I Don't Like Cybersecurity Degrees
Вставка
- Опубліковано 8 вер 2024
- Live on Twitch: / lowlevellearning
🏫 COURSES 🏫 Check out my new courses at lowlevel.academy
🙌 SUPPORT THE CHANNEL 🙌 Become a Low Level Associate and support the channel at / lowlevellearning
Why Do Header Files Exist? • why do header files ev...
How Does Return Work? • do you know how "retur...
🔥🔥🔥 SOCIALS 🔥🔥🔥
Low Level Merch!: lowlevel.store/
Follow me on Twitter: / lowleveltweets
Join me on Discord!: / discord
live on twitch! twitch.tv/lowlevellearning
To be fair, bachelors degrees are very broad and shallow in general. It's masters degrees and above where you actually specialize in something.
Yup but also even a master’s degree isn’t enough to specialize. Cybersecurity is already a niche profession as it is. It’s not like CS where it’s very broad. So to expect someone to do a master’s degree or have coursework training in something super niche like IoT security is unrealistic nor is it helpful. A degree is academic. It’s not vocational training. That’s what SANS is for
@@fahid3342 that is really depending on your studies and university. Also when you start working, you actually specialize (or with a PhD). But you should be able to know the in and outs, connections and how to approach a problem and teach yourself to understand it
Hey I’m currently a freshman in college majoring in computer science not like specifically towards anything I’m just trying to see if I can use a bachelors degree basically just to get interviews and like be a little more competitive in the job market while taking on most of the hard work of learning programming by myself at home is this a good idea ? I already have a decent understanding of fundamentals and can make little projects in pretty much any language I try to do it in with enough time im already trying to apply for internships and stuff should I just keep doing what I’m doing or should I focus my degree on something else ? Sorry for the length of this lol I just don’t really know anyone in the industry
the goal is knowing enough to know what to google or ask a LLM. Be a jack of all trades, master of one.
@@zacherymcclendon3945 Finish the CS degree and get really good at it if it’s something you’re interested in and passionate about helps. You need a degree and CS is a good tech degree to get you introduced to the field.
"a little bit about everything" isn't that just a normal CS degree?
In CS you learn the fundamentals. At least in good schools. So all the theory, math and architecture behind what he just mentioned. Focus on fundamentals and you can pick up the rest along the way. You can pick up "IoT" if you know network programming, analysis and math. IoT, cybersecurity are just buzzwords. All the stuff that LLL showcases in his videos, you pick up the first year of a good CS degree. And its only 20% of what you actually learn.
Sounds like most degrees
No a cs degree is being taught unused languages and at times writing code by hand
@@emeraldbonsaiKind of, I am taking Computer Engineering which is not the same, but in the half of my career that covers the CS part, we do learn old af languages but this only happened in one class where the focus was on learning about Programming Paradigms, so we had to code using Prolog and Racket for the Logic and Functional paradigms. We also used Assembly for a Compilers class. Aside from that, I've used C#, C++, Java, Flutter (Dart), SQL, Javascript, Python... So it just depends if the class is about something high level like a Database or something low level like a Compiler
@@emeraldbonsai I am in a CS degree right now and what are you talking about.
"a little bit of everything" describes literally every technical degree (engineering, medical, computer science etc). The only time anybody expects someone to walk out of university as a subject matter expert of some aspect of a subject is when they walk away with a PHD. Employers want to see you understand the basics and have the capacity to learn concepts related to your degree and grow into a sme
Even if you get PhD you are only an expert on a very small subsection of your field of study. True „know it all“ experts are a product of years or decades of experience.
@@lbgstzockt8493Hence "subject matter expert", meaning that they are an expert on a specific subject.
It doesn't mean they are particularly well equipped to handle day to day IT work in the business world.
But it does mean they have a lot of knowledge and a good understanding of various elements of the subject.
Someone with a PhD in Computer Science might have a crazy level of understanding with respect to various aspects of data encryption, but know only a little about programming language compilers.
yeah, this short was a pretty sad choice. i've looked at even my local community college's cybersecurity degree plan and it looks robust in comparison to cs degrees from the big universities in my state. sounds more like he's salty about something. (maybe paying big bucks for a cs degree when all the knowledge is online)
I was a network engineer at MCI WORLDCOM before they were bought by Verizon. We tested every circuit from 2.4 analog to SONET (at least I did). I used to teach the newbies and get them up to speed. No one walks in the door knowing everything. I don't care you are a CCNA up to a CCIE with a PhD In quantum networking there is too much to learn. Not every network is the same. Not every uses frame-relay, MPLS or 802.1Q tunnels. I had to learn multi ast because our company sold a product that required it but we didn't have a way to test it. Most geeks like myself are strong in our main product offerings and know enough to be dangerous in other areas. No one knows it all.
