Last Thursday I listened to Risky Business 377. The part that really got me engaged was the section with the sponsor, RSA. They were talking about how they are working with schools to build educational SOCs.
What they were talking about though, and I’m paraphrasing from my point of view, was making Universities less theory like and more Trade school like. For example why not add a check point certification class to get students out with some experience and a certification after 3 months of class?
My question back to RSA and Risky Business, why not push for more Trade school education for Infosec and less University education? From what they were saying, and I’ve seen in the industry, companies don’t know how to judge Information Security Professionals. The RSA and Risky Business point was these people would have skill and experience when they start, and could show it with industry certifications.
I was left wondering if that might be the point in development that IT and InfoSec are stuck at right now. Are we stuck at that point where we need people going to Trade schools to learn 1 or 2 software packages to do their job, instead of learning the theory and fundamentals to use any software package, or create their own?
The place I did my associate degrees started as a trade school, and their CIS program was very Trade school like. Learn this software this term, learn that software next term. Build up from there. Graduate ready to go work as an IT person for any of the local companies.
When I did my bachelor degree, there were a couple of classes that were theory and fundamentals (Digital Forensics 2), and some that were software package (Access Data FTK) specific (Digital Forensics 1).
I think in the long run, we’ll be better off with the theory and fundamentals, but right now we are stuck in the trades and specific programs mindset because no one knows how to plan Infosec requirements for companies.