Course Descriptions

Cybersecurity Technical Fundamentals (T83-560)
3 Units
Required

This course presents a comprehensive survey of cybersecurity technology including basic theory and concepts. Students will gain hands-on familiarity of cybersecurity technology through lab exercises, in-class studios, and scenarios. Topics covered include security considerations surrounding operating systems, the web, email, databases, wireless, the cloud, and the Internet of Things. Also addressed are cryptography, secure software design, physical security, and human factors in cybersecurity.

Oversight for Excellence: Cybersecurity Management and Governance (T83-561)
3 Units
Required

This course takes a comprehensive approach to the management of the organizational cybersecurity function. It also explores the principles of information technology governance. Coursework provides a deeper understanding of best practices for managing cyber security processes and meeting multiple needs of enterprise management by balancing the void between business risks, technical issues, control needs, and reporting metrics. Toward this end, the course addresses a range of topics necessary for success, including the elements of and how to establish a governance program, cybersecurity management frameworks, developing and implementing a cybersecurity strategy, deploying cybersecurity policy and controls, ensuring standards and regulatory compliance, functional and budgetary advocacy, interfacing with the C-Suite and Board, and talent acquisition and development.

Efficient and Effective Cybersecurity Operations (T83-562)
3 Units
Required

In this course, students will gain understanding of what it takes to manage the people, process, and technology for effective and efficient day-to-day cybersecurity operations. Using the Cybersecurity Operations Center (CSOC) as the fundamental exemplar, students will learn the functions and processes that comprise a typical CSOC with an underlying focus on continually optimizing operations for agility and performance. Options for structuring the CSOC will be examined along with core CSOC functions and processes such as threat intelligence; monitoring, detection, and threat assessment; vulnerability management; incident response; prevention, including awareness training; partner and third-party coordination; analytics, metrics, and reporting; training; and CSOC technologies and instrumentation.

Cybersecurity Risk Management (T83-566)
3 Units
Required

In this course, students will gain deeper appreciation of the challenges faced by enterprises when addressing cybersecurity risks. The course will cover evolution of cyber threats, including attacker methods and their targets across different industries. Students will be able to understand the differences between enterprise, operational and cybersecurity risk management and the role that each play (or should play) in managing risks to an organization. Students will gain technical understanding of industry leading frameworks (COSO, ISO, NIST, FAIR) and become conversant with their strengths and weaknesses as well as the applicability and practicality of their implementation.

The Hacker Mindset: Cyber Attack Fundamentals (T83-567)
3 Units
Required

This course is designed to provide an introductory understanding of how offensive security techniques practically operate. During this course students will use hacking techniques to compromise systems, collect data, and perform other tasks that fall under the generally understood use of the term “hacker.” These techniques will be related to risk-based defensive security practices with a view toward enhancing the student’s understanding of what it takes to be a successful “defender.” By the conclusion of the course, students will have a baseline technical understanding of hacking techniques, will have executed offensive security operations, and will have increased technical understanding of what it takes to deal with cyber threats.

Cloud Security (T83-587)
3 Units
Required

Today's organizations are more and more focused on delivering faster results and better products and services—and doing this securely—via an ever-evolving technological landscape. As a key component of the competitive landscape, cloud-based technologies have enabled critical capabilities, functionality, and innovations necessary to transform the way organizations survive and thrive in a competitive environment. As such, "The Cloud" requires cybersecurity practitioners to think differently about managing risk, producing resilient solutions, and dealing with 3rd party providers. In this course, students will learn best practices for cloud security to include methods for architecting and applying security-related features in a cloud platform. Through case studies, standards, best practices, and studio exercises, students will develop the necessary skills to identify security challenges of a cloud environment in support of the ongoing operations of the enterprise.