@@adultdeleted Cybersecurity degrees are cool because you take a lot of classes that seem to be vocation-focused. But, the problem is that if you have a cybersecurity degree, people only think you know the basics of cybersecurity. You are pigeon-holed. Which could be perfectly fine. But, I am trying to bring AI to cybersecurity and a cybersecurity degree plan does not prepare you for AI courses. I have spoken with experts in cybersecurity (27 years of experience) and they said that a Security + certificate is really all you need to get your foot in the door for entry level positions when combined with a CS degree. So, if your heart is set on cybersecurity, a cybersecurity degree is fine. If you want to have more paths available to you, a computer science degree and the right certs allow you to get started in cybersecurity if you want. Cybersecurity jobs need soldiers that can do the grunt work related to security. Most computer science jobs need you to have the mathematics and programming background you don't get in a cybersecurity degree to do things as complex as AI. I would argue that a cybersecurity degree with math electives would be awesome for an AI masters program. But, people don't see it that way. They see someone who tried to skip out on math to get into tech.
My boss told me something along the lines of "you don't have to be the best in everything, you just have to know when something is bad. If you can't do it better, then you can always find someone who can"
So find someone who knows a bit of everything and teach them how to lead a team, because it's always going to be a team effort.
Also how would I as someone who don’t know what embedded is or IoT is specialize in it (even though it’s not possible as it’s only a master degree) if I didn’t study them a bit as an intro
Then I can choose more wisely
I’m a firm believer of generalize then specialize
U can also add to your specialization later on easily
As someone who has been an IT jack of all trades, I strongly disagree lol. I believe the key is to specialise in one key area, that way you're highly sought after.
A counterpoint: I'd rather hire someone with a little bit of knowledge of everything, a knack for conducting good web searches, and the humility to go "actually, I don't know that offhand, let me look it up." That last one is a rare trait.
True because a guy who can do a bit of everything will be a much better asset to the team than some guy who is great at one thing. It's better from a technical and financial standpoint because it's easier to teach the guy to be more proficient if he already knows the basics than teaching a guy something if he has 0 knowledge.
There's always the good and the bad side of everything
Agreed. And funny thing is I have seen and gotten to know cybersecurity professionals who actually are masters in all fields at once. But they are quite rare from what I've seen so I do see LowLevelLearning's point.
Yes and with the added bonus that they are less likely to have developed their own habits and preferences, so you have more influence over them. And you will be able to delegate more work to them and pay them less.
@illegalsmirf still gotta pay them good, or once they get better at their job, they will leave and go to a place that will pay them well
To be a jack of all trades, but a master of one I think is the best way to do anything in IT. Everything touches everything else so it's good to have an overview of more than just your chosen specialized niche.
Ahh that's a good piece of advice I would like to add learning new things.
This comment is completely in touch with reality. In IT, you HAVE to
know a little bit of everything, since everything IS connected to some
point. Cybersecurity field is not a problem, individuals that study it
might be depending on their actions. They are the ones that have to
master a specific area inside Cybersecurity to really be useful and if
they think that just having the degree will make them professionals they
are dead wrong. Cybersecurity will open the doors and show you the keys
to each door, but the individual is the one that has to choose the door
that interests them the most and master that shit.
the thing is that there are no "trades" in IT.
It really is all the same thing: data in, data out.
Studying one 'specialty' is studying the rest of them at the same time.
Whether you're debugging network drivers or migrating SAP: where did the data come from, where is it going, how does it get there?
Source: I started in desktop support, in the 90s, was a SDE in the 00s, and am a cloud infra. architect now.
"We came up with the concept of the Tall Thin person - someone who could span all levels." -- Carver Mead (Father of VLSI)
It's good for entry into an industry but if you want to be productive long term you have to specialize.
All bachelors degrees are a “congratulations you know a little bit of everything”. Every single one of them. There is no bachelors degree for IoT or embedded systems. There is degrees for software engineering or IT. Only generic concepts.
It’s the masters where you have to pick an area and specialise in it yourself while working through your thesis. You become your own expert by working on a project you selected for several months.
