Graduate School/Program dealing with Computer Security

[Sw0rDz]

I still got a few years to decide, but I've been looking for schools that offer Graduate Degrees pertaining to Computer Security. I'm currently working on my undergrad degree in Computer Science.

Any Suggestions?

 

[kote]

I had a whole post typed up about teaching yourself, but I guess security research in academia is starting to grow up. See CAE-R schools at http://www.nsa.gov/ia/academic_outreach/nat_cae/institutions.shtml. You'll want to look at potential schools a lot more closely, but that list is a good place to start.

A job with a company like Cisco or Microsoft or in the banking industry would be a good place to get some experience if academia isn't where you want to be. You'll still need to self-train to be competitive for security consultant type jobs. You may want to get involved in a security related open source project, and definitely try to get some network administration experience on your resume.

If you end up with a company that will support further training, do what you can to work toward a CCSP / CCIE Security certification from Cisco (http://www.cisco.com/web/learning/le3/learning_career_certifications_and_learning_paths_home.html) if some other path doesn't become evident.

 

[Sw0rDz]

I had a whole post typed up about teaching yourself, but I guess security research in academia is starting to grow up. See CAE-R schools at http://www.nsa.gov/ia/academic_outreach/nat_cae/institutions.shtml. You'll want to look at potential schools a lot more closely, but that list is a good place to start.

A job with a company like Cisco or Microsoft or in the banking industry would be a good place to get some experience if academia isn't where you want to be. You'll still need to self-train to be competitive for security consultant type jobs. You may want to get involved in a security related open source project, and definitely try to get some network administration experience on your resume.

If you end up with a company that will support further training, do what you can to work toward a CCSP / CCIE Security certification from Cisco (http://www.cisco.com/web/learning/le3/learning_career_certifications_and_learning_paths_home.html) if some other path doesn't become evident.

When it comes to computers, I have my own library of related topics. I've pretty much taught myself a majority of what I know. Computer programming, computer repair and basic hardware, networking, and hacking/security. Along side that I've had classes dealing with them all, IT Security, Cisco (CCNA 1 & 2 certified), and currently enrolling as a Computer Science Major.

I try my best with keeping up with IT news. I get free e-magazines and check discussion sites periodically. Along side, with some home security testing on Virtual Machines.

I hope I'm going down the right path or close to it...

 

[kote]

Sounds like a good start to me. The most important things at this point will be keeping your GPA up and getting some good letters of recommendation. I'd recommend trying for a PhD program at a CAE-R school like UC Davis or Carnegie Mellon. The links on that NSA site are directly to each department - check out their research.

Think about what you can put on a resume and demonstrate to an admissions committee or employer. Learning all of this stuff is great and will help you on the job, but you'll need things like your CCNA cert, a good GPA, and internship, part time, or open source experience to get there. Anything to prove you can succeed and interact socially in the real world (business experience, club leadership, sports, or just a good interview) could also certainly be an asset considering the stereotypical nerdy competition.

 

[Sw0rDz]

Sounds like a good start to me. The most important things at this point will be keeping your GPA up and getting some good letters of recommendation. I'd recommend trying for a PhD program at a CAE-R school like UC Davis or Carnegie Mellon. The links on that NSA site are directly to each department - check out their research.

Think about what you can put on a resume and demonstrate to an admissions committee or employer. Learning all of this stuff is great and will help you on the job, but you'll need things like your CCNA cert, a good GPA, and internship, part time, or open source experience to get there. Anything to prove you can succeed and interact socially in the real world (business experience, club leadership, sports, or just a good interview) could also certainly be an asset considering the stereotypical nerdy competition.

The most difficult is finding an internship or a job. It may be my location, but its hard to find a job/internship that can help out with my major.

 

[kote]

The most difficult is finding an internship or a job. It may be my location, but its hard to find a job/internship that can help out with my major.

Most corporate IT departments have internships. Check with career services or ask your professors to get you in touch with alumni. You can find a lot of info on company websites too. Now is the time of year to be applying for internships - much later and they will be gone. Large companies have IT everywhere.

I was able to get a lot of experience in school by acting as a low cost part-time IT department for a small business. As a college student with Cisco certs you may want to look into that. It's a great way to get a lot of real world experience while having potentially a lot of responsibility (you'll do it all). I did all of the IT for a few hair salons and a hair school. They were in desperate need of help for digitizing their scheduling systems and files etc and just keeping everything stable and working. When I left we were using two Windows domains, group policies, VPN, DNS and DHCP, and all those other fun acronyms with a bunch of other networked apps. That's the type of work you'll need to do some heavy networking to get, but it's out there and is probably worth looking for.

 

[kote]

Sweet? You'll almost certainly end up with some level of government security clearance with this also. Note that this program isn't just offered at NPS, but NPS is one of the participating schools.

http://cisr.nps.edu/scholarships.html

The U.S. Naval Postgraduate School (NPS) in Monterey is proud to offer an exceptional program that enables civilians to obtain a full scholarship for a Master's Degree, receive a salary while in school, and begin a civilian career with an unlimited future. The "Scholarship for Service" program DOES NOT entail enrollment in the Military. Our students receive their Master's Degree and move on to CIVILIAN government jobs in such organizations as the CIA, FBI, NSA, and others.

