A Question of Degrees - BS in CS, IS (ISFM)

R

RanceJustice

Supreme [H]ardness
Joined
Jun 9, 2003
Messages
6,623
Not sure if this is exactly the place, but since we have a cert topic I thought it the best place to ask.

I'm currently a college student. I'm planning to graduate with either a bachelor's or masters(bs/ms honors program) from a "real" university, UMBC (or perhaps Stanford if I transfer). Of course, I'm going to be persuing a computer based degree, with a personal (if unofficial) focus in Security. I also plan to be at least Security+ and SSCP certified when I graduate(or earlier, I'm going for Sec+ before the end of the summer), and perhaps CISSP and GIAC as well. I also want to make a lot of money.

With that said, I have the option of majoring in Computer Science or Information Systems. CS is pretty vanella, consisiting of C/C++ and some general software dev type classes. IS seems to focus a bit more on networking and also adds some business and management requirements, but less pure code. Which do you think, will be better for the money at a later time?

Personally I'm thinking of going IS, as pure code monkeys can be outsourced, but guys who have knowledge, managerial/people skills, and a security focus are harder to replace. Please no flames, I have no desire to become the pointy-haired boss who has no idea what his staff or doing. I'd much rather be the guy who's chief security officer, working casually with his staff to help configure the firewalls and be the go-to guy for active response.

What does everyone think?
 
Well I can tell you this much from experience: I am IS (fiance double major as well) with my CCNA and 1.5 yrs intern experience. My roomate just graduated CSE with no certs, and some unofficial work experience (worked under the table, basically).
Who got the big money job? Him. Now I am not doing badly, but he's got me by almost 30k, his starting vs. me after 1 year.
Moral of this story: "code monkeys" are still the ones who get paid, if they're good (my roomate is damned good). The low level guys just plugging away at canned software are the ones getting outsourced, but those that can really code creatively are still in demand. Companies are looking for less IS people right now. You don't really need the business/IS people as much when the dev work is outsourced anyway. Not that you can't get places with IS vs. CSE, or that IS might not even be better in the end, its just not as easy starting off right now. It took me about 6 months as a full time employee (after over a year as an intern) to prove my abilities to the point where I can start moving up (we are in a hiring freeze, however, and moving up is very difficult). Start my new job as a 2nd tier network analyst end of this month :).

The best advice I can give you: as hard as you work on your computer networking, security, and certs; work just as hard on your people networking. It is the critical factor.
 
Thanks for the imput! I'm hoping my people skills with be one deciding factor. Hmm, would anyone else like to contribute their experiences? I guess I may be switching back to CS then... Mayhap a double major in CS/IS?

Also, my school is one of the Centers for Excellence in Information Security (NSA Designation), and by completing a course path that can be in both IS and CS majors, I get a letter from the Dean signifiying I've completed the special Security track, which nomatter what major I intend to do.
 
I'm in somewhat of the same boat as you, but I've already made my mind up about what I'm doing. I am 3 hours shy of being a junior at a private christian school in Texas. I'm majoring in CS with a specialization in Network Security. The program is very good. Given your plans of pursuing CISSP and GIAC, I will tell you that the programming you'll learn on CS will be very helpful.

With your CISSP cert and the various GIAC certs, you'll be dealing with a lot of stuff that isnt purely networking. Those certs deal with secure application development, and analysis of code - especially the TCP/IP stack. You're going to want to know how various attacks against applications work (Stack overflows, buffer overflows, privledge escalation) and how applications communicate over networks and knowing the coding involved in apps is certainly going to help you. To be successful as a CISSP, based off the information I am currently reviewing in prep for my exam, you're going to need to know the networking side, the application development side, the people side, and the physical side of security. You'll also need to know how to investigate break-in's, various laws, and ethics. Your CS program should cover the networking and application side, it may or may not cover the people and physical aspects of security and the other stuff I mentioned. Those you will either have to research on your own or get from on-the-job experience.

