Discussion:
To go to University - For the CISSP etc. - Good idea/Bad idea???
(too old to reply)
Hy Zaret
2009-08-06 08:26:48 UTC
Permalink
Greetings & Salutations to all!

I've been training myself for a while, and have recently came to the
conclusion that University would be my best choice.

The main reasons I made this decision are;
• Social reasons
• Educational advantages
• Takes years off the experience needed to take the CISSP

I'm writing on these mailing-lists for two reasons;
• To find out what you think of my choice (not locked in yet!!!)
• For advice on which course to go for (Sydney, NSW, Australia)

I am wishing sometime in the future to begin a career in IT Security.

Although being under 18, I have still found time to achieve various
certifications; including CompTIA's Security+, three Cisco
certifications & a Microsoft accreditation.

Also, for the last 4 months I've been working full-time on the 1st
Level of an IT Helpdesk.

Am very open to ideas, so would be interested in reading & answering
your replies!

Thank you for reading this,

Hy Zaret

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------
Adel Abushaev
2009-08-06 16:55:20 UTC
Permalink
CISSP is more for the people who are involved in things like Common
Criteria etc. in some large organizations. The certification, despite
the attempt to cover a broad range of subjects, is not deeply rooted
in neither of them. You might want to consider to sharpen the hands-on
skills instead. And also - CISSP costs you money to keep it running
since it has annual due fee in addition to CPA credits that you need
to maintain at the certain level to keep the current status.

Other than that, you will receive bunch of emails about elections of
presidents of CISSP etc., and cool retreats that are so far away that
you can't attend. Speaking from experience.

Cheers,

Adel, CISSP 74635.
Post by Hy Zaret
Greetings & Salutations to all!
I've been training myself for a while, and have recently came to the
conclusion that University would be my best choice.
The main reasons I made this decision are;
• Social reasons
• Educational advantages
• Takes years off the experience needed to take the CISSP
I'm writing on these mailing-lists for two reasons;
• To find out what you think of my choice (not locked in yet!!!)
• For advice on which course to go for (Sydney, NSW, Australia)
I am wishing sometime in the future to begin a career in IT Security.
Although being under 18, I have still found time to achieve various
certifications; including CompTIA's Security+, three Cisco
certifications & a Microsoft accreditation.
Also, for the last 4 months I've been working full-time on the 1st
Level of an IT Helpdesk.
Am very open to ideas, so would be interested in reading & answering
your replies!
Thank you for reading this,
Hy Zaret
------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board
Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.
http://www.iacertification.org
------------------------------------------------------------------------
------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------
Sam Oke
2009-08-06 08:44:02 UTC
Permalink
I like your idea at this age, please go to university,
with a single purpose that you have in mind, security is a
good choice.

See you on the graduation day.

sam




On Thu, 6 Aug 2009 18:26:48 +1000
Post by Hy Zaret
Greetings & Salutations to all!
I've been training myself for a while, and have recently
came to the
conclusion that University would be my best choice.
The main reasons I made this decision are;
• Social reasons
• Educational advantages
• Takes years off the experience needed to take the
CISSP
I'm writing on these mailing-lists for two reasons;
• To find out what you think of my choice (not locked in
yet!!!)
• For advice on which course to go for (Sydney, NSW,
Australia)
I am wishing sometime in the future to begin a career in
IT Security.
Although being under 18, I have still found time to
achieve various
certifications; including CompTIA's Security+, three
Cisco
certifications & a Microsoft accreditation.
Also, for the last 4 months I've been working full-time
on the 1st
Level of an IT Helpdesk.
Am very open to ideas, so would be interested in reading
& answering
your replies!
Thank you for reading this,
Hy Zaret
------------------------------------------------------------------------
This list is sponsored by: Information Assurance
Certification Review Board
Prove to peers and potential employers without a doubt
that you can actually do a proper penetration test. IACRB
CPT and CEPT certs require a full practical examination
in order to become certified.
http://www.iacertification.org
------------------------------------------------------------------------
M1:+234-8098590695
M2:+234-8033590696
Office:234-1-2702915

It does not matter what is the matter, I shall matter were
it matters
and I WILL GET THERE

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------
Ahmad Taha Zaki
2009-08-06 10:03:17 UTC
Permalink
Hy,
IMHO it is the best choice that you can make, I encourage you to
study computer science as it will make you understand things better than
you do now as I found through my personal experience, I've been
graduated with a major in accounting in 1998 then I achieved CCNA, MCSE,
MCSA, MCDBA, CISSP and passed CISM exam, then I wanted to know more
about how processor process the command we give it through software so I
studied a post graduate Computer Science diploma in which I knew more
about microcode and opcode, heap, buffer and buffer overflow, which
helped me achieving the OSCP and the GCIH and currently I'm studying a
Master of Computer Science for achieving better career. I see that
university and academic studies is the key of success in the future.

Regards,
Ahmad
Post by Hy Zaret
Greetings & Salutations to all!
I've been training myself for a while, and have recently came to the
conclusion that University would be my best choice.
The main reasons I made this decision are;
• Social reasons
• Educational advantages
• Takes years off the experience needed to take the CISSP
I'm writing on these mailing-lists for two reasons;
• To find out what you think of my choice (not locked in yet!!!)
• For advice on which course to go for (Sydney, NSW, Australia)
I am wishing sometime in the future to begin a career in IT Security.
Although being under 18, I have still found time to achieve various
certifications; including CompTIA's Security+, three Cisco
certifications & a Microsoft accreditation.
Also, for the last 4 months I've been working full-time on the 1st
Level of an IT Helpdesk.
Am very open to ideas, so would be interested in reading & answering
your replies!
Thank you for reading this,
Hy Zaret
------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board
Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.
http://www.iacertification.org
------------------------------------------------------------------------
.
------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------
Derek Fountain
2009-08-07 11:19:15 UTC
Permalink
Post by Ahmad Taha Zaki
Hy,
IMHO it is the best choice that you can make, I encourage you to
study computer science as it will make you understand things better than
you do now as I found through my personal experience, I've been
graduated with a major in accounting in 1998 then I achieved CCNA, MCSE,
MCSA, MCDBA, CISSP and passed CISM exam, then I wanted to know more
about how processor process the command we give it through software so I
studied a post graduate Computer Science diploma in which I knew more
about microcode and opcode, heap, buffer and buffer overflow, which
helped me achieving the OSCP and the GCIH and currently I'm studying a
Master of Computer Science for achieving better career. I see that
university and academic studies is the key of success in the future.
While I agree that a degree is pretty much an essential step towards a
successful IT career these days, I think the above demonstrates how one
can go too far in that direction. Collecting qualifications and letters
after your name is fine if you want a career in academia, but otherwise
at some point you have to stop educating yourself and start actually
doing something productive. Something that clients will pay for.

I would suggest the OP, under the age of 18 remember, goes for a general
computer science degree, thereby keeping his future options open (as
discussed by others in the thread). Then find a suitable grad-training
job for a couple of years.

It'll likely be 2015 by then, and the IT world will have changed, so who
knows if he'll still like the idea of IT security? If he does, look at
the courses and qualifications clients are asking for then.


------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------
Trojacek
2009-08-07 19:54:13 UTC
Permalink
Hi Hy,

I thought of something else to consider if you were contemplating a
degree program.

I'm not sure when, but I imagine that biomedical engineering and such
will start to have a more prominent role before too long . I figure at
some point things are going to change to some sort of organic type
computers with laser guided thought adjusters or whatever. Of course,
organic laser guided thought adjusters and such things are just
speculation, but the point is to consider beyond the current computing
paradigm. Even a minor in such things could help open up other doors.


Shohn
Post by Derek Fountain
Hy,
  IMHO it is the best choice that you can make, I encourage you to study
computer science as it will make you understand things better than you do
now as I found through my personal experience, I've been graduated with a
major in accounting in 1998 then I achieved CCNA, MCSE, MCSA, MCDBA, CISSP
and passed CISM exam, then I wanted to know more about how processor process
the command we give it through software so I studied a post graduate
Computer Science diploma in which I knew more about microcode and opcode,
heap, buffer and buffer overflow, which helped me achieving the OSCP and the
GCIH and currently I'm studying a Master of Computer Science for achieving
better career. I see that university and academic studies is the key of
success in the future.
While I agree that a degree is pretty much an essential step towards a
successful IT career these days, I think the above demonstrates how one can
go too far in that direction. Collecting qualifications and letters after
your name is fine if you want a career in academia, but otherwise at some
point you have to stop educating yourself and start actually doing something
productive. Something that clients will pay for.
I would suggest the OP, under the age of 18 remember, goes for a general
computer science degree, thereby keeping his future options open (as
discussed by others in the thread). Then find a suitable grad-training job
for a couple of years.
It'll likely be 2015 by then, and the IT world will have changed, so who
knows if he'll still like the idea of IT security? If he does, look at the
courses and qualifications clients are asking for then.
------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board
Prove to peers and potential employers without a doubt that you can actually
do a proper penetration test. IACRB CPT and CEPT certs require a full
practical examination in order to become certified.
http://www.iacertification.org
------------------------------------------------------------------------
------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------
James Copeland
2009-08-06 19:11:21 UTC
Permalink
What I have found is that school is the way to go. People will look
at you with your certifications but without the college degree to
"back them up" that is all that they will do. Another good reason for
college is that some employers will bump that pay up for just having a
degree, no matter even if it is underwater basket weaving. Good luck.

Jimmy
Post by Hy Zaret
Greetings & Salutations to all!
I've been training myself for a while, and have recently came to the
conclusion that University would be my best choice.
The main reasons I made this decision are;
• Social reasons
• Educational advantages
• Takes years off the experience needed to take the CISSP
I'm writing on these mailing-lists for two reasons;
• To find out what you think of my choice (not locked in yet!!!)
• For advice on which course to go for (Sydney, NSW, Australia)
I am wishing sometime in the future to begin a career in IT Security.
Although being under 18, I have still found time to achieve various
certifications; including CompTIA's Security+, three Cisco
certifications & a Microsoft accreditation.
Also, for the last 4 months I've been working full-time on the 1st
Level of an IT Helpdesk.
Am very open to ideas, so would be interested in reading & answering
your replies!
Thank you for reading this,
Hy Zaret
------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board
Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.
http://www.iacertification.org
------------------------------------------------------------------------
------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------
Adriel T. Desautels
2009-08-06 21:32:07 UTC
Permalink
Bill gates doesn't have a degree.
Post by James Copeland
What I have found is that school is the way to go. People will look
at you with your certifications but without the college degree to
"back them up" that is all that they will do. Another good reason for
college is that some employers will bump that pay up for just having a
degree, no matter even if it is underwater basket weaving. Good luck.
Jimmy
Post by Hy Zaret
Greetings & Salutations to all!
I've been training myself for a while, and have recently came to the
conclusion that University would be my best choice.
The main reasons I made this decision are;
• Social reasons
• Educational advantages
• Takes years off the experience needed to take the CISSP
I'm writing on these mailing-lists for two reasons;
• To find out what you think of my choice (not locked in yet!!!)
• For advice on which course to go for (Sydney, NSW, Australia)
I am wishing sometime in the future to begin a career in IT Security.
Although being under 18, I have still found time to achieve various
certifications; including CompTIA's Security+, three Cisco
certifications & a Microsoft accreditation.
Also, for the last 4 months I've been working full-time on the 1st
Level of an IT Helpdesk.
Am very open to ideas, so would be interested in reading & answering
your replies!
Thank you for reading this,
Hy Zaret
------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board
Prove to peers and potential employers without a doubt that you can
actually do a proper penetration test. IACRB CPT and CEPT certs
require a full practical examination in order to become certified.
http://www.iacertification.org
------------------------------------------------------------------------
------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification
Review Board
Prove to peers and potential employers without a doubt that you can
actually do a proper penetration test. IACRB CPT and CEPT certs
require a full practical examination in order to become certified.
http://www.iacertification.org
------------------------------------------------------------------------
Adriel T. Desautels
***@netragard.com
--------------------------------------

Subscribe to our blog
http://snosoft.blogspot.com


------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------
David Klein
2009-08-06 23:35:27 UTC
Permalink
So many things I want to say right now...

But I also do not have a degree.

Regards,

David
-----Original Message-----
From: ***@securityfocus.com [mailto:***@securityfocus.com]
On Behalf Of Adriel T. Desautels
Sent: Friday, August 07, 2009 7:32 AM
To: James Copeland
Cc: Hy Zaret; pen-***@securityfocus.com
Subject: Re: To go to University - For the CISSP etc. - Good idea/Bad
idea???

