Re: A question on security postgraduate programs

["some randomer" <some.randomer () gmail com>]

Hey, cheers for the reply. I think I may have caused some confusion by
my use of the word 'research'. The last thing I want to do is become
an academic researcher. I just don't see the appeal of that, I would
much prefer to work in the industry. When I say vulnerability research
I mean code audits, exploiting software, pen-tests etc.

This is why I'm wondering whether I'd be better off just developing my
expertise on my own time e.g. my own vuln research, writing exploits
etc and mentioning that on my C.V with a portfolio of functional
exploits rather than spending a year or two doing a masters that may
or may not aid me in landing a job as a pen-tester/analyst.

Cheers,
Sean

On 5/23/07, kevin fielder <kevin.fielder () gmail com> wrote:
> Having been involved in a lot of interviews to fill two places in our
> team recently I would strongly recommend gaining work experience and
> possibly some relevant industry certifications if these are in line
> with your career goals.
>
> While I would in no way wish to cast aspersions over the value of the
> various IT security masters courses as we haven't seen enough people for
> it to be a statistically relevant sample (indeed gaining my MSc is
> something I want to achieve in the next few years), but, the applicants
> we have had with masters have been somewhat disappointing when compared
> with those who had spent the time in industry.
>
> Obviously if your goal is to be more research based then continuing in
> education may indeed offer more value than if your goal is to work as an
> analyst / pen tester etc.
>
> Cheers
>
> K
>
>
>
> -----Original Message-----
> From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
> On Behalf Of Katelyn Rowlands
> Sent: 23 May 2007 00:59
> To: some randomer
> Cc: security-basics () securityfocus com
> Subject: Re: A question on security postgraduate programs
>
> >  I'm a 3rd year computer science student and and I've a strong
> interest
> >  in security. Primarily, vulnerability research/reverse engineering.
> At
> >  the moment I'm trying to decide what to do after I finish University.
>
> I'm also in a very similar position right now. I am about to graduate in
> June with a BSc Computer Science and I want a career in security
> research.
>
> >  I would like to work in vulnerability research or pen testing when
> I'm
> >  finished so I'm wondering if I'm better off attempting to find work
> >  straight away after I finish or getting some other qualifications
> >  first? Also if someone could recommend some decent masters/postgrad
> >  courses that would be cool.
>
> One very good course in the UK is the MSc Information Security at UCL
> (http://mscinfosec.adastral.ucl.ac.uk). The fees are very high, but
> apparently the course is very well taught and is aimed at people who
> intend to work in industry afterwards. It's certainly a technical
> course, and UCL is a respected place.
>
> I have a place on the above course, but have been advised to do a
> research MSc instead, as this is more suitable for future research work.
> I think it depends if you're going into the research side of things, or
> the industry side. If you don't know, it's always possible to do a
> Masters course while also finding a student placement and gaining
> experience, doing certs etc.
>
> - Katelyn