Are we creating a generation of InfoSec pros with no real-world IT operations experience? Is this a bad thing?