Bill gates doesn't have a degree.
Post by James Copeland
What I have found is that school is the way to go. People will look
at you with your certifications but without the college degree to
"back them up" that is all that they will do. Another good reason for
college is that some employers will bump that pay up for just having a
degree, no matter even if it is underwater basket weaving. Good luck.
Jimmy
Post by Hy Zaret
Greetings & Salutations to all!
I've been training myself for a while, and have recently came to the
conclusion that University would be my best choice.
The main reasons I made this decision are;
* Social reasons
* Educational advantages
* Takes years off the experience needed to take the CISSP
I'm writing on these mailing-lists for two reasons;
* To find out what you think of my choice (not locked in yet!!!)
* For advice on which course to go for (Sydney, NSW, Australia)
I am wishing sometime in the future to begin a career in IT Security.
Although being under 18, I have still found time to achieve various
certifications; including CompTIA's Security+, three Cisco
certifications & a Microsoft accreditation.
Also, for the last 4 months I've been working full-time on the 1st
Level of an IT Helpdesk.
Am very open to ideas, so would be interested in reading & answering
your replies!
Thank you for reading this,
Hy Zaret
------------------------------------------------------------------------
Post by James Copeland
Post by Hy Zaret
This list is sponsored by: Information Assurance Certification Review Board
Prove to peers and potential employers without a doubt that you can
actually do a proper penetration test. IACRB CPT and CEPT certs
require a full practical examination in order to become certified.
http://www.iacertification.org
------------------------------------------------------------------------
------------------------------------------------------------------------
Post by James Copeland
This list is sponsored by: Information Assurance Certification
Review Board
Prove to peers and potential employers without a doubt that you can
actually do a proper penetration test. IACRB CPT and CEPT certs
require a full practical examination in order to become certified.
http://www.iacertification.org
------------------------------------------------------------------------
Adriel T. Desautels
***@netragard.com
--------------------------------------

Subscribe to our blog
http://snosoft.blogspot.com


------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review
Board

Prove to peers and potential employers without a doubt that you can
actually do a proper penetration test. IACRB CPT and CEPT certs require
a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------


------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------
Steve Pinkham
2009-08-07 01:59:45 UTC
Permalink
Post by Adriel T. Desautels
Bill gates doesn't have a degree.
No, but he did go to Harvard and met all his business partners there. A
good school is as useful for the contacts as the coursework.
Also, he got a 1590 on the SAT and started his own company instead of
looking for a job, so he's definitely wasn't in the same track most
other people in the world are.
College isn't the only way to go, but it does have many advantages.
--
| Steven E. Pinkham |
| http://www.mavensecurity.com |
| GPG public key ID CD31CAFB |

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------
Adriel T. Desautels
2009-08-07 13:19:24 UTC
Permalink
Right, I can't disagree with you there. He decided to carve his own
path, why don't most people do that?
Post by Steve Pinkham
Post by Adriel T. Desautels
Bill gates doesn't have a degree.
No, but he did go to Harvard and met all his business partners
there. A good school is as useful for the contacts as the coursework.
Also, he got a 1590 on the SAT and started his own company instead
of looking for a job, so he's definitely wasn't in the same track
most other people in the world are.
College isn't the only way to go, but it does have many advantages.
--
| Steven E. Pinkham |
| http://www.mavensecurity.com |
| GPG public key ID CD31CAFB |
Adriel T. Desautels
***@netragard.com
--------------------------------------

Subscribe to our blog
http://snosoft.blogspot.com


------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------
R. DuFresne
2009-08-07 20:10:19 UTC
Permalink
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Considering Harvard, it's also likely he came from abit of money to
start. "why don't most people do that?"

Thanks,

Ron DuFresne
Right, I can't disagree with you there. He decided to carve his own path,
why don't most people do that?
Post by Steve Pinkham
Post by Adriel T. Desautels
Bill gates doesn't have a degree.
No, but he did go to Harvard and met all his business partners there. A
good school is as useful for the contacts as the coursework.
Also, he got a 1590 on the SAT and started his own company instead of
looking for a job, so he's definitely wasn't in the same track most other
people in the world are.
College isn't the only way to go, but it does have many advantages.
--
| Steven E. Pinkham |
| http://www.mavensecurity.com |
| GPG public key ID CD31CAFB |
Adriel T. Desautels
--------------------------------------
Subscribe to our blog
http://snosoft.blogspot.com
------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board
Prove to peers and potential employers without a doubt that you can actually
do a proper penetration test. IACRB CPT and CEPT certs require a full
practical examination in order to become certified.
http://www.iacertification.org
------------------------------------------------------------------------
- --
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
admin & senior security consultant: sysinfo.com
http://sysinfo.com
Key fingerprint = 9401 4B13 B918 164C 647A E838 B2DF AFCC 94B0 6629

These things happened. They were glorious and they changed the world...,
and then we fucked up the endgame. --Charlie Wilson
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFKfIoust+vzJSwZikRAhNbAKChBUGh8H+JNhg7ONWuwadDU8bUzACgy8N5
RWLq+WX6UqWqWXKCo25mEEw=
=d5oV
-----END PGP SIGNATURE-----

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------
Adriel T. Desautels
2009-08-07 20:13:17 UTC
Permalink
Risk and fortune.
Post by R. DuFresne
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Considering Harvard, it's also likely he came from abit of money to
start. "why don't most people do that?"
Thanks,
Ron DuFresne
Post by Adriel T. Desautels
Right, I can't disagree with you there. He decided to carve his
own path, why don't most people do that?
Post by Steve Pinkham
Post by Adriel T. Desautels
Bill gates doesn't have a degree.
No, but he did go to Harvard and met all his business partners
there. A good school is as useful for the contacts as the
coursework.
Also, he got a 1590 on the SAT and started his own company instead
of looking for a job, so he's definitely wasn't in the same track
most other people in the world are.
College isn't the only way to go, but it does have many advantages.
--
| Steven E. Pinkham |
| http://www.mavensecurity.com |
| GPG public key ID CD31CAFB |
Adriel T. Desautels
--------------------------------------
Subscribe to our blog
http://snosoft.blogspot.com
------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board
Prove to peers and potential employers without a doubt that you can
actually do a proper penetration test. IACRB CPT and CEPT certs
require a full practical examination in order to become certified.
http://www.iacertification.org
------------------------------------------------------------------------
- -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
admin & senior security consultant: sysinfo.com
http://sysinfo.com
Key fingerprint = 9401 4B13 B918 164C 647A E838 B2DF AFCC 94B0 6629
These things happened. They were glorious and they changed the
world...,
and then we fucked up the endgame. --Charlie Wilson
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iD8DBQFKfIoust+vzJSwZikRAhNbAKChBUGh8H+JNhg7ONWuwadDU8bUzACgy8N5
RWLq+WX6UqWqWXKCo25mEEw=
=d5oV
-----END PGP SIGNATURE-----
Adriel T. Desautels
***@netragard.com
--------------------------------------

Subscribe to our blog
http://snosoft.blogspot.com


------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------
Leandro Quibem Magnabosco
2009-08-07 12:13:39 UTC
Permalink
Post by Adriel T. Desautels
Bill gates doesn't have a degree.
Neither does the president of Brazil, for instance.
But how many of those cases you know or heard of?

They are exceptions, not a rule.

IMO, the best choice for someone who's really starting is NOT to get
certified on anything right away.
First you have to decide what you love because (again, IMO) any tech job
is about love.
If you don't love security you WILL NOT be a good professional at it.
Honestly, I don't know a single security Professional that don't love
what they do and most of them are self taught because of that love.

Study hard, get graduated and only then decide to what direction you
want to follow.
I always thought I wanted to be a programmer and now I work with
networking and security and love it!



*Leandro Quibem Magnabosco
Consultor de TI
(48) 3251-5323
****@fcdl-sc.org.br
<mailto:***@fcdl-sc.org.br>
www.fcdl-sc.org.br <http://www.fcdl-sc.org.br>
Rua: Rafael Bandeira, 41
CEP. 88015-450 Florianópolis - SC

"Este é um e-mail oriundo da Federação das Câmaras de Dirigentes
Lojistas de Santa Catarina, e seu conteúdo é confidencial e destinado
exclusivamente a seu(s) destinatário(s), não podendo ser copiado ou
repassado,no todo ou em parte, a terceiros. Se esta mensagem foi-lhe
enviada por engano, pedimos o obséquio de entrar em contato conosco.
This is an e-mail from the Federação das Câmaras de Dirigentes Lojistas
de Santa Catarina and its contents are privileged and confidential to
the ordinary user(s) of the e-mail address(es) to which it was
addressed, and no one else may copy or forward all or any of it in any
form. If this e-mail was sent to you in error, please contact us."


------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------
Aarón Mizrachi
2009-08-07 19:46:03 UTC
Permalink
Post by Leandro Quibem Magnabosco
Post by Adriel T. Desautels
Bill gates doesn't have a degree.
Neither does the president of Brazil, for instance.
But how many of those cases you know or heard of?
They are exceptions, not a rule.
I'm not sure about that... I hold a P.E. Degree in Computer Science. But, I've
seen a lot of undergraduate people working very well on infosec. Moreover, i
worked on infosec years ago before my graduation date. wasn't a big deal. And
moreover, time ago (undergrad also) i established a company on infosec.

I mean, Is not a rare exception.
Post by Leandro Quibem Magnabosco
IMO, the best choice for someone who's really starting is NOT to get
certified on anything right away.
First you have to decide what you love because (again, IMO) any tech job
is about love.
If you don't love security you WILL NOT be a good professional at it.
Honestly, I don't know a single security Professional that don't love
what they do and most of them are self taught because of that love.
Agree.
Post by Leandro Quibem Magnabosco
Study hard, get graduated and only then decide to what direction you
want to follow.
I always thought I wanted to be a programmer and now I work with
networking and security and love it
The first succeed factor on Infosec is: "be skilled and love infosec".

A degree is preferred on works because you will understand many things that
you won't learn on certifications, by the nature of the certifications of
course; If you study for a certification you won't learn how to code a program
or script, and moreover, in a penetration test, is needed to code some
processes to be succeed.

And, also maths and statistics are required sometimes. Some of statistics
could help you to determine if some attack will be reliable or not. Therefore
you will save time and money...

With a degree you will going to understand many things clearly: from coding,
to system information theory and also maths (important!). But a degree is not
a white card. Many "non skilled on security" people get a degree those days. A
degree does not say anything about your skills on infosec. A certification,
training and experience actually does.

My conclusion:

1- Skills and love infosec are required.
2- Experience and training is required. _climb_
3- Degree is preferred to be a good professional and understand well
everything.
4- Certification will say to others that you have the knowledge in a certain
area (not the skills). You may have the knowledge, but the certification will
say it to others.

----------------
Post by Leandro Quibem Magnabosco
*Leandro Quibem Magnabosco
Consultor de TI
(48) 3251-5323
www.fcdl-sc.org.br <http://www.fcdl-sc.org.br>
Rua: Rafael Bandeira, 41
CEP. 88015-450 Florianópolis - SC
"Este é um e-mail oriundo da Federação das Câmaras de Dirigentes
Lojistas de Santa Catarina, e seu conteúdo é confidencial e destinado
exclusivamente a seu(s) destinatário(s), não podendo ser copiado ou
repassado,no todo ou em parte, a terceiros. Se esta mensagem foi-lhe
enviada por engano, pedimos o obséquio de entrar em contato conosco.
This is an e-mail from the Federação das Câmaras de Dirigentes Lojistas
de Santa Catarina and its contents are privileged and confidential to
the ordinary user(s) of the e-mail address(es) to which it was
addressed, and no one else may copy or forward all or any of it in any
form. If this e-mail was sent to you in error, please contact us."
------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board
Prove to peers and potential employers without a doubt that you can
actually do a proper penetration test. IACRB CPT and CEPT certs require a
full practical examination in order to become certified.
http://www.iacertification.org
------------------------------------------------------------------------
--
Ing. Aaron G. Mizrachi P.

http://www.unmanarc.com
Mobil 1: + 58 416-6143543
Mobil 2: + 58 424-2412503
BBPIN: 0x 247066C1
quark quark
2009-08-07 07:18:12 UTC
Permalink
hi

i agree with Trojacek, like even though I'm very interested in
security, and coding and the rest. i am currently doing a degree in
Electronics.... and i do have a CCNA under the belt, and an RHCT on
its way... but it cannot replace formal education!

Anselm

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------
Adam K
2009-08-07 01:30:17 UTC
Permalink
Right, Gates doesn't have a degree, but his career path is an exception.

I liken him to a baseball player... Ball players that get drafted
early (standout players with skills and sometimes luck) usually don't
get to finish their degree. Those drafted later (not standout players)
have time to finish their degree.


I have never met an individual that regrets their time spent in
college or their work toward a degree. I know countless people that
regret not getting a degree. Not too mention you typically make social
connections that will last a lifetime.