As far as making money goes, you might not get that high-paying job right when you graduate. Especially if you are going into security. I've been doing all the networking and security for a medium-sized business for about the last 2 1/2 years. I make more money than any of my friends who are working at the mall's or grocery stores, etc. I dont make nearly what I should make considering everything I do for this company, but that's the way it goes. I am blessed to be in this position though, because I get to research, recommend, and implement a lot of cutting edge technologies. I've gotten to play with a lot of great networking gear and security gear. But I didnt just limit myself there, as much as I could have easily done it. We've got software people developing custom programs for us, and I make it a point to pick their brain as much as possible about software development. I'm always bugging the hell out of guys I know that work for various vendors, running ideas against them and seeing what they think and asking them questions about various stuff. I am trying to branch myself out as much as possible and make myself skilled in more than just purely network security (even though that is my specialization).

The moral of the story here is if you want to get your CISSP cert, I'll assume you eventually want to move into a Chief of Security, or being the supervisor/manager of a group of security guys, or you want to be some big shot sales engineer for a vendor or VAR. Those are all roles where you'll be better served by being very well rounded in all aspects of security. If you can do CS and IS at the same time, and you wont be in school for 10 years, and you can afford it, then by all means do it. It wont hurt you more than likely, and it will make you more well rounded. IS will give you some managerial skills you wont get as a CS major. The reason I'm not double majoring in the same thing is A) I cant afford it, and B) I'm getting the same management skills in my current position. I also can't stress enough how important people networking is. I assume your shcool holds conferences with people entrenched in either Information Security or Networking. Make good friends with the professors that are booking these people, meet these people, and ask them hard questions that impress them. They will remember you, and if they dont end up offering you a job somewhere or recommend you to someone, you can always ask them if they'll be a reference.

As a side note, if you're pursuing the SSCP, you do understand there is an experience requirement right? If you dont have the experience, you can take the test as part of the "Associate of (ISC)2" program. If you pass the test, you wont be "certified" until you gain the required amount of experience, but you can still tell people you passed the test. The same holds true for the CISSP exam. I'm doing the Associate program myself because I dont meet the experience requirements.

Good luck! Hope this helped you out a little.
 
Thanks for your advice! I've been in business for myself as an independent security consultant since I've been in high school (so about 6 years now), mostly doing some basic penetration testing and firewall configuration for home and small businesses. With that in mind, I think I'm ok to take the SSCP. I'm not sure about the CISSP however. Also, what programming languages would you recommend for a security professional? I'm assuming C/C++, and probably some Perl correct? Any others?

Also, does anyone know how to go about getting a US DoD Secret or Top Secret/SCI security clearence? It seems that most high-paying jobs require you to have one already, but very few say they'll go through getting one for you. Is there some kind of application procedure I can go through by myself?

Finally, I'm considering a 60-70K salary by the time I leave college. Is this still a realistic figure?
 
For the programming languages, definitely C/C++ and Perl. Knowing some Java wouldn't hurt either. Mostly it's important to know the differences between the languages. Such as "what are the pro's/con's of using a higher-level language than something like C++". You dont necessarily have to be a code monkey, just keep in mind that some day you might be dealing with some security aspects of application development in a company you work for, or in a business you're consulting for. You need to know enough to question the software guys and make sure they're developing a secure program.

For salary, anywhere from 40-70 is probably realistic, with 70 probably on the optimistic side. Hopefully, by the time we graduate the tech market will be in somewhat of a boom again.
 
Xaeos said:
Thanks for your advice! I've been in business for myself as an independent security consultant since I've been in high school (so about 6 years now), mostly doing some basic penetration testing and firewall configuration for home and small businesses. With that in mind, I think I'm ok to take the SSCP. I'm not sure about the CISSP however. Also, what programming languages would you recommend for a security professional? I'm assuming C/C++, and probably some Perl correct? Any others?

Also, does anyone know how to go about getting a US DoD Secret or Top Secret/SCI security clearence? It seems that most high-paying jobs require you to have one already, but very few say they'll go through getting one for you. Is there some kind of application procedure I can go through by myself?

Finally, I'm considering a 60-70K salary by the time I leave college. Is this still a realistic figure?
Click to expand...

I think the programming languages mentioned would be useful. I also think knowing some database stuff, particularly Oracle, would be useful. While networks are the core of business operation, the database services that run on them are the core of the customer operation. Security for databases is very important, as most companies store alot of sensitive customer info, including SSN, credit card #, DOB, etc. I would also at least get familiar with SQL, as alot of places are asking for it for any sort of analyst position.

