CS-6035 - Introduction to Information Security
IIS |
Toggle to Select Spcific Semesters
Reviews
We’re no strangers to love (two) You know the rules and so do I (do I) A full commitment’s what I’m thinking of You wouldn’t get this from any other guy
My background: 6 years working in tech, CS undergrad w/ math minor, lots of hobbyist experience with networking and Linux.
This was my first OMSCS course and a good course overall. The projects were interesting even if some of the writeups were a bit unclear in their instructions. Some of the quizzes and exam questions were confusingly worded and seemed to be designed to confuse rather than evaluate but if you read the chapters for each assessment you shouldn’t have a hard time scoring >80% on them.
My previous experience certainly helped with the projects but the resources to figure them out are out there. The TAs were a huge help on Slack and on Ed.
My advice if you’re considering this course is to get started on each project as soon as it opens and attend or watch the recorded office hours. Keep an eye out on Ed and Slack for any clarifications from TAs and you should be able to get an A in this course.
Decent course, learned a decent amount. I think that this course wasn’t particularly hard, however some of the mathematical concepts are a bit hard compared to other “easy” courses. Also there’s a lot of info in this course because it is a general introduction to information security.
The projects are generally well thought out and I learned a lot from them. Project 3 was the most difficult in my opinion, but again I learned a lot. All of the projects take a bit of time, but none of them are crazy difficult.
No major issues for this class, but I will say that the class covers a large breadth of information considering it’s an intro class. That can make studying for exams a bit more difficult.
Good experience all around, I would recommend it especially for people who know nothing about IS, like myself.
Took this class having prior work experience and classroom experience in cyber looking to ease my way into OMSCS. Felt like they did a really good job with the projects and covering multiple topics.
TA’s were great and active on Ed and Slack which was helpful.
Overall I enjoyed the class. It seems there were a vocal group of individuals who felt certain changes/questions were confusing but if you just pay attention to the Ed board and leverage the textbook you should be good.
I’d recommend this class!
Overall I enjoyed the course, which covers Computing Security issues from C stack overflows all the way up to website XSS and CSRF attacks.
Textbook was published in 2017 and it shows; it talks about things like IoT and ECDSA cryptography as “new”, and still talks about RC4 as a valid cipherset.
Lectures were clear to understand and very visually oriented.
The assignments were varied and challenging.
The TAs and IAs that I engaged with were helpful, especially if you were asking something that wasn’t actually in the syllabus (pro tip: it probably is in there..). I freaked myself out on learning Python before the course, and you do need that, but a good understanding of Javascript is a really good idea too. I set 8 hours of work/week, but as others have said it varies depending on the project going on at the time. I barely looked at the book or the lectures during Project 4, which was probably a mistake.
You will need a way to run virtual machines somehow in order to complete this course. My windows based laptop was fine running virtual box; M1-based Mac users had a bad time, anecdotally.
I thought the assignments were interesting. The text book could be quite dry, although it’s worth reading. The lectures are pretty high-level and you won’t understand things deeply (e.g., encryption) unless you read the textbook a couple of times. The material on cryptography and web security were the best parts. Although this course has a reputation for being pretty easy, I found it was a bit tougher than advertised. I had to put in a fair number of hours to complete the assignments, particularly #4 (note that I rated the workload at 10 hrs/week, but that’s because I put in a lot of hours when an assignment was due, and did little work some other weeks). I think if you’ve done web development, you would find project #4 easy, but Javascript was new to me so I had to learn that on the fly. Note, also, that the assignments are sometimes puzzles that you need to solve. So while you may put in some hours to complete a SQL injection attack, it’s possible that you won’t figure it out. I got close to 100% on all assignments, so I’m not saying it’s that difficult, but it took me a while to solve some of the tasks and I could imagine running out of time and just settling for a lower score.
I lost major portion of my marks in reports and exams. Lectures and textbook are dry. Rote memorization is required for exams which I hate. There are projects where we have to do guesswork. I disliked this course because no matter how much effort you put in, it is not easy to get an A. For reports marks are reduced for little little things. Learned something about security but it wasn’t worth it. I will not recommend this course.
I took this class after GIOS and together with HPCA.
Strategy when taking as a second course (minimal effort):
- Do great on the projects. It is doable but involves some frustration. Also, be detailed in the writeup + include some references to avoid losing easy points.
- I found project 1 well described and I consider this the most fun project.
- Project 2 is extremely wired. 90% of the grade are just grepping through some malware report files for keywords (took me like 2.5 hours total, but I heard others spent way more?). Tipp: do not overthink + read the posts in Ed. The frustrating part is that the 10% rest of the grade is 90% of the work. It’s reading a fairly complicated machine learning paper (for someone without any machine learning background) and mindlessly tuning the parameters of a malware analysis tool until it gives you the right numbers. In addition, you have to write a lengthy report answering questions on the paper + how you tuned the tool’s parameters. Again, do not overthink it, I did not give them a reason, but just in detail described the random parameters I tuned until it worked (idk why it worked at all). If you feel lazy, only do the first part.
- Project 3 was by far the hardest. For me with little math background, understanding the math behind RSA was not trivial. You really need to understand the math in order to come up with the programmatic solutions, as you need to implement mathematical algorithms to solve the tasks. Took 1 - 2 days for the math + > 15 hours for the programming part.
