[Darkstryder]

For the specific topic of cryptography: every professional cryptographer I know not only started with a master in mathematics, but completed it with a PhD in cryptography afterwards. Trying to do it professionally with neither diplomas feels like a non-starter to me.

Of course, that doesn't mean you can't study the field on your own for the sake of knowledge. And it will certainly make you a better infosec professionnal, whatever subfield you want to specialize in.

Also, keep in mind there are maybe 1000 people working in information security for 1 person working as a professional cryptographer. Cryptography is a bit tricky, but information security is a broad field with many interesting things to do.

[ThePhysicist]

From my experience, most academic cryptographers are quite bad at building real-world cryptographic protocols or systems as they often lack the practical knowledge of software engineering / industry standards. Designing cryptographic systems rarely involves coming up with novel cryptographic mechanisms and mostly revolves around carefully implementing and combining established methods. For example, in an audit of an E2EE system I built, the auditor (who had a PhD and PostDoc in cryptography) had never even heard of the term ECIES (elliptic curve integrated encryption scheme) so I had to point him to the IETF doc and explain that it's a standardized system.

The failures you see like the recent vulnerabilities in the MEGA cryptography could have been avoided if MEGA had simply followed established best practices, no cryptographer needed. So I'd argue we need many more people with applied cryptography experience, and a university PhD in cryptography will not necessarily provide such experience.

[ozim]

I was thinking just the same, there is no cryptography certification or exam that would give someone credentials.

If someone wants to be implementing cryptography solutions such exam/course is breaking existing solution with peer reviewed publication and finishing PhD based on that.

[weinzierl]

Also math is a bit like music or sports. To get to a level where you can be successful in a professional environment you have to start early.

There are certainly exceptions and I don't mean to be discouraging - but I guess most people who studied math would agree that it is a lot of work and takes a lot of time. "There is no royal road to mathematics" as they say.

[mfbx9da4]

Sounds a bit discouraging to be honest but fair.