Jump to content

Security Degrees


Are they worth it from a practical point of view?  

11 members have voted

  1. 1.

    • Yes, they give you great anti/hacking skillz
    • No, they teach nothing innovative
    • I'd rather learn about hacking myself

Recommended Posts

After looking at the latest phrack this question occured from a few things contained therein:



and this extract from "Hackers Myth"

The security industry uses information as its sole commodity, information

about insecurity. Who has the information, and who doesn't is what

makes this economy work. Whats more, the economy has been founded on

the continued output of a finite group of hackers. For the most part,

founded on those hackers that came out of the underground scene at their

technical prime.

But these hackers are not going to continue their production

indefinitely. They will lose their technical edge, move on to other

industries, perhaps climb the ladder up to management, and then

retire. The question is, then what? Then it will be up to the new wave

of young security professionals, whose motivation is as much financial

as it is passion for the technology and the thrill of the hacking game.

To imagine that these new wave office workers, university trained and

disinterested, can match the creative output of a genuine hacker is

laughable. The industry will stagnate under these conditions. The rapid

technical advancement we have seen will end, no more breakthroughs:

no more new security products or services. Just the same old techniques

being rehashed again and again until the rock has been bled dry.

I am trying to show you the symbiotic nature of the security industry

and the hacking scene. Industry needs insecurity to survive, there is

no doubt about this. A secure and stable Internet is not profitable for

long. Hackers provided instability, change, chaos. So the industry became

a parasite on the hacking scene, devouring the talent pool without giving

anything back, not thinking of what will happen when there are no more

hackers to consume.

For this reason, the security industry, much like the hacker underground,

is doomed, perhaps even destined for failure. But for now, all that

matters is that we have a thriving industry and...

A hacker underground proclaimed to be dead.

Whats your view, can the uni's produce innovative hackers from degree courses or is this another case of educationalists trying to sell their wares to people who will never make the grade?


Link to comment
Share on other sites

Interesting you ask. I happen to be on the second year of a degree entitled 'security and forensics in computing'. Strangely, the actual security module is the least interesting of the 6 modules I have to do. For the two assignments this year I had to write about Acceptable Use Policies with in organizations and the legal restricts organizations may run in o when securing a computer system and the legal issues regarding to collecting legal evidence off a computer system. Highly frustrating, so far we have had two demos as to using EnCase 6.

The most interesting of the modules is the Web and Database Integration module (where you get marked on the word 'integration' not the word 'database' or 'web').

Link to comment
Share on other sites

I know this doesn't directly correlate to a "Security Degree", but I work in an area of computer security.  Some of the latest fads (or they seem like fads to me, maybe they're really trends and I wouldn't know the difference with only a few years experience) are certifications.  That's something being pushed in my arena.  I've come from a more networking side, but made my way fairly easily through Certified Ethical Hacker (CEH), and taking the test for ECSA (follow-on to CEH) in a couple hours.  Walking out of these classes I know how attacks work, and when some would be more advantageous than others, but what does that really mean?  I could start as a newb down the path of being a licensed pen tester.  But w/o a large amount of other knowledge and curiosity that drives you to learn more than the "book-smarts" that these classes and certs provide, you're going to end up a professional script-kiddie at best.  For example, at the moment I realize that I am in a major rut not knowing a lick of programming (which is the area I intend on tackling next), because if I'm in a situation where a quick script has to be cooked up, or a program written to do a specific task, I'll crumple like cling-free in a loaded dryer.

So what do these certs/classes mean?  They mean what you make them to mean.  From a personal/professional level maybe they'll get you more money, but from a industry/community wide perspective, they don't mean much.  Just my thoughts for what they're worth.

(Edited for grammar)

Link to comment
Share on other sites

I believe like most industries it all depends on where you end up going to school.  If you go to the local ITT technical institute, yeah your going to get shit, remember you get what you pay for/ have earned.  I am going to major in Network Engineering Technology, with an emphasis in network security (I start in the fall), and the plan is to get a masters in cyber forensics.  I visited a few schools before making my choice, and there is a lot of shit out there, you just have to be careful with what school you pick.  I know I made a good choice for my field, but the article does raise a valid point.  When you get some bogus degree from a school like ITT tech, they aren't going to teach you to be innovative.  They are going to teach you the basics, how to use a few programs, programming in a few languages, a few basic hardware things, and then your done.  It will be interesting to see where the security field evolves, but I disagree with this article.  The current generation that is coming to age is the generation that grew up with technology.  They know it very well, and a lot of them have been pen testing, doing stupid shit like trying to get around there school filter since they were little.  I believe this article may be biased too, because I'm sure that the writer is one of the "retiring" security officials (I realize I present a bias as well).  Although the article was well written and thought out, he didn't really go in depth with anything, or provide any research to back anything.  Interesting topic none the less. 