- Project 4 was not too bad, but you won’t learn anything useful if you have seen JS, PHP + HTML before. Much easier for me than Project 3, but can be tricky.
- Do not study for the quizzes. I did that once and regretted it. You have an hour - all solutions are word for word in the textbook or you can use google.
- For the midterm, only use the lectures + knowledge from the projects to study. Knowing the details from the book was a waste of time (that’s why I did not touch it anymore). I read the papers in detail and that was also unnecessary.
- The final counts also just 5% and has again a ridiculous amount of theory (based on the book chapters) that makes it not justifiable to study for. I did not study any theory since the midterm and do not have to take the final exam as it does not change my grade (nice, so much time saved).
Overall, the theory was extremely dry. It is so dry that I had a hard time motivating myself to study for it. The only useful theory for me was obtained from projects 1 and 3.
I got an A due to scoring well on projects and knowing how to use CTRF+F and google during the quizzes.
My Background
This was my first semester in the OMSCS program. I am a software engineer with ~2 years of experience.
Pros
- Great to take as a first course in the program. The TAs are supportive and accommodating, especially for folks who are new to the program.
- The course content is quite diverse, with a range of topics being covered during the semester. You will get a good idea about a lot of topics, which are relevant in today’s world.
- A huge positive is the emphasis on projects that make up nearly the entire grade (80%), whereas the exams contribute only 10% to the final grade. The quizzes are open book & open internet, and fair in terms of the questions asked. The projects are well structured by and large, and for the most part, completing a project successfully leaves you feeling like you’ve learned something cool. None of the projects are extremely difficult, and putting in a decent amount of effort can secure you a B at the minimum.
- Evaluations are fair and regrade requests are made available.
Cons
- Lectures and the textbook can be a bit dry.
- Project 2 on Malware Analysis feels like it moves off on a tangent, and instead of potentially learning something cool about the topic, you are focusing on other aspects just to make sure the grade does not take a hit. Furthermore, there was a lot of confusion regarding some of the instructions that seemed to affect a fair share of students.
Tips
Stay ahead of the deadlines and start early on the projects, especially if you don’t have the pre-requisite knowledge when it comes to basic computer science concepts (not a CS undergrad basically). As long as you put in some amount of work regularly, you can coast through the course and do well. (I was able to travel a couple of times during the semester).
The office hours are recorded and are a good reference when stuck on something during a project. Questions are generally received positively on the Ed platform, and the TAs do their level best to help within their constraints.
This was my first class ever so I think it was hard adjusting which is why I am putting medium difficulty. This semester they decided to try accelerate the course and finish a month early to see if there was room for a 5th project. This made it very stressful.
The projects were not very clear to me what was needed which made things difficult. The projects also kind of felt like I would either fail if I didn’t totally get it or get 100 if I did. This makes things easy to grade but I was always really stressed out while trying to figure out what I needed to do.
Overall I think the class was graded fairly. The TA’s weren’t the nicest. I got an A but writing this review a semester later I am not sure how much I actually ended up taking from the class.
Overview
My background is non-CS undergrad, and I just started a SWE job, but have been programming on the side for many years. I am on pace for a B in this course, so even though I found this course easy overall, it was more due to lack of interest and effort on my part in not getting an A. I didn’t learn much even though I passed the coding portions of the projects, and I regret taking this course.
Lectures / Book
The video lectures are very surface-level and also boring. Admittedly I only watched the first few lectures done by Professor Ahamad and stopped listening after one of the TA’s in Slack said he just focused on the book after the first few lectures. Perhaps Professor Lee’s lectures were better. The textbook is a better source for detail, but I didn’t enjoy the book much either.
Projects
The project instructions were not well-written and sometimes were a little unclear. For each project, you get a 10+ page document with paragraphs of information, but the instructions oftentimes do not clearly spell out the objectives of the project. You have to decipher the task goals in many cases.
If you ask a question on Slack or Ed Discussion, they warn you of “giving too much away.” After a project was completely over and graded, I asked for clarity on one of the questions we had to answer in the write-up, providing my reasoning for an answer. One of the TA’s gave an explanation that was unrelated to the specific issue of the question, and brushed me aside saying that we can’t discuss further in a public forum. So even as a student wanting to learn why I got something wrong and to promote discussion and learning, I was not given an explanation and I still don’t know the answer.
There were several mistakes in the execution of the projects, and the corrections were only made known on Ed Discussion via pinned posts. The mistakes included incorrect wording in the projects, and more severe were incorrect mappings of files you had to analyze in project 2. After a week during project 2, the TA’s released a brand new VM containing files that were correct because the prior VM contained incorrect files. I had put in quite some time into project 2 prior to the new VM being released so it was very frustrating, as I had asked specifically if the mapping was correct on Slack while I was using the first VM.
Various other essential details were only discussed in Ed or in the office hours. So you have to be vigilant in keeping up with the Ed posts and in attending office hours for details not explained at all in the written instructions.
Quizzes / Exams
There are four quizzes that are open book and notes. As other reviews have stated, Ctrl + F your way to success. Each quiz counts for 2.5% totaling 10% of your grade.
There are two exams (midterm and final), and each counts for just 5% of your grade. The exams are fair but they do test some minutiae, so you would have to study quite a bit to get good marks here.
I liked the lower weight of the exams, as it makes the course project-focused. However this area does count for 20% of your overall grade, so you need to perform decently well.