@@MyNameIsSalo my take on it was get the bachelors UK everything now then get the certifications or do the certificates whilst u doing the bachelors....and also side projects college is useless but network in college is useful. So a bachelor's in Cyber security whilst certifying urself and doing side projects is optimal.
@@jasonalexander8921 yeah thats a good idea, im starting my bachelors in ethical hacking and cyber security, and I've already started doing my CompTIA certs, i plan to get at least 3 certs every year i am in univecity.
I work cybersecurity. There has been an influx of Cyber degree holders with comptia certs who have zero interest in the field, zero interest improving the organization. Considering leaving the field altogether
do it
Why do you care what other people are doing? That just means you have less competition
@@wnathanielw I guess if you're a manager and you need people, this can be pretty annoying. It also would bum out coworkers if you keep getting new hires that leave so you keep picking up the messes they leave.
I have zero interest about being yelled at for a security breach. Breaches are inevitable. So, it could be that certain workplaces don't treat their cybersecurity folk properly and just look at them as a resource drain that screws up every once in a while. While a developer turns a profit and sometimes what they make breaks.
I'm studying to bring AI to the cybersecurity world. But, I may just stick to AI if cybersecurity is toxic.
It's also not about the degree. Job descriptions and the whole application process are often trying to filter for "rockstars" who at least sell themselves as experts at everything, because if they don't, someone else who does sell themselves better actually gets the job.
In my opinion this take is wrong. Almost any field of study is general at first to give an overview, to be able to talk to each other, get the connections between the fields and figure out what interests you. Later on in the studies, you specialize in a field and then become a specialist in that field. Asking to know all details about everything is just the wrong expectation from your end - that is not the goal and never has been. A medical doctor also specialize and noone expects a specialist for eyes to be able to perform heart sugeries.
All my homies get heart surgeries from their eye doctors
That's not the point. The point is like with studying politics. If you study something real, then you can represent that field in politics. If you study cyber security you'll be like another useless career politician unless you already have something real under your belt.
@@reed6514cybersec isn't like eye vs heart, it's like eye vs nurse
@@prawtism all my homies get nurse surgeries from their cybersecurity eyes.
@@prawtism sorry, but that comparison makes little sense. A politician is elected and can't fully influence their career development. Also politics is not about becoming a politician. Cyber sec studies are. And as mentioned before, it is broad at the beginning and then specializes. Also most people that study it, should already have an interest and some practical understanding, like in every field. I am not saying it's the only way, but saying it's just broad and not applicable is just plain wrong after the second year, when you start to specialize and have the broad tools to dive deeper in what interests you.
This is a bad take. A degree does not, ever, in any field, indicate that you know everything in that field.
A degree is a good foundation and also shows that the person is capable of absorbing new knowledge.
@@MmMRmaxim Sure, a foundation... not knowing the totality of a subject. It mostly means that someone had the time, money, and interest to pursue an education in a specific field, which can indicate a willingness to learn.
anything *
My friend is in school for cybersecurity. A good chunk of the degree is fluently explaining to corporate how and why IT security is important, and quantifying cost-benefits of fixing security issues.
Many professions will spend their entire lives trying to explain things to business majors. It's because they're stupid.
I feel in cybersecurity the most important things are to be analytical, curious, and slightly paranoid. Finding an outside hobby away from computers is important as well so you don’t burn out.
I think you are discounting the true value of generalists who can specialize. There are not many of us out there, but there are some of us. The only real bulwarks to our knowledge is just what we are interested in at any given time.
I've spent my life in this industry and 'specialist' ALWAYS means "I know some trivia that you don't" Sometimes it really is impressive, usually it's irrelevant.
I started in desktop support, in the 90s. I was an SDE in the 00s, now I'm an infra. architect, and it's been the same story, in each specialization:
'where does the data come from, where is it going, how is it going to get there'
Also lets not forget that a lot of classes in cybersecurity is stuff like: dont pass user input into this sql query .
Binary exploitation, getting RCE out of a vuln, fuzzing, etc... Is never touched upon.
I disagree completely with this take. You're overloading the word "professional". By this argument, no one can be a professional engineer, professional mathematician, professional physician, professional physicist, professional lawyer etc. That's just silly. You become a professional in a field by having enough knowledge, experience, and skills to get paid for labor or works done in that field. That's it. At a certain level of depth and complexity, just being able to get a handle on a single problem in the field is good enough to make you an expert. That's why every complex field of knowledge has specializations, like being a mathematician, engineer, doctor, or lawyer, or hell even a computer scientist these days. This is just one massive L take.
