> Do not expect to acquire your technical skills in school. The kinds of
> skills you need for practicing technical security are acquired through
> practice.
>
> On the other hand, the skills required to write/critique policy
> statements, conduct security investigations and audits, etc. are 'soft'
> skills that can be acquired through classes. These activities also
> require a breadth of understanding which can be developed through taking
> classes in areas outside of the technical arena (you know all that other
> stuff - business, accounting, art, psychology, philosophy, etc.). The
> employees I have who have college degrees show a mental flexibility in
> multiple contexts which I rarely encounter in employees who have
> terminated their scholastics at high school or technical certification
> programs.
>
> The degree will definitely benefit you in the long run. There will come a
> time when you will not get a job through technical abilities but through
> your ability to communicate, manage, etc. When that time comes (and it
> will come!) the presence of a college degree in your resume will reinforce
> your personal presentation as a well-rounded manager. Remember that you
> may want to move around at some point in your life and prospective
> employers may never have heard of your previous employers. At that stage,
> having a degree from a recognized academic institution can be very
> helpful.
>
> Good luck!
>
> --------------------------------------------------------------------------
> --
> Andrew Walls, ITPU Manager Asia Pacific, Coflexip Stena Offshore
> andrew.walls_at_au.coflexip.com +61-8-9431-8565
> FAX +61-8-9430-8520 MOB 0411871302
> 2 Birksgate Road, North Fremantle, WA 6159 Australia
> PGP Fingerprint: E0F7 296E D6D5 6057 1E1D F61B 2602 CB8A
>
> -----Original Message-----
> From: Penetration Testers <PEN-TEST_at_SECURITYFOCUS.COM> at csoap-internet
> Sent: Tuesday, November 07, 2000 10:00 PM
> To: PEN-TEST_at_SECURITYFOCUS.COM at CSOAP-Internet
> Subject: [PEN-TEST] Education. Formal or not?
>
> I apologize if this is inappropriate, but I have no other qualified party
> to
> address this to.
>
> Both myself and others that I know are in a bit of a dilemma . I'm
> a
> younger member of the information security community. I am working as a
> security administrator and attending college nearly full time. While at
> school I learn nothing about what I am interested in. Sure we do have
> programming and networking classes, but it is all very behind what is
> going
> on right now. Most of my time is spent correcting the teacher with "that
> was
> 3 years ago" or "read this book and you'll see what I'm talking about". On
> the whole I am wondering if it is actually inhibiting me from learning
> more
> important and valuable things. While at home and at work I am able to stay
> on top of what is going on now and advance my knowledge. This practice of
> learning important and pertinent information is heavily bogged down by the
> work load caused by the inferior curriculum of college. Meanwhile my
> non-college attending peers are advancing faster than I can due to their
> lack of time restrictions. So I decided to ask you, the more seasoned
> members of infosec community what your thoughts and experiences are
> concerning this matter.
>
> My questions are:
>
> 1.Is college a waste of time for pen-test/auditing/risk assessment
> professionals?
> 2.If so how does one prove what they know to a perspective employer?
> 3.What is the practical value of a college degree in our field? What about
> in the long run?
>
> Thanks in advance..
> Phoodrow Wilson.
> << File: RFC822.TXT >>
Received on Nov 09 2000
Intro