Grades
There is no curve, so you have to score 90% or higher to get an A. Due to the lower weighting of the quizzes and exams, I thought going into this course that I’d be fine. I figured if I got 90%+ on the quizzes and just 60% on the exams, I’d still be in good position if I did well on the projects. The problem with grading on the projects is the TA’s will nit-pick your write up. Projects 3 and 4 require you to submit code to an autograder as well as submit a JDF formatted write up. Even if you score 100% on the autograder for the coding portion, the written portion of the assignment may cut your grade down to 90% or less. Then you may not end up with an A comfortably. You might be firmly in B territory. There is an optional extra credit assignment tacked onto project 1 worth 2.5%. This will help if you’re at a borderline score.
Conclusion
I do not recommend taking this course. Hacking seems like a fun topic that could be done well, but the nature of this course makes the learning environment not interesting or informative. As mentioned previously, I am walking away from this course with little knowledge gained. The course is however easy. I only put in on average 5 hours/week. When a project was released, I put in around 20-25 hours/week for each, but other weeks during the course, I put in 0-3 hours/week. On balance it averaged to not much work during the semester. FWIW I got an A without the curve in GIOS during my first semester, and I consider that a great class.
This course is pretty interesting. I’d recommend taking this course first for the OMS-Cybersecurity program as it has more of a survey of topics for the whole program, and you’ll get an idea of how you might do in later courses. You will be interacting with TAs exclusively with the professor having a seemingly hands-off approach to the course, but the TAs are knowledgeable and helpful. They are mindful of hosting Office Hours to answer questions as well as responding to questions in Ed Discussion.
The projects are interesting, but they can take a lot of time if you’re not familiar with the concepts. Start on the projects as soon as possible to make sure you complete them in time. You will be doing research for the projects to apply the concepts from the textbook and lectures, so don’t rely solely on the lectures and textbook–again, make sure you get your assignments started early so you don’t run out of time as late penalties can hurt your grade. Let me also stress this point: “research” doesn’t mean cutting and pasting from StackOverflow. You must cite your sources–for both write-ups and code–so you don’t get hit with plagiarism accusations.
As for the grade breakdown, most of your grade comes from the four projects (worth 20% each) that cover stack overflows, malware, cryptography, and web exploits–programming knowledge is required for the first, third, and fourth projects. The other parts of your grade will come from 4 open-book quizzes (worth 2.5% each) and 2 closed-book exams (worth 5% each). Make sure to read the questions carefully–it seems like the TAs want to make sure you’re paying attention to details.
This is one of those classes where it doesn’t feel like you’re paying for anything. The teaching staff is utterly unhelpful, the projects are easy but onerous, the quizzes are unrelated to the lecture content, etc. You’ll spend (at least I did) more than 50% of your time trying to follow the hyper-finicky instructions for each assignment — every other line of every single project description is a highlighted, all-caps warning, in the vein of “YOU MUST SUBMIT THIS FILE HERE AND THAT FILE THERE AND FOLLOW THESE EXACT NAMING CONVENTIONS OR YOU’LL RECEIVE A ZERO FOR THE COURSE.” It’s all very infantilizing, presumably because no one will ever even glance at the work you’ve done (and the autograder doesn’t know better). The material’s interesting enough, but I recommend just watching the freely-available lecture videos and saving yourself the headache.
Some intro courses like GIOS have much better projects, are better organized, and have visible, helpful teaching staff that actually care about learning outcomes. Take one of those. The only semi-positive thing I can say about IIS is that it’s not a particularly challenging class, so if that’s all you’re looking for, have at it.
This is my first class in the program and I enjoyed it. It is a project heavy course so if you do well on the projects, then you’ll pass. The TA’s try to be helpful, but a lot of the time the only answer they give is to re-read the writeup or other material. It’s also hard to give the workload because some weeks I contributed 0 hours and others were close to 20. My biggest complaint is that a lot of the deliverables for the projects are sort of gotcha’s in a sense. For example, there was a machine learning aspect to one of the projects that really comes out of no where and the description of what is needed was very vague. So you end up spending a lot of time on a project figuring out what they’re really asking for and unless you have the “aha” moment, then you might not deliver the completed project.
Ok class, pretty easy material. I would not call this a graduate level class though.
Great course and I never blame the TAs for being mean. The students they are admitting into these programs are not qualified and need to be taken down a notch otherwise the whole program will be a joke.
I’m really liking this class so far. The only thing I EXTREMELY dislike, hate and loath are the smart ass TAs. They get hostile for a simple question like “when are quiz grades coming out?” If you’re busy grading them, then sorry for annoying you. It’s been two weeks, a simple update would be fine even if it’s just “we’re back logged”. Fucking assholes need to check themselves before mouthing off.
There’s a couple things that I don’t think other reviewers get across very well.
First, this class is not an easy class. I think it gets the reputation of an easy class because it’s easier than other classes in the program. The reported difficulty is relative, not absolute.
Second, the class has peaks and valleys in terms of time commitment. There was weeks where I would do almost nothing (after project 4), then there was weeks where I was working on a project for 20-30 hours.
Now to the projects. First project involved debugging some C and understanding buffer overflow attacks, registers, call stack and how to debug with GDB. This project can be a bit frustrating because it’s like finding a needle in a haystack.
Second project was malware analysis. Even though I got the worst grade on this project out of all the projects it’s honestly the easiest. No programming, just analyzing some output. Best advice I can give is don’t overthink your answers.