Why do you think we have professional licensure (USMLE, state bar exams, PE exam, etc.)? That's the whole point, it's because society realized that you cannot rely on schooling alone to ensure competence. The massive L is the failure to understand his point that cybersecurity is far too broad of a field for a BA degree to make someone competent in it.
@@tetrabromobisphenolwait until you find out how those certifications came to be. it's the same process for each. (hint: anyone used to be able to claim to be anything.)
I don't agree at all. A generalist will catch a lot more of the obvious flaws like SQL injections, XSS, not salting and hashing passwords when you store them, etc. Those are all the basic of the basic. If your company doesn't have anyone with security basics, there's going to be so many holes for a new-grad generalist to fill. If that's not the case, a generalist will at least be able to cover whichever parts you need more people on.
Companies don't hire people that don't know the basics, and they don't hire people that only know the basics. You need the basics and a specialization.
You just described the job description of a help desk administrator. An associates degree in IT will cover that. The point ALL of you seem to miss is that to truly be someone who knows more about cybersecurity than your average IT admin, you'd need to be the equivalent of an MSCS or MSEE, not a BA in cybersecurity.
Cyber sec professional here, you absolutely dont need this
@@kenners1993 is it not worth it?
Tangentially, most US colleges are not actually "for profit" entities. They are not actually businesses even if they are poorly run and managed.
However it does cost money to operate them.
" A bit about everything" can be a good foundation to grow and develop. Oh and just because you don't know someone that is a "true master" does not mean they don't exist. Usually they either focus on a specific sub field or they become mangers to watch over the entire process.
As a Junior PenTester who recently graduated with a CIS: Cybersecurity degree, I'd say it's better to become a Subject Matter Expert (SME) in a certain pillar of cybersecurity such as web applications or cloud (just an example, like he says it's necessary to have a base level of knowledge in everything almost lol)
I'd kill for "a little bit about everything". I just finished my postgrad in CS and we barely did anything related to CS.
My major was initially cybersecurity. Switched to electrical engineering almost immediately after I saw what cybersecurity as a major really was.
based. I'm also somebody wanting to pursue EE even tho my "background" (what I've been doing on my own time) is CS/Programming
I'm a junior pursuing Cybersecurity right now. It's dumb. I'm a junior this year taking my first Cyber class. Everything beforehand was CompSci, one networking class, random major requirements, and GenEds.
@@FlanPoirot do it as a hobby.
@@humble2246 it what? it as in CS or EE?
@@FlanPoirot EE
A little bit of everything can be very useful, especially for someone coordinating a team of much more specialized people.
you missed one: you also need to understand the human security aspect (which is like 50%+).
True. Biggest threat, some social engineering victim/pawn opening doors (physical or virtual) for the attacker.
Imo cybersecurity is more than just the technical knowledge. In fact, I prefer the term "information security" because it shows how broad the scope is. Having a good understanding of risk is fundamental. You might be great at implementing firewalls but you will be very limited if you a don't understand VERY WELL the fundamentals of information security, because that's what's applied across the full scope, even in offensive security.
Wait till he finds out what software and CS jobs demand in India😹😹😹
fucking CP lol. I love meddling with graphics APIs, game engines, games, and networking but to secure a job I have to get a fucking 1600 cf rating and solve 500 leetcode questions
You need to get into programming
@@privateagent i already am into programming 💀
+ Psychology is also important. Taken from Ross Anderson's Security Engineering book.
What you are talking about is a Cybersecurity Expert, this is a level of knowledge that is attained at the expert level and is usually after 10-20 years of experience. A cybersecurity specialist is entry level, they are VERY different. A cybersecurity specialist is someone that knows a some about cybersecurity usually entry level. As opposed to a middle ground like cybersecurity analyst.
A cybersecurity expert is on the same level as a cybersecurity architect. Both have very small pools of people at that level. A cybersecurity specialist is usually specialised in Networking, Systems engineering, IT auditting, financial and risk analysis and OSINT, security intelligence.
Someone into pentesting might usually be more specialised into red teaming and offensive security with a niche for cryptography, software security, networking or any other. But very few people can call themselves cybersecurity experts. Usually they are general cybersecurity analysts or cybersecurity specialists.
I was told when you enter the CS field find a road and stick to it, because CS is so broad it is damn there endless.
It’s not possible for me to agree more, and if I could, I 100% would.
