Cybersecurity for MSSE 2023

Example from lecture video

MSSE second-year students may request a cybersecurity elective as course SENG 5271. If the course is not chosen to be an offered elective, students may take it as an independent study. In either case, the course is entirely online.

The course provides a broad introduction, while focusing on the practical engineering aspects of cybersecurity. I hate lecturing, so most lectures are presented through my Coursera course. We explore the distinction between security objectives (i.e. requirements) and security mechanisms (i.e. implementation). We look at the security tools used for authentication, access control, cryptography, and network security. While this may skirt on some fearsome mathematics, we will limit ourselves to grade school algebra and set theory, salted with simple concepts from probability.

Students begin the course with modules from my Cybersecurity in the Cloud specialization offered on Coursera, plus readings and labs from my textbook Elementary Information Security.

Now, don’t panic if cloud computing is not your thing.

The Coursera specialization relies heavily on examples taken from cloud computing, but the concepts apply broadly across cybersecurity. We complete three-fourths of the specialization and then students focus on individually-chosen specialty topics. These may be in-depth readings with discussions, or software-oriented projects.

Class time is spent in Q&A, discussions, and lab sessions. Each lab may last 60-90 minutes and they are graded. In smaller classes, I grade them pass-fail, though I can’t guarantee doing that with a larger class. If the class is too large for one lab session, I’ll split the class into groups and spend part of the class time with each group. I enjoy hands-on (though remote) work with the individual students.

The first 10 or 12 weeks of the semester cover the Coursera material, usually one week per module, plus an online lab. A typical module contains an hour of video lecture and demonstration, and an hour or so of assessments: quizzes and peer-reviewed research assignments. I encourage students to pick different topics for the peer-reviewed assignments to reduce the potential boredom of reviewing each other’s work. And, if you think it’s boring to read about cyberattacks, why would you take a cybersecurity elective.

Planned Course Schedule

Saturday111Attack SurfaceGoogle drive access ctl
Friday211,2Net Security ArchitectureNetwork search, nmap
Saturday313Net Crypto, CVSSSecret-key crypto
Friday414Cloud Arch, VirtualizationPublic-key crypto
Saturday521Databases, StatesServer Certificates
Friday622SQL, Data BreachesInjection Demos
Saturday723Vendor Data ServicesSOC 1-2-3
Friday824Data PrivacyDNS research
Saturday931App ArchEmail tracing
Friday1032AuthenticationHash cracking, entropy
Saturday11Spring BreakNO CLASS
Friday1233SessionsVulnerability scanning
Saturday1334ScriptsScript based attacks
Friday14 Research and Recitation
Saturday15GraduationNO CLASS
Saturday16 Research and Recitation

The Coursera Specialization

Coursera organizes its offerings around specializations, courses, and modules:

  • A module typically contains educational material that a learner will take a week to complete.
  • A course typically runs for a few weeks. Each typically contains three to six modules.
  • A specialization typically takes a few months to complete, similar to a semester-long course. Each contains three or more courses.

Here are links to the four Coursera courses in the specialization:

  1. Cloud Security Basics
  2. Cloud Data Security
  3. Cloud Application Security
  4. Cloud Top Ten Risks (not required for this class)

I have posted draft videos from the first course on Vimeo, if you want to view examples of online course videos.

During SENG 5271 or an independent study, students participate in a “private session” of each Coursera course. I will provide all registered students with a sign-up link for each private of the 3 private sessions – there is one session per course. If you want to complete the optional fourth course, I’ll provide a signup for that, too.