Third project is by far the hardest and most time consuming. I can see a lot of people dropping the class because of project #1 and this third project. You not only have to know Python, but you should know at a high level how encryption works and how to attack encryption vulnerabilities. There’s some semi-complicated math involved as well that you need to know.
Fourth project was pretty easy. It will be especially easy for you if you know JavaScript and web development in general. Your just doing some exploits like XSS and SQL injection. You don’t have to write PHP but you should be able to at least read it and understand what the code is doing.
Quizzes are stupid easy and there’s no reason why you should get less than 90% on all of them.
Mid term and final are kind of hard but don’t sweat it because they are not worth much.
Overall, I’m pretty neutral on the course. There was some cool things that I learned and I liked some of the projects. There were some tedious moments and some “gotcha” scenarios in the projects that I didn’t like. I got an A in the class but I had to do the extra credit in order to get me over that 90% threshold.
For starters make sure that you have a good grasp on Python, C, Intel Architecture, DOM, and how RSA works. These will be important for your Projects.
So, two of the projects were very good as each step in the project took you to the next step. Two of them were much harder consisting of different objects for parts of the project. It felt like during those projects you were not building on what you learned but having to attack it from the beginning.
The Quizes were open book, and the answers are all right in there, I would make sure you read each one carefully as there may be a single word choice that changes the answer.
The exams were very hard to study for and I would say 50% are from the projects and 50% were the book and lecture. My mistake on the second exam was not to really review the projects completely.
Most importantly the Projects are 80% of the entire grade so it is critical to get as many points as possible here. Make sure when you upload your files you upload the correct ones, I made a mistake on Project 4 and lost 15 points out of 100 because of it, Luckly I recovered but learn from my mistake, after you upload double check that it’s the file you wanted.
Background
- B.S. in Computer Engineering from a state school
- 9th class in the program
- Software Engineer
If you have a somewhat similar background, this class is pretty easy. A few tips from my experience with the class:
- Don’t buy/rent the physical copy of the textbook despite what the TAs tell you (oh the pages might be different, you won’t get the latest, etc.). You will waste your money if you do. You only need the book for quizzes and the older PDF version of it that can be found only has everything you need to do the quizzes
- Try to get > 90 for all the projects, they account for the bulk of the grades
- TAs are helpful if you know how to play along with their troll games on Slack
- Some of the TAs are very against Python. One, in particular, said something along the line that anyone with a brain won’t run Python on the server. Uhh, so the engineers from Instagram, Reddit, Dropbox, etc. are dumb? Gimme a break
- Exams are OK. If you do the projects and understand them, you will do well on at least the last 1/3 of each exam. The first 2/3 is rote memorization. They are only 10% of your grades so don’t spend too much time studying.
Easy class, easy to get an A. The good part is that this course verifies who is really passionate about computer science and cybersecurity. If you struggle with this class, it wont get easier later in the program.
Easy class but I did not like it at all even though I got a high A.
The projects are worth 80% of your grade, which sounds stress-free at first. The problem is that the instructions are so messy that messing up on something can easily happen, and this could mean losing an entire letter grade given they are worth 20% each. Some instructions are on a page of the pdf, some at the end or beginning, some on edx and some on canvas. Oh, you did not read the post on edX saying that for section 2.1.4 you had to do x thing? Too bad, here goes 4-7 points off from your final grade. As such the stress of this class comes from making sure you did not misread something by going thorugh the instructions and retracing your steps multiple times. To make matters worse TAs barely answer any questions on edX, and when they do they often give vague answers as if I am expected to somehow keep track of all the places where instructions are and also understand them perfectly.
The projects are Ok in difficulty but pretty much all of them had an “a-ha” moment where you had to think outside the box and figure things out which I found very tedious and boring. A lot of students got stuck in these portions and spent tons of hours figuring them out. The projects also are super spread out tech wise which may be intimidating to some people. There is one about c memory programming which uses gdb, another one where you have to have solid foundations on javascript php and sql, another one about heavy math and modular arithmetic, and another one about reading malware analysis and machine learning for some reason.
If there is anything I took from this class is that hacking is boring as hell.
My original, long form review errored out on submission. So instead here’s the elevator pitch review instead as it doesn’t say much that nobody else hasn’t said before.
This was my first course. I enjoyed it a lot and highly recommend it as a good first course for new OMSCS students. Definitely easier if you have a CS background.
Projects are the best part. Exams are barely worth studying for if you did well on the projects. Quizzes are Ctrl-F to success. Textbook is drier than the Atacama desert and has minimal relevance to the projects.
Watch the office hours recordings, they’re full of gold.
Fall 2021 was very busy for the first half of the semester as it was supposed to run on the summer schedule. I was probably doing 18-20 hours per week. The second half was far more relaxed at more like 8-12 hours per week as the schedule went back to that of a normal semester.
I overdid it on this course timewise as I wanted to do well. I also did all the readings and am a slow reader. I got an A, I could probably have done so for 20% less effort, but I’m happy with how I did.
This is my first course in the program so I don’t have any benchmarks to pit my ratings against. Overall, I liked the course.
Pros:
- TAs: The TAs were just fabulous. Very helpful and tending to each and every query in Ed. They ran the course really well. Since this was my first course, I am not sure if this is the norm (i hope so).
