Career Advice Tueday – “Dual Validation”

January 4, 2011

Dear Infosecleaders:

I’m an active duty military member and am working towards my B.S. in Computer and Information Science.  I plan to seek an Infosec position when I retire from the military, preferably in penetration testing or a related field that I could later apply toward a pen testing position.  With that goal in mind, I would like your recommendation on which subject areas I should focus my core courses.

I have already taken introductory and intermediate Java programming courses, and plan to also take “Unix with shell programming”, “Advanced Unix and C”, and “Programming in Perl”.  The remaining core courses my school recommends are “Relational Databases”, “Advanced Relational Databases”, and “Web Database Development”.  One alternative to the database courses would be “Data Communication” and “Computer Networking”, both of which are more focused on signaling, encoding, etc. rather than traditional IT networking topics.  I could also substitute many or all of these courses with software engineering courses.  With a few remaining electives, I could also take any of the above courses that I don’t apply toward my core classes, or more traditional IT courses such as a variety on Windows Server technologies, interconnecting Cisco devices, etc.

I was previously leaning toward the more IT-oriented courses, or those geared toward preparing for a certification (Network+, Security+, CEH, etc.) rather that computer science courses, but now I am coming to the opinion that the programming and database computer science slant might be more beneficial in that the knowledge can be applied to pretty much any Infosec field.  Having read most of your posts, I’ve probably already answered my own question, but I suppose I’m looking for validation of my train of thought.

While my current job is not entirely IT or Infosec, it does involve some limited network monitoring.  I want to get the best combination of classes to fill in the gaps of my knowledge and possibly make up for some lack of specific experience.

Thanks for you help.

“Seeking Validation”

Dear “Validation Seeker”:

Thank you very much for your question.  It is very good to see that you are thinking along the right lines as to the direction that you would like to take your education and training.  By making the choice to purse education that will provide you with an educational foundation that will range beyond any certification, should prove to be a wise decision for your future and serve as a career accelerator – both as you enter the work force and as you progress in your information security career.

To fully validate your thoughts, we believe that you are correct in making the decision to pursue a path of education geared toward computer science.  By developing a better understanding of the concepts that you point out, you will build a foundation that can be applied to both current areas of information security and future ones ( that do not even exist yet).

I can tell you that from my personal experience in the information security recruitment field, the a majority of the more successful information security professionals that we placed in leadership roles, are ones that pursued knowledge first, and worried about certifications later (or never).

Just remember, if you are successful in your pursuit of  knowledge, you should be able to attain certifications when the situation warrants that you do.

Congratulations on making a good career decision.  Let us return the favor and thank you for providing us with validation that our message is being received.

Good luck and thank you for your service!

Lee and Mike

Posted by lee | Filed Under Advice, Career Advice Tuesday, Skills 


Comments are closed.