The University of Washington’s School of Computing and Engineering is offering a new course on how to think like a security professional. The class looks very cool, but look at the requirements:
You should have maturity in both the mathematics of computer science and in the engineering of computer systems. This means that you should: have a good understanding of data structures and algorithms; be comfortable writing programs from scratch in C and Java; be comfortable writing and debugging assembly code; and be comfortable in a command-line Unix development environment (gdb, gcc, etc). You should also have a good understanding of computer architecture, operating systems, and computer networks.
Um, how many people do you know at the very TOP of infosec who:
- is comfortable writing programs in C and Java from scratch, and
- is comfortable writing and debugging assembler, and
- is comfortable coding in UNIX using
gdb,gcc, etc.
I mean like Bejtlich, Gula, Ranum, Roech, Parker, etc. Do they even qualify? If so, how many of them? I understand that most people at some point could do this — even me to some degree. But damn, not anymore. I think most people learn assembler, Java, etc. and that stuff quickly atrophies unless it’s part of your daily work.
Oh, and that’s just to get in to the class… You should see the final. 🙂
Anyway, I’m being silly. But the class does sound like it’d be cool. There’s even a course blog.