Leadership Seminar for Technology Professionals (T81-550)
3 Units
Required

This seminar is designed to develop the leadership capacity of professionals working in the information technology and cybersecurity fields. Although domain expertise plays an important role in the success of a technology professional, it’s when this expertise is integrated with the ability to lead people that transforms the merely competent into multi-dimensional force multipliers for the organization. In this course, students will participate in an immersive, seminar-based learning experience targeted toward professional and personal development on a range of essential leadership skills. Students will benefit from interaction with industry experts in the IT and cybersecurity fields and receive coaching support to achieve professional and personal goals. Each student will complete a series of self- and multi-rater assessments as well as a personal leadership development plan to gain insight and build competencies critical to effective leadership. Topics include creating a shared vision, strategy development, building and sustaining a healthy culture, essentials of finance and budgeting, driving results, energizing people for performance, innovation, emotional intelligence, navigating organizational politics, managing up, negotiations, stress resilience, talent coaching and development, effective communication, and time management.

Cybersecurity Management Emphasis (Choose 3)

Enterprise Network Security (T83-563)
3 Units
Elective

This course presents a detailed and comprehensive study of the architecture and defensive approaches to protect enterprise network environments against cyber threats. Students will gain practical experience in secure network architectures and design approaches. Using a building-block approach to case studies and design exercises, the course will establish the value of applied foundational security frameworks and system models. Specific topics include defensive network design, advanced treatment of appropriate security implementation tools and techniques, boundary defense, secure wireless and mobility solutions, remote and business partner access, and third-party and vendor interactions to ensure appropriate enterprise network solutions are implemented.

Access Control and Identity Management (T83-564)
3 Units
Elective

Business advancements due to technologies such as cloud, mobility, and the need to access information from anywhere using any device have made identity management and access control a critical component of cybersecurity. In this course, students will gain understanding of organizational and technical identity management and access control frameworks, learn central concepts such as least privileged access, authentication, and authorization that protect applications and systems from unapproved access. Topics covered include single sign-on, privileged account management, provisioning, role management, and directory services. Students will complete a “real-world” identity management and access control business case to identify risks and controls and create a strategy and roadmap to address challenges and propose solutions.

Cybersecurity Analytics (T53-565)
3 Units
Elective

This course provides an introduction to use of data analytics in support of an organization’s cybersecurity function. The course is designed to increase student understanding of how data analytics can be used to manage security and how data analytics can be used in support of risk-based assessment and decision making. Students who complete this course successfully will be able to apply data analytics techniques and tools to help organizations discover anomalies pertaining to cyber threats, implement, assess and monitor basic security functions, respond to emerging threats or prioritized requests as defined by organizational stakeholders, depict cybersecurity risk posture within the context of compliance and regulatory requirements, and construct a comprehensive cybersecurity analytics framework.

Emerging Issues and Technology in Cybersecurity (T53-568)
3 Units
Elective

Each new technology advancement brings with it promises and challenges. Will it be used for good or lead to disaster? This course examines contemporary and near-future cybersecurity threats and the potential security impact of new technologies. Topics include new forms of computing and communications and their implications for cybersecurity practitioners as well as incipient threat vectors. Historical security incidents will also be used to provide context and insight into the relationship of technology and security. Throughout the course, students will be challenged to develop strategies and responses to deal with emerging technologies and threats in ever-evolving cybersecurity domain.

Incident Response and Business Continuity (T83-569)
3 Units
Elective

This course focuses on the end-to-end process and methods to deal with cybersecurity incidents. Using recent examples of cyber breaches and incidents, students explore how CISOs react and respond to cyber breaches and incidents and learn best practices in doing so. Topics includes developing an incident response plan, organizing an incident response team, leveraging cyber intelligence and external partners to aid in response, handling public and private communications about the incident, and post-breach restoration. Particular attention will be paid to establishing a strong understanding of cybersecurity indicators and motives for espionage activities from both an external and rogue insider's perspective. Students will learn about host-based and network incident response tools and digital forensic tools including techniques and tactics for their effective use. This section of the course includes key "hands-on" activities typically used in post-breach analysis and investigations, such as forensic analysis of network storage, hard drives, and memory. Students will also become familiar with post-breach report construction and examine the proper drafting and use of such reports for submission to legal counsel, the courts, and to organizational leaders.