On Thu, Aug 6, 2009 at 5:32 PM, Adriel T. Desautels
Post by Adriel T. Desautels
Bill gates doesn't have a degree.
What I have found is that school is the way to go.  People will look
at you with your certifications but without the college degree to
"back them up" that is all that they will do.  Another good reason for
college is that some employers will bump that pay up for just having a
degree, no matter even if it is underwater basket weaving.  Good luck.
Jimmy
Post by Hy Zaret
Greetings & Salutations to all!
I've been training myself for a while, and have recently came to the
conclusion that University would be my best choice.
The main reasons I made this decision are;
• Social reasons
• Educational advantages
• Takes years off the experience needed to take the CISSP
I'm writing on these mailing-lists for two reasons;
• To find out what you think of my choice (not locked in yet!!!)
• For advice on which course to go for (Sydney, NSW, Australia)
I am wishing sometime in the future to begin a career in IT Security.
Although being under 18, I have still found time to achieve various
certifications; including CompTIA's Security+, three Cisco
certifications & a Microsoft accreditation.
Also, for the last 4 months I've been working full-time on the 1st
Level of an IT Helpdesk.
Am very open to ideas, so would be interested in reading & answering
your replies!
Thank you for reading this,
Hy Zaret
------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board
Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.
http://www.iacertification.org
------------------------------------------------------------------------
------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board
Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.
http://www.iacertification.org
------------------------------------------------------------------------
       Adriel T. Desautels
       --------------------------------------
       Subscribe to our blog
       http://snosoft.blogspot.com
------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board
Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.
http://www.iacertification.org
------------------------------------------------------------------------
------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------
Hy Zaret
2009-08-07 03:51:45 UTC
Permalink
Thanks everyone for your prompt replies.

Really appreciate your affirmation of my decision.

I'm considering The Bachelor of Computing (Networks)... what are your
thoughts on this?

I'd be majoring in Security of course...

Unfortunately, due to my relatively young age, and lack of either the
IB, HSC or SAT, may make this difficult.

I am however trying to get in other ways, eg; by doing a 6-month
course at a Technical College, or by working for at least a year, (8
months off that...). Although sitting the STAT may enable
enrollment...

What are your thoughts on my course selection, and the ways I'm trying
to enter? If you know of any other ways I can enter University to do
the aforementioned course, please inform me of it.

Sam Oke:
Thanks, see you there! ;)

Tomi Tuominien:
That's the year I was born!!! Finland? You're reminding me of Monty
Python now!!! Answer: [A:\... or B:\]

Palaniyappan:
A few, did a bit of hacking in High School, but have only recently
started to learn how that was possible!

Ahmad Taha Zaki:
Do you think for someone non-mathematically minded that Computer
Science would be the right course for me? Or do you believe, as I
currently do, that The Bachelor of Computer (Networks) would be my
best bet?

Shailesh Rangari:
Thanks for your reply. Hadn't thought to contact our Defence
Department... that's a good idea! Well I left school at 16 to pursue
more specialised education.
I studied IT - Networking at Technical College, which is where I
decided to enter the 'world of IT Security'!
But yes, I do have all those certifications, the 3 Cisco ones I did at
technical college, the others I've done through self-study.
Security+ was particularly interesting/difficult. I enjoyed studying
for it, as I learned a lot of new things! I thought I was good at
security, but I hadn't even heard of some of the concepts!!!
Hmm... well I think I'll leave that last comment for after Uni [if I
get accepted], where I'll start a new post here on the different
mailing-lists.

Abel Adushaev:
Hmm... wasn't aware of that. Well I'll create another topic sometime
in the future 'Which certification should I go for next?', but that
won't be for a while, as I still have to get my MCSA & MCSE. Perhaps a
CCNA as well... as Uni!!! [if I get accepted]

Wolfiroc:
I don't understand.... to be in Politics you need a CISSP?

RaptorX:
Thanks! Hopefully I'll get accepted into the course I want! I used to
target the teachers at Technical College, the Security & Linux ones
:P. Good fun!

Noah Chesterman:
For whatever reason, I've noticed that Uni degrees are more respected
then Certifications. Uni graduates, from what I've heard, have an
easier time of finding jobs.

James Copeland:
Thanks! I agree, it woudl make the job interview a hell of a lot easier!

Matthew Wollenweber:
I have considered Computer Science. It seems to be a very good course,
I have a friend in 1st year. My other friends [in my age-group] are
also considering entering Computer Science at University, once they've
finished school. Unfortunately for me, I'm not very good at Maths, or
Science. I'm slowly teaching myself programming though, and if I got
accepted into a Computer Science course, I'd accept! The only thing
is, I'm unsure of how well I'd go... Yes, most I'd have to pickup
osmosisly [if that's a word!], however some formal education may be
helpful, if I end up not being good in the Security field, or if I'd
want to enter more the Mangerial side. For the moment, I'm looking for
a purely technical field. I do have a lot to consider!!! Hmm...
system administration in the Universities IT Department... sounds
interesting!

Adriel T. Desautels:
He doesn't need WINE either!

David Klein:
What do you do?

Adam K:
I play basketball, if that's of any help!!! :D
Not just social connections, business connections as well! (or so I've heard)

Thanks once again for all the replies.

Hy Zaret
Post by Adam K
Right, Gates doesn't have a degree, but his career path is an exception.
I liken him to a baseball player... Ball players that get drafted
early (standout players with skills and sometimes luck) usually don't
get to finish their degree. Those drafted later (not standout players)
have time to finish their degree.
I have never met an individual that regrets their time spent in
college or their work toward a degree. I know countless people that
regret not getting a degree. Not too mention you typically make social
connections that will last a lifetime.
On Thu, Aug 6, 2009 at 5:32 PM, Adriel T. Desautels
Post by Adriel T. Desautels
Bill gates doesn't have a degree.
What I have found is that school is the way to go.  People will look
at you with your certifications but without the college degree to
"back them up" that is all that they will do.  Another good reason for
college is that some employers will bump that pay up for just having a
degree, no matter even if it is underwater basket weaving.  Good luck.
Jimmy
Post by Hy Zaret
Greetings & Salutations to all!
I've been training myself for a while, and have recently came to the
conclusion that University would be my best choice.
The main reasons I made this decision are;
• Social reasons
• Educational advantages
• Takes years off the experience needed to take the CISSP
I'm writing on these mailing-lists for two reasons;
• To find out what you think of my choice (not locked in yet!!!)
• For advice on which course to go for (Sydney, NSW, Australia)
I am wishing sometime in the future to begin a career in IT Security.
Although being under 18, I have still found time to achieve various
certifications; including CompTIA's Security+, three Cisco
certifications & a Microsoft accreditation.
Also, for the last 4 months I've been working full-time on the 1st
Level of an IT Helpdesk.
Am very open to ideas, so would be interested in reading & answering
your replies!
Thank you for reading this,
Hy Zaret
------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board
Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.
http://www.iacertification.org
------------------------------------------------------------------------
------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board
Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.
http://www.iacertification.org
------------------------------------------------------------------------
       Adriel T. Desautels
       --------------------------------------
       Subscribe to our blog
       http://snosoft.blogspot.com
------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board
Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.
http://www.iacertification.org
------------------------------------------------------------------------
------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------
David Prince
2009-08-07 18:58:03 UTC
Permalink
Hy,

I also found it difficult to get accepted at a University close to me for the same reasons. However, I found that gaining a few industry recognized certifications such as the MCSE and CCNP got me into University no problem, and also allowed me to skip several modules, as the Degree I was looking to attain is heavily based around Networking, Computer Architecture, and Programming. So perhaps doing this may increase your changes too.



Kind Regards,

David Prince

-----Original Message-----
From: ***@securityfocus.com [mailto:***@securityfocus.com] On Behalf Of Hy Zaret
Sent: 07 August 2009 04:52
To: pen-***@securityfocus.com
Subject: Re: To go to University - For the CISSP etc. - Good idea/Bad idea???

Thanks everyone for your prompt replies.

Really appreciate your affirmation of my decision.

I'm considering The Bachelor of Computing (Networks)... what are your
thoughts on this?

I'd be majoring in Security of course...

Unfortunately, due to my relatively young age, and lack of either the
IB, HSC or SAT, may make this difficult.

I am however trying to get in other ways, eg; by doing a 6-month
course at a Technical College, or by working for at least a year, (8
months off that...). Although sitting the STAT may enable
enrollment...

What are your thoughts on my course selection, and the ways I'm trying
to enter? If you know of any other ways I can enter University to do
the aforementioned course, please inform me of it.

Sam Oke:
Thanks, see you there! ;)

Tomi Tuominien:
That's the year I was born!!! Finland? You're reminding me of Monty
Python now!!! Answer: [A:\... or B:\]

Palaniyappan:
A few, did a bit of hacking in High School, but have only recently
started to learn how that was possible!

Ahmad Taha Zaki:
Do you think for someone non-mathematically minded that Computer
Science would be the right course for me? Or do you believe, as I
currently do, that The Bachelor of Computer (Networks) would be my
best bet?

Shailesh Rangari:
Thanks for your reply. Hadn't thought to contact our Defence
Department... that's a good idea! Well I left school at 16 to pursue
more specialised education.
I studied IT - Networking at Technical College, which is where I
decided to enter the 'world of IT Security'!
But yes, I do have all those certifications, the 3 Cisco ones I did at
technical college, the others I've done through self-study.
Security+ was particularly interesting/difficult. I enjoyed studying
for it, as I learned a lot of new things! I thought I was good at
security, but I hadn't even heard of some of the concepts!!!
Hmm... well I think I'll leave that last comment for after Uni [if I
get accepted], where I'll start a new post here on the different
mailing-lists.

Abel Adushaev:
Hmm... wasn't aware of that. Well I'll create another topic sometime
in the future 'Which certification should I go for next?', but that
won't be for a while, as I still have to get my MCSA & MCSE. Perhaps a
CCNA as well... as Uni!!! [if I get accepted]

Wolfiroc:
I don't understand.... to be in Politics you need a CISSP?

RaptorX:
Thanks! Hopefully I'll get accepted into the course I want! I used to
target the teachers at Technical College, the Security & Linux ones
:P. Good fun!

Noah Chesterman:
For whatever reason, I've noticed that Uni degrees are more respected
then Certifications. Uni graduates, from what I've heard, have an
easier time of finding jobs.

James Copeland:
Thanks! I agree, it woudl make the job interview a hell of a lot easier!

Matthew Wollenweber:
I have considered Computer Science. It seems to be a very good course,
I have a friend in 1st year. My other friends [in my age-group] are
also considering entering Computer Science at University, once they've
finished school. Unfortunately for me, I'm not very good at Maths, or
Science. I'm slowly teaching myself programming though, and if I got
accepted into a Computer Science course, I'd accept! The only thing
is, I'm unsure of how well I'd go... Yes, most I'd have to pickup
osmosisly [if that's a word!], however some formal education may be
helpful, if I end up not being good in the Security field, or if I'd
want to enter more the Mangerial side. For the moment, I'm looking for
a purely technical field. I do have a lot to consider!!! Hmm...
system administration in the Universities IT Department... sounds
interesting!

Adriel T. Desautels:
He doesn't need WINE either!

David Klein:
What do you do?

Adam K:
I play basketball, if that's of any help!!! :D
Not just social connections, business connections as well! (or so I've heard)

Thanks once again for all the replies.

Hy Zaret
Post by Adam K
Right, Gates doesn't have a degree, but his career path is an exception.
I liken him to a baseball player... Ball players that get drafted
early (standout players with skills and sometimes luck) usually don't
get to finish their degree. Those drafted later (not standout players)
have time to finish their degree.
I have never met an individual that regrets their time spent in
college or their work toward a degree. I know countless people that
regret not getting a degree. Not too mention you typically make social
connections that will last a lifetime.
On Thu, Aug 6, 2009 at 5:32 PM, Adriel T. Desautels
Post by Adriel T. Desautels
Bill gates doesn't have a degree.
What I have found is that school is the way to go.  People will look
at you with your certifications but without the college degree to
"back them up" that is all that they will do.  Another good reason for
college is that some employers will bump that pay up for just having a
degree, no matter even if it is underwater basket weaving.  Good luck.
Jimmy
Post by Hy Zaret
Greetings & Salutations to all!
I've been training myself for a while, and have recently came to the
conclusion that University would be my best choice.
The main reasons I made this decision are;
* Social reasons
* Educational advantages
* Takes years off the experience needed to take the CISSP
I'm writing on these mailing-lists for two reasons;
* To find out what you think of my choice (not locked in yet!!!)
* For advice on which course to go for (Sydney, NSW, Australia)
I am wishing sometime in the future to begin a career in IT Security.
Although being under 18, I have still found time to achieve various
certifications; including CompTIA's Security+, three Cisco
certifications & a Microsoft accreditation.
Also, for the last 4 months I've been working full-time on the 1st
Level of an IT Helpdesk.
Am very open to ideas, so would be interested in reading & answering
your replies!
Thank you for reading this,
Hy Zaret
------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board
Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.
http://www.iacertification.org
------------------------------------------------------------------------
------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board
Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.
http://www.iacertification.org
------------------------------------------------------------------------
       Adriel T. Desautels
       --------------------------------------
       Subscribe to our blog
       http://snosoft.blogspot.com
------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board
Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.
http://www.iacertification.org
------------------------------------------------------------------------
------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------


------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------
Derek Fountain
2009-08-07 11:30:28 UTC
Permalink
Post by Adriel T. Desautels
Bill gates doesn't have a degree.
Oh yes, that old chestnut. Bill Gates is in his mid-50s, not his late
teens like the original poster. Gates grew up in the fledgling computer
world of the 1970s when opportunities and expectations were very
different to what they are now. It's also probably fair to say that Bill
Gates' story isn't that of the typical IT professional.

