Trade School, Degree, or something else completely?

Last Thursday I listened to Risky Business 377. The part that really got me engaged was the section with the sponsor, RSA. They were talking about how they are working with schools to build educational SOCs.

What they were talking about though, and I’m paraphrasing from my point of view, was making Universities less theory like and more Trade school like. For example why not add a check point certification class to get students out with some experience and a certification after 3 months of class?

My question back to RSA and Risky Business, why not push for more Trade school education for Infosec and less University education? From what they were saying, and I’ve seen in the industry, companies don’t know how to judge Information Security Professionals. The RSA and Risky Business point was these people would have skill and experience when they start, and could show it with industry certifications.

I was left wondering if that might be the point in development that IT and InfoSec are stuck at right now. Are we stuck at that point where we need people going to Trade schools to learn 1 or 2 software packages to do their job, instead of learning the theory and fundamentals to use any software package, or create their own?

The place I did my associate degrees started as a trade school, and their CIS program was very Trade school like. Learn this software this term, learn that software next term. Build up from there. Graduate ready to go work as an IT person for any of the local companies.

When I did my bachelor degree, there were a couple of classes that were theory and fundamentals (Digital Forensics 2), and some that were software package (Access Data FTK) specific (Digital Forensics 1).

I think in the long run, we’ll be better off with the theory and fundamentals, but right now we are stuck in the trades and specific programs mindset because no one knows how to plan Infosec requirements for companies.

2 thoughts on “Trade School, Degree, or something else completely?

  1. Dewser

    I would fully support such an endeavor. I had one class in my MIS curriculum that bordered on reality and mirrored some of the material from the MSCE courses. There was not a lot of hands on but we essentially had to build out a network, price out the equipment and design some of the architecture. But it was still no substitute for hands on work. Luckily I got my start in IT while in college working for the campus Info Sys department. Hell didn’t even know I was good at that sort of thing until I got the job. But I think at this point there is enough reason to make it more of a trade school curriculum. After all the thing we always seem to recommend is build a good base in IT before digging into security, but why can’t we build in security into that base? This way we build up more security minded developers, sys admins, network engineers… etc.

    In any event, it is a great idea and would love to see it become reality. The Universities are starting to come around and I am seeing more of these types of curriculum pop up, but they all seem very generic: “Learn Hacking Tools…” tends to show up in every one. But I did look at Charter Oak State College, they had some specific courses for Windows, Linux, and networking security. So there is hope, but I know if I was a future college student, coughing up the dough for these schools would not be something to look forward to.

    1. chrisj Post author

      So a conversation at work this week, while looking at the books I have for the next term of Grad school, this topic came up. My manager said Universities should focus their Undergrad degree to follow the CISSP, and make that the senior capstone.

      But that moves away from the goal of the university, which seems to be be create critical thinking leadership (at least how the business world seems to treat it, unless they’re treating the Bach like the new High-school Diploma). Teaching the the CISSP would be tradeschoolish, but would also limit people.

      I think it was Jack Daniels that said there is so much they have to cover in the classes, that there is no time left for security. But I think, either trade school or university, that your right and security needs to be taught from the time walking in the door.


Leave a Reply

Your email address will not be published. Required fields are marked *