Malware Analysis and Penetration Testing (T83-570)
3 Units
Elective

This course explores malware analysis and penetration testing methods, techniques, and tools. Students explore both static and dynamic malware analysis for hosts and networks and for a variety of executable formats, operating systems internals, and APIs. Methods to address anti-analysis techniques are addressed. As a close companion to malware analysis, the course covers the fundamentals of penetration testing including planning, scoping and recon, scanning, target exploitation, post-exploitation, and reporting. Upon completing this course, students will be equipped with fundamental skills to analyze malware as well as understand and apply the core concepts of penetration testing.

Introduction to Cybersecurity (T83-559)
3 Units
Elective

This course is intended as a comprehensive introduction to the cybersecurity field. It covers a broad range of cyber security terms, definitions, historical perspectives, concepts, processes, technologies, and trends with a focus on managing risk and the employment of cybersecurity as an organizational enabler.

Cybersecurity Design & Engineering Emphasis (Choose 3)

Network Security (E81 CSE 571S)
3 Units
Elective

A comprehensive treatment of network security. Topics include Security Overview, Classical Encryption Techniques, Block Ciphers and DES, Basic Concepts in Number Theory and Finite Fields, Advanced Encryption Standard (AES), Block Cipher Operations, Pseudo Random Number Generation and Stream Ciphers, Number Theory, Public Key Cryptography, other Public Key Cryptosystems, Cryptographic Hash Functions, Message Authentication Codes, Digital Signatures, Key Management and Distribution, User Authentication Protocols, Network Access Control and Cloud Security, Transport Level Security, Wireless Network Security, Electronic Mail Security, IP Security, Intrusion Detection, and Malicious Software.

Systems Security (E81 CSE 523S)
3 Units
Elective

This course examines the intersection between computer design and information security. While performance and efficiency in digital systems have improved markedly in recent decades, computer security has worsened overall in this time frame. To understand why, we will explore the role that design choices play in the security characteristics of modern computer and network systems. Students will use and write software to illustrate mastery of the material. Projects will include identifying security vulnerabilities, exploiting vulnerabilities, and detecting and defending against exploits.

Operating Systems Organization (E81 CSE 422S)
3 Units
Elective

This course involves a hands-on exploration of core OS abstractions, mechanisms and policies in the context of the Linux kernel. Readings, lecture material, studio exercises, and lab assignments are closely integrated in an active-learning environment in which students gain experience and proficiency writing OS code, as well as tracing and evaluating OS operations via user-level programs and kernel-level monitoring tools. Topics include: system calls, interrupt handling, kernel modules, concurrency and synchronization, proportional and priority-based scheduling of processes and threads, I/O facilities, memory management, virtual memory, device management, and file system organization.


Security of the Internet of Things and Embedded System Security (E81 CSE 469S)

This course presents a "deep dive" into the emerging world of the Internet of Things from a cybersecurity perspective. With billions of internet-enabled devices projected to impact every nook and cranny of modern existence, the concomitant security challenge portends to become dazzlingly complex. Students will learn the fundamentals of IoT architecture and operations from a layered perspective and focus on identifying, assessing, and mitigating the threats and vulnerabilities therein. Through a blend of lecture and "hands-on" studios, students will gain proficiency in the range of approaches, methods, and techniques required to address embedded systems security and secure the internet of things using actual devices from both hardware and software perspectives and across a range of applications.

Secure Software Engineering (E81 CSE 433S)
3 Units
Elective

This course teaches the fundamentals of secure software development using C++. Within the context of a secure software design process, students will learn enduring principles for secure programming, coding standards and best practices, and how to deal with security vulnerabilities that arise during software development. Students will operationalize their knowledge through hands-on exercises, labs, and projects. Students should be able to program in C++ and be familiar with basic constructs such as control flow, loops, arrays, structures, pointers, and file I/O.

Bridge Course (Counts as 1 elective if taken)

Introduction to Cybersecurity (T83-559)
3 Units
Elective

This course is intended as a comprehensive introduction to the cybersecurity field. It covers a broad range of cyber security terms, definitions, historical perspectives, concepts, processes, technologies, and trends with a focus on managing risk and the employment of cybersecurity as an organizational enabler.