When a youngster asks for guidance on career and education I think the
example of someone born in the mid-1950s isn't really relevant.

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------
Lamar Stewart
2009-08-07 18:05:57 UTC
Permalink
In this day and age it is very important to get your degree. Prior to graduating I was told by my advisor that my degree isn't to show that I am smarter than other people, it is to show that I have been taught how to learn. It tells any potential employer that you have the discipline to try to figure out new things and you should be able to handle new ideas, and different points of views.


-----Original Message-----
From: ***@securityfocus.com [mailto:***@securityfocus.com] On Behalf Of Derek Fountain
Sent: Friday, August 07, 2009 7:30 AM
To: pen-***@securityfocus.com
Subject: Re: To go to University - For the CISSP etc. - Good idea/Bad idea???
Post by Adriel T. Desautels
Bill gates doesn't have a degree.
Oh yes, that old chestnut. Bill Gates is in his mid-50s, not his late
teens like the original poster. Gates grew up in the fledgling computer
world of the 1970s when opportunities and expectations were very
different to what they are now. It's also probably fair to say that Bill
Gates' story isn't that of the typical IT professional.

When a youngster asks for guidance on career and education I think the
example of someone born in the mid-1950s isn't really relevant.

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------


------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------
Jeremy Brown
2009-08-07 18:16:00 UTC
Permalink
Did everyone miss this?

http://tech.yahoo.com/blog/hughes/13653

Granted, it was an honorary doctorate, but yet a degree
Post by Adriel T. Desautels
Bill gates doesn't have a degree.
Oh yes, that old chestnut. Bill Gates is in his mid-50s, not his late teens
like the original poster. Gates grew up in the fledgling computer world of
the 1970s when opportunities and expectations were very different to what
they are now. It's also probably fair to say that Bill Gates' story isn't
that of the typical IT professional.
When a youngster asks for guidance on career and education I think the
example of someone born in the mid-1950s isn't really relevant.
------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board
Prove to peers and potential employers without a doubt that you can actually
do a proper penetration test. IACRB CPT and CEPT certs require a full
practical examination in order to become certified.
http://www.iacertification.org
------------------------------------------------------------------------
------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------
Adriel T. Desautels
2009-08-07 18:34:19 UTC
Permalink
Actually its absolutely relevant.

Additionally, I never said "don't get a degree". I just suggested not
wasting your time getting a degree on something that will be dated by
the time you're ready to use it.

Go for a degree in law or business, study technology on the side if
that's where your passion is. You'll end up very well rounded and
ready to play.
Post by Derek Fountain
Post by Adriel T. Desautels
Bill gates doesn't have a degree.
Oh yes, that old chestnut. Bill Gates is in his mid-50s, not his
late teens like the original poster. Gates grew up in the fledgling
computer world of the 1970s when opportunities and expectations were
very different to what they are now. It's also probably fair to say
that Bill Gates' story isn't that of the typical IT professional.
When a youngster asks for guidance on career and education I think
the example of someone born in the mid-1950s isn't really relevant.
------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification
Review Board
Prove to peers and potential employers without a doubt that you can
actually do a proper penetration test. IACRB CPT and CEPT certs
require a full practical examination in order to become certified.
http://www.iacertification.org
------------------------------------------------------------------------
Adriel T. Desautels
***@netragard.com
--------------------------------------

Subscribe to our blog
http://snosoft.blogspot.com


------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------
R. DuFresne
2009-08-07 15:24:54 UTC
Permalink
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



And things have certainly changed alot since the mid 70's also.
Post by Adriel T. Desautels
Bill gates doesn't have a degree.
Post by James Copeland
What I have found is that school is the way to go. People will look
at you with your certifications but without the college degree to
"back them up" that is all that they will do. Another good reason for
college is that some employers will bump that pay up for just having a
degree, no matter even if it is underwater basket weaving. Good luck.
Jimmy
[SNIP off the old]


Thanks,

Ron DuFresne
- --
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
admin & senior security consultant: sysinfo.com
http://sysinfo.com
Key fingerprint = 9401 4B13 B918 164C 647A E838 B2DF AFCC 94B0 6629

These things happened. They were glorious and they changed the world...,
and then we fucked up the endgame. --Charlie Wilson
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFKfEdJst+vzJSwZikRAhtpAJwPaGBvPn4YuLWEmZ/eheCdfqUloACfXzi0
NR68WoQa88zzQkk1bxWEWpg=
=zZ1E
-----END PGP SIGNATURE-----

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------
Adriel T. Desautels
2009-08-07 13:18:43 UTC
Permalink
1-) Fact, technology evolves so quickly that "new" technology is
considered "old" within the course of one year.
2-) Fact, security is one of the most rapidly evolving areas of
technology.
3-) Fact, most degrees take at least 4 years to attain.

If you are interested in becoming a security professional, what you
learn in school will be out-dated by the time you graduate. The only
thing that you will have that will be of any real value will be your
experience in performing research or in delivering security services,
or maybe in the creation of security technologies. A degree can not,
and will not make you a security expert... only hands on experience
and bleeding edge exposure can do that. You get that exposure by
doing and universities don't "do" all that well.

When I was in college I was also working full time making the salary
of a senior software engineer. In doing that I quickly realized that
college was useless for me as it wasn't teaching me anything that I
needed to know. I found that I was learning about the real and
current technology world while at work, and learning about the old and
dusty technology world while at school. Most of the skills that they
were teaching us at school, especially with respect to security, were
dated or becoming dated. The only thing that I found useful was C, C+
+, and the other programming languages that I learned. Mind you, I
wasn't taught by anyone, I was given a book and told to study it. I
don't need to pay $45,000/year to be told to read a book, I can do
that on my own. If you feel that you need to pay that much to read a
book then give me a call, I've got a lot of good reading material for
you.

With regards to technology, most of the time the only thing that a
degree will satisfy is the emotional and political requirement of the
old school mindset. The truth is that some of the best talent doesn't
come with a degree.

Naturally, degrees are required for doctors, lawyers, etc. I'm not
suggesting that they don't have a place. I am saying that specific to
security they are nearly useless when compared to real world experience.
Post by Adam K
Right, Gates doesn't have a degree, but his career path is an
exception.
I liken him to a baseball player... Ball players that get drafted
early (standout players with skills and sometimes luck) usually
don't get to finish their degree. Those drafted later (not standout
players) have time to finish their degree.
I have never met an individual that regrets their time spent in
college or their work toward a degree. I know countless people that
regret not getting a degree. Not too mention you typically make
social connections that will last a lifetime.
Bill gates doesn't have a degree.
What I have found is that school is the way to go. People will look
at you with your certifications but without the college degree to
"back them up" that is all that they will do. Another good reason for
college is that some employers will bump that pay up for just having a
degree, no matter even if it is underwater basket weaving. Good luck.
Jimmy
Greetings & Salutations to all!
I've been training myself for a while, and have recently came to the
conclusion that University would be my best choice.
The main reasons I made this decision are;
• Social reasons
• Educational advantages
• Takes years off the experience needed to take the CISSP
I'm writing on these mailing-lists for two reasons;
• To find out what you think of my choice (not locked in yet!!!)
• For advice on which course to go for (Sydney, NSW, Australia)
I am wishing sometime in the future to begin a career in IT Security.
Although being under 18, I have still found time to achieve various
certifications; including CompTIA's Security+, three Cisco
certifications & a Microsoft accreditation.
Also, for the last 4 months I've been working full-time on the 1st
Level of an IT Helpdesk.
Am very open to ideas, so would be interested in reading & answering
your replies!
Thank you for reading this,
Hy Zaret
------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification
Review Board
Prove to peers and potential employers without a doubt that you can
actually do a proper penetration test. IACRB CPT and CEPT certs
require a full practical examination in order to become certified.
http://www.iacertification.org
------------------------------------------------------------------------
------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification
Review Board
Prove to peers and potential employers without a doubt that you can
actually do a proper penetration test. IACRB CPT and CEPT certs
require a full practical examination in order to become certified.
http://www.iacertification.org
------------------------------------------------------------------------
Adriel T. Desautels
--------------------------------------
Subscribe to our blog
http://snosoft.blogspot.com
------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification
Review Board
Prove to peers and potential employers without a doubt that you can
actually do a proper penetration test. IACRB CPT and CEPT certs
require a full practical examination in order to become certified.
http://www.iacertification.org
------------------------------------------------------------------------
Adriel T. Desautels
***@netragard.com
--------------------------------------

Subscribe to our blog
http://snosoft.blogspot.com


------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------
Brad Bendily
2009-08-07 18:54:25 UTC
Permalink
With regards to technology, most of the time the only thing that a degree
will satisfy is the emotional and political requirement of the old school
mindset.  The truth is that some of the best talent doesn't come with a
degree.
Yeah, but the fact is that most businesses have an HR dept and unless
you have a degree you won't get
your resume past HR.
It's certainly possible to get a job without a degree, but it's
definitely not the norm.
Naturally, degrees are required for doctors, lawyers, etc.  I'm not
suggesting that they don't have a place.  I am saying that specific to
security they are nearly useless when compared to real world experience.
------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------
Craig S. Wright
2009-08-08 21:58:55 UTC
Permalink
A degree (if you actually apply yourself and use the experience to learn)
will provide you with a foundation that you do not obtain through real world
experience.

Although technology moves on, many of the underlying foundations do not. I
still use old techniques on a daily basis. Knowing the algorithms in a sort
function is actually still extremely useful in analysing packers for malware
reversing. This is not something that you pickup in a normal daily function.
You can learn it on your own, but the added structure often helps people
focus.

I for instance am both a quasi-academic (insert shameless plug for IT
Masters degree, digital forensics
http://www.itmasters.edu.au/WhichQualification/MasterofInformationSystemsSec
urity/DigitalForensics.aspx) as well as working in the "real world". I still
do degrees. I have lost count as to where I am up to, but I am completing
another doctorate, a PhD on the quantification of IS risk.

You can work and study. It is easier to at least complete one degree on
campus, but there are options afterwards that many people take. Even in
networking, a good understanding of the fundamentals can help. Knowing OSPF
in routing is one thing, but understanding how the Dystraka's algorithm
actually functions is a benefit to say the least.

There are many point and click IT people out there. These people can make a
good career which can take them into management etc. Here a degree still
helps (though one with a business/commerce focus is best). If you want to
really get into the depths of computing, work in a lab, design etc, then a
degree is definitely not going to hurt.

As for how fast the IT world changes, don't really believe it.

The foundations of systems and design are 80% the same today as they where a
decade ago. The interfaces and tools have changed, but the principles have
not. I come across the same software errors in code now, the same mistakes,
the same poor coding as I did 2 decades ago. It may be faster, bigger and
more colourful, but we are still making the same errors.

Regards,
...
Dr. Craig S Wright GSE-Malware, GSE-Compliance, LLM, & ...
Information Defense Pty Ltd



-----Original Message-----
From: ***@securityfocus.com [mailto:***@securityfocus.com] On
Behalf Of Adriel T. Desautels
Sent: Friday, 7 August 2009 11:19 PM
To: Adam K
Cc: James Copeland; Hy Zaret; pen-***@securityfocus.com
Subject: Re: To go to University - For the CISSP etc. - Good idea/Bad
idea???

1-) Fact, technology evolves so quickly that "new" technology is
considered "old" within the course of one year.
2-) Fact, security is one of the most rapidly evolving areas of
technology.
3-) Fact, most degrees take at least 4 years to attain.

