In my experiences at both undergraduate and graduate school, most of my professors were really good at what they...
did -- lecture and impart book knowledge. The problem is the theory they taught me and the lack of hands-on experience most of them had didn't translate all that well to the real world. Some schools are worse than others. Luckily, my undergraduate degree was from a school that prided itself in providing hands-on experience.
Overall, I believe the lack of application security training and other hands-on experience is a fundamental challenge we face in the industry, and there's not a great fix. I suppose higher standards for hands-on experience -- even some form of continuing education -- could be established for college professors. I'm confident that won't fly.
I believe that many degree programs are only meant to teach the essentials and not everything students need to know. The term "on-the-job experience" came about for a reason. That said, two universities local to me in Atlanta are well known for their information security programs: Georgia Tech and Kennesaw State University.
Perhaps undergraduate studies in computer science combined with graduate studies in security would be the ideal path for students to take. Or a double major wouldn't be bad, if you can hack it. (I couldn't resist the pun.)
Some might think that the government should get involved. I'm not crazy about that type of regulation and licensing. I'd prefer to stay with this free-market scenario whereby the savvy computer science graduates know that their learning has just begun. They understand that their graduation "commencement" is just that and they go on to self-study, attend conferences, take courses and otherwise learn as much as they can about software security throughout their careers. That's what I did, and I know many others who work in IT who have done the same. Even with having worked in security for two decades, I have a long way to go before I will feel that I've mastered these concepts.
The important question is: Are you up for the challenge and willing to do the work necessary to be successful in securing applications? If so, you'll be greatly rewarded, given the demand for this expertise.
App coding lessons from the next generation of developers
Dig Deeper on Software Security Test Best Practices
Related Q&A from Kevin Beaver
Android Oreo replaced the allow unknown sources setting with a new feature that enables users to selectively install unknown apps. Kevin Beaver ... Continue Reading
Several vulnerabilities were recently discovered in Android bootloaders via the BootStomp tool. Kevin Beaver explains how they work and what risk ... Continue Reading
Equifax's Apache Struts vulnerability was an example of a scan not being read correctly. Kevin Beaver explains vulnerability scans and how issues can... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.