Link to comment
Share on other sites

You can never make a real hacker from someone who just has a cert. If you know anything about the blackhat scene you would know certs do not mean shit.

Hacking is not just having the knowledge.

Anyone can learn how to find bugs in software then exploit them, think about it, the tutorials are there and resources are there, it just depends if you implement your time.

It is the exploration the discovery the research the late nights. And most importantly of all, it is how you use that knowledge.

Sure you can be the skid who uses the exploit to own the server.Or you can be the hacker who opens up that book, and starts to explore and learn and find that bug and code that exploit.

Many people may call themselves ethical hackers or whitehats or whatever after they get their cert of bullshit. But then what? What have they done? They have gone through the same fucking process so many have gone through, how does that make them unique? How does that define them from the skids and wannabes?

I am not here to insult anyone with a cert, I respect that, but if you want to show me your skill, a cert wont prove shit to me other than you implemented your time correctly and studyed before your cert exam.

I leave you with a great writing from Dissident.


| The Ethics of Hacking |


written by Dissident

I went up to a college this summer to look around, see if it was where I wanted to go and whatnot. The guide asked me about my interests, and when I said computers, he started asking me about what systems I had, etc. And when all that was done, the first thing he asked me was "Are you a hacker?"

Well, that question has been bugging me ever since. Just what exactly is a hacker? A REAL hacker? For those who don't know better, the news media (and even comic strips) have blown it way out of proportion... A hacker, by wrong-definition, can be anything from a computer-user to someone who destroys everything they can get their evil terminals into. And the idiotic schmucks of the world who get a Commodore Vic-20 and a 300 baud modem (heh, and a tape drive!) for Christmas haven't helped hackers' reputations a damn bit. They somehow get access to a really cool system and find some files on hacking... Or maybe a friendly but not-too-cautious hacker helps the loser out, gives him a few numbers, etc. The schmuck gets onto a system somewhere, lucks up and gets in to some really cool information or programs, and deletes them. Or some of the more greedy ones capture it, delete it, and try to sell it to Libya or something. Who gets the blame?

The true hackers...that's who. So what is a true hacker? Firstly, some people may not think I am entirely qualified to say, mainly because I don't consider myself a hacker yet. I'm still learning the ropes about it, but I think I have a pretty damn good idea of what a true hacker is. If I'm wrong, let one correct me...

True hackers are intelligent, they have to be. Either they do really great in school because they have nothing better to do, or they don't do so good because school is terribly boring. And the ones who are bored aren't that way because they don't give a shit about learning anything. A true hacker wants to know everything. They're bored because schools teach the same dull things over and over and over, nothing new, nothing challenging. True hackers are curious and patient. If you aren't, how can you work so very hard hacking away at a single system for even one small PEEK at what may be on it? A true hacker DOESN'T get into the system to kill everything or to sell what he gets to someone else. True hackers want to learn, or want to satisfy their curiosity, that's why they get into the system. To search around inside of a place they've never been, to explore all the little nooks and crannies of a world so unlike the boring cess-pool we live in. Why destroy something and take away the pleasure you had from someone else? Why bring down the whole world on the few true hackers who aren't cruising the phone lines with malicious intent? True hackers are disgusted at the way things are in this world. All the wonderful technology of the world costs three arms and four legs to get these days. It costs a fortune to call up a board in an adjoining state! So why pay for it? To borrow something from a file I will name later, why pay for what could be "dirt cheap if it wasn't run by profiteering gluttons"? Why be forced, due to lack of the hellacious cash flow it would require to call all the great places, to stay around a bunch of schmuck losers in your home town? Calling out and entering a system you've never seen before are two of the most exhilarating experiences known to man, but it is a pleasure that could not be enjoyed were it not for the ability to phreak...