If you are interested in becoming a security professional, what you
learn in school will be out-dated by the time you graduate. The only
thing that you will have that will be of any real value will be your
experience in performing research or in delivering security services,
or maybe in the creation of security technologies. A degree can not,
and will not make you a security expert... only hands on experience
and bleeding edge exposure can do that. You get that exposure by
doing and universities don't "do" all that well.

When I was in college I was also working full time making the salary
of a senior software engineer. In doing that I quickly realized that
college was useless for me as it wasn't teaching me anything that I
needed to know. I found that I was learning about the real and
current technology world while at work, and learning about the old and
dusty technology world while at school. Most of the skills that they
were teaching us at school, especially with respect to security, were
dated or becoming dated. The only thing that I found useful was C, C+
+, and the other programming languages that I learned. Mind you, I
wasn't taught by anyone, I was given a book and told to study it. I
don't need to pay $45,000/year to be told to read a book, I can do
that on my own. If you feel that you need to pay that much to read a
book then give me a call, I've got a lot of good reading material for
you.

With regards to technology, most of the time the only thing that a
degree will satisfy is the emotional and political requirement of the
old school mindset. The truth is that some of the best talent doesn't
come with a degree.

Naturally, degrees are required for doctors, lawyers, etc. I'm not
suggesting that they don't have a place. I am saying that specific to
security they are nearly useless when compared to real world experience.
Post by Adam K
Right, Gates doesn't have a degree, but his career path is an
exception.
I liken him to a baseball player... Ball players that get drafted
early (standout players with skills and sometimes luck) usually
don't get to finish their degree. Those drafted later (not standout
players) have time to finish their degree.
I have never met an individual that regrets their time spent in
college or their work toward a degree. I know countless people that
regret not getting a degree. Not too mention you typically make
social connections that will last a lifetime.
On Thu, Aug 6, 2009 at 5:32 PM, Adriel T. Desautels
Bill gates doesn't have a degree.
What I have found is that school is the way to go. People will look
at you with your certifications but without the college degree to
"back them up" that is all that they will do. Another good reason for
college is that some employers will bump that pay up for just having a
degree, no matter even if it is underwater basket weaving. Good luck.
Jimmy
Greetings & Salutations to all!
I've been training myself for a while, and have recently came to the
conclusion that University would be my best choice.
The main reasons I made this decision are;
. Social reasons
. Educational advantages
. Takes years off the experience needed to take the CISSP
I'm writing on these mailing-lists for two reasons;
. To find out what you think of my choice (not locked in yet!!!)
. For advice on which course to go for (Sydney, NSW, Australia)
I am wishing sometime in the future to begin a career in IT Security.
Although being under 18, I have still found time to achieve various
certifications; including CompTIA's Security+, three Cisco
certifications & a Microsoft accreditation.
Also, for the last 4 months I've been working full-time on the 1st
Level of an IT Helpdesk.
Am very open to ideas, so would be interested in reading & answering
your replies!
Thank you for reading this,
Hy Zaret
------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification
Review Board
Prove to peers and potential employers without a doubt that you can
actually do a proper penetration test. IACRB CPT and CEPT certs
require a full practical examination in order to become certified.
http://www.iacertification.org
------------------------------------------------------------------------
------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification
Review Board
Prove to peers and potential employers without a doubt that you can
actually do a proper penetration test. IACRB CPT and CEPT certs
require a full practical examination in order to become certified.
http://www.iacertification.org
------------------------------------------------------------------------
Adriel T. Desautels
--------------------------------------
Subscribe to our blog
http://snosoft.blogspot.com
------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification
Review Board
Prove to peers and potential employers without a doubt that you can
actually do a proper penetration test. IACRB CPT and CEPT certs
require a full practical examination in order to become certified.
http://www.iacertification.org
------------------------------------------------------------------------
Adriel T. Desautels
***@netragard.com
--------------------------------------

Subscribe to our blog
http://snosoft.blogspot.com


------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually
do a proper penetration test. IACRB CPT and CEPT certs require a full
practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------


------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------
Bob Bell (rtbell)
2009-08-07 21:11:39 UTC
Permalink
Adriel, et al -

While I agree with your assertion that the information gained in pursuing a
degree is dated from almost the outset, having the college degree card is A
major requirement to even get into the door. I know from my own experience
that the lack of same is a major handicap. So, yes, pursue the degree in an
engineering or CS or Network environment, but also study and learn on the
job. Having a couple of certifications (CCNA security, CSSLP, CISSP,
whatever) will allow you to standout in the crowd, but not having the degree
basically sinks both of your feet into a concrete block.

Bob
Post by David Klein
-----Original Message-----
Sent: Friday, 07 August, 2009 07:19
To: Adam K
Subject: Re: To go to University - For the CISSP etc. - Good
idea/Bad idea???
1-) Fact, technology evolves so quickly that "new" technology
is considered "old" within the course of one year.
2-) Fact, security is one of the most rapidly evolving areas
of technology.
3-) Fact, most degrees take at least 4 years to attain.
If you are interested in becoming a security professional,
what you learn in school will be out-dated by the time you
graduate. The only thing that you will have that will be of
any real value will be your experience in performing research
or in delivering security services, or maybe in the creation
of security technologies. A degree can not, and will not
make you a security expert... only hands on experience and
bleeding edge exposure can do that. You get that exposure by
doing and universities don't "do" all that well.
When I was in college I was also working full time making the
salary of a senior software engineer. In doing that I
quickly realized that college was useless for me as it wasn't
teaching me anything that I needed to know. I found that I
was learning about the real and current technology world
while at work, and learning about the old and dusty
technology world while at school. Most of the skills that
they were teaching us at school, especially with respect to
security, were dated or becoming dated. The only thing that
I found useful was C, C+
+, and the other programming languages that I learned. Mind you, I
wasn't taught by anyone, I was given a book and told to study
it. I don't need to pay $45,000/year to be told to read a
book, I can do that on my own. If you feel that you need to
pay that much to read a book then give me a call, I've got a
lot of good reading material for you.
With regards to technology, most of the time the only thing
that a degree will satisfy is the emotional and political
requirement of the old school mindset. The truth is that
some of the best talent doesn't come with a degree.
Naturally, degrees are required for doctors, lawyers, etc.
I'm not suggesting that they don't have a place. I am saying
that specific to security they are nearly useless when
compared to real world experience.
Post by Adam K
Right, Gates doesn't have a degree, but his career path is an
exception.
I liken him to a baseball player... Ball players that get drafted
early (standout players with skills and sometimes luck)
usually don't
Post by Adam K
get to finish their degree. Those drafted later (not standout
players) have time to finish their degree.
I have never met an individual that regrets their time spent in
college or their work toward a degree. I know countless people that
regret not getting a degree. Not too mention you typically
make social
Post by Adam K
connections that will last a lifetime.
On Thu, Aug 6, 2009 at 5:32 PM, Adriel T. Desautels
Bill gates doesn't have a degree.
What I have found is that school is the way to go. People
will look
Post by Adam K
at you with your certifications but without the college degree to
"back them up" that is all that they will do. Another good
reason for
Post by Adam K
college is that some employers will bump that pay up for
just having a
Post by Adam K
degree, no matter even if it is underwater basket weaving.
Good luck.
Post by Adam K
Jimmy
Greetings & Salutations to all!
I've been training myself for a while, and have recently
came to the
Post by Adam K
conclusion that University would be my best choice.
The main reasons I made this decision are; . Social reasons .
Educational advantages . Takes years off the experience
needed to take
Post by Adam K
the CISSP
I'm writing on these mailing-lists for two reasons; . To
find out what
Post by Adam K
you think of my choice (not locked in yet!!!) . For advice on which
course to go for (Sydney, NSW, Australia)
I am wishing sometime in the future to begin a career in IT
Security.
Post by Adam K
Although being under 18, I have still found time to achieve various
certifications; including CompTIA's Security+, three Cisco
certifications & a Microsoft accreditation.
Also, for the last 4 months I've been working full-time on the 1st
Level of an IT Helpdesk.
Am very open to ideas, so would be interested in reading &
answering
Post by Adam K
your replies!
Thank you for reading this,
Hy Zaret
----------------------------------------------------------------------
Post by Adam K
-- This list is sponsored by: Information Assurance Certification
Review Board
Prove to peers and potential employers without a doubt that you can
actually do a proper penetration test. IACRB CPT and CEPT certs
require a full practical examination in order to become certified.
http://www.iacertification.org
----------------------------------------------------------------------
Post by Adam K
--
----------------------------------------------------------------------
Post by Adam K
-- This list is sponsored by: Information Assurance Certification
Review Board
Prove to peers and potential employers without a doubt that you can
actually do a proper penetration test. IACRB CPT and CEPT certs
require a full practical examination in order to become certified.
http://www.iacertification.org
----------------------------------------------------------------------
Post by Adam K
--
Adriel T. Desautels
--------------------------------------
Subscribe to our blog
http://snosoft.blogspot.com
----------------------------------------------------------------------
Post by Adam K
-- This list is sponsored by: Information Assurance Certification
Review Board
Prove to peers and potential employers without a doubt that you can
actually do a proper penetration test. IACRB CPT and CEPT certs
require a full practical examination in order to become certified.
http://www.iacertification.org
----------------------------------------------------------------------
Post by Adam K
--
Adriel T. Desautels
--------------------------------------
Subscribe to our blog
http://snosoft.blogspot.com
--------------------------------------------------------------
----------
This list is sponsored by: Information Assurance
Certification Review Board
Prove to peers and potential employers without a doubt that
you can actually do a proper penetration test. IACRB CPT and
CEPT certs require a full practical examination in order to
become certified.
http://www.iacertification.org
--------------------------------------------------------------
----------
Adriel T. Desautels
2009-08-09 14:29:42 UTC
Permalink
Comments embedded below.
Post by Craig S. Wright
A degree (if you actually apply yourself and use the experience to
learn)
will provide you with a foundation that you do not obtain through
real world
experience.
Agreed, but a degree in something useful that you can't learn just as
well on
your own, and whose knowledge won't be dated when you're done.
Post by Craig S. Wright
Although technology moves on, many of the underlying foundations do
not. I
still use old techniques on a daily basis. Knowing the algorithms in
a sort
function is actually still extremely useful in analysing packers for
malware
reversing. This is not something that you pickup in a normal daily
function.
You can learn it on your own, but the added structure often helps
people
focus.
I think that's a great point but is that something that you need to
get a degree for?
You can take courses at Black Hat etc. Those courses are very focused
and will
help just the same, if not better, won't they?
Post by Craig S. Wright
I for instance am both a quasi-academic (insert shameless plug for IT
Masters degree, digital forensics
http://www.itmasters.edu.au/WhichQualification/MasterofInformationSystemsSec
urity/DigitalForensics.aspx) as well as working in the "real world".
I still
do degrees. I have lost count as to where I am up to, but I am
completing
another doctorate, a PhD on the quantification of IS risk.
So you can't count that high? (sorry the wise ass part of me got the
best of me).
Post by Craig S. Wright
You can work and study. It is easier to at least complete one degree
on
campus, but there are options afterwards that many people take. Even
in
networking, a good understanding of the fundamentals can help.
Knowing OSPF
in routing is one thing, but understanding how the Dystraka's
algorithm
actually functions is a benefit to say the least.
Or you can learn about calculating (least cost) distances on your
own. What you
are talking about here would be learned with a degree in mathematics,
and IMHO
that would be very a useful degree.
Post by Craig S. Wright
There are many point and click IT people out there. These people can
make a
good career which can take them into management etc. Here a degree
still
helps (though one with a business/commerce focus is best). If you
want to
really get into the depths of computing, work in a lab, design etc,
then a
degree is definitely not going to hurt.
Point and Click? Isn't that a bit demeaning Craig? There are many
people in the
IT Security industry that don't have degrees and that out-perform
people with
degrees. Sure it might make the people with the degree's upset, but
then again
it might not.

