Ethical Hacking Degrees - the good, the bad, the ugly
I often get emails (yes, people actually email me) around September time from young students who have come across this blog wanting to know more about doing Ethical Hacking at university level. I am writing this blog post in part to prevent myself from asking these young people for money for my time in replying to all of their questions. Also there seems to be a lot of misinformation about doing degrees related to computer/information security within the community.
Now, you maybe thinking... Ryan has invested countless thousands of pounds and four years of his life to his Ethical Hacking degree so he is bound to be biased. Well, I guess if I wasn't a little biased then I wouldn't be human, but I am going to try to be as honest as possible.
Ethical Hacking or Information Security or Computer Security or Network Security... are all included within titles of university level undergraduate degrees within the UK. No matter what they title their courses or whether or not you agree with the use of certain terms within their titles is irrelevant as they are all attempting to teach the same things.
Often the question I get from prospective students is, should I do a degree in Ethical Hacking?
I cannot answer this question. The answer is completely individual. I can only answer for myself. For me, at least, it was the right decision. I did not finish secondary school for various reasons, from the age of 15 I had worked in undesirable jobs with little career prospects. I had always been interested in computers and especially the security aspect of them. After being declined for lack of qualifications, further pestering got me a seat on the course at the age of 21.
For me, university was a chance to gain an education in a subject I was passionate about and related to the career path I wanted to take. I doubt I would have gone to university if it was not for the specialised degree in information security. I did not know that a career in this field was even viable until I had seen the course advertised.
If I could turn back time, knowing what I know now, would I still enroll on the Ethical Hacking for Computer Security degree from Northumbria University? Yes, I would.
Sure, I have had my doubts over the four year sandwich course, but don't all students have these doubts now and then?!
OK, so now moving away from personal reasons to actual content.
If you are leaving college at 17, choosing the Ethical Hacking degree because you think 'it sounded cool' and expect to be a 1337 h@x0r within four years. Then, I am sorry, this course is not for you. Go and waste 4 years doing a degree in [INSERT_UNDESIRABLE_DEGREE_HERE].
If you are interested in computing and security and expect to learn everything these is to know about computer security within 4 years, you will soon be moaning you are not learning enough! [insert baby cry here]
You make your degree. You can't expect to be spoon fed. Take responsibility for your own learning.
I agree, the content of the course is far from perfect, can be disorganised, can be a little 'n00bish' at times. Going over Nmap, Metasploit and 'famous' hackers exploits over and over again is shitty, boring and useless. But, from my experience as these degrees are new, they are *very* flexible at taking on student feedback. Tell them what you want to be taught! They won't teach it?! Teach yourself!
People have the misconception that Ethical Hacking degree modules are all security related, this is untrue. On my degree at least, we have networking, programming, business consulting, relational databases, computer system fundamentals, modern communication systems, forensics and others. These are all modules which are shared with other students on other degrees such as Networking or Computer Science. In essence my Ethical Hacking degree is like a Computer Science degree with security tacked on the side. (some will disagree)
If your career path is to be a security professional then I would do a Ethical Hacking degree over a Computer Science degree if the option is available to you. Like any security professional, do not expect to sit in a class room from 1pm till 3pm 4 days a week and expect to be writing custom exploits within 2-3 years. Security is a passion, not a job.
Admittedly it's not for everyone, but I can say with my hand on my heart, that it was the right decision for me.
My degree: http://www.northumbria.ac.uk/?view=CourseDetail&code=UUSETH1
My modules: http://www.northumbria.ac.uk/?view=CourseDetail&code=UUSETH1&page=modules