- Assignments: I liked all of them except the second one which was a bit tedious. They challenge you sufficiently and at the end of it, you come out learning some new things.
Cons:
- Lecture videos: For the most part, lecture videos were wishy-washy. They skim over the topic like a breeze.
- Too much reliance on the textbook: As the lectures lacked strength, combined with the fact that they don’t cover all materials required for exams, courses, make you too reliant on the text.
- Zero faculty presence: Like literally zero.
tl;dr: This was a nice first course to get into the waters. I wouldn’t “highly” recommend it, but you can take it, you’ll learn something useful.
This was my first course in OMSCS and I have a CS undergrad degree.
For someone with a prior CS degree this will be an easy course. The course gives a nice introduction to the world of information security. If you have no prior experience with security, then I recommend taking this course. This course covers a lot of topics and domains in information security. It covers the breadth of topics but doesn’t go too deep into any of them.
The lectures for this course are pretty high level at times and doesn’t go too much into details. You have to read the textbook to get a deeper understanding of the topics.
Projects are the best part of this course. They have some really cool and fun projects. Buffer overflows, Malware analysis, cracking RSA, XSS, CSRF, etc. Projects require you to do a bit of research on your own. All projects are pretty easy but require you do a bit of extra research and thinking as they aren’t straightforward. All projects are enjoyable and you’ll learn something new once you’ve finished it.
Quizzes and exams are easy too. Quizzes are open book and the questions are very direct and picked from the book, hence its basically free points. Exams are harder than quizzes, closed book and cover more content and have application based questions (which is nice).
The IAs and TAs of this class are excellent. They were very active on Ed and Slack and responded to all questions on time. They were also helpful and gave hints for people who were stuck on projects. They were well organized w.r.t class logistics. They held Office Hours for all projects and exams. Grading was very fair. All the project documents were very detailed, accurate and crystal clear. Kudos to them for that.
Prof. Lee wasn’t involved in the class apart from holding a single OH. This was disappointing as I expected more interaction with him.
Overall this is a good and easy class. I’d recommend taking this class in the summer as the workload is ideal for it. This class can also be paired with another class in Spring/Fall semesters.
Designed to Weed out Students. Spent most of the time searching for code on the internet, and going down rabbit holes. Some of the projects were cool but it was very frustrating with out any satisfaction on why the solution worked. No protocol to review answers after projects/quizes to allow students to learn from their mistakes.
Class content was honestly very interesting. The projects in this were relatively well designed and touched on a TON of really cool topics that I’ve always wanted to know about. We did some blockchain stuff, some RSA stuff, some code injection and other web stuff. Fantastic.
However, there were a ton of sticking points in the projects, and in a course fully online, with no one to talk to, it is really hard to push through. The instructors only made it worse by basically answering every question with “just google it” on topics that are very hard to figure out what to google and then saying things like “if you can’t handle this class, you should consider if doing a masters is for you” to students. The other review saying that students wanted to be spoonfed answers is wrong. In fact, there was a student on almost every thread of frustrated students commenting “yeah well i found the answer just fine” as though that matters or helps lol.
I personally got through all of the projects except one (for which i wasn’t able to optimize my ML algorithm enough in time) with only 1 or 2 days of moderate work, but had individual moments of extreme frustration. A minimal amount of help is reasonable to ask for.
Additionally, the questions for quizzes and exams are unclear and poorly worded. The TAs would release “study guides” for the exams (lists of like 10 topics, basically just the names of lectures, zero study material), but also stated that they “reserve the right” to include stuff in the exam that’s not on the guides “in order to separate A students from B students” which is ridiculous. Felt like a lot of the questions were trying to trick me. One of the questions was “what is the best way to ___” and the answer was “all of the above”. Pretty sure the instructors said stuff like “we’re trying to test concepts, not memorization” and “we’re not trying to trick you” in office hours for the exam, and then put memorizing acronyms and weirdly worded questions in the quizzes and exams. I got a 50% on the first exam but I’m still probably going to get an A because they’re underweighted, and I did well on the projects and okay on the quizzes….
Some of the lectures are unwatchable due to just explaining how different standards order data differently and stuff with zero motivation at all….
I would strongly, STRONGLY recommend this class if it weren’t for that stuff. The projects were truly awesome to go through
You can give some consideration to this course if you need to fill in an elective. You will learn something if you don’t know much about Information Security. There is some programming in C, Python, and Javascript – but nothing you can’t handle if you have some idea about coding. Unless you hate PHP like I did, in which case you will hate the final project. There is a fair bit of forensics and digging around logs and program outputs which may seem detail-focused and thankless but it’s not that bad. The course load is fine as well. Most of the weightage is on projects and open book quizzes. Closed book exams only account for 20% of grades, which is great.
I agree with the criticism that the TA’s are mostly grammar and font police. Not sure why they suck so much in this course versus others, but they do. Chopping points for “Improper Formats” and even penalizing with negative points. I cannot believe these folks pass judgments on whether other students deserve to be in a grad program! Actually, this is an epidemic that has impacted many courses. Its less emphasis on content and more around formats and fonts. I think these aspiring bureaucrats would make a glorious addition to the local DMV.