So in short terms, on top of knowing embedded systems you need a software degree plus a cyber degree. So in short term you’re paying to become a doctor for computers. Also becoming a doctor is extremely expensive 😂
It's the same as the medical field. Being a doctor doesn't necessarily mean you are a master of all medicine. Which is why part of being great in a field is either being a specialist or being really good at using the internet to research and understand it lol. That's my take anyway.
"A little bit of everything" includes a lot of fundentals, tier 1 degrees are not meant to specialise. They are meant to introduce you to the areas of the field well enough you can get a basic job and learn there, or go into a more specialised masters degree.
Same in the UK, I've got team members who have Masters in cyber but actually know very little about testing in the real world. What's more scary is that some of these people treat the reporting element of pentesting as an afterthought and can barely string a professional report together. I mean come on, that's literally the client deliverable!
I’m a cybersecurity major in college, and I do agree that it teaches you a little bit of everything. On the bright side, the major allows people to pick their niche to a degree. For me personally I enjoy programming and hacking so I’d take more programming and hacking classes than maybe the student who’s really into operating systems or really into networking.
Also as the major grows, the more of a standard it will become I believe. Especially since security is a large demand now.
The value of knowing a little bit of everything is that you’ll be able to better understand which corner you’ll want to pursue
Useless ranting.
The primary "issue" is that college is about academic study, not job training. And it has absolutely zero to do with the topic.
There's almost no reason for an academic degree in cyber security, UNLESS you are going to make it a multi-discipline program that aims to educate about human behavior and thinking, the nature of security (in general), how computer can promote or hinder security, and so on.
The irony that your own post is comprised entirely of useless ranting is just the chef's kiss.
Yep.
And the worst part in most of the job listings I've seen they require you to have that expensive ass piece of paper that says you basically don't know shit.
I agree, I don't also believe in the terms 'penetration tester' or 'cybersecurity expert'. you are either a computer scientist who uses their knowledge for security purposes or just a regular guy who runs basic commands in a penetration testing linux distrobution
"A little bit of everything" is quite generous, sir.
Usually a cyber security degree will just push a student through training with proprietary forensic tools and a SIEM. And telling people to not open email attachments.
I'm a low level game developer because I always wanted to learn how a game engine is made and how programs communicate with my CPU.
And now I learn the low level security for Gaming industry and now I stop using AntiCheat like Vanguard, EAC, etc...
It's like a rabbit hole and if you have a passion, you always go deeper.
I was going to potentially get hired by a guy so I was at the interview, they wouldn't stop bragging about how they're self-made and you don't even need an education. I asked if they require it and they said obviously of course I do and I wanted to leap across the table.
I didn't get the job because they genuinely couldn't comprehend that "i'm good at computers" doesn't mean that I can do literally everything with a computer. Which is exactly the kind of useless incompetency you would expect from a self-made business tyrant who spent 90% of the interview talking about himself.
as other people have said, this is just how bachelor's degrees work. Masters degrees are where you specialize in a given area, but no one can pay for them because we live in a third world country with a gucci belt.
Well u re right it s almost impossible to know every single detail and information in cybersec cuz we all know this field is very wide and it always gets updated
You should know a little but of everything, but know profoundly something.
Just like B.Stroustrup said, being expert on every domain is ideal, but nobody is really expert for everything. Atleast, a group of people from different dicipline works together to resolve a real world problems.
I work in cybersecurity and yes, 1. You simply can’t be a jack of all trades, but you totally need to be informed and mildly educated on most everything enough to provide some value and 2. Build rapport with the people you are sharing reports with they are the true heroes behind “your success”.
I learned a little bit of everything in technical school. I’m far from being an “expert” and to make matters worse, they said they would place me in a job after school. THAT NEVER HAPPENED. This was a 2 year associate’s degree in specialized business - Network Administration.
Absolute facts. The amount of people just out of college that come through our door knowing absolutely nothing about real world IT is astounding. We're talking absolute 101 basics, they're lost
Like the saying goes "Jack of all trades, master of none, better than master of one"
was going to say this myself :D
"I fear not the man who has practiced ten thousand kicks one time, but I fear the man who has practiced one kick ten thousand times" - Bruce Lee, explaining why a jack of all trades sucks.
@@abebuckingham8198 he was talking specifically about martial arts and not really about anything else, though.
@@Templarfreak the same principle applies to all sorts of things, especially engineering. Everyone can get more done when you specialize because deep knowledge makes quick work of your speciality then you can hand it off to someone else. Generalists are only useful for simple tasks that don't require significant technical knowledge.
