For those that don’t know, I’m working on my degree at the University of Maryland University College (UMUC). I just completed the second course in the Masters program I’m in. I just finished CSEC 620 “Human Aspects in Cybersecutiy: Ethics, Legal Issues, and Psychology”

First off, I’m in what is called the “Legacy Master of Science in Cybersecurity“. Unless they change something on me. I’m 1/3 of the way through. One thing I like over the old program compared to the new program, is the career paths.

But let’s talk about the class. If you’ve watched some of my tweets on Twitter, you’ll know that I didn’t have a high opinion of the course. In fact in the course evaluation sheet, I said with a class designed this badly, I can finally understand the lack of qualified Security Professional, and “Cyber Warriors”.

The course had one required book set Computer Security Handbook (2 books) which was a collection of edited essays and papers. The supplemental book was Cyber War will Not Take Place by Thomas Rid.

The Computer Security Handbook was worth it’s cost, and I wish I could have afforded to buy it instead of rent it. I wanted to buy it out, but I have more classes to pay for.

Cyber War Will Not Take Place, I can see where Mr. Rid is making his argument from, but he is using a very tight definition of Cyberwar which is a lot like traditional warfare. I disagree, and think his book only stands on this tight definition. We have already started to see war change. but that’s a topic for another time.

The course was broken up into 3 things. 2 Team based papers, 4 Individual papers, and 6 discussions based on the readings and online training module.

The online training module wasn’t worth the cost of the class. If the student had any clue at all about technology, they could see it wasn’t written by people that knew tech, while trying to push their agenda. The two biggest examples of failure:

• To send a list of login credentials from a coffee shop use FTP because it is more secure than Encrypted email. Reasoning? Because you have to connect to the mail server for the encryption to work, thus making the encryption broken.
• You can pirate software, by searching for the software package in your Bit Torrent client, while at a customer site.
• A no win interview scenario. Where if you hire one person as Senior Engineer, his bad attitude causes the company to stop innovating.  The other person who was enthusiastic ended up hacking the company and causing it to go bankrupt and shut down because she was really just an immature hacker.

There were also some things that didn’t line up with my own experiences, such as their presentations of cons and the industry as  whole. One could tell it was written by people that had never been to an Information Security con (either of the Secure World kind, or of the Blackhat kind). Some of the student comments after were just as bad.

The professor didn’t show up until a few days in the the class. When the online course started, the automated emails and syllabus had the [insert your name here] still in them for the professor. While the professor was OK, I didn’t feel that she was very engaged through the process, and even said some of the assignments didn’t make sense to her, and she couldn’t change things. To just do our best. I don’t think it was the professor’s fault she was late. I assume the college assigned her after the class started. I understand this is a Summer Online class, but I still expect quality for a class I’m paying $4,200.00 out of pocket for.

That also brings up the course infrastructure. The case study we had to do was horrible. It was as contradictory as modules themselves. The students that worked through it multiple times said the whole thing didn’t make sense. There was also a mandatory activity. We had to play the role of the CISO. I tried multiple times, but the Third Day (and final) day failed. It covered laws not covered in the class. If you exited the module, it took the person back to day 1, and had to start all over.

With as bad as this class was, I’m surprised that UMUC still has the NSA / DHS Center of Academic Excellence in Cyber Defense.