This course is more an exercise in reading instructions and learning how to cite stuff. Here I thought I was gonna learn CS, not how to get papers in perfect JDF format with IEEE or APA citations among other BS. Incredibly useful skill, especially considering the demographics of OMSCS students. Hot tip - most of us work full-time and aren’t looking to get a PhD. Can you make the standards for a citation a little less intensive? Not sure why they haven’t figured out how to make the assignments more rigorous and less administrative. You’ll waste at least 2 hours per assignment just making sure everything is in the right format and that your works cited is in order.
Each assignment feels like a chore to slog through. Little to no guidance is provided and you’re expected to google stuff to finish them. That shouldn’t be an issue under normal circumstances, but this isn’t a normal class. Example: assignment 3, class wasn’t told which algorithms to use, but were expected to google to figure out. No biggie right? Wrong. Had to find and cite pseudocode for those specific algorithms, otherwise couldn’t use them or had to implement them from scratch somehow, even if you knew which algorithm to use. You might find implemented code that works perfectly, but you wouldn’t be able to submit it unless the source was pseudocode.
Every time you submit an assignment, it feels like you just have to roll the dice and pray that the grader doesn’t think you plagiarized something, even if it’s cited. Oh yea, don’t expect to get grades back in a timely fashion for the most basic autograded things. 10 question multiple choice quizzes takes 2+ weeks to figure out apparently.
Also which idiot decided to make each project only 2 weeks long? We’re through all 4 of the projects as of tonight and 92.5% of our grades have already been accounted for. It’s not even November. This is the best schedule that a staff of 10+ was able to figure out? Hot tip my genius TAs / instructors: projects 3 and 4 take way more time so give your students an extra week for those. Another hot tip - why are the exams only 5% each? They’re hard enough that you need to study at least 5+ hours to do well on them but they’re worth so little that it doesn’t make sense to put in that many hours.
It’s incredible that this is one of the oldest courses in OMSCS and it’s still run like hot garbage. How have these things not been figured out? Don’t know which idiot decided this course should be this tedious for the sake of “being a master’s level course”, but this course is just not worth it. I’m 8 classes deep and I feel like I’m a hostage to this course. My honest assessment of OMSCS is that the courses are mostly garbage.
Don’t take this course if you can’t spend 30 hrs researching a week here and there . There are 3 kinds of people in this course who learn everything and perform. Others just take help from friends and family who already have taken the course and submit their assignments. Or simple google search will yield solutions sometimes but it’s mostly trying to figure out solutions rather than learning . Absurd and basic videos and lecturers. Minimal efforts from lecturers and TA’s. No flexibility for students. They have very complex mechanism of submission assignments. Quizzes are mostly taken from other resources. Submission of assignments is complex.
This class this semester seems like a circus. It seems like a lot of people just aren’t prepared for the class, and don’t have the skills to make up the gaps, based on what gets posted on Ed.
Also seen is people being a d**k to the TAs. Maybe they have a legitimate gripe, maybe not. The way to get help in a class is to remain professional at all times, and that’s not happening enough in this class from the students. The TAs get a little punchy but also there’s a number of posts twice that I’ve ever seen in another class. Right now there’s a project due tomorrow night and new posts pop up every couple minutes. So good luck searching Ed in this course for answers, it’s very cluttered.
Academically, it’s a challenge because you only have two weeks for the projects and jump from C/GDB to Machine Learning to Python/Crypto to web dev with Javascript and PHP. For a lot of people, it’s not an easy class.
I had a similar experience to most of the other reviews here. The course itself is very well organized, and I did learn a lot overall (being from a non-CS background). Having said that, I still certainly did have a hard time with the grading (I got an A with 94% in the end though) at certain times which were mildly frustrating. Here are a few instances:
- The format for report writing for each project is strict with the reference section being a must, and rightly so considering that it is a grad program. However, there is no exact information anywhere as to how to putdown the references from the websites that were referred. The document that they share for references provide instances about how to cite a paper, which is all well and good, but they don’t contain any examples for websites. This led to points being deducted (and a substantial number) for “wrong” format followed for the reference section. I did eventually get back the points via regrade request, but this is a hassle with many weeks of waiting.
- The Project 2 is newly introduced (previously was optional), and is according to me shouldn’t really exist or should undergo a massive revamp. There is no autograder, and points were deducted saying the submission doesn’t satisfy the requirements when it certainly did in my local VM. I challenged this again through a regrade request with a screenshot from my VM but got the same reply. They should definitely be adding an autograder for all the assignments to avoid any sort of confusion.
The grading/regrading was also delayed by significant duration for each project, and while I understand that they may have been short staffed - this is still an area to improve on.
Overall I would still rate this 4/5 because of the good organization of the course and the learning outcomes lectures and projects.
Great intro course on security concepts.
Pros: Covers many info security concepts. Nice labs. Fun TAs.
Cons: TAs don’t go in depth when help is needed. Very strict on providing references in the format requested. Lectures and labs don’t mix well. At times I felt they are separate things.
I am a non-CS student who is in the second semester in OMSCS. The projects were pretty fun and documentation is quite clear (contrary to negative reviews here).
Exams were quite tricky but I would say that I do prefer that we were weighted 80% on projects, 10% on exams and 10% on quizzes (which were just simply from the textbook).
For the former negative reviews on this course, I don’t quite understand why or where this is coming from. The TAs seem super patient and looking at the questions that get asked e.g. “What textbook do we have to read?” “How do we debug the code?” “How do we install the VM?” “When do grades come out?” I mean…these are questions already answered by posts / the syllabus / documentation / just Googling. Answering these questions over and over again must be frustrating, so I do think that we need to consider the situation from the TAs and prof’s POV.
