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------

Quantcast