Thanks, it's a little late for me. I wasn't interested during school so I took different courses, but I have had a few projects where I needed to use them, and learning myself I know I should probably find some courses to take when I have time! Plus it is now something I am interested in.

I figured the hart part was getting an in too.

Very true. Those would be my two motivators Money winning.

I'm not familiar deviding it into these two categories. But my degree is comp sci. My base is software engineering, I'm only few courses shy plus thesis from that, but I've decided to change my direction into IT security. As far as I'm concerned, it's not the programming skills that suffers from this move, I just don't feel like programming. Done it quite a bit and I just lack the motivation of it. So what kind of IT professional would I be? I'd be offering services with my business, I dream of setting up tiger teams. So that's security auditing, ethical hacking, what ever you'd like to call it.

I'm into comprehensive security strategies, not only software but also company policies, education, consulting etc. My dream would be to have a service that offers comprehensive views, not selling them but testing them. Testing security in all fronts. That's what I'm interested in.

And this is why I'm interested what the PhD would do me overseas. If it's financially a bad decision, I wouldn't go for it. I could always come back and do it if I wanted to, so I could just put it on hold and see for myself. In here, I could never make 6 figures in a year. Not even on my prime and in top assignments. We come from different worlds when it comes to salaries. Of course by setting up your own business, anything is possible. I'd like to get some more private sector work done while setting up my business.

Yes. This sounds like a good idea. I already have few contacts both on industry and academic world and I learn every day how important it is. Basically, you always get to the next doorstep if you have someone who can help you. So far, I've been getting to those doorsteps and I'm not thinking of quitting it.



I'll get back to this tomorrow, I'd appreciate if you would say what you think. I have to form a better response to this question. I'm too much of a babbling fool, but this is serious and this is what my life will be so basically I'll take some time and answer tomorrow.

My dream is to make a lot of money in the industry, then "retire" and do research for a University. There are a lot of areas where I'd love to do research. Maybe that's something to consider for yourself.

Also, I think I forgot to mention that you should talk to your advisors about this the most. They'll be able to give you more specific examples of people who have been successful with a Masters degree in the program you are looking at. I think the standard lines are: "deeper focus on topic, make more money out of college, make more money over your lifetime, great contacts in college, etc...." That came from one of my graphics professors, who wanted all of his classes to come back to the Masters program in CG.

X-post there.

Well that helps you a bit, knowing where your priorities are!

There are Information Services degrees available, and I'm pretty sure they resemble Comp Sci degrees. However, I think a background in programming is very essential for such a field.

I credit my programming experience for my critical understanding of various security concepts. It sounds like you're getting a good mix as well. Where I like to work (but don't currently), however, is in disassembly and exploit work. That necessitates a big emphasis on programming. In my opinion, those are skills that you should not let go of. However, you may be right when you say that your programming skills will not suffer. I'm of the opinion that there are a lot of ways to build up your programming skills outside of class. Take a look at some open source projects, I dedicate yourself to understanding one of them. Since you're going into information security, I may suggest looking at OpenVPN (which I use, and love), iptables or netfilters (not sure where to look for those), or something similar.

Any amount of "work study" that you can do is helpful. If you can go to your advisor and come up with something that'll eventually count as verifiable work, that's a plus in the industry. If you can get a summer job with a security firm, that's also a plus. Plus it's pretty fun, if you ask me.

That sounds like a plan. There are a lot of little companies springing up here in the US that are going after just that goal. There are various standards here in the US, like HIPAA (for hospitals), and Sarbanes-Oxley (for big businesses....maybe Asher can tell you about that), that are creating work in this arena. I think you'd have to know your stuff, and have some really good verifiable experience behind you to get into this, though.

I think you already know about the experience you'd need to show off, and I'm only mentioning it to be comprehensive, but I wouldn't let this get me down if I were you. As I tell everyone, there is a LOT of incompetence in this industry right now. A whole lot. From my limited experience, it's the Comp Sci majors who really perform the best in the industry. But still, there's a lot of money.

