I was 28 years old when I entered university. With a background in law enforcement and military the idea of being some prep-school university type was not something I wanted to do. In my late 30s I received my Masters degree in computer science and saw a significant increase in perception of how my income was made. After the dot.bomb I was doing pretty good but shrinking staffs, horrible hours, executives who ran IT shops like they were slave pens, had me burning out pretty quick. I'd stepped out of doing the stuff I thought was fun and started getting paid to do stuff nobody thought was fun. I took a mid-university professor job, but they wanted me to get a PhD. A masters degree is sort of like being a journeyman. You've mastered the discipline. A PhD is about defining the future of the discipline. There are a lot of junk PhDs out there. I've read their dissertations. There are a lot of good people with bad degrees and bad people with good degrees. Look at the trends to define rather than specific anecdotal evidence like my case. Don't mix up the history PhDs with the Computer Science or Technology degrees. What I would say was that I took nearly a 66% cut in pay to become a professor and full time researcher. I got the opportunity to do what I want, when I want, and how I want. After I got my PhD I ended up in one of the top engineering schools in the world, have done tours at major science institutions and government agencies, and turn down opportunities to work with others. So, yes a mid life PhD can be a great thing for your career. You will find that people who don't have a PhD don't have any clue what it means to have one are either jealous or ignorant. A research based doctorate (PhD) versus an applied doctorate (DSc) will give you a broader understanding of what research is and how it is done. I was just speaking at a major national lab to a bunch of masters degree students about why they should get a PhD. I told them "don't do it." Unless, you love research, are willing to commit 5 to 7 years towards the goal, have your employers buy off, family buy in, and time management skills to die for. Nobody listens but the PhD is really about what you put into the effort. That will be obvious when you finish the longest test of your life. The dissertation. In the end that will determine whether it was worth it.

Exactly. Clinton never said they hacked anything. One news agency ran with the hacking story, and over 12 hours ago they already were reporting that it was "buying advertisements". Not that reality, facts, or truth should ever be used in these situations. Even the Washington Post has changed their story http://www.washingtonpost.com/world/national-security/us-hacks-web-sites-of-al-qaeda-affiliate-in-yemen/2012/05/23/gJQAGnOxlU_story.html but don't let that stop anybody.

Not sure about that. DOD Instruction 8500.2 (2003) says 8, but the construction requirements are exactly the same as we did it. There are differences based on the information found on the system. The Windows Server 2000/3 wouldn't even allow more than 14 characters if I remember right.

My students using 300 nodes of a computing cluster were able to crack 57K DOD spec passwords (7 characters, upper, lower, symbol, number) in a few hours (Windows 2003 enterprise server). The goal was to crack 450K passwords in 24 hours but we had to call off the last run due to finals. Nothing about this project was hard. Using F/OSS and a lot of computing cycles cracking them was a piece of cake. Simple two-factor authentication is horrible. Especially when you give up the userid as an email address, or use a standardized naming scheme. Yes this would have required basically physical access to the server. Still as a test with enough horsepower and some tuning you can break even tough passwords quickly. We were basically trying to up the ante on a previous example where a person did 400K passwords in a few months using commodity hardware.

There are a variety of good posts here (among the chaff). The post by @bigjeff5 and the anonymous coward post amendment. For standards and an understanding of the risk metrics Sandia labs has a great set of documents for SCADA security http://www.sandia.gov/ccss/ , never mind all the FUD. You'll have to decide on whether you want a best in class, good enough, or what you can afford and wherever the three vectors meet at a solution. Technically there is no reason for SCADA to be a risk. Experience though tells us there are plenty of reasons to push the SCADA operational component into the risk category. Not being able to afford to keep the utility operational engineers employed because the technical SCADA solution cost three times your budget is the risk I usually see. What you'll need is an experienced person to act as a trusted third party and there are a lot of them out there in the real world. Be wary of people who talk about security, technical issues, operating systems, and other elements in black and white terms. They rarely have the real world experience to understand real world issues in implementation. Since you appear to be talking about water and in the United States (pardon if not) you are likely highly regulated. You will also need to balance the new requirements and regulations for implementing SCADA devices too.

In the 1970s a court case in California during an evidence hearing had an interesting discussion. The evidence of an intellectual property case was bounced as the evidence was all digital in nature. How can you have a theft when you still possess the original? Several avenues were considered and the result were the first computer laws detailing crimes that happened on computers versus normal property thefts. Much abridged version, but this is basically a United States issue that isn't necessarily found in other countries as their property rights are considered differently. Though, the United States has managed to export many of the concerns along with the Internet. Much of this is detailed by Thomas Whiteside in a book called "Computer Capers" circa 1978,

As a technology professor I'm going to say it. Tech in the classroom can be as debilitating as boring lectures. PowerPoint can be a crutch. Poor teaching can't be fixed by cool tech. I've got a million dollar lab full of tech, but if I put my students to sleep who cares?

I use AdobeConnect, instant messenger, a blog, CITRIX, a variety of open source tools, and a bunch more but I am a technology professor. I don't use powerpoints with bullets (presentation zen?) and I hate snore fest lectures more than my students.

Telling professors to use tech is like telling a mechanic to use a crescent wrench. What is the context of the learning environment and what are the learning outcomes? I tailor my educational strategy to the educational outcomes. Critical thinking skills, don't need flashy graphics if linear processes are the desired result.

Heck. I'd be happy if my students simply read the text book, and additional reading. When I assign a reading on the web half the time I get complaints that I didn't print it and pass it out in class. Some of my students say 100 pages of reading a week is to much homework. These are the same students bragging before class that they spend 50-60 hours a week play the latest MMORPG.

I think it is funny that people say "you don't have those rights at border crossings", and yet that isn't even the government contention. The government believes that laptops and other electronic devices are open containers that can be examined at will after they've been seen. In other words if this stands as a principle and you're walking down the street and they can see your iPod they (meaning police) can seize and examine the iPod. This is a principle of incremental legislation and enforcement. Case studies of similar expansions are found in seat belt laws, and punishment for driving under the influence. As to people saying you don't have the rights accorded to the Constitution when crossing borders they are completely wrong. Administrations have held that point of view. They have also held that your rights (and responsibilities) apply wherever you are found. So, you have those rights, but can be charged for crimes from the United States even when where you are the incident is not illegal (e.g. child porn, gambling, etc..).

My under-grads are involved heavily in my research. That doesn't mean they get to run off and do whatever they want. I bought the toys and toiled a long time to build a substantial lab. I'm not selfish but my research comes first. Once they prove they have a clue by succeeding at different objectives they are encouraged to set up projects and work on them. We do a lot of cyber-warfare, network centric warfare experiments so some of the tools we play with could cause havoc. A big part of working in any lab is learning what research really is, and what is going to be expected within the discipline. Like reporting out research activities to journals and such. The way the original question is posed is as if the new under graduate student already knows all there is to know and want to do their research. Doing a comprehensive literature review, creating or choosing a methodology that is appropriate, and then finally gathering data is an art. It takes time to learn.