Forwarning: not ranting at anyone here but ranting at the situation in general...

You two seem to have a view point on undergraduate education that is increasingly becoming more common. I was taught that skills wise, very little was expected at the Bachelor's level degree. They say Bachelor's level shows you know how to learn, and you have a wide breadth of topics. You are suppose to come out as a well rounded student, not just some specialist. I once heard associate degrees tend to teach you how to do a specific task of a subject, while Bachelor's attempts to teach you a subject. Master's level then helps you specialize within that subject. Here people generally don't specialize until their graduate degree. We just have general undergraduate degrees (Comp Sci/Computer Engineering). Elsewhere it seems everyone is so crazed and obsessed with getting in on a certain profession that they specialize the title and courses to try to market that niche.

So what's different about a degree in Cyber Security vs a degree in Computer Science with say a concentration in Security? Often times the "security" one seems to be more concentrated in terms of subject matter, while the "science" degree seems to maintain a certain level of generalization to the material. Everyone wants to specialize now at the Bachelor's level but, what good does that do you? What does one do if suddenly security stops hiring? Does that Cyber Security degree mean you can also function as a computer science major could? Or was this another case of a university marketing ploy? (I'll admit, I got caught by the "Computer Engineering" ploy here. Billed as EE+CIS, it ended up being a watered down version of both...but I took care of that :)) Concentrating too much on a single area limits your ability to branch out, and more so, the bigger picture sometimes.

What good is learning circuits if you don't know how to analyze the signal you put through them? Everyone loves being wireless now, so you need to learn how to radiate those signals out of your circuit...but that add's communications problems....so let's add some communications and controls theory to the mix. Wow suddenly you can understand how a system works (FM radio, cell phone, 802.11, etc) from top down. If you specialize in circuit design, you can better design with the understanding of what is going to be pushed down into your circuit. The same can be said about programming, networking, etc...

As for interviewing (being a senior and all), the people I've interviewed with assume they're going to have to train you and, any knowledge you bring to the table puts you ahead of the next interviewee. As for certifications, no one has actually expected me to have any and usually make fun of them to break the ice. The internships I've had have shown me that places expect you to come in with a general knowledge and to become an expert in an area they designate. Some places may hire you because they think you have some really great skills, but honestly, how do you get that on paper?

People instantly start claiming "oh well you need to have certifications!" CISSP/GIAC/etc, they're all so high level what do they really test? "Prep material" makes me think SAT/ACT/GRE, all tests which are just a matter of how well you studied and took the test. It's one thing to identify two similar angles on a test but, will you recognize them in the real world when faced with a physics problem?

I guess I really echo your calls that employer's shouldn't expect to be hiring fresh college grads who have tons of experience. I still however, feel like a degree should be more than just learning specific skills. Here's an example: I've met many a CompSci major who think they learn languages. I once had a kid tell me he couldn't complete an assignment because he was never taught C, only C++. "I can't help you with Matlab, I only know Java". They miss the point that they're suppose to learn the theory or science behind the programming, so that learning a new language is simply a matter of syntax. How can you really expect anyone to do security of a system if they can't understand how the system works. At the same time, someone saying they know the theory but being unable to apply it, is equally as useless. It's a mixture of the two which I think truly makes one effective. What good is having a skill if you don't know how or why you're doing it? How good is knowing why something works if you don't know how? Does this make sense to anyone but me :)

I think the problem is that there is a demand for people in the area, and everyone is jumping to try and get in on the rush. Any buzz word that you can throw to make you stand out more, people jump at. At the same time that there is this demand, there is a complete lack of definition as to what is required and what makes someone qualified. It just seems like pouring gas onto a fire at times. Maybe I'll just give up and go into hardware where I belong since I'm evidently not special enough to have the word security on my diploma thus meaning I'm not qualified for any jobs out there....

Then again what would I know about any of this! I'm just a soon to be graduating undergrad...maybe I'll go to graduate school and actually learn something :)

"What good is having a skill if you don't know how or why you're doing it? How good is knowing why something works if you don't know how?"

In most of my classes, they try to give us the why behind it. And if they don't, the professor is more than willing to explain to anyone who asks. I agree that some of the material is too shallow as far as what you REALLY need to know to be able to do it in real life. As for the certifications thing, some of the jobs I'm interested in list them as requirements while others require a degree, experience, or any combination of those. I do want to get a Master's eventually as well.

As for the "security" buzzword, my classes are supposed to be tailored to the govt/mil idea of information systems security. It would be interesting to compare what I'm required to take and what Jess has to take - I don't know how widely a similar degree program can vary among different schools.

Amen, at a 4 year now... the CS classes are so pointless for someone who wants to do full time pen testing later. I try and get credits for getting certifications without any success. Instead I end up reading the same text books and writing the same G.E essays as the last twenty graduating classes. Just a tip from personnel experience, do not turn in vulnerabilities to your schools IT dep. Me and a friend found a gaping hole in folder permissions... lets just say it could have been ugly, we are now under the perception that the "student whitehat" does not exist.Twice this was greeted with open arms, patched, then post patch monitoring was implemented. Salem 09?