True hackers are quiet. I don't mean they talk at about .5 dB, I mean they keep their mouths shut and don't brag. The number one killer of those the media would have us call hackers is bragging. You tell a friend, or you run your mouth on a board, and sooner or later people in power will find out what you did, who you are, and you're gone...I honestly don't know what purpose this file will serve, maybe someone somewhere will read it, and know the truth about hackers. Not the lies that the ignorant spread. To the true hackers out there, I hope I am portraying what you are in this file... If I am not, then I at least am saying what I think a true hacker should be. And to those wanna-be's out there who like the label of "HACKER" being tacked onto them, grow up, would ya?

Oh yeah, the file I quoted from... It has been done (at least) two times. "The Hacker's Manifesto" or "Conscience of a Hacker" are the two names I've seen it given. (A file by itself, and part of an issue of Phrack) Either way, it was written by The Mentor, and it is absolutely the best thing ever written on the subject of hackers. Read it, it could change your life.

Spread it around, but don't change anything please. . .


Link to comment
Share on other sites

I'm over at Eastern Michigan University in a degree program called Information Assurance where they leave the tech learning up to us to explore and play with on our own, and teach us policy writing, best practices and standards that are regulated, law, and a lot more.  This program is funded by the DoD and we get regular visits from them to help us with what ever we need help with (money, information, events, contacts, etc).  This type of program forces you to innovate, the teachers tend to fail you out of a class if you just use the by the book answers with no creativity, especially in places like a policy class.  We also have a pretty good lab with a lot of good equipment that we can play with, attack, defend, oVVn, what ever we want.  So I'd say a security degrees value comes based upon the institution it comes from, how creative they were in teaching it, and what kind of thinkers it puts out.  EMU being a CAE(Center for Academic Excellence) we're regulated in what has to be taught for sure, but we get to do what ever we want outside of that.  It's a refreshing environment from other security programs I've seen.

Link to comment
Share on other sites

"Damn kids. They're all alike."

Nice way to quote out of context.

the quote is ref to

The Conscience of a Hacker

Another one got caught today. It’s all over the papers. "Teenager Arrested in Computer Crime Scandal", "Hacker Arrested after Bank Tampering"... Damn kids. They're all alike. But did you, in your three-piece psychology and 1950's techno-brain, ever take a look behind the eyes of the hacker? Did you ever wonder what made him tick, what forces shaped him, what may have molded him? I am a hacker, enter my world... Mine is a world that begins with school... I'm smarter than most of the other kids, this crap they teach us bores me... Damn underachiever. They're all alike. I'm in junior high or high school. I've listened to teachers explain for the fifteenth time how to reduce a fraction. I understand it. "No, Ms. Smith, I didn't show my work. I did it in my head..." Damn kid probably copied it. They're all alike. I made a discovery today. I found a computer. Wait a second, this is cool. It does what I want it to. If it makes a mistake, it's because I screwed it up. Not because it doesn't like me or feels threatened by me or thinks I'm a smart ass or doesn't like teaching and shouldn't be here...damn kid. All he does is play games. They're all alike. And then it happened. A door opened to a world. Rushing through the phone line like heroin through an addict's veins, an electronic pulse is sent out, a refuge from the day-to-day incompetencies is sought... a board is found. "This is it... this is where I belong..." I know everyone here... even if I've never met them, never talked to them, may never hear from them again... I know you all... Damn kid tying up the phone line again. They're all alike... You bet your ass we're all alike... we've been spoon-fed baby food at school when we hungered for steak... the bits of meat that you did let slip through were pre-chewed and tasteless. We've been dominated by sadists, or ignored by the apathetic. The few that had something to teach found us willing pupils, but those few are like drops of water in the desert.

This is our world now... the world of the electron and the switch, the beauty of the baud. We make use of a service already existing without paying for what could be dirt-cheap if it wasn't run by profiteering gluttons, and you call us criminals. We explore... and you call us criminals. We seek after knowledge... and you call us criminals. We exist without skin color, without nationality, without religious bias... and you call us criminals. You build atomic bombs, you wage wars, you murder, cheat, and lie to us and try to make us believe it's for our own good, yet we're the criminals.

Yes, I am a criminal. My crime is that of curiosity. My crime is that of judging people by what they say and think, not what they look like. My crime is that of outsmarting you, something that you will never forgive me for. I am a hacker, and this is my manifesto. You may stop this individual, but you can't stop us all... after all, we're all alike.

+++The Mentor+++

May the members of the phreak community never forget his words –JR

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...