Awesome New Infosec Class
By Daniel Miessler on March 28th, 2008: Tagged as Education | Information Security
The University of Washington’s School of Computing and Engineering is offering a new course on how to think like a security professional. The class looks very cool, but look at the requirements:
You should have maturity in both the mathematics of computer science and in the engineering of computer systems. This means that you should: have a good understanding of data structures and algorithms; be comfortable writing programs from scratch in C and Java; be comfortable writing and debugging assembly code; and be comfortable in a command-line Unix development environment (gdb, gcc, etc). You should also have a good understanding of computer architecture, operating systems, and computer networks.
Um, how many people do you know at the very TOP of infosec who:
- is comfortable writing programs in C and Java from scratch, and
- is comfortable writing and debugging assembler, and
- is comfortable coding in UNIX using
gdb,gcc, etc.
I mean like Bejtlich, Gula, Ranum, Roech, Parker, etc. Do they even qualify? If so, how many of them? I understand that most people at some point could do this — even me to some degree. But damn, not anymore. I think most people learn assembler, Java, etc. and that stuff quickly atrophies unless it’s part of your daily work.
Oh, and that’s just to get in to the class… You should see the final. :)
Anyway, I’m being silly. But the class does sound like it’d be cool. There’s even a course blog.
Are you serious? The only requirement I’d have trouble with there is writing debugging tools in Assembly (which I could probably learn without too much trouble). Pretty much anyone that went to Georgia Tech and took their education seriously would have no problem with these tasks.
Comment by Tim F. — 3/28/2008 @ 12:28 pm
Maybe it’s because I just graduated with a BS in Computer Engineering in 2006, but these topics are all thoroughly covered in an undergrad degree. Could it be that the audience the class is geared towards are fairly recent graduates that are looking to start a Masters?
I’m working on a Master’s in Computer Security at DePaul University in Chicago and they never come right out and say that those skills are required, but if you look at the topics taught in the prerequisite phase they are identical.
I’d also argue that the people at the very TOP of InfoSec are no longer “in the trenches” so to speak. They are more business oriented now often overseeing the new generation of analysts; focusing on overall vision and planning for the department. When they first started out I’d venture they were more technical than business savvy. As their careers progressed they shifted towards more business than tech savvy. Don’t think I’m saying they don’t know their tech still, because they do, but as you said, if you don’t use it everyday it slips away bit by bit. They are likely excellent today because of the strong technical base they built on over the years.
If the class is targeting young professionals in the InfoSec field I think the requirements are spot on. It’ll help build a solid technical base of understanding that can then be built on as they progress.
Since when can your understanding of the systems you’re tasked with protecting be too thorough?
Comment by randy — 3/28/2008 @ 12:50 pm
Note that the class is 484, that’s usually upper division close to PhD candidate level: this course is at the end of many, many credit-hours of classes.
Comment by Steven G. Harms — 3/29/2008 @ 6:12 am
[…] http://dmiessler.com/blog/awesome-new-infosec-classBut damn, not anymore. I think most people learn assembler, Java, etc. and that stuff quickly atrophies unless it’s part of your daily work. Oh, and that’s just to get in to the class… You should see the final. … […]
Pingback by Final Assemblers goings on » Blog Archive » Quick scan of the net - final assembler — 3/29/2008 @ 9:58 pm