I've recently been involved in several discussions about whether online schools are really helping their students. In particular, do they prepare people for the job market? I can't comment on how this works in other fields, although many are probably similar, but here are my thoughts on IT degrees:
The Oversell
I think that many schools oversell the value of their degrees. A degree is useful and often required, but it's not a guaranteed ticket to your dream job. Many schools report that X% of their graduates received a raise or promotion after graduating, but these are rarely automatic. If you're considering going back to school, the burden is on you to figure out what a degree can do for you and how it fits into your career plan.
What is your narrative?
I've run into a few people who either have no work experience or who are in entry level jobs and have completed graduate degrees in IT. I think education is a good thing and there's nothing inherently wrong with earning a graduate degree, but you have to think about how it fits into your personal narrative.
Friday, August 30, 2013
Attending an online for-profit school
A few years ago, I decided to go back to school to finish a bachelor's degree. The school I ultimately chose was Capella University, an online for-profit college. Online universities, and for-profits in particular, have a poor reputation, but I decided to attend anyway. Here's my take on for-profit universities and why I plan to return to Capella to finish a master's degree.
Availability
I live in a small town. When I started going back to school, there were no night-time or degree completion programs that I could take advantage of. I would have loved to go back to school full-time and attend a well-regarded university, but I support a family and can't afford to relocate and quit work in order to go to school. I needed a degree program that I could complete while working full-time.
Availability
I live in a small town. When I started going back to school, there were no night-time or degree completion programs that I could take advantage of. I would have loved to go back to school full-time and attend a well-regarded university, but I support a family and can't afford to relocate and quit work in order to go to school. I needed a degree program that I could complete while working full-time.
Monday, August 12, 2013
Threat scenarios
When analyzing security features, we often look at them in black and
white terms: either they can be broken or they can't. DES is crackable
but as far as we know AES is not so we recommend AES. This is useful when we're making general recommendations
because we don't know what threats everyone is going to be concerned
about so it's safer to assume that we'll always need to protect against a skilled,
well-funded attacker. In many cases, however, that assumption is not
true.
At Passwords 13, Steve Thomas, a.k.a. sc00bzT, gave a presentation about building a cheap hardware security module (HSM) to store and protect passwords. During the talk, someone mentioned on IRC that what he developed wasn't a true HSM since the hardware was not tamper resistant. While that is a valid concern, others correctly pointed out that it may not matter depending on your threat scenario.
Since it has no physical protection, Thomas's HSM is vulnerable to hardware tampering. It should not be used in situations where that is a valid concern. If you're worried about foreign governments bribing your employees or about a rogue employee (e.g. at a bank) being able to sell those credentials, then you should consider laying out the cash to get a tamper-resistant HSM. But, if you're mostly worried about outsiders using SQL injection to dump your password hashes, this solution is perfect. It's cheap and it solves the problem.
At Passwords 13, Steve Thomas, a.k.a. sc00bzT, gave a presentation about building a cheap hardware security module (HSM) to store and protect passwords. During the talk, someone mentioned on IRC that what he developed wasn't a true HSM since the hardware was not tamper resistant. While that is a valid concern, others correctly pointed out that it may not matter depending on your threat scenario.
Since it has no physical protection, Thomas's HSM is vulnerable to hardware tampering. It should not be used in situations where that is a valid concern. If you're worried about foreign governments bribing your employees or about a rogue employee (e.g. at a bank) being able to sell those credentials, then you should consider laying out the cash to get a tamper-resistant HSM. But, if you're mostly worried about outsiders using SQL injection to dump your password hashes, this solution is perfect. It's cheap and it solves the problem.
Subscribe to:
Posts (Atom)
Understanding Scope in Go
As per my New Year's resolution, I've been learning to program in Go and reading The Go Programming Language . On page 141 of the...
-
Most cryptographic algorithms deal with numbers that are 128 bits or larger. A 128-bit number has 2 128 possible values, but how big ...
-
This is in response to a Tenable blog post " Do Passwords Matter? " I have several issues with the post that I address here. Pa...