Do not expect to acquire your technical skills in school. The kinds of
skills you need for practicing technical security are acquired through
On the other hand, the skills required to write/critique policy
statements, conduct security investigations and audits, etc. are 'soft'
skills that can be acquired through classes. These activities also
require a breadth of understanding which can be developed through taking
classes in areas outside of the technical arena (you know all that other
stuff - business, accounting, art, psychology, philosophy, etc.). The
employees I have who have college degrees show a mental flexibility in
multiple contexts which I rarely encounter in employees who have
terminated their scholastics at high school or technical certification
The degree will definitely benefit you in the long run. There will come a
time when you will not get a job through technical abilities but through
your ability to communicate, manage, etc. When that time comes (and it
will come!) the presence of a college degree in your resume will reinforce
your personal presentation as a well-rounded manager. Remember that you
may want to move around at some point in your life and prospective
employers may never have heard of your previous employers. At that stage,
having a degree from a recognized academic institution can be very
Andrew Walls, ITPU Manager Asia Pacific, Coflexip Stena Offshore
andrew.walls () au coflexip com +61-8-9431-8565
FAX +61-8-9430-8520 MOB 0411871302
2 Birksgate Road, North Fremantle, WA 6159 Australia
PGP Fingerprint: E0F7 296E D6D5 6057 1E1D F61B 2602 CB8A
From: Penetration Testers <PEN-TEST () SECURITYFOCUS COM> at csoap-internet
Sent: Tuesday, November 07, 2000 10:00 PM
To: PEN-TEST () SECURITYFOCUS COM at CSOAP-Internet
Subject: [PEN-TEST] Education. Formal or not?
I apologize if this is inappropriate, but I have no other qualified party
address this to.
Both myself and others that I know are in a bit of a dilemma . I'm
younger member of the information security community. I am working as a
security administrator and attending college nearly full time. While at
school I learn nothing about what I am interested in. Sure we do have
programming and networking classes, but it is all very behind what is
on right now. Most of my time is spent correcting the teacher with "that
3 years ago" or "read this book and you'll see what I'm talking about". On
the whole I am wondering if it is actually inhibiting me from learning
important and valuable things. While at home and at work I am able to stay
on top of what is going on now and advance my knowledge. This practice of
learning important and pertinent information is heavily bogged down by the
work load caused by the inferior curriculum of college. Meanwhile my
non-college attending peers are advancing faster than I can due to their
lack of time restrictions. So I decided to ask you, the more seasoned
members of infosec community what your thoughts and experiences are
concerning this matter.
My questions are:
1.Is college a waste of time for pen-test/auditing/risk assessment
2.If so how does one prove what they know to a perspective employer?
3.What is the practical value of a college degree in our field? What about
in the long run?
Thanks in advance..
<< File: RFC822.TXT >>