@@abebuckingham8198 the thing is though this is not actually true about a lot of different fields. and its arguably not even true about martial arts, given that modern martial arts is literally explicitly about knowing a lot of different techniques from a lot of different disciplines and using them effectively in the right situations. Bruce Lee was an excellent martial artist of his time, but by today's standards he is very antiquated and his methods outdated, despite his very methods being one of the corner stones that founded modern mixed martial arts. which, by the way, its literally in the name, _mixed martial arts._ :)
I know enough about computers that there is no longer problems I come across that I can't easily solve or quickly find out how to solve
There’s nothing wrong with leaving school with a little knowledge on a lot of topics. It gives you far greater flexibility when entering the job market and once you get a job, you begin to specialize in what it is you do every day. The reality is sometimes you don’t know what you don’t know, knowing a little bit about a lot helps you understand what there still is to learn and how that’s connected to other topics/technologies.
Yep I’m getting a network & user support associate, network engineering bachelors, and then I’ll probably get a bunch of security certs and maybe go back to college for cyber security if my next job gives me money for it. I love networking and want to improve security in our network infrastructure.
In my career so far I can certainly attest that at the beginning I knew a little bit of everything like an inch deep a mile wide, However I found its helped my career and just my performance at work to deep dive and learn as much as i can at a deep level across the board. Not saying I am a master of all but I would say I have a very high level in a few fields (Cloud, Networking for instance id gladly say i know very well) but i do have weak spots like Coding though i am attempting to fix those sometimes i feel like its an unwinnable game as im bound to forget things but im doing my best.
As I like to say for all attempting to get into anything Cyber or IT. Find something you enjoy and be really good at it and be familiar with other aspects of the field
The saying goes "the jack-of-all-trades is the master of none but is still better than the master of one"
You're just thinking with your American-side brain where they raise bots to stay in their lanes for a reason.
I usually say that learing computer science is like learning a dictionary.
You can’t learn everything but it helps to learn the alphabet and grammar first.
The more words you know, the easier it is to pick up new words. And soon enough you can know words without ’knowing’ them just by context and how close they are to other words.
It’s unrealistic to say you know or can learn every word in a dictionary, but it definetely helps if you know and have used 20% of them. And especially if you know your abc’s first.
The objective of cyber security is to protect IT infrastructures. Whether that be cloud, hardware, software and the integrity of AI. All with a strong evaluation benchmark and moral code. Knowledge of strengths in each corner and to know their weaknesses. This is the point of the field, don’t hate the title, hate the people who join for the wrong reasons. Currently a student and have a huge passion for the benefits of cyber security. Clearance and longevity can look like intercepting human trafficking down the road, the sub domains to the field are plenty. Or securing our grids or nuclear plants in industrial cyber defense. Don’t knock it, it’s yet to take effect.
Thank you for saying this. I’m a senior and still refining sections of my knowledge and building on it.
Europe has the same problem with degrees being pointless signaling and even if you get a job in the same field, unlikely, you could learn all the technical material in a fraction of the time a degree takes. If anything a bigger problem in the US is diversity causing more degree inflation
You have forgotten to mention Psychology. Psychology is extremely important in cyber security.
If you are really interested in this career path, and are in the US. I highly suggest joining the Air Guard or Air Force. It's simply the BEST avenue to a career. Schooling is paid for, you get security clearances, you have opportunities for non-civilian jobs, plus all the benefits of being a veteran (VA loan).
Forget paying for college man, its just not worth it when you could work 1 weekend a month in the guard and get all sorts of certs and training.
Look into it please
The "Masters" also have a interesting habit of publicly disclosing their security clearances on LinkedIn.
Security clearances isnt secret information
@WhosKoozko Despite not being "secret information", the reason it is a bad practice to publicly disclose your clearence on social media platforms, such as LinkedIn, is that it makes you a target for bad actors who are looking for attack surfaces against the companies you work at or have worked at.
It's sort of like making UA-cam videos of yourself holding giant wads of cash and then demonstrating where you like to hang out. Not "illegal", but careless and not a quality befitting any cyber professional worth their salt.
@@Wh0NeedsFr1ends Anyone targeting cleared professionals are likely apart of APT nation-state groups. These people are not amateurs, and are actually some of the brightest.
It takes the absolute bare minimum of reconnaissance for a bad actor to know that any employee doing ANY work for any defense contractor in the USA is cleared.
