Today I'll share a few of the quotes received in the comments section of the survey.
Let's start with this commentary on PhD and advanced degrees:
"A PhD is a full-time job, not an extension to college/school. During my PhD I've published more papers, gotten more patents & more press coverage, and generally contributed more code, tools, and know-how to the security community then my entire relatively-routine work at my current Top 4 tech company. The distinction between getting a degree and working in the field is not that clear cut while pursuing advanced degrees Note that this is about PhD and equivalent degrees in different countries. A MS degree is indeed an extension to college and it is not an advanced degree."
There were a couple of comments on ageism, including this one:
"Would like more emphasis pointing to employers not using older workers- definitely ageism that no one seems to be addressing."
Here are a couple from women on their challenges:
"CISSP and Masters were paid for by employers/grants and/or federal gov assistance program. Had to get Masters cos as a woman my years of experience was irrelevant and ppl wanted to focus on my art degree from 10 yrs+ ago."
"I was in SF in the 80s. Nobody had degrees in tech back then. IBM gave free classes to PC-buyers. I just grokked PCs and could write and teach. Male employers wouldn't believe my skills, even when I offered to demo. A decade later, an intelligence agency head hunted me."
The topic of who supports and pays for education came up frequently in comments:
"It's frustrating how some employers do not support on-going education for their employees, including allowing them to attend security related association meetings and conferences (some of which are low-cost or free). And sadly that good training, like SANS, is getting so costly that many can't afford unless their company is paying. Which many don't."
"One of the reasons I'm looking at leaving my current company is because of its extremely limited support for educational/continuing education opportunities."
"The cleared defense contractor (CDC) industry in particular continues to deny obligations to train & retain employees... I have worked for multiple companies rating in the top 10 defense contractors, and have yet to experience, influence or benefit from an effective training budget. Lowest Cost, Technically Acceptable criteria seems to always win."
"Tuition reimbursement is a great incentive. 3 SANS/GIAC certs thanks to employer. 7 years active military."
Speaking of military, there was this comment:
"Working for DoD, they were very supportive of my Masters program. My bachelors in music, was earned before I had any notion of an IT career, certainly influenced by family where a college education was strongly expected and encouraged. I don't know if having degrees have helped my career but I learned things in both tech and non-tech programs that have been very useful."
Probably the most succinct comment:
"The GI Bill was my sugar daddy for my education."
Thanks again to everyone who took the survey and helped to spread the word about it. The survey is still open, so please continue to share.
Also, thanks to Tenable. I have worked at Tenable for nine years, and they have always been extremely supportive of my community projects and volunteerism, including Security BSides, The Shoulders of InfoSec, The InfoSec Burnout Project, and this exploration of education in our industry. My lawyer would probably like me to add that my community and volunteer work is done through Tiki Tonk, LLC.