Home page logo

pauldotcom logo PaulDotCom mailing list archives

Re: Need for college, verses formal training and certifications, in the security field.
From: Ray Davidson <gwrd3rd () gmail com>
Date: Sun, 26 Sep 2010 23:16:05 -0400

Disclaimer: I am a college professor, teaching networking and security so I have some biases, but not what you might 

I strongly suggest that you not let the lure of "practical experience" tempt you to go that route *instead of* academic 
training. However, you are absolutely right to try to *supplement* your academic training. As an educator and a 
sometime practitioner, I know that it is extraordinarily difficult to stay current oneself, much less sufficiently 
current to train others. This is not intended as a slight to your teachers; it is just a fact that class prepration, 
grading, drumming up research funding, chasing tenure, etc. get in the way. So while you shouldn't bail from academia 
at all (it teaches valuable skills), you will really differentiate yourself by studying for additional certifications, 
searching for ways to get practical experience (work for free if you have to; just keep your grades up). 

I am continually appalled at the percentage of my students who use Windows as their almost-only operating system. 
(Windows is a very fine, and pretty darned secure OS these days, and you better know it as a sysadmin, but some days a 
nancy boy has to man up, if ya know what I mean!). My best students use multiple OSs interchangeably. One of my best 
ones somehow got addicted to building his own *nix kernel, bless his heart, and only used Windows for staying in touch 
with the other half. Guess who had the internship at the National Salvation Army this summer? (At least that's what he 
said the three letter agency was.)

Do what you love. Find people that love it too, and hang out with them. You're going a long way being on this list; I 
recommend the podcast to my students all the time (though not through official channels; there are some "not safe for 
class" things occasionally). Ask questions; people love to help. If you get out of college with a degree, plus a cert 
or two, and some real live practical experience, you will have given yourself a real advantage.

SANS classes are a great way to addict yourself too - if there is a conference in your area there are ways to do it on 
the cheap

Good luck!


On Sep 24, 2010, at 11:36 PM, Brandon McGinty wrote:

I am currently a sophomore in college.
I have been studying firewalls, Intrusion Detection Systems (IDS),
systems hardening, Cisco security (though I do not yet have equipment to
test this), and general network, server, and workstation security.
I am wondering what your collective thoughts are, in regards to
university experience, verses practical experience in the security field.
While university courses certainly give one a more broad understanding
of the world, there is a good deal of preparation before one can take
any security classes.
I'm wondering if there are other possibilities that would help me gain
employment, or at least a foot in the door.
I am in a position where it would be possible to study, and become
certified in several of the current programs, Security+,
CISA, GIAC, and CISSP, to name a few.
I have also considered trying to find some security professionals to act
as mentors, but I am not sure where to start, or if that would be
What are your thoughts?

Brandon McGinty

Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
Main Web Site: http://pauldotcom.com

G W Ray Davidson, PhD


 : ray () kzodavidsons org

AOL: gwraydavidson3
Twitter: RayDavidson

PGP Key ID 0xD3528EF5


Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
Main Web Site: http://pauldotcom.com

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]