Meaning, the practice of trying to conceal that you are cleared is "security through obscurity" at best. Its almost like a person trying to make their network more "secure" by not broadcasting there SSID.
Another secure design principle similar to the principle of "Avoiding Security by Obscurity", is the principle of "Open Design". Basically meaning your systems security shouldn't rely on the secrecy of your implementation. Basically meaning your systems security should be reliant on the implementation of good security controls. The main control in this scenario is a administrative one: making sure your cleared workforce is trained and security aware to repel what would likely be a phishing attacks in the scenario of cleared people being targeted.
While I do understand what you're saying, in practice concealing your clearance doesn't make you less likely to be targeted/compromised.
@@Wh0NeedsFr1ends LinkedIn is a jobs networking site where employers can search for you. Many employers have security requirements. It might not be ideal to disclose publicly but if you're looking for work you will have to disclose it, so it's not shocking to me that this happens.
I am a master of cyber security, sounds like to me a classic case of “skill issue”
That’s why the best cybersecurity expert is a team of of them with each member being highly specialized in one specific field.
I agree over all, how ever I would say the degree is for understanding of cybersecurity overall. The certifications you get are for your specialization.
As, someone starting out in the field I regretfully concur absolutely.
As echoed by many here, you've literally described every undergraduate degree ever. As I say in my meatspace life, a degree doesn't mean you know squat... a degree means that maybe you can learn.
Think in terms of medicine. You don't even get an undergraduate medical degree but even if there was one you wouldn't even be allowed to be alone in a room with a patient. Getting a medical degree means you now qualify to do the extra decade of supervised work before you may be considered to be not actively dangerous.
thats like beeing a fullstack developer somehow
I have 25 years in infosec after 15 year working in many different areas of IT. Overall, I agree with the point of this video. If you are trying to get into the cybersecurity field, learn one are of IT deeply first. Become a skilled software developer in one application area OR become an expert in cloud infrastructure, those are the two best choices, but others are certainly available. Once you have mastered an area of IT, you can learn how the principles of security apply to your area of expertise and begin practicing security in your area. Generalists have a much longer career path.
The value of being broad especially in your early career is flexibility of outcome. Imagine studying something in college and then getting to the work world and completely hating your life every day at work. That would be a terrible way to live. With a wider base you have more freedom to move around
Actually attentind some entry-level CCT. It's ok and can provide a starting point. After that point you have to find the field that you're most interested in and become a specialist in that field. Being a Jack-of-all-Trades or a generalist is not hurting but there are way too many dark areas that you can't cover.
I agree, I also used to think it is impossible but I think it is doable after many years actively doing hands on work in all the fields
Knowing a little bit of everything is actually really useful. All knowledge and skills are connected, and anything you learn can inform other things in ways you genuinely can't imagine until you've learned both of those things. Even in seemingly completely unrelated fields. It is still useful to get really good at certain things depending on what you want to achieve in life, and the more related two subjects are, the more they will inform each other. But knowing 60-80% of what you need in many things can make you a far more competent person in whatever it is you are trying to do.
Good example is game development. AAA game devs have hyper specialised positions now when everyone used to be a generalist, and the only games worth playing now are indie games or retro games which are/were made by generalists.
The most productive and comptenet people to ever live were all polymaths. Bring back polymathy.
A little bit about everything is a good starting point and that's what most degrees in most fields are. Then you can zero in on one thing. The problem I have with degrees is the cost and time investment is too high but if you're on a full ride, get that degree.
That seems like a rather common academic education approach, engineering or otherwise. You're taught general view and tools to learn, your employer should train you to the task at hand. Unfortunately these days jobs demand highly specialized skills and don't have any ability to teach a new employee, sometimes they're hiring people without even knowing what the employee should be doing and the employee should know enough to figure out what their job should be. Nobody wants to hire a smart learner who knows stuff, they want to fully fledged professional. Even for starter jobs sometimes.
Well, that's just my view on how here in engineering bachelor's alone doesn't really exist, you can flush that from the toilet, it's only bureaucratical step to masters. And what I said applies to masters here.
I talked with a guy who had a job in cybersecurity at a Fortune 500. Didn't know what a kernel was, privilege rings, memory segmentation, etc. etc. These schools just teach people how to use commercial security software, that's it. Why an employer thinks that's good enough for them to be effective, and why someone would be willing to take on $75k of debt to learn something you can learn yourself for 5% of that price is beyond me.
