OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Re: [Dailydave] Re: Misc. rant on academic security

From: Tri Huynh (trihuynhzeeup.com)
Date: Sat Nov 08 2003 - 00:32:19 CST

Hi all

Another fact is while studying Information Security at most school, students
usually
just learn some "abstract" things like this:
http://tennis.ecs.umass.edu/~czou/research/emailvirus.pdf
which to me is kind of bogus. I had joined some security conferences
celebrating by
universities and they sucks very bad. By the way, i wonder if most security
geeks
graduated from good schools or they just graduated from normal
schools and taught themselves all the way up.

Trihuynh

----- Original Message -----
From: "Bill McCarty" <bmccartypt-net.net>
To: <dailydavelists.immunitysec.com>
Sent: Friday, November 07, 2003 5:34 PM
Subject: Re: [Dailydave] Re: Misc. rant on academic security

> Oops! I originally sent this message via an email account other than that
> from which I subscribed, and it seems to have found a black hole. If it
> turns up later, please pardon the redundancy.
>
> --
>
> Good rant! I agree that much academic research in information security is
> irrelevant, outdated, or both. And, I'd like to address one of the
> subsidiary issues that was mentioned.
>
> As a teaching academic, I find it necessary to advise students interested
> in academic research in information security to think twice. Unless they
> can find a respected, peer-reviewed journal willing to publish their
> results, they've not only wasted their time, they've possibly wasted their
> careers.
>
> Here's how that can happen. If a student who chooses to study information
> security is fortunate enough to find a job after graduation, the student's
> employing university will decline to renew the student's contract unless
> the student can demonstrate a solid record of publication. This isn't
> generally possible today. There are merely a handful of journals
publishing
> information security research. And few, if any, of these are as yet highly
> respected by academic tenure committees, irrespective of their intrinsic
> quality. So, I believe that academic research in information security is
> best left to tenured faculty, whose research is not subject to the same
> type and level of scrutiny. That's not how I'd wish it, but that's how it
> is.
>
> That said, I can perhaps assist those who are not discouraged by my advice
> <g>. I edit the Honeynet Files department of IEEE Security and Privacy, a
> peer-reviewed journal that's published bi-monthly. I welcome guest
> articles, which must pertain to the department's topic, honeynets and
> honeypots. Articles are subject to my review, but are not subject to
formal
> peer review. Some universities credit publications in peer-reviewed
> journals, whether or not the publication itself is peer reviewed. Students
> and faculty at such universities may find this publication outlet useful
to
> their careers. Your own mileage may vary.
>
> If anyone wants to offer an article idea or article for consideration,
> please drop me an email. I'll do my best to find a way to fit even square
> pegs into this round hole <g>. For instance, I'm generally willing to
share
> data from my honeynets with interested researchers lacking data of their
> own.
>
> Cheers,
>
> ---------------------------------------------------
> Bill McCarty, Ph.D.
> Associate Professor of Information Technology
> Azusa Pacific University
> Azusa, California
>
>
> _______________________________________________
> Dailydave mailing list
> Dailydavelists.immunitysec.com
> http://www.immunitysec.com/mailman/listinfo/dailydave
>
>