I am interested in Computer Science and Information Security, which one is better to go into?

Being in the InfoSec culture, I was trying to figure out how to answer this question, but Gina Kim is right. You might not want to specialize so early until you really really know that you want to go into information security. Having a CS background is very helpful for advanced hacking techniques like reverse engineering of malware, so you really can't go wrong with CS. However, if IS remains really interesting to you, then certainly start taking IS courses, because in my opinion, those courses are a lot more fun :).

You may be interested in some of the job fields that are out there in IS. I thought I would lay them out:

• Application Security (code audits/app assessments)


• Attacker (offensive)


• Compliance


• Forensics


• Incident Handler


• Network Security Engineer


• Penetration Tester


• Policy


• Researcher


• Reverse Engineer


• Security Architect

Also, the InfoSec culture is very group oriented and if you're interested in learning from other people, you might want to check out local hacker groups like http://www.meetup.com/boston-security-meetup/.

You may not have to choose - this isn't an either/or. Information Security is one aspect of Computer Science. So, one question you could ask yourself is - how specialized do I want to be at this stage of my studies or my career?

Your interests may evolve over time, so staying broad can be good at an early stage so that you can explore different aspects of a field and have more options. A CS degree is very in demand both in industry and as a base for further graduate study. Also, while you are doing your CS major, if you decide you want to specialize in Information Security, you can take more classes in that area (potentially leading to a minor or double major), do a research project, and get internships in the field. And you could get a master's later too.

The only reason I would specialize at this stage is if you are absolutely sure what you want to do + the career you are looking at requires a lot of specific experience early on. You can probably find this out more by networking with people in Information Security and asking them what they studied and how much and when they specialized. But I would guess that most studied CS as undergraduates.

I started out my career studying computer science and physics and then decided to focus on CompSci and came to security via working for an ISP on IP Networks. Back then they didn't have InfoSec as a major. Looking at the current career opportunities in InfoSec I'd definitely recommend you get right into it majoring in InfoSec. I'd also recommend keeping an eye on the business side of IT governance - which is the primary motivator for IT Security IMHO.