Yes, the presence of the TAs and prof are lacking in comparison to other courses but Piazza posts are always promptly replied so I don’t see an issue.
Course material is relatively easy and manageable as a second course into OMSCS. I do enjoy the variety of material taught and happy that I took this course in Summer.
For what it is worth, I received a 98/100 in this class.
I missed several questions on the quizzes due to poor wording and missing punctuation. When this issue was raised on the forum, a teaching assistant who never uses punctuation marks in their communications assured us that they were on the “question writing team” and that these questions had been reviewed and were OK. If you are taking this class, be prepared to think deeper and interpret questions less literally. Several quiz questions were also regraded after grades were released, which also gave me less confidence that these are rigorously vetted.
The grading in this class is inconsistent and petty. For example, on essays you might be asked to describe a process at the “high-level” and “in your own words,” and teaching assistants on the forum assure you to be brief in your answer and that it is not a trick question, but then lose half the points because you did not write the math equation you used in the coding portion which is absolutely blindsiding. I also suspect some graders are just CTRL+F searching for keywords. For example, one essay question asked to list 1 way to enhance something, I listed 5 unique methods to be applied together, and lost all points because the last method was insecure by itself. My regrade request was successful, but this was a frequent occurrence in this class.
I also had one essay miss three questions that I wrote each a half page answer for, with the unhelpful feedback of “the answer was not adequate enough.” This type of feedback is “not adequate enough” to challenge in a regrade since it does not actually explain what is wrong, but I submitted a regrade request stating I wrote half a page answer for each. After a while I forgot about this regrade request and a student asked for status, and the regraders did not respond until 5 days later stating that they were running behind because of a new question introduced our semester but reassured us that next semester should not have this issue. I had already received my regrade response for the next project, but after 30 days I finally received a response with full points for 2/3 of the questions. The regrader was not sure why I missed the question but suspected the first grader did not find a term they were CTRL+F searching for, affirming my suspicion that some graders do not actually read the essays. The regrader did not even respond to the third question I asked about, which is disheartening after waiting over a month, but since my score was decent I did not pursue it.
The projects and quizzes did not always sync up with me. Sometimes I felt like I was focused on a “quiz week” and then a “project week” with less common ground than I would like. One project required significant outside research since the lectures and book did not cover the questions asked. This was my favorite project because of the topics covered, but several times I wished I spent less time Googling for various algorithms and StackExchange answers and more time watching lectures in the course I am paying for. One saving grace is that the final project is a breeze for web developers; I did not read the book or watch lectures for this project and I finished the coding portion in under 3 hours, though the essay portion took me a couple days.
Overall I learned a lot and thought this class was useful, but I am not a fan of how it is graded and wished it focused more on learning, less on writing. Two surveys were offered which added +2 points to the total grade which was nice.
This was taken as my ninth OMSCS class. Overall I would say this course is much more interesting than the name makes it out to be. The difficulty here is weird, overall the assignments were on the easier side when compared to courses such as AI, however each one of them has some small “gotcha” that may take a significant amount of time to overcome.
Other reviews are spot on in that the instructors are not that helpful. I found that the instructors were not as paranoid about student misconduct/plagurism as other reviews made them out to be, but they certainly were the most paranoid out of all classes I have taken so far.
A secret tip: if you’re stuck on a project and a student has posted something they thought was helpful, take a look at it and ask yourself why. This was key to get myself through the first project and lead to my “aha” moment that made everything fall into place.
Grades were not curved,70-80 C, 80-90 B, 90+ A. 80% of the grade was off of projects (and there were 4, each worth 20%), 10% quizzes (4), and 10% exams (2). We were also given two surveys for 1% extra credit each, but I would NOT expect that to happen in a future semester. Quizzes tended to be 10 questions each, multiple choice. Exams were 20 questions each, multiple choice.
Given that 80% of the grade are projects, this is where you want to spend your time. For us every project except project 1 involved a write up. This is where your luck is drawn from, as not every grader is fair. I was lucky in my project 2/3 grader was awesome, but my project 4 grader was awful, graded my paper in such a way that they were ctrl+f-ing through your paper looking for terms in the rubric. You could answer the question spot on but unless it included the specific term they were looking for you didn’t get points.
They’ll stress a bunch on citing resources in your paper and the JDF format. I found the graders not to be too strict on these. You’ll definitely need to cite your sources, however don’t worry too much about getting perfect APA formatting, just try your best, use some resource like citation machine to do them, and make sure it’s obvious which source you’re citing. I didn’t have any issues with mine and they were a mess.
Every project except project 2 had some hidden “gotcha” that became the biggest hurdle. So even if you are an experienced programmer I would still start these assignments early to give yourself time to work through those. One of those gotcha’s had me stuck for six hours until I pieced it together.
This class was pretty great, I learned a lot. The material tended to be a bit on the outdated side, but i think it was still a worthwhile class to take. It took me about 10h a week of work, but mostly due to the tedious quizzes, otherwise it was pretty much a freebie with the added bonus of learning security from a different approach. I am a web developer by trade, and I am used to the security aspect, but this was the first time that I had to put on the “hacker hat”, and honestly it was fun and interesting. Thank you CS 6035 staff for this class, and specially the new guy Loan on P4. Wow I was impressed to see a lot of helpful responses for almost each post. Thanks!