As far as security clearances go, most places hiring an entry level person realize that their candidates aren't going to have secret clearance already. If they require secret clearance first, they probably aren't going after entry level people. My friend got a job with a weapons contractor for the AF. He didn't have secret clearance before he got the job, even though it was listed as a requirement. Instead, they worked with him to obtain the secret clearance ASAP as soon as he was offered the position, but they made sure he passed all the background check stuff before the formal offer & acceptance.

When it comes to income, how many years of school do you have left? While everyone on the news says the economy still kind of sucks. Depends alot on where you are, too, although I have heard that security is supposed to be in high demand now and in the future. I know in the seattle area the unemployment rate is still well over 6%, and for a while the IT unemployment rate was around 10%, which really drove down the starting salaries.
For example, I started college in '98. Things were pretty good then. I started in the Business School for IS & Finance in '00. When we were coming in we were hearing that 40-45k was the floor, and that you could easily get into the high 50's (some people pulled over 60). The hire rate was over 80%. Then the economy tanked. I decided to stay an extra year to try to wait out the downturn and get some more experience, both classroom and hands-on. The next year was worse. The hiring rate dropped to the low 30's. I knew very good people who couldn't find work in their major. My buddy that I mentioned above was high in his aero class, and had done alot of new materials research on a special project, and took 6 months to land a job. I had years of work experience, both as an intern and full time employee, leadership roles in school and extracurricular activities, and pretty good academic performance, and I got stuck as an intern for almost a year after I graduated.
It seems to be starting to turn around now. My roomate that I mentioned is coming out of school straight to 75K + stock + incentives. This is a very rare exception however, I do not know anyone else that is getting that kind of money. He happens to have a near 4.0 in CSE, very good practical experience, and has good people skills (a seeming rarity amongst top coders).
Anyway, if you come out with CS & those security certs, 45-50 should be fairly easy to get. Into the upper 50's may be possible. Above that is going to take alot of hard work on your part, good contacts, and more than a little luck, but its possible. I don't know if its ever going to go back to the way it was, and actually, it probably shouldn't. People straight out of school for the most part just aren't worth that kind of money. I think in the 40's is pretty reasonable, but I do wish more companies would be more aggressive in promoting young star workers. Once you prove your abilities they should move people up as they can handle the role. Too many people I know (including myself, until recently) have taken entry level jobs to get in the door, just to get trapped there. Anyway, enough of my own personal agenda. :)

I would say cash should be a secondary objective when you come out anyway (although cash is good, don't get me wrong) but the real trove is good experience. Get that right kind of experience early, and you're rolling. I haven't been out in the world for that long, but long enough to notice that people seem to get a kind of "momentum," and once they're moving, as long as they keep working hard, they continue to pick up steam. Getting that early experience is the way to grab some momentum.
 
Thanks again!

For a frame of reference, I live in the Washington DC Metro area, so I think there may be a slight advantage, as far as security jobs are concerned. Can anyone confirm that? I' had one very successful internship with a nationwide company that provides IT services to hospitals and health care facilities, and if all goes according to plan I may have one with the Dept. of Homeland Security next year.
 
If you're interested in a decent paying job right out of college, you might want to look into Data Warehousing. There is always a need for skilled people who can warehouse and mine data efficiently. Not too many people actually like working with databases, so if you can do that then you have a good chance of getting a decent paying job. I'm about a year from graduating and I'm interning as an SQL Writer. I sit at a desk and figure out how to get the data that different people want out of our Oracle database. It's a great job right now, and should lead to some decent cash in a couple years. Database Analysts usually start around $50-$60k, same as Architects. Both, along with Warehousers, can get as high as $150k pretty easily. People who know their way around a company's database can also be the best candidates for a CIO (Chief Information Officer) position because the data system can usually dictate the direction the rest of the organizations technology goes. And, I don't need to tell you that a CIO position is some serious $$...

Also, do not double major or do a major/minor of IS/CS! Many companies frown upon this as it gives the impression that all you know is technology. Adding Business or Economics to your coursework can do great things for you, and set you up in a position to really go places in an organization besides the helpdesk.
 
You must log in or register to reply here.
Back
Top