It's fine to know a little bit of everything. They'll learn the rest on the job. That's what being a junior is. They'll have a overview on what security entails and what overall patterns are.
Also important to note, 90% of people in infosec are ABSOLUTE CLOWNS. There's more absolute hacks in infosec field than there is in quantum physics.
cyber security requires a team of experts in many fields. companies have cheeped out and have gone to "x hackers" because they think that they know everything about the machines for a cheaper price/rate.. and some of them do but it kind of screwed up the real cyber security teams.
Deciding what to specialise on without knowing what's what is not a great approach to settling on a field to master for the rest of your career. Maybe this doesn't apply to everyone, but I usually change my mind or opinion of something when I learn more. So, it's not bad to learn a little bit of everything at first.
Very true i'm so happy someone finally said this to a wide audience.
I'm so sick of collages & job offerings that are delusional to say the least.
I don't know how it's like in other countries but in Belgium you need a masters to get a entry level in Cybersecurity.
Cybersecurity is one of the only jobs where you can learn these skills 100% at your own and become either a master criminal or just a hero.
YET somehow the job offerings look like they are made by CEO boomers that snort a Kilo cocaine daily and say:
"we only hire people who are willing to spent their life savings to a failed education system"
Anyone who is truly a master in Cybersecurity is intelligent enough to keep that information to themselves.
A little bit of everything is fine for entry level jobs where companies can hire people to fill spots and refine their technique from there
A degree always represents the fundamentals and an understanding of how to learn. You will always develop further skill and learn more after that. That's not unusual or unexpected.
I got a degree in cybersecurity and am working as a DevOps engineer, worked out great for me
This is why you bring on a team with varying skillsets. my company was looking for "masters" for a while, everything seemed fine. Hired an attack specialist and they found 3 major vulnerabilities in a month
I am currently in an information security master's degree at the top 1 university in the US ranking for cs and cybersecurity . Not a brag, because I have learned that the more you learn the more you feel like you don't know. Our professors are all the absolute experts in their respective fields in cybersecurity, but you would find that they all don't say things like "this is absolutely secure" or "what I am saying is definitely correct in all cases". This is a big contrast to CS degree professors, which I took for undergrad.
I think the reason is security is always relative, and the more complex a system is the more possible vulnerabilities there exists.
Also, cybersecurity professors are on average a lot more open to ideas than CS professors.
thats what i always discuss with people, coding has become impossible because of all the futile things that we need to learn! thousands of frameworks, programming languages that all achieve the same stuff...
Way more value in an IT person who will know what’s what and learn security along the way than a security professional that doesn’t know how windows operates.
Like he said it's imposible to be a cybersecurity master, but a cybersecurity master, is so fucking general. So, you can be a cybersecurity master IN some specific area; like in cloud, Windows, Android, aplications, WEBs, etc.
Indeed, to secure something you need to understand it first and be good at.
Getting a CISSP or such cert would be better as long as the person has worked in a developer, software engineer, and infrastructure/DevOps role prior to calling themselves a cybersecurity professional. Then, they have to get trained in a specialization within cybersec. Thus, the only legit cybersec pros are generally very senior and rare.
Cybersecurity degree should cover the basics of all "the things", which most institutions doing an ok job of covering in their program. A bit of coding, networking, computer/OS architecture. I'm against degrees in general because of all the added fluff non-tech related. But I think cybersecurity degress need to stress the importance of specializing in a hyper specific niche.
There's so much breadth in cybersecurity that you can have dabble in a lot of things and be an effective cyber security professional. Vast majority of issues in the space is not technical, it's human and business. Most issues also more or less repeated in every single company to some degree. Even those specializing in cyber security. You need really good technical people to do things like automation, forensics, reverse engineering and systems, but a lot of the work is actually just trying to explain laymen on basic hygiene and recognizing social engineering attempts both in person and on the internet.
I have a master of engineering in software engineering (specialized in architecture, networks and systems), a master of science in computer science (specialized in artificial intelligence and HPC), and a master of science in applied mathematics (specialized in artificial intelligence).
No degree makes you a master except a PhD which will make you a master in the extremely specialized subject of your thesis (research master of science will do it as well in some measure).
From my years of experience, being able to understand everythng atleast on surface level goes long way as in understanding one specific thing. It is good that you have bigger knowledge on atleast something, but the necessity to understand the whole process is a must have.
The same argument could be made to almost all fields of study: mathematics, biology, physics, chemistry and so on
So there is no reason to exist a general course of them?