Home page logo

pen-test logo Penetration Testing mailing list archives

Re: [PEN-TEST] Education. Formal or not?
From: Gregory McCann <greg () cambria com>
Date: Tue, 7 Nov 2000 21:49:24 -0800

Dear ph00dy,

I'm not a full-time security professional, but I'm in a closely related field doing system administration and 
e-commerce development for a number of clients.  I quit college about 13 years ago when one of my professors 
recommended me for a programming job (dBase) and everything has been on-the-job training since then.

You mentioned that everything you learn in school is 2-3 years behind.  That's typical.  It probably stays that way 
until you get into post-graduate work (which I never did).  Then you might actually end up being *ahead* of the curve.

I have mixed feelings about not having a degree.  On the one hand, I have done well without it  and I have enjoyed the 
challenge.  On the other hand, a lot of doors are much easier to get through if you do have that piece of paper.  Most 
corporate hiring managers are college graduates themselves and they must have that "stamp of approval" on everyone who 
comes through their door.

To get by without a degree you have to be independent, well above average, and very hard-working.  But there is a lot 
of satisfaction in being able to succeed that way.


On 11/7/2000 at 10:00 PM ph00dy wrote:

My questions are:

1.Is college a waste of time for pen-test/auditing/risk assessment
2.If so how does one prove what they know to a perspective employer?
3.What is the practical value of a college degree in our field? What about
in the long run?

Gregory McCann

"Acquire the spirit of peace and thousands around you will be saved."
     - Saint Seraphim of Sarov

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]