I didn't see you babbling here! If anything, I'm the one who's babbling, but I'm just trying to give the best help I can. I should point out that I think I'm making this sound very boring and hard. It's not. Far from it. It's an adventure. It's something new every day. I also regard programming as a "new problem every day" to solve, though, so maybe I just have a rosey outlook on what I do. =)

Also, you can go ahead and pat yourself on the back for not going after some social science major, or Biology, which is hardly a science!

I agree, I think in comp sci basic programming knowledge is always essential.

Yeah, well I did start programming before I went studying it.. it was kind of a hobby. So basically I'm not an 'academiv programmer' from the core. However, off topic, but I hear many people saying academic training for this field is stupid because you wouldn't learn how to code in such short time anyway, and you'd do it already if you wanted to. I agree, however, in some classes, I've gotten so much information that I didn't know about, some things were give a new meaning etc. I think it has helped a lot. Just came to my mind..

Yes. I'm trying to find some projects but they're hard to find in here. I am assisting in a research right now, it's pretty cool and I'm doing stuff that.. it's not directly IT security, but some of the themes are definitely overlapping. I'm analyzing.. surveillance data of some sort. So I think that's pretty cool plus gives me some experience, indirect one. This is another thing for me, I've been interested in surveillance and been studying it as much as I can and now I'm assisting in this research.

OK so .. I said I want to do security auditing, penetration etc. So in easier terms, I'm into hacking and prevention of that. But in comprehensive way, I've been focusing this last year on social engineering and as a result of that I've also studied surveillance, identity theft etc. This is what I'd like to do more, even though they're not as technical strategies. I'm doing my thesis on social engineering and I have a hypothesis, so it's basically that and corporate security/strategies, that involves comprhenesive information theft prevention.

THe way I've thought about going with this is of course take what I can in school to study this subject (believe me, not much courses on these) and I'm doing my thesis on it as well. I'm mostly self taught in this field though. But I'd like to continue and have my own business in this so.. I hope the next step of how to go with this presents itself soon

Comp Sci courses definitely help. Things like data structures, and assembly code are a little tough to get into without someone forcing you to. Also, all of my professor offered big points for "good looking" programs. We've all seen spagetti code, and that would get you no higher than a B in my later courses (which was fine with some people). That kind of stuff always helps.

You've sounded this whole time like you've done a lot of good thinking on this. I hope we've made some good suggestions here and we've helped you.

Sure. I think one of the good suggestion was to point out that it might be the most advantegous to go for the whole working thing first and come back for the academic world if I should feel so later on. That way it's a no brainer. In fact, I'm pretty sure this is a good way to go, I'm not missing anything then and I get to keep doors open.

I've given this a lot of thought yes.

I've had all kinds of courses, I'm soon ready to do my masters thesis so .. I've done courses. Programming of all sorts, java, c++, symbian etc.. with all the theory of programming, today's paradigms etc.. usability, evaluation, testing, auditing, projects, design.. basically the package you need to have to fully understand software development. Hey, even some defensive coding!

So that's my background.. it's not programming 101 only. Now I'm doing the security side and hoping to do well. At least I'm genuinely interested and passionate about it. It's almost like a hobby, it's just an added bonus there's good market for it too. I'm actually doing a business plan now, it's a course in other school (business), it's cool because we get to do all these courses from every school we want, so I took this one. THe professor is actually a good one, just came back from lecturing in MIT and Stanford, so you get the idea of the caliber. So, my mission is to do business plan, and basically we'll go about the validity of that plan, how I should plan, how to make profit etc. And the best part is, I get to do this on my own, on my own plan... I have no restrictions. He just gave me bunch of material and said 'go over these' and then I kind of do it bit by bit and he comments on my stuff and I make corrections, suggestions etc.. it's pretty cool, it's about making a good business plan. It's not to.. not so much learning how to do it, it's actually doing it, so when I complete this course, I should have an actual working real business plan, accepted by one of the best pros in the business. So that's exciting, I'm just taking these individual things and building my own degree basically. Security and business.

Try to remember us kindly after you're rich.