Age concern, 26, Full-Time Degree, Ethical Hacking, Advice plz

Viewing 14 reply threads
  • Author
    • #4824

      Hi all,

      I have been working in the IT Industry for just over 3 years now and after a fair amount of research through books, whitepapers, advice from friends/manager etc I have concluded I want a life long career in Security. 

      Security is a huge realm and at the moment I am leaning towards the Penetration Testing route, after toying around with BackTrack, it really entertained me and fueled my interest dramatically.

      So I am currently 26 years of age, studying towards a CCNA, have passed MCP’s in 70-270 & 70-290 & CompTia A+ and have researched into alternative learning pathways.

      I have applied to study for a Degree in Ethical Hacking & Network Security, which begins this year and upon completion I will be 29 and would have potentially flushed 3 years of experience down the sewers.

      Age is my biggest concern on making a return.  I have read several other posts and concluded none of the posts I have read are similar to mine.

      So I present it to you.

      In your opinion would I be shooting myself in the foot by studying a full-time degree and flushing all my experience into the sewers OR would you recommend I take my other route and pass my CCNA, land a Network Admin role, top up on Network +, Security +, CCNA Security, Linux+, CEH, kinda route?

      Now ultimately I need to conclude this myself, I know that, but if anyone in the field can give me some much respected and appreciated advice that would be brilliant.

      I look forward to your response/s

    • #30304

      While a degree is definitely not the ‘be all, end all,’ it’s still always a nice thing to have in your corner / back pocket, when applying for jobs and promotions.  You didn’t mention, do you already have any degree, or would this be your first?  Personally, I think if I were in a position where I had opportunity and funding for a degree, I’d pursue it, and look for possibilities like work-study / co-op, etc, while I was working towards it.  I also think your other certifications will help, and it’s always nice to have some base knowledge to work from, as well.

      Personally, I can’t say you’d be ‘shooting yourself in the foot’ with either direction, and can only say that, personally, I’d get the degree while the opportunity permits.  One other thing I always think about is that the degree often becomes harder to make time for, and concentrate on, once you enter more full-time into the working world.  It’s something I, personally, never achieved, and while I still feel it’s not a ‘necessity’ (I’m doing very well for having none,) I still wish, for job security’s sake and comfort, that I had one, to give me more opportunity, should my direction and status ever take a drastic change in any other direction.  I have plans to pursue down the road, but with my current load, if I were to start even part-time right now, I’d be working on it for probably 2-3 times the amount of time, to achieve it, due to work commitments and my family.

      So IMHO, I’d get the degree, if the opportunity feels right.  (Take my opinion for what it’s wortth, as it’s mine, and you need to make your own decisions. 🙂 )  You can still continue to study security and other topics, and open up quite a few doors while working on the schoolwork.

      Good luck, and keep us informed of your direction and progress, delusion.

    • #30305

      Welcome to delusion. 

      Each situation is unique.  I can only tell you what I am doing and my thoughts behind it.  I have about two years of higher education under my belt.  I got burned out and left school for a decent opportunity.  I am a bit older than you are.  I started fairly young in IT, and moved to security about 6 to 8 year ago.  I have about 15 years of total experience in technology, ranging from systems administration, software development, database administration, pen testing, forensics, networking, to whatever else I picked up over the years.  I have always worked in the SMB segment, which allowed me to sort of be a jack of all trades. 

      On the way I picked up some alphabet soup after my name.  In the security world, like just about everyone else in this community, I am good for at least a couple of hours a day reading, researching, and testing something new.  At this stage of my career, I have reached a point where I need a degree to move on.  What I have right now will keep me stagnant.  This is especially true in this economy.  I enrolled at Drexel last year, and I have been going through their online program part time.  I am working towards a BS in Information Security.  It will take me 4 years to finish, going part time. 

      Leaving my job and going to school full time was not an option for me. Had it been, I would have had serious concerns about staying relevant in the field.  There were circumstances that lead me to chose the path I am on.  If I were in your shoes, I would shoot for going to school part time and working at least part time to maintain some level of experience.  Perhaps you will be lucky enough to find an employer who will pay for your education. 

    • #30306

      first off all, welcome delusion! (*cheering in the background)

      second, let me tell you something about my backgroup to help you understand it isnt that much different. i’m currently 25 years of age, have taken a master in information science (which is IT related, but not focussed on security) and started working for about a year now. i almost immediately dived into security, learning alot everyday, went for my CISSP and CEH and here i am now.

