The real world and the classroom

I thought this review of one of my books for last semester is quite apt. It expresses the unnecessary dichotomy between classroom and professional life. I also see the same separation between the infosec group and corporate computer security.
The following is not my review, but I did find is amusing enough to share.
“The book was written based on university lecture notes and it shows. It is quite obvious that Mr. Gollmann has never been in charge of the security of a corporate network (I doubt that he had SEEN one), so his knowledge regarding the real-life issues is rather limited. There are hardly any case studies in the book. Consequently, the usefulness of the book depends on the audience. If you are a university professor, trying to “entertain” your students with theories that they can forget as soon as they graduate, look no further, buy this book NOW. The same thing applies if you are a student wanting to survive such a course. (The back cover of the book quotes someone from Linköping University: “…the book I have been looking for for years”. I can easily believe that.) On the other hand, if you are an IS security expert, a security manager or an auditor, I doubt that you will be fired if you know nothing about, say, the Harrison-Ruzzo-Ullmann Model. However, if your knowledge about security policies is limited to what’s written in the book, you may be in trouble soon. Those topics that are covered are descriptive and not action-oriented. For example, there is ample information about the types of viruses and anti-virus software that exist, but practically nothing about the controls that should be in place to prevent viruses from spreading. Still, I think everyone interested in computer security will find SOME information in the book that they can use some day. ”