At my present job, and the one just prior, I had and have the interesting distinction of being the only person I am aware of lacking a degree. Interestingly (and, I think, fortunately) I report(ed) to people with PhDs in both positions. I also worked and continue to work with a number of other highly educated people. The main observation I've managed to pull out of these experiences is that I'm usually tossed the jobs that really *have* to get done. I attribute this to my, shall we say, more "practical" approach. Not everything has to be an exercise in mathematically-provable elegance for me. In this aspect, I consider myself more an engineer in the classical sense. One thing that I've observed about people with a lot of higher education is that they will rarely settle for the solution that's good enough if there's a more elegant solution which requires "just a little bit more time". My background is in systems administration (which got me interested in security) and programming, originally in perl. This doesn't really push one to be inclined toward theory, since one often has to deal with things breaking. On the other hand, I enjoy the theoretical aspect of things as well. I don't just have coding manuals or ORA bind/sendmail books on my bookshelves, I have books on the CMM, PSP, algorithms, math, information theory, etc. I believe that since I'm curious and don't refuse to learn things which may not have immediate practical applications for me I relate a little better to my more theoretically-minded colleagues. What all this leads into is the fact that I'm simply better suited for practical tasks which don't require me to delve deep into theory. Thus my current position, in which I review IDS design and implement/test signatures. In my previous position I did much the same thing. I had to rip apart vendor IDSs to support them, and understand our systems well enough to utilize and/or criticize their capabilities - that's the part which requires me to understand the theory, even if I can't prove it. I hope that in the future my understanding of both theory and implementation on a practical level will allow me to move into a less hands-on role. To be honest, I can't see myself pushing forward as someone doing implementation for many years to come. I'd rather step up a level and continue to build my expertise in policy design and 'governance', as someone termed it in an earlier post. To someone trying to get started in the field, and decide whether they need a degree, I'd offer this advice: If you're willing to push yourself on your own time, as well as in the office, and you're willing to dedicate some of that time to theory as well as practice, you don't need it. You will have to work harder. You will have to prove yourself, and you may not get paid as much, at least for a while. But you can be successful. On the other hand, if you'd prefer that you can just wave the paper and what you learn on the job, go back to school. A degree opens many doors that would otherwise require a crowbar (or, for the more experienced, lockpicks). -gabe On Thu, Apr 26, 2001 at 03:39:40PM -0700, Crispin Cowan wrote: > My experience in hiring and managing degreed and non-degreed staff is that > formal education and self-education produce different results. Self-educated > people learn about whatever interests them, and that tends to bias their skills > towards the practical end of things. Formally educated people get stuff > crammed down their throat whether they like it or not :-) and that makes them > aware of more theoretical issues that may not be fun to learn about, but > definitely are important. So I seek out degreed people for positions that > require theoretical knowledge, and seek self-educated people (degreed or not) > for more practical positions. > > For instance: It would be very useful to WireX to have a program that could > examine a perl script and identify a complete list of files that the perl > script will attempt to access. A self-educated person might spend a couple of > months trying to build such a program. A theoretically aware person will know > from the outset that it is provably impossible. > > NOTE: it is always important to seek self-educated people, whether or not they > have a degree. If they aren't sufficiently interested in the area to educate > themselves, then they likely won't perform well in the work place, regarding it > as "just work." > > Crispin > > -- > Crispin Cowan, Ph.D. > Chief Scientist, WireX Communications, Inc. http://wirex.com > Security Hardened Linux Distribution: http://immunix.org -- Gabriel Coelho-Kostolny gabeat_private
This archive was generated by hypermail 2b30 : Fri Apr 27 2001 - 08:07:08 PDT