      Last year the Dutch university started a master in information security. which made me mad because i would like to obtain that master a 100 times more then the one i have now. i was about 2 inched away from taking that master but i decided to do not. this is why. i believe that experience + certification gives you much more value then that master will. i already showed my level of intelligence by obtaining my master degree, and saw no added value of another master, even though its specified in the field im currently working.

      Back to you: depending on your prior knowledge (do you already have a degree in information technology?) i’d do the following: if i already have such a degree, id go for certificates and experience (experience is leading in this field, which i found out the hard way). if you dont have a solid base in information technology: go for it! Age isnt a leading factor here. there are tons of people who figure out at a later age what they really want to do! if you are in the position to make that degree happen (given funds and time) do it! but i would only do it if i hadnt a solid base already.

      hope i’ve helped and please share you descision with us!

    • #30307

      Welcome to EH-Net, delusion.

      I most probably would go the academic route if I were in your situation. However, as already stated, doing it only part-time and work besides would be possible too. I’d say you really have to decide yourself. Personally I experienced that, although one is studying computer science or security in particular, it doesn’t mean that everyone will left with the same amount of knowledge and ‘skill’ after. It really depends on what you can put in additionally – a school gives you, in my opinion, only many directions and possibilities. But the ‘really interesting’ things will be done on your own anyway.

      You are never too old to go back to school/ university if you really want to.

    • #30308

      You are limiting yourself to one or another? Why can’t you continue working and study at the same time?

      I got out of High school and started working full time, I began studying for a CS undergrad in the evenings while my employer paid for the classes. Doubling up on night and weekend courses I completed my undergrad in 2.5 years.

      Towards the end of my undergrad I got married and had a child. Once I finished the undergrad I was still working for a company who then payed for me to go to graduate school to obtain a masters in Network Security. That one took a little longer since I had a child and was doing some consulting.

      But here I am, 26, Masters, Undergrad, 2 kids now, and I haven’t stopped working since I was 17 (technically 13 but I don’t count high school jobs.) I only have one certification and that is because my former employer mandated I get it within 6 months of being hired. I don’t waste time with certifications for many reasons, the largest one being the waste of time required to study and retest every 3 years.

      Many decent employers will at least partially pay for school, so why not find a decent employer and work and study at the same time?

    • #30309

      @phn1x wrote:

      You are limiting yourself to one or another? Why can’t you continue working and study at the same time?

      I got out of High school and started working full time, I began studying for a CS undergrad in the evenings while my employer paid for the classes. Doubling up on night and weekend courses I completed my undergrad in 2.5 years.

      Depends on where you’re going to school and what they offer. When I was going to the University of Michigan, the undergrad classes were during the day, and the night classes were reserved for people in Master’s programs. They didn’t even offer most of the undergrad classes at night. (this may be campus specific, others have said the Ann Arbor campus might be able to do undergrad at night).

      They didn’t offer the classes online either from what I can remember.

      Needless to say, I dropped out, because I’ve been working in Computers full time since I was 19. I was in my mid 20s when I was at the U. The only job I could find at the time, and get an offer for, was a Day Job where I had to be at work at the same time the undergrad classes were offered.

      Sadly, most of the Universities around here have that mindset too. Looked at a couple but Undergrad offered when I’m supposed to be at work. Being 32 now, I’d love to go back to finish a degree or 2, but it’s hard working a full time day job. (Part of the reason I asked BillV about WGU, but didn’t like the courses).

    • #30310
      Don Donzal


      Amen, brother.


    • #30311

      No I dont have a degree to my name, I went straight to uni from college and began studying Software Engineering, lets just say I wrecked all hope of passing.  I had to leave due to personal reasons.

      On a more positve note I travelled to uni yesterday for an open day/more indepth talk on the syllabus/Networking which was informative.

      I was a bit shocked to find out how elite I will need to become at programming to acheive a satisfactory grade.  JAVA/C/Pearl are on my essetial reading list.

      Having not coded for 8 years now!  Ultimately I need to find out if my coding passion is still embedded.  Today I have started reading Big Java (3rd ed), I will give myself a month to grasp the concept and then conclude if programming is for me. 

      I have looked into part-time courses, the flavours are not to my taste and in reality I know I will be a lot more keener in a learning environment, which is why I have burned that option.

      As far as a decent employers go, I have worked for two pretty good employers which are happy to pay for Certs, but degrees that sounds pretty rare in the UK, espically one so tailored as Ethical Hacking & Network Security  😮

      The course sounds very exciting, it does exactly as is says on the tin and every aspect is security related, learning how to code virus’s sounds too fun!