I think that its not point and click as much as smarts, talent and
innovation.
Post by Craig S. Wright
As for how fast the IT world changes, don't really believe it.
Does anyone else here think that the IT world doesn't evolve?
Post by Craig S. Wright
The foundations of systems and design are 80% the same today as they
where a
decade ago.
The foundations for cars are 90% of what they were a a decade ago.
Are you saying
that cars from 1999 are the same as they are today?
Post by Craig S. Wright
The interfaces and tools have changed, but the principles have
not.
The principles have changed significantly in may areas. Methods for
attack and exploitation
have evolved. If there was no change then the security industry would
be dead as the
problems would have been solved.
Post by Craig S. Wright
I come across the same software errors in code now, the same mistakes,
the same poor coding as I did 2 decades ago. It may be faster,
bigger and
more colourful, but we are still making the same errors.
So you're saying that the IT world hasn't evolved because people keep
making the same
mistakes when writing code? Your argument is flawed. Hell, I can't
believe that I just spent
this much time arguing about the evolution of IT. I'm done with that
subject, its been fun really.
Post by Craig S. Wright
Regards,
...
Dr. Craig S Wright GSE-Malware, GSE-Compliance, LLM, & ...
Information Defense Pty Ltd
-----Original Message-----
] On
Behalf Of Adriel T. Desautels
Sent: Friday, 7 August 2009 11:19 PM
To: Adam K
Subject: Re: To go to University - For the CISSP etc. - Good idea/Bad
idea???
1-) Fact, technology evolves so quickly that "new" technology is
considered "old" within the course of one year.
2-) Fact, security is one of the most rapidly evolving areas of
technology.
3-) Fact, most degrees take at least 4 years to attain.
If you are interested in becoming a security professional, what you
learn in school will be out-dated by the time you graduate. The only
thing that you will have that will be of any real value will be your
experience in performing research or in delivering security services,
or maybe in the creation of security technologies. A degree can not,
and will not make you a security expert... only hands on experience
and bleeding edge exposure can do that. You get that exposure by
doing and universities don't "do" all that well.
When I was in college I was also working full time making the salary
of a senior software engineer. In doing that I quickly realized that
college was useless for me as it wasn't teaching me anything that I
needed to know. I found that I was learning about the real and
current technology world while at work, and learning about the old and
dusty technology world while at school. Most of the skills that they
were teaching us at school, especially with respect to security, were
dated or becoming dated. The only thing that I found useful was C, C+
+, and the other programming languages that I learned. Mind you, I
wasn't taught by anyone, I was given a book and told to study it. I
don't need to pay $45,000/year to be told to read a book, I can do
that on my own. If you feel that you need to pay that much to read a
book then give me a call, I've got a lot of good reading material for
you.
With regards to technology, most of the time the only thing that a
degree will satisfy is the emotional and political requirement of the
old school mindset. The truth is that some of the best talent doesn't
come with a degree.
Naturally, degrees are required for doctors, lawyers, etc. I'm not
suggesting that they don't have a place. I am saying that specific to
security they are nearly useless when compared to real world
experience.
Post by Adam K
Right, Gates doesn't have a degree, but his career path is an
exception.
I liken him to a baseball player... Ball players that get drafted
early (standout players with skills and sometimes luck) usually
don't get to finish their degree. Those drafted later (not standout
players) have time to finish their degree.
I have never met an individual that regrets their time spent in
college or their work toward a degree. I know countless people that
regret not getting a degree. Not too mention you typically make
social connections that will last a lifetime.
On Thu, Aug 6, 2009 at 5:32 PM, Adriel T. Desautels
Bill gates doesn't have a degree.
What I have found is that school is the way to go. People will look
at you with your certifications but without the college degree to
"back them up" that is all that they will do. Another good reason for
college is that some employers will bump that pay up for just
having a
degree, no matter even if it is underwater basket weaving. Good luck.
Jimmy
Greetings & Salutations to all!
I've been training myself for a while, and have recently came to the
conclusion that University would be my best choice.
The main reasons I made this decision are;
. Social reasons
. Educational advantages
. Takes years off the experience needed to take the CISSP
I'm writing on these mailing-lists for two reasons;
. To find out what you think of my choice (not locked in yet!!!)
. For advice on which course to go for (Sydney, NSW, Australia)
I am wishing sometime in the future to begin a career in IT Security.
Although being under 18, I have still found time to achieve various
certifications; including CompTIA's Security+, three Cisco
certifications & a Microsoft accreditation.
Also, for the last 4 months I've been working full-time on the 1st
Level of an IT Helpdesk.
Am very open to ideas, so would be interested in reading & answering
your replies!
Thank you for reading this,
Hy Zaret
------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board
Prove to peers and potential employers without a doubt that you can
actually do a proper penetration test. IACRB CPT and CEPT certs
require a full practical examination in order to become certified.
http://www.iacertification.org
------------------------------------------------------------------------
------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board
Prove to peers and potential employers without a doubt that you can
actually do a proper penetration test. IACRB CPT and CEPT certs
require a full practical examination in order to become certified.
http://www.iacertification.org
------------------------------------------------------------------------
Adriel T. Desautels
--------------------------------------
Subscribe to our blog
http://snosoft.blogspot.com
------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board
Prove to peers and potential employers without a doubt that you can
actually do a proper penetration test. IACRB CPT and CEPT certs
require a full practical examination in order to become certified.
http://www.iacertification.org
------------------------------------------------------------------------
Adriel T. Desautels
--------------------------------------
Subscribe to our blog
http://snosoft.blogspot.com
------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification
Review Board
Prove to peers and potential employers without a doubt that you can
actually
do a proper penetration test. IACRB CPT and CEPT certs require a full
practical examination in order to become certified.
http://www.iacertification.org
------------------------------------------------------------------------
Adriel T. Desautels
***@netragard.com
--------------------------------------

Subscribe to our blog
http://snosoft.blogspot.com


------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------
Adriel T. Desautels
2009-08-09 13:47:44 UTC
Permalink
Clearly there are different opinions about earning degrees and that's
fine, each
to their own. People should do what is right for them but I stand by
my opinion.
My opinion is that people should earn a degree in something that will
benefit them,
that they can't learn on their own, and that won't be dated by the
time they graduate.

But again, a degree isn't for everyone and doesn't determine success.
Bill Gates
is a prime example of great success without a degree. He took the
risk and made
it happen.

...

Craig, this is the second time that you've responded to one of my more
intentionally
controversial emails. I couldn't help but do a bit of research on you
and took a look
at your blogs.

Is this fact:

"My name is Dr Craig Wright. I am currently the only GIAC GSE
(Compliance)
holder globally and the most highly accredited Global Information
Security
Professional. Each week I will answer and post the best questions sent
to me."

http://security-doctor.blogspot.com/

Craig, are you also a researcher in that you perform vulnerability
research
and write exploits? Or are you strictly focused on compliance? Do you
perform
penetration tests or just review the results?

I'm not trying to be a wise ass, I'm honestly curious.
Post by Craig S. Wright
A degree (if you actually apply yourself and use the experience to
learn)
will provide you with a foundation that you do not obtain through
real world
experience.
Although technology moves on, many of the underlying foundations do
not. I
still use old techniques on a daily basis. Knowing the algorithms in
a sort
function is actually still extremely useful in analysing packers for
malware
reversing. This is not something that you pickup in a normal daily
function.
You can learn it on your own, but the added structure often helps
people
focus.
I for instance am both a quasi-academic (insert shameless plug for IT
Masters degree, digital forensics
http://www.itmasters.edu.au/WhichQualification/MasterofInformationSystemsSec
urity/DigitalForensics.aspx) as well as working in the "real world".
I still
do degrees. I have lost count as to where I am up to, but I am
completing
another doctorate, a PhD on the quantification of IS risk.
You can work and study. It is easier to at least complete one degree
on
campus, but there are options afterwards that many people take. Even
in
networking, a good understanding of the fundamentals can help.
Knowing OSPF
in routing is one thing, but understanding how the Dystraka's
algorithm
actually functions is a benefit to say the least.
There are many point and click IT people out there. These people can
make a
good career which can take them into management etc. Here a degree
still
helps (though one with a business/commerce focus is best). If you
want to
really get into the depths of computing, work in a lab, design etc,
then a
degree is definitely not going to hurt.
As for how fast the IT world changes, don't really believe it.
The foundations of systems and design are 80% the same today as they
where a
decade ago. The interfaces and tools have changed, but the
principles have
not. I come across the same software errors in code now, the same
mistakes,
the same poor coding as I did 2 decades ago. It may be faster,
bigger and
more colourful, but we are still making the same errors.
Regards,
...
Dr. Craig S Wright GSE-Malware, GSE-Compliance, LLM, & ...
Information Defense Pty Ltd
-----Original Message-----
] On
Behalf Of Adriel T. Desautels
Sent: Friday, 7 August 2009 11:19 PM
To: Adam K
Subject: Re: To go to University - For the CISSP etc. - Good idea/Bad
idea???
1-) Fact, technology evolves so quickly that "new" technology is
considered "old" within the course of one year.
2-) Fact, security is one of the most rapidly evolving areas of
technology.
3-) Fact, most degrees take at least 4 years to attain.
If you are interested in becoming a security professional, what you
learn in school will be out-dated by the time you graduate. The only
thing that you will have that will be of any real value will be your
experience in performing research or in delivering security services,
or maybe in the creation of security technologies. A degree can not,
and will not make you a security expert... only hands on experience
and bleeding edge exposure can do that. You get that exposure by
doing and universities don't "do" all that well.
When I was in college I was also working full time making the salary
of a senior software engineer. In doing that I quickly realized that
college was useless for me as it wasn't teaching me anything that I
needed to know. I found that I was learning about the real and
current technology world while at work, and learning about the old and
dusty technology world while at school. Most of the skills that they
were teaching us at school, especially with respect to security, were
dated or becoming dated. The only thing that I found useful was C, C+
+, and the other programming languages that I learned. Mind you, I
wasn't taught by anyone, I was given a book and told to study it. I
don't need to pay $45,000/year to be told to read a book, I can do
that on my own. If you feel that you need to pay that much to read a
book then give me a call, I've got a lot of good reading material for
you.
With regards to technology, most of the time the only thing that a
degree will satisfy is the emotional and political requirement of the
old school mindset. The truth is that some of the best talent doesn't
come with a degree.
Naturally, degrees are required for doctors, lawyers, etc. I'm not
suggesting that they don't have a place. I am saying that specific to
security they are nearly useless when compared to real world
experience.
Post by Adam K
Right, Gates doesn't have a degree, but his career path is an
exception.
I liken him to a baseball player... Ball players that get drafted
early (standout players with skills and sometimes luck) usually
don't get to finish their degree. Those drafted later (not standout
players) have time to finish their degree.
I have never met an individual that regrets their time spent in
college or their work toward a degree. I know countless people that
regret not getting a degree. Not too mention you typically make
social connections that will last a lifetime.
On Thu, Aug 6, 2009 at 5:32 PM, Adriel T. Desautels
Bill gates doesn't have a degree.
What I have found is that school is the way to go. People will look
at you with your certifications but without the college degree to
"back them up" that is all that they will do. Another good reason for
college is that some employers will bump that pay up for just
having a
degree, no matter even if it is underwater basket weaving. Good luck.
Jimmy
Greetings & Salutations to all!
I've been training myself for a while, and have recently came to the
conclusion that University would be my best choice.
The main reasons I made this decision are;
. Social reasons
. Educational advantages
. Takes years off the experience needed to take the CISSP
I'm writing on these mailing-lists for two reasons;
. To find out what you think of my choice (not locked in yet!!!)
. For advice on which course to go for (Sydney, NSW, Australia)
I am wishing sometime in the future to begin a career in IT Security.
Although being under 18, I have still found time to achieve various
certifications; including CompTIA's Security+, three Cisco
certifications & a Microsoft accreditation.
Also, for the last 4 months I've been working full-time on the 1st
Level of an IT Helpdesk.
Am very open to ideas, so would be interested in reading & answering
your replies!
Thank you for reading this,
Hy Zaret
------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board
Prove to peers and potential employers without a doubt that you can
actually do a proper penetration test. IACRB CPT and CEPT certs
require a full practical examination in order to become certified.
http://www.iacertification.org
------------------------------------------------------------------------
------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board
Prove to peers and potential employers without a doubt that you can
actually do a proper penetration test. IACRB CPT and CEPT certs
require a full practical examination in order to become certified.
http://www.iacertification.org
------------------------------------------------------------------------
Adriel T. Desautels
--------------------------------------
Subscribe to our blog
http://snosoft.blogspot.com
------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board
Prove to peers and potential employers without a doubt that you can
actually do a proper penetration test. IACRB CPT and CEPT certs
require a full practical examination in order to become certified.
http://www.iacertification.org
------------------------------------------------------------------------
Adriel T. Desautels
--------------------------------------
Subscribe to our blog
http://snosoft.blogspot.com
------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification
Review Board
Prove to peers and potential employers without a doubt that you can
actually
do a proper penetration test. IACRB CPT and CEPT certs require a full
practical examination in order to become certified.
http://www.iacertification.org
------------------------------------------------------------------------
Adriel T. Desautels
***@netragard.com
--------------------------------------

Subscribe to our blog
http://snosoft.blogspot.com


------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------
R. DuFresne
2009-08-07 20:15:31 UTC
Permalink
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1




0> fact. most companies, and those include IT/tech companies require a
degree these days, or vast amounts of experience to replace the degree.


so, most folks this day in age are better of doing the college thing and
getting a degree. As many have mentioned it might not have to be a
comp-sci degree, to end up in the field. Love is the main rule of the
game as pointed out by many as well. And a side degree has advantages to
the main course of study being comp-sci. Encouraging someone young, and
lacking in real experience is almost bordering on criminal in this day in
age.