Overview:
* Free tuition at NPS for two year Master's Degree in Computer Science, emphasis in Information Assurance
* Approximately $30,000/year salary while enrolled in the program
* Access to state-of-the-art equipment and the opportunity to participate in classified classes and research
* Upon graduation, start your paid CIVILIAN position as a cyber security professional in any of a number of federal, state, and local agencies

 

[Sw0rDz]

Are you talking about jobs for the summer? If so, I'll start applying this coming break.
I tried a few places late last year, during spring semester, but I was told, a lot of places want CS students with at least 2 years which I'll have this summer.

 

[kote]

Are you talking about jobs for the summer? If so, I'll start applying this coming break.
I tried a few places late last year, during spring semester, but I was told, a lot of places want CS students with at least 2 years which I'll have this summer.

Yes summer internships. Now is about time for those. Most jobs for this year's graduating class are probably filled, and it's intern recruiting season.

 

[Sw0rDz]

I'm nervous on building my resume. I have a lot of knowledge, but a good chuck is stuff I learned on my own.

A fraction of my library collection...
http://img404.imageshack.us/img404/7094/img00032r.jpg

 

[kote]

Figured that might be the case. Welcome to the club . Once you can turn it into results for a business or other organization or open source project or whatever, you'll be all set. You still have plenty of time - just keep your resume in mind and see what results and experience you can get. I was very surprised by the high correlation between experience and results in the real world. Once you can show some results that's all anyone cares about anyway. The hardest part is going to be getting yourself in the right situations.

Network all you can and try to get in on consulting for small businesses in your spare time. Don't settle for online apps when you apply for internships and get with career services and alumni to make sure you talk to real people. Work your resume with career services and practice how you'll approach alumni or others. The larger the company the better when it comes to internships, but smaller companies can also work well if you can accomplish something while there.

I think you get the idea, but no one is ever going to see your collection and there are no points for effort. When it comes to job apps, if it's not on your resume, it didn't happen. No one cares what I did on my personal Linux server, and I certainly can't mention any of the dumb illegal things I did while younger (although I wanted to at the time). They care that during an internship I was able to automate processes between legacy Unix and Windows systems saving engineers 20hrs a week, and they care that I deployed and managed operation-critical Windows servers and domains and kept them up 99.996% of the time over 6 years (using statistics and words like "deployed" is also important ). Being able to do things like that is where the experience comes in, and it sounds like you're probably okay there.

There are loads of ways you can prove yourself, and you have time if you make it a focus. Try for all of them and with a good GPA you should have an opportunity to do well. There are very few real security experts. Those with potential often have a hard time dealing with school or with business interaction. It looks like there are some good opportunities out there though if you can keep doing the right things.

 

[eof]

I wanted to comment on your library. Do you know C well? How about assembler for some of the most common CPUs? Can you write an exploit for a trivial buffer overflow etc? Do you understand how compilers generate code? Most of your books are about Java and web technologies. How well do you understand some of the conceptual problems found in early implementations of different networking protocols? I used to write exploits, software cracks and ended up infecting a bunch of computers at my school with a virus I wrote as a teen and I've never seen a course about any of those things being taught at any of the universities that I've attended.

I guess most of the research in academia that relates to security involves research into operating systems, compilers and programming languages that minimize user mistakes. If you just want to learn how to secure servers or understand exploits, then I suggest just going into the industry. I know some people who landed really good jobs in the industry by writing exploits for some pretty widely used software in their spare time. I think that carries more weight than a degree. Of course, if you want to write policy reports for the insurance and the medical industry, then you need some certs. But often it seems like in those industries security is mostly about getting a nice paper stating that your compliant with some standard and not actually doing anything fancy to secure your systems.

Regarding CS faculty doing security stuff, I would say some of the most well known are probably Gene Spafford and Steven Bellovin. They are professors at Purdue and Columbia.

Security is actually one of the fields where you need to have really strong knowledge of the practical foundations. This means how operating systems, compilers, CPUs etc work. You need to know the low-level stuff really well, because that's often where the problems pop up.

 

[Sw0rDz]

I wanted to comment on your library. Do you know C well? How about assembler for some of the most common CPUs? Can you write an exploit for a trivial buffer overflow etc? Do you understand how compilers generate code? Most of your books are about Java and web technologies. How well do you understand some of the conceptual problems found in early implementations of different networking protocols? I used to write exploits, software cracks and ended up infecting a bunch of computers at my school with a virus I wrote as a teen and I've never seen a course about any of those things being taught at any of the universities that I've attended.

I guess most of the research in academia that relates to security involves research into operating systems, compilers and programming languages that minimize user mistakes. If you just want to learn how to secure servers or understand exploits, then I suggest just going into the industry. I know some people who landed really good jobs in the industry by writing exploits for some pretty widely used software in their spare time. I think that carries more weight than a degree. Of course, if you want to write policy reports for the insurance and the medical industry, then you need some certs. But often it seems like in those industries security is mostly about getting a nice paper stating that your compliant with some standard and not actually doing anything fancy to secure your systems.

Regarding CS faculty doing security stuff, I would say some of the most well known are probably Gene Spafford and Steven Bellovin. They are professors at Purdue and Columbia.

Security is actually one of the fields where you need to have really strong knowledge of the practical foundations. This means how operating systems, compilers, CPUs etc work. You need to know the low-level stuff really well, because that's often where the problems pop up.

I know Assembly, C, C++, .NET. I know how to use c and Aseembling to write decent explots. Like I've said that is a fraction of my collection. On my spare time, I was writing server/networking applications just for fun, and have used it to write trojans that I used on a virtual machine. Another portion of my library are books.

I know how to write virus's and exploits for simple systems (a system not managed by an IT pro), but it's just not enough for me. I want to know hardcore. I'm checking into IT jobs for the military security.