      So more good news I received a UF, which stands for Unconditional fixed offer  ;D I am in a very happy mood again!

      So the one month countdown commences, time to jack into the programming world!

      Thanks for all your advise and stories, i’ll keep you all posted on my decision  😛

    • #30312

      Good luck, delusion

    • #30313

      @phn1x wrote:

      I don’t waste time with certifications for many reasons, the largest one being the waste of time required to study and retest every 3 years.

      Phn1x, not all certs will force you to retest.    For example, the CEH and CISSP are maintained by training credits.  If you accumulate 120 hours worth of approved training during the three years, you maintain your certification.  Retesting, is just another option, but not a necessary one. 

      I wouldn’t dismiss certs.  Some employers will require certifications.  For example, my company has never hired a forensics investigator without at least one relevant cert.  They don’t prove that you know anything, but they show commitment to continuing education.

    • #30314

      Ketchup – I would never dismiss CERTS, although experience trumps qualifications to a degree, I beleive CERTS are essential, if I do journey off to uni, upon completion, I will still armour myself with CERTS  😉

    • #30315

      I’m 26, worked 3 years in IT, doing system administration and the odd project here and there implementing whatever is required of my clients.

      I too picked up an alphabet soup along the way but I never finished my degree.

      I plan to do a degree whilst working in the future. When? I don’t know but I think I will need it eventually.

      If it turns out that I don’t need it then sweet, its obvious cause I’ll have a job in the role that I want in security.

      If not I slug away at sysops for a few more years and then get that degree and then move into the role I want.

      I’m quite happy with the path that I have taken and I think doing my degree later has been a better choice for me.

    • #30316

      Hello Delusion

      After I read your post I wanted to share the road I take to help me achieve similar goals. I must admit I really don’t post to the board often, not by choice but by my obligations.  I feel I need to answer your request for advice for I have traveled the road you plan to travel.

      When I was going down the same path no one could answer all of my questions.  My unanswered questions lead me to research how I could earn my degree in as little time possible.  

      I was in the Army from Nov 1999 – 2004 31U I worked on computers from my unit. Before I was honorably discharged from the ARMY I was able to take classes for MCSA 2000 A+, Net +.  The classes with experience helped me to obtain a starting salary with my first job.  A year after being honorably discharged from the ARMY, I started taking courses at a local community college. I was 25 years of age,  raising my family, work full time, and trying to find time go to school to improve our situation.  During the first year, I took one class per semester all while working the night shift from 6pm – 6am.

      After work, I would drive to school and sleep in the student break area until my class started at 8 am.  During the semester some my classes didn’t ended until 11 or Cisco classes until 12:00 noon.  On the same day I might have a class from 1pm – 3pm and I would rush home to sleep for a short time before going to work 6pm.  After 2 ½ years of the madness  I made a decision to attend college fulltime I enrolled in online course and on campus classes.  I mapped out the courses so I could finish all of Required Support Courses, Elective Courses, and majority of my required courses faster.

      The plan worked I was started taking courses at a local university for a degree in Information and Computer Security before I finished my associated degree. The first course I took at the University I transferred back to my community college for credit towards my associate’s degree. By the time I finally finished my associate degree I was 1 year from finishing my Bachelor of Science – Information and Computer Security.  I started taking more classes when I could which allowed me to finishing my degree in Bachelor of Science – Information and Computer Security 1 year.

      A Degree is something no one can take away from you. As I have learned an employer will pay for certification and not really for an degree. A Degree in most cases means a person can demand more money.

      The path I have taken I learned a lot. Right now I am a Security Analyst in DC. Some of the board members meet me while I facilitated the SANS GCIH 504 course in DC.

      I hope after you read my post some or all of your questions were answered. If you still want me to clarify some of my answers feel free to send me a message and I will respond and or give me a call on the phone.

      I think you could go to school full time and go to work school time. You will have to dedicate yourself in order to do good at school and work. By working you still will gain experience and grow faster than only going to school. By the time you leave college the technology your working on and book will be almost obsolete. I trained on Novell which I have never used during my career.

    • #30317

      Hey Delusion ,

      I received your email and my reply will include my telephone number with a time you can call me. I will also answer your questions and post them on the site for everyone to read .

Viewing 14 reply threads
  • You must be logged in to reply to this topic.

Copyright ©2020 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.


Sign in with Caendra

Forgot password?Sign up

Forgot your details?