Thanks,

Ron DuFresne
1-) Fact, technology evolves so quickly that "new" technology is considered
"old" within the course of one year.
2-) Fact, security is one of the most rapidly evolving areas of technology.
3-) Fact, most degrees take at least 4 years to attain.
If you are interested in becoming a security professional, what you learn in
school will be out-dated by the time you graduate. The only thing that you
will have that will be of any real value will be your experience in
performing research or in delivering security services, or maybe in the
creation of security technologies. A degree can not, and will not make you a
security expert... only hands on experience and bleeding edge exposure can do
that. You get that exposure by doing and universities don't "do" all that
well.
When I was in college I was also working full time making the salary of a
senior software engineer. In doing that I quickly realized that college was
useless for me as it wasn't teaching me anything that I needed to know. I
found that I was learning about the real and current technology world while
at work, and learning about the old and dusty technology world while at
school. Most of the skills that they were teaching us at school, especially
with respect to security, were dated or becoming dated. The only thing that
I found useful was C, C++, and the other programming languages that I
learned. Mind you, I wasn't taught by anyone, I was given a book and told to
study it. I don't need to pay $45,000/year to be told to read a book, I can
do that on my own. If you feel that you need to pay that much to read a book
then give me a call, I've got a lot of good reading material for you.
With regards to technology, most of the time the only thing that a degree
will satisfy is the emotional and political requirement of the old school
mindset. The truth is that some of the best talent doesn't come with a
degree.
Naturally, degrees are required for doctors, lawyers, etc. I'm not
suggesting that they don't have a place. I am saying that specific to
security they are nearly useless when compared to real world experience.
Post by Adam K
Right, Gates doesn't have a degree, but his career path is an exception.
I liken him to a baseball player... Ball players that get drafted early
(standout players with skills and sometimes luck) usually don't get to
finish their degree. Those drafted later (not standout players) have time
to finish their degree.
I have never met an individual that regrets their time spent in college or
their work toward a degree. I know countless people that regret not getting
a degree. Not too mention you typically make social connections that will
last a lifetime.
On Thu, Aug 6, 2009 at 5:32 PM, Adriel T. Desautels
Bill gates doesn't have a degree.
What I have found is that school is the way to go. People will look
at you with your certifications but without the college degree to
"back them up" that is all that they will do. Another good reason for
college is that some employers will bump that pay up for just having a
degree, no matter even if it is underwater basket weaving. Good luck.
Jimmy
Greetings & Salutations to all!
I've been training myself for a while, and have recently came to the
conclusion that University would be my best choice.
The main reasons I made this decision are;
? Social reasons
? Educational advantages
? Takes years off the experience needed to take the CISSP
I'm writing on these mailing-lists for two reasons;
? To find out what you think of my choice (not locked in yet!!!)
? For advice on which course to go for (Sydney, NSW, Australia)
I am wishing sometime in the future to begin a career in IT Security.
Although being under 18, I have still found time to achieve various
certifications; including CompTIA's Security+, three Cisco
certifications & a Microsoft accreditation.
Also, for the last 4 months I've been working full-time on the 1st
Level of an IT Helpdesk.
Am very open to ideas, so would be interested in reading & answering
your replies!
Thank you for reading this,
Hy Zaret
------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board
Prove to peers and potential employers without a doubt that you can
actually do a proper penetration test. IACRB CPT and CEPT certs require a
full practical examination in order to become certified.
http://www.iacertification.org
------------------------------------------------------------------------
------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board
Prove to peers and potential employers without a doubt that you can
actually do a proper penetration test. IACRB CPT and CEPT certs require a
full practical examination in order to become certified.
http://www.iacertification.org
------------------------------------------------------------------------
Adriel T. Desautels
--------------------------------------
Subscribe to our blog
http://snosoft.blogspot.com
------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board
Prove to peers and potential employers without a doubt that you can
actually do a proper penetration test. IACRB CPT and CEPT certs require a
full practical examination in order to become certified.
http://www.iacertification.org
------------------------------------------------------------------------
Adriel T. Desautels
--------------------------------------
Subscribe to our blog
http://snosoft.blogspot.com
------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board
Prove to peers and potential employers without a doubt that you can actually
do a proper penetration test. IACRB CPT and CEPT certs require a full
practical examination in order to become certified.
http://www.iacertification.org
------------------------------------------------------------------------
- --
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
admin & senior security consultant: sysinfo.com
http://sysinfo.com
Key fingerprint = 9401 4B13 B918 164C 647A E838 B2DF AFCC 94B0 6629

These things happened. They were glorious and they changed the world...,
and then we fucked up the endgame. --Charlie Wilson
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFKfItmst+vzJSwZikRAjLZAKDQvZ3/5h3MXlQifj2S4bSfZdRhFACfZd73
1z33oHuBvgeOhBqWeiB7jzA=
=ovOi
-----END PGP SIGNATURE-----

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------
Derek Fountain
2009-08-10 14:14:23 UTC
Permalink
Getting a degree in Computer Science and similar areas of study is
almost pointless because the knowledge that you collect will be dated
by the time you graduate. Can you argue that point? Can you tell me
that its not true?
It's not true, not in the slightest.

I graduated in 1995, just as the WWW was beginning to gain traction. Let
me have a think back to what I studied and what's still useful today.

Well, the underlying networking stuff hasn't changed a great deal. We
looked in great depth at low level protocols, and IPv4 and ethernet are
still largely as they were then. Higher level protocols have been added
of course, and IPv6 wasn't on the radar back then, but the basics are
still the same. Principles like latency are still relevant regardless of
protocol.

Most of the programming is still relevant. All the very low level stuff
is the same; binary and hex haven't changed any. Concepts such as memory
management (heaps vs stacks, etc.) and algorithms are still the same.
Garbage collection is the only major thing I can think of that's
appeared since I studied these things. A modern buffer overflow in 'C'
still looks very much like it did in 1992. SQL has improved a lot over
the years, but is still fundamentally SELECTs and UPDATEs. Object
orientation has moved on a long way, but they taught me enough of the
basics to know I didn't like it, and I still don't.

The business stuff we covered is still relevant - clients, cost vs
expenditure, hiring, etc. Given I've been running my own business since
'96 I rather wish I'd paid more attention to this content. All the
"information analysis" remains relevant: applied mathematics basically.
Plus I got taught concepts like language grammar, data normalisation,
requirements analysis, etc., which are still completely relevant.

In the interests of fair debate I'll consider what has changed. The
"Computer Interaction" part of "Human Computer Interaction" got left
behind pretty quickly as GUIs developed and the web became mainstream.
The "Human" part is still the same though: the psychology of using
complex machines hasn't changed a great deal. The operating system stuff
dated very quickly. The UNIX material is probably still relevant, but
not the DOS or VMS. Underlying principles of system programming, like
IPC, locality of data, etc., remain useful, even though things have
moved on.

I'd go as far as to say that the vast majority of what I studied is
still useful. Had I chosen a course that taught me the intricacies of
Wordperfect and only how to be a Pascal programmer it would undoubtedly
been a waste of time. As it was, when I started out, I wanted to be an
systems or application level programmer. My degree set me up for that
very nicely, and things continued to work out well when I started to get
interested in security.

So, on reflection, I'd say that your assertion that getting a degree in
Computer Science is almost pointless because the knowledge dates too
quickly is wrong.

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------
Robin Wood
2009-08-15 09:35:00 UTC
Permalink
Post by Derek Fountain
Getting a degree in Computer Science and similar areas of study is
almost pointless because the knowledge that you collect will be dated
by the time you graduate.  Can you argue that point? Can you tell me
that its not true?
It's not true, not in the slightest.
I graduated in 1995, just as the WWW was beginning to gain traction. Let me
have a think back to what I studied and what's still useful today.
Well, the underlying networking stuff hasn't changed a great deal. We looked
in great depth at low level protocols, and IPv4 and ethernet are still
largely as they were then. Higher level protocols have been added of course,
and IPv6 wasn't on the radar back then, but the basics are still the same.
Principles like latency are still relevant regardless of protocol.
Most of the programming is still relevant. All the very low level stuff is
the same; binary and hex haven't changed any. Concepts such as memory
management (heaps vs stacks, etc.) and algorithms are still the same.
Garbage collection is the only major thing I can think of that's appeared
since I studied these things. A modern buffer overflow in 'C' still looks
very much like it did in 1992. SQL has improved a lot over the years, but is
still fundamentally SELECTs and UPDATEs. Object orientation has moved on a
long way, but they taught me enough of the basics to know I didn't like it,
and I still don't.
The business stuff we covered is still relevant - clients, cost vs
expenditure, hiring, etc. Given I've been running my own business since '96
I rather wish I'd paid more attention to this content. All the "information
analysis" remains relevant: applied mathematics basically. Plus I got taught
concepts like language grammar, data normalisation, requirements analysis,
etc., which are still completely relevant.
In the interests of fair debate I'll consider what has changed. The
"Computer Interaction" part of "Human Computer Interaction" got left behind
pretty quickly as GUIs developed and the web became mainstream. The "Human"
part is still the same though: the psychology of using complex machines
hasn't changed a great deal. The operating system stuff dated very quickly.
The UNIX material is probably still relevant, but not the DOS or VMS.
Underlying principles of system programming, like IPC, locality of data,
etc., remain useful, even though things have moved on.
I'd go as far as to say that the vast majority of what I studied is still
useful. Had I chosen a course that taught me the intricacies of Wordperfect
and only how to be a Pascal programmer it would undoubtedly been a waste of
time. As it was, when I started out, I wanted to be an systems or
application level programmer. My degree set me up for that very nicely, and
things continued to work out well when I started to get interested in
security.
So, on reflection, I'd say that your assertion that getting a degree in
Computer Science is almost pointless because the knowledge dates too quickly
is wrong.
I'd agree with this. I was at uni in the mid 90's and I still find
myself doing things and knowing things that I was taught on the
course. A really simple example, linked lists, they still work in
exactly the same was as when I learnt them years ago.

I think a degree gives you a very solid base to build things on and
while some of it will date the basic building blocks will stay the
same.

I'd also say that 3 years at uni while being harder on the pocket now
than when I did it, is 3 years well spent in learning life and
independence in a safe environment.

Robin

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------
Jay Dyson
2009-08-07 14:30:29 UTC
Permalink
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Post by Adriel T. Desautels
Bill gates doesn't have a degree.
Bill Gates was attending Harvard when he met Steve Ballmer. Gates
dropped out because he'd already established his business acumen in
founding Microsoft with Ballmer.

So, unless you has a viable plan to start your own never-before-seen
business which will be a fundamental part of a coming technological
revolution and will wind up on nearly every desktop in the United States
and abroad, you're best advised to hedge your bets and get a college
degree.

And yes, one need not have a degree in computer science to be good in the
field of IT security. Mudge (of the l0pht) has both a bachelors degree
and a masters degree...in music.

- -Jay

- --
Stop. Take some time to think.
Figure out what's important to you.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (TreacherOS)
Comment: See http://www.treachery.net/~jdyson/ for current keys.

iEYEARECAAYFAkp8OoUACgkQo6UlgYALT6kkWACfXdRIr3PNYuq6F7tivRKXrwzn
d8kAn2kK5rEYnsxiubLi4ysrfjg1ha9n
=cvd/
-----END PGP SIGNATURE-----

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------
Gorgon Beast
2009-08-07 18:24:49 UTC
Permalink
Post by Adriel T. Desautels
Bill gates doesn't have a degree.
He is definitely not the rule.

When I went to school, way back in the early 80's, I thought I wanted to be a programmer. They made big bucks, were smart, etc. During my second year, we were learning data structures, and I was NOT getting it. The teacher looked at us and said, "By now you should know whether you love programming, or loathe it." I got out. I discovered that I had a love for network and security. I was lucky to meet the head of the computer science department.

He told me, "find what you love, or you won't like life." He was right.

GB

_________________________________________________________________
Windows Live™: Keep your life in sync.
http://windowslive.com/explore?ocid=PID23384::T:WLMTAGL:ON:WL:en-US:NF_BR_sync:082009
------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------
Trojacek
2009-08-06 20:46:17 UTC
Permalink
Hi Hy,

Thought I'd add some input. The degree program certainly helps here in
the states, but depending upon your objectives and how involved IT and
security is in your personal life, it may make sense to get a degree
that is not exactly related. What I mean is, if this stuff is part of
your personal life - you will learn it through osmosis anyway.

