(This is an interesting post I wrote approximately 8 months after I’d graduated from University, during the time I was working for a resource company doing IT Security/Admin work. I just found this in my drafts and I think that the points I discussed are still valid… on with the post)
Sometimes it’s easy to forget that there are so many different ways to look at a single problem. In my field, especially with the people I’m involved with, I’ve found that you can have a “business” approach or you can have an “academic” approach, and sometimes, but only occasionally, you can have the most “realistic” approach.
Over the last 8 months I’ve found the way I look at issues or problems has slowly changed from one end of the business/academic spectrum to the other, and not until recently had I felt an internal conflict with my new found methods. Not to say that I would dismiss one approach over another, or that one was necessarily better then another, but it certainly was interesting to take a look at a standard security issue and then flip the switch in your head to look at it differently.
Of course this problem exists in other fields as well, not just security. For example, those poor buggers doing Software Engineering or Architecture or anyone else who has the unfortunate problem of working/studying in a field big enough to make a lot of cash but also to spawn journals and papers and academics. You can spend years studying a subject, refining your perception of that subject and its methods only to find that the way it’s actually being done out there in the “wild” is totally different. I think in the security realm this is definitely the case.
What makes this is worse is that it’s also not uncommon to find the population of one spectrum snickering at the population of the other. “What would they know about real-world security problems?”
I wonder if it’s possible to effectively bridge the gap.