About 20% of the best people I know employed as Security Researchers did not even graduate high school, including myself. I see this trending downward as more and more schools now have something of a security curriculum, but its still very much an industry of self-motivated voodoo programming. Universities have always been decent at training operational security people (configuring/monitoring security appliances and policy issues), but I've yet to hear of a school with a good program on vulnerability discovery, exploitation, and reverse engineering code. For me, at least, its much more of a mindset thing more than a skillset thing, which is a lot harder to teach.
This is a great site with a good bit of introductory information. I implemented their LED flasher tutorials when I was playing with my Xylinx Spartan board. fpga4fun.com
Software Patents
I'll start off with a notice to those who would say that I am out to
undermine all the work of programmers everywhere, in hopes that I may
receive a free lunch: I am a programmer, I understand what it is to
see a project through to its completion and hope for it's continued
success. A free ride has never been my goal. Furthermore, it is
another misstatement to say that abolishing software patents would
somehow make software available at zero cost.
Work expands to fill the time available. -- Cyril Northcote Parkinson, "The Economist", 1955