Taking this one step further and realizing that you will probably
change over time as you grown and develop as a person and so will your
objectives it may be wise to get another degree that is not exactly
related and continue to self study on your own in the area of IT /
security.

Personally, I've found this combination to be quite potent with people
I've interacted with over the years.

For example, some individuals have had a degree in music, English, or
the best I've seen was one with an accounting degree. The accounting
degree allowed this individual to do quite well by navigating both
sides of the fence - having enough understanding of various financial
controls, yet having real know how from a technical perspective.

One other thing that may help is to get a student worker position
performing some systems administration or similar activties at
whatever university you decide to go to.

Shohn
Post by Hy Zaret
Greetings & Salutations to all!
I've been training myself for a while, and have recently came to the
conclusion that University would be my best choice.
The main reasons I made this decision are;
• Social reasons
• Educational advantages
• Takes years off the experience needed to take the CISSP
I'm writing on these mailing-lists for two reasons;
• To find out what you think of my choice (not locked in yet!!!)
• For advice on which course to go for (Sydney, NSW, Australia)
I am wishing sometime in the future to begin a career in IT Security.
Although being under 18, I have still found time to achieve various
certifications; including CompTIA's Security+, three Cisco
certifications & a Microsoft accreditation.
Also, for the last 4 months I've been working full-time on the 1st
Level of an IT Helpdesk.
Am very open to ideas, so would be interested in reading & answering
your replies!
Thank you for reading this,
Hy Zaret
------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board
Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.
http://www.iacertification.org
------------------------------------------------------------------------
------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------
Brad Barkett
2009-08-07 15:41:54 UTC
Permalink
It depends on where you are, and what the job market is like where you live.

In some places (DC, SJ/SF area during the tech boom) people were
scooping up a bunch of janitors and tossing them in front of IDS
consoles, in other places and at other points in time (recessions,
etc) competition is stiff enough that you need to have a masters
degree.

The one thing that is going to make the most difference in your
success is your ability to network and build your reputation, because
ultimately people want to hire someone they are at least vaguely
familiar with or connected to instead of complete strangers. In
choosing between two equally qualified candidates, the one who is
somehow linked to the hiring authority will get the job nearly every
time.

IMO computer security does not require advanced technical degrees. It
requires the mind of a tinkerer, somewhat of a contrarian. I did a BA
in music and a couple of years in a MSCS program, and I have probably
used more of my musical/contrarian creative mind in my work than I
have the algorithm analysis stuff I did in CS.

CISSPs are mainly for getting past HR people who have no clue what
traits really comprise a good security candidate. And of course,
CISSPs are good for networking with other CISSPs whenever you can use
your CISSP CPE maintenance as an excuse for your employer to pay for
you to go to conferences.

If you are going to go to school, my advice would be to go to school
for WHATEVER THING you LIKE enough such that you are going to want to
not only do all your homework, but also immerse yourself in related
activities after hours. It's not that hard to get in on the entry
level in security and work your way into a role, especially if you are
willing to relocate. It's a lot harder to score 4 years of immersion
in a passion with like minded people.

Don't ever waste the college experience on something "practical" when
you could be using it to enrich yourself as a human being, and to
immerse yourself in a crucible of likeminded people who are also very
excited about a topic of interest you love.

That's just my viewpoint, looking back...as someone who is worried
about future stability, I can understand why you might not get it. At
21, I thought getting into Information Systems and CS programs were
the key to my job problem, really it's about networking, getting small
breaks, autodidactic reading habits, and location. Heck, maybe you
could even double major. Infosec/CS, and pottery or something.

Brad Barkett
Post by Hy Zaret
Greetings & Salutations to all!
I've been training myself for a while, and have recently came to the
conclusion that University would be my best choice.
The main reasons I made this decision are;
• Social reasons
• Educational advantages
• Takes years off the experience needed to take the CISSP
I'm writing on these mailing-lists for two reasons;
• To find out what you think of my choice (not locked in yet!!!)
• For advice on which course to go for (Sydney, NSW, Australia)
I am wishing sometime in the future to begin a career in IT Security.
Although being under 18, I have still found time to achieve various
certifications; including CompTIA's Security+, three Cisco
certifications & a Microsoft accreditation.
Also, for the last 4 months I've been working full-time on the 1st
Level of an IT Helpdesk.
Am very open to ideas, so would be interested in reading & answering
your replies!
Thank you for reading this,
Hy Zaret
------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board
Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.
http://www.iacertification.org
------------------------------------------------------------------------
--
--
Bradley A. Barkett

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------
Todd Haverkos
2009-08-08 15:36:56 UTC
Permalink
Post by Hy Zaret
Greetings & Salutations to all!
I've been training myself for a while, and have recently came to the
conclusion that University would be my best choice.
The main reasons I made this decision are;
Social reasons
Educational advantages
Takes years off the experience needed to take the CISSP
I'm writing on these mailing-lists for two reasons;
To find out what you think of my choice (not locked in yet!!!)
For advice on which course to go for (Sydney, NSW, Australia)
I am wishing sometime in the future to begin a career in IT Security.
Although being under 18, I have still found time to achieve various
certifications; including CompTIA's Security+, three Cisco
certifications & a Microsoft accreditation.
Also, for the last 4 months I've been working full-time on the 1st
Level of an IT Helpdesk.
Am very open to ideas, so would be interested in reading & answering
your replies!
Hi Hy,

It depends. There have been many good points raised by the flurry of
responders your topic has gathered. It's a hot button issue in the
industry since
o there are a bunch of really really sharp security folks out
there who happen to not have a degree but nonetheless are
outstanding

o there are also a bunch of folks with degrees and lots of
letters behind their names who still manage to stink
(i.e. "paper tigers")

The reasons for this situation is that the skills needed to be great
at security are not taught in colleges, and what's worse, it's hard to
find a college whose curriculum might even make you even _passable_ at
security as a fresh out. But, since the same can be said of so so
many professions that require niche skills, this shouldn't be
tremendous news to anyone.

A few bits I'd add to the discussion:
o You may have heard the economy (at least where I live) isn't
so hot right now. It's really not a bad time to hide out
doing something useful in school...

o Sadly, there are some employers who simply won't consider
someone for a new hire without a degree. If you want to be
part of a mid - to - big company at some point, consider that.
Conversely, I can't think of situation where having a degree
is ever a minus.

o Unless you actively seek out a school that actually has a
faculty that knows jack about computer security, don't expect
to learn much directly applicable security in your computer
science course work. You will gather useful skills and
background, no doubt, but the odds of you graduating and being
useful to a security consultancy immediately based on what
your professors may teach you is next to 0. So don't lose
that intellectual curiosity, do take every opportunity to
learn the coding skill, take an OS course, take an assembly
course, take a computer architecture course, take and
information theory or systems course, hell take a digital
design course. But keep active on the side too, because by
the time yer done you might have the next killer must have
security tool or appliance to uncork on the world. It seemed
to work for Chris Klaus.

o Don't go to college with the thought of shaving a few years
experience off some certification's requirements. CISSP won't
hurt ya, and it's probably the certification out there with
the biggest name recognition, but going to college with the
CISSP in mind is not a good reason alone. Countless other
good reasons to get a degree and go to college, but to shave
years off an industry cert is not one of them. You seem to
have a good handle on the other benefits, though.

o If you are in emerging market where the security space I'm
told is still quite hot, and if you have any strong "start
your own business" or "get involved in a startup"
leanings... you might consider the opportunity cost (in terms
of time and startup capital) of being in school for 4 years

Finally,

o If you're truly outstanding at what you do and network
effectively, you'll be hired and useful in any economy, with
or without a degree. I also don't see security as getting any
less important market wise in the next 6 years. Businesses
don't like losing money or being sued, so they'll continue to
be seeking these skill sets.


The skills I learned in college that I use directly daily are:

o the discipline to slog through and finish something even if it's a pain
o the ability to quickly determine what I do and don't know (and to
sense when someone doesn't know what they don't know!)
o how to learn/research what I don't know quickly
o technical problem solving
o English written communication

There's a long long list of other things I learned in college that
have enriched me, but don't get used on the job every day of course,
and if I had it to do all again, I'd probably do it similarly, except
getting into security much earlier!

Best of luck in your decision!

Best Regards,
--
Todd Haverkos, LPT MsCompE
http://haverkos.com/

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------
Stephen Mullins
2009-08-08 15:53:25 UTC
Permalink
I'm not sure how things work "down under" but in the U.S. there is a
great deal of age discrimination against young IT workers. You can
pile on cert after cert and develop the kind of real skills that most
IT professionals don't have but you'll run into a brick wall. Why?

Think about it.

If they bring you on without experience (experience really means that
you showed up somewhere and collected pay checks for a period of time)
and you fail, their judgment is now in question. If they bring you on
at 1/3 the Senior guy's pay and you perform well and demonstrate
technical mastery far above what is expected, management looks at that
as a reason to fire the Senior guy and replace him with another "kid."

It's a lose-lose proposition for the senior IT guy. You'll be stuck
on the help desk for years and years.

Go to college. I believe you have 3 year programs there, yes?
Reasonably priced tuition, yes? This is a no brainer. Study computer
science for 3 years and use your free time to do real learning.

Anyone that has been through the college system (in America) will tell
you that a degree proves nothing more than the ability to read and
write reasonably well and enough of a work ethic to do the work
assigned. If you want to actually be good at something it takes more
than clocking in and clocking out 9 to 5 Monday thru Friday. That's
true in any field of human endeavor.

When you are done you'll be a "new grad" rather than "some kid." By
the time you're in your mid-20's the age discrimination starts to fall
off and people might even take you seriously. With those certs you've
already demonstrated more motivation and legitimate interest in IT
than most.

That's my opinion.

Steve Mullins
Post by Hy Zaret
Greetings & Salutations to all!
I've been training myself for a while, and have recently came to the
conclusion that University would be my best choice.
The main reasons I made this decision are;
• Social reasons
• Educational advantages
• Takes years off the experience needed to take the CISSP
I'm writing on these mailing-lists for two reasons;
• To find out what you think of my choice (not locked in yet!!!)
• For advice on which course to go for (Sydney, NSW, Australia)
I am wishing sometime in the future to begin a career in IT Security.
Although being under 18, I have still found time to achieve various
certifications; including CompTIA's Security+, three Cisco
certifications & a Microsoft accreditation.
Also, for the last 4 months I've been working full-time on the 1st
Level of an IT Helpdesk.
Am very open to ideas, so would be interested in reading & answering
your replies!
Thank you for reading this,
Hy Zaret
------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board
Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.
http://www.iacertification.org
------------------------------------------------------------------------
------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------
Craig Wilson
2009-08-08 15:27:06 UTC
Permalink
So its more a case of do as I say than do as I do.

I'd suggest getting a degree, any degree, which shows an aptiitude to learn and stick with something, then go out and gain an understanding of security and supplementing with CISSP.



_______________________
Craig Wilson
Senior IT Network Administrator & Support Analyst
PPI Learning Services
T. 0207 264 5113
M.07899895510
F. 02072645101
E. ***@ppilearning.com
W. http://www.ppilearning.com/

----- Original Message -----

From: ***@securityfocus.com <***@securityfocus.com>
To: pen-***@securityfocus.com <pen-***@securityfocus.com>
Sent: Fri Aug 07 12:19:15 2009Subject: Re: To go to University - For the CISSP etc. - Good idea/Bad idea???
Post by Ahmad Taha Zaki
Hy,
IMHO it is the best choice that you can make, I encourage you to
study computer science as it will make you understand things better than
you do now as I found through my personal experience, I've been
graduated with a major in accounting in 1998 then I achieved CCNA, MCSE,
MCSA, MCDBA, CISSP and passed CISM exam, then I wanted to know more
about how processor process the command we give it through software so I
studied a post graduate Computer Science diploma in which I knew more
about microcode and opcode, heap, buffer and buffer overflow, which
helped me achieving the OSCP and the GCIH and currently I'm studying a
Master of Computer Science for achieving better career. I see that
university and academic studies is the key of success in the future.
While I agree that a degree is pretty much an essential step towards a
successful IT career these days, I think the above demonstrates how one
can go too far in that direction. Collecting qualifications and letters
after your name is fine if you want a career in academia, but otherwise
at some point you have to stop educating yourself and start actually
doing something productive. Something that clients will pay for.

I would suggest the OP, under the age of 18 remember, goes for a general
computer science degree, thereby keeping his future options open (as
discussed by others in the thread). Then find a suitable grad-training
job for a couple of years.

It'll likely be 2015 by then, and the IT world will have changed, so who
knows if he'll still like the idea of IT security? If he does, look at
the courses and qualifications clients are asking for then.


------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------
Loading...