olly - Fotolia
In my experiences at both undergraduate and graduate school, most of my professors were really good at what they did -- lecture and impart book knowledge. The problem is the theory they taught me and the lack of hands-on experience most of them had didn't translate all that well to the real world. Some schools are worse than others. Luckily, my undergraduate degree was from a school that prided itself in providing hands-on experience.
Overall, I believe the lack of application security training and other hands-on experience is a fundamental challenge we face in the industry, and there's not a great fix. I suppose higher standards for hands-on experience -- even some form of continuing education -- could be established for college professors. I'm confident that won't fly.
I believe that many degree programs are only meant to teach the essentials and not everything students need to know. The term "on-the-job experience" came about for a reason. That said, two universities local to me in Atlanta are well known for their information security programs: Georgia Tech and Kennesaw State University.
Perhaps undergraduate studies in computer science combined with graduate studies in security would be the ideal path for students to take. Or a double major wouldn't be bad, if you can hack it. (I couldn't resist the pun.)
Some might think that the government should get involved. I'm not crazy about that type of regulation and licensing. I'd prefer to stay with this free-market scenario whereby the savvy computer science graduates know that their learning has just begun. They understand that their graduation "commencement" is just that and they go on to self-study, attend conferences, take courses and otherwise learn as much as they can about software security throughout their careers. That's what I did, and I know many others who work in IT who have done the same. Even with having worked in security for two decades, I have a long way to go before I will feel that I've mastered these concepts.
The important question is: Are you up for the challenge and willing to do the work necessary to be successful in securing applications? If so, you'll be greatly rewarded, given the demand for this expertise.
App coding lessons from the next generation of developers
Dig Deeper on Topics Archive
Related Q&A from Kevin Beaver
Explore the differing roles of inbound versus outbound firewall rules for enterprise network security and the varying use cases for each. Continue Reading
Compare host IDS vs. network IDS through the pros and cons of each, and learn how more modern systems may be better suited to ensure effective ... Continue Reading
Different tools protect different assets at the network and application layers. But both network and application security need to support the larger ... Continue Reading