Why studying security in college is a waste of time

To gain the security skills most needed at many companies, students and graduates will have to take a counterintuitive approach to their education and career.

0 title gap
Credit: Thinkstock
Skills gap

You hear a lot about the skills gap in technology. And nowhere is that gap wider, many say, than security. Some companies are taking matters into their own hands. For example, Facebook is trying to teach middle schoolers how to hack so it might raise a generation savvy in security.

To gain the security skills most needed at many companies, students and graduates will have to take a counterintuitive approach to their education and career. Whether just entering college or recently graduated, Shawn Burke, Global CSO, Sungard AS, details how to get started.

studying security in college
Credit: Thinkstock
Don’t study security

You read that right. When I interview candidates, I see a lot of “analysts” – what are you analyzing? You can be much more valuable to an organization if you’re well versed in networking or development or some other discipline and are able to apply security logic to that. It’ll help you better understand and anticipate vulnerabilities than simply chasing the latest threats with “best practices.”

studying security in college
Credit: Thinkstock
Don’t over-specialize

When you look for your primary discipline, avoid getting too specific. Let’s say you’re a Check Point expert – that’s great, but what if your future employer uses Cisco firewalls? Instead, be a firewall expert and know all the different technologies that might apply.

studying security in college
Credit: Thinkstock
Know your discipline inside and out

Perhaps this goes without saying, but the better you know your field, the better you’ll grasp its security issues. If you’re studying firewalls, for example, understand packet flow, where to place equipment, how to analyze raw data, and how to better prevent threats.

studying security in college
Credit: Thinkstock
Find the security path in your field

If you’re great at coding, you can go to the application side of the house and figure out how to make apps secure – a valuable service to many organizations. If you’re in network engineering, you can help figure out how to orchestrate solutions to denial-of-service attacks. For every discipline, there’s a security need.

studying security in college
Credit: Thinkstock
Pick up leadership skills

Years ago I was looking for someone to run a vulnerability management program, and during interviews, I asked different candidates how they’d position the team, organize and delegate the work, and manage the employees. From some of the answers it was clear that the person had no idea what they were doing. And that’s for a pretty fundamental position. Hone your leadership skills for the higher-level positions later in your career.

studying security in college
Credit: Thinkstock
Gain experience at the right company

In general, you’re better off at a service provider helping multiple, different organizations than working in-house at one company. Security policies are easier to apply for company employees by simply preventing users from engaging in a certain behavior. Those rules don’t always work when you need to accommodate complex solution requirements from various clients that stretch the boundaries of security policy. Instead of saying “no,” you are challenged to become more creative in figuring out ways to implement different infrastructures that keep a company running and secure.

studying security in college
Credit: Thinkstock
Keep your skills fresh

Technology evolves too fast to focus on the same technologies for an entire career. The best employees keep their skills sharp, get involved with peer groups, and continue learning new technologies and practices relevant to their area of specialization. You know you’re working for a good company if it incents you to expand your knowledge base.

studying security in college
Credit: Thinkstock
Learn the business

Tech for tech’s sake doesn’t win the day anymore. As more industries grow technically astute, they need technologists who have a firm grasp on compliance and other business issues. At the CIO level, it’s not enough to have a deep expertise in technology. You have to know the industry too.