This class is an embarrassment and does not belong in a masters program, let alone Georgia Tech. Stop defending bullshit. Anyone who complains must be a whiner? Must not want to work? Piss off. Learning experiences do not require constant handholding but they do require value. I also do not want to hear one more idiot claim, “this is a master’s program!” You know nothing about masters programs. Nothing.
Because if you spend one minute “learning” things that do not matter, you are probably a liability to your organization, whatever that may be. It’s not a question of content, but purpose. Did you train your mind for example? Problem solve? Or did you just play a game to get a grade. This class is a game to play, that is all.
Also, the head TA is frequently offensive and should be reprimanded or removed by the university if they do not want Title IX investigations.
Don’t let the reviews cribbing about the TAs or professor sway you. Remember, a lot of students take IIS. Most (as in my case) will successfully complete the course with a stellar grade and move on to their next OMSCS challenge.
From a pure content perspective, this is not a challenging course. That is why the open-book quizzes and two exams only account for 20% of the grade. The challenging part is the projects which each account for 20% of the grade (4 projects * 20% each). All of the projects do relate back to book/lecture material. That’s why I cited the textbook in every project. However, you will have to find additional sources to augment the lecures and textbook learnings.
It’s very possible for someone with a CS background to scoot through this course without breaking a sweat. However, it seems like a lot of non-CS people are the ones whining on OMS Central. This is a masters program which means that learning is not about regurgitating the textbook or lectures. Yes, some of the project writes ups could be a bit clearer, but they aren’t so terrible that a little research won’t get you over the hump. Or how about checking Piazza or office hours recordings?
The bottomline is that I learned a great deal in this class. Some material was review from my current occupation as an application development director at a large company (i.e. risk management, IT security policy). However, most of the material was new to me. Projects 3 and 4 were directly applicable to my current role. Project 1 & 2 were applicable, but not necessarily on a day to day basis.
There are a lot of students in this class. TAs have to be direct to answer everyone’s questions on Piazza so there’s no warm fuzzy feeling in most interactions. Also, a lot of students ask questions that were either already answered directly in the syllabus or by other students’ posts. That’s really annoying and I’m not even a TA. It clutters up Piazza. Imagine if you had to respond to all those as a TA… Frankly, they seemed quite patient to me.
I would recommend the course. And if you’re a non-CS person (as I was), come prepared to do research and not be spoon fed. That’s how you learn. And that is why I will be walking away with a substantial body of knowledge.
One other note: anyone who wrote a review expecting a professor to be consistently present in a 300 student section must not have attended a large institution for undergrad. Most in-person classes of this size would have the professor teaching the lectures and the rest of the course (office hours, proctoring, Etc.) largely handled by TAs. I know because I was one of those TAs in undergrad. Same applies here. The professors put together the lecture material (see videos). TAs manage the rest of the course with escalations going to the professors. Smaller courses later down the line in OMSCS have more professor interaction (see reviews for Video Game Design or GA).
All in all, a pretty well run course. The assignments (especially 3 and 4) are extremely well written. Some of the most clear and understandable requirements I’ve seen in the OMSCS. The TAs sometimes come across as hostile on piazza, which I think lead to a very inactive forum. The tests and quizzes have a lot of poorly written questions, and they’re weighted so low that they feel like an after thought. I think the course would benefit from just dropping the quizzes and tests and adding a fifth project.
The review body has been replaced with this text due to violation of platform policies.
This was a pretty decent class, I needed to sharpen up my skills for work while still keeping a pretty light schedule. This class fit the bill perfectly. TAs were nice and knowledgeable. I recommend it!
Quick Summary: The quizzes are very easy, the midterm/final are moderately difficult but not crazy, the projects are very hard with the exception of project 2, and the hourly workload for me varied from 2 hours per week during light weeks to 40 hours per week during a difficult project.
Overall Review: I strongly disliked this class.
As a mostly non-CS person, this class was extremely difficult. That, however, is not my issue with this class. I am one who doesn’t shy away from asking questions, asking for help, and putting in the hard work to learn something new. This class was difficult for me because the professor rarely chimes in, and the TAs (who are very knowledgeable and I got the sense WANT to help) were completely unable to help in any way. The projects have a high learning curve, and you are given no help to push you along. I asked a few questions to the TAs early on in project 1 and was basically told to “try harder”. Further, the lectures and reading have very little to do with the projects except for the most general of background information. This lead to all of the projects being a lesson in Google and YouTube searches, which is not why I am paying to go to college. Further, the projects 1, 3, and 4 were (in my opinion) hard for the sake of being hard and did not do a good job at helping me learn along the way.
That being said, I got a decent, but not great, grade in this class. I am happy that this class is behind me.
This course is great, the TAs are awesome and they put a lot of effort in running the course. Instructor is disengaged, never had a lecture or at least a chat about any of the course’s topics.
The course involves weekly quizzes, projects and a couple of exams. Quizzes are good to keep in sync with the topics. The projects are awesome. They are what I liked the most of this course. Projects have a nice level of challenge and really demand you to understand the topic. Exams are good, got decent grades without studying, got a final A grade.
Overall I really enjoyed the course, just felt some topics were outdated (old data and articles), and that the materials/projects could add some topics with newer technologies (container security, newer web stacks, software supply chain, etc.).
I started the OMSCS program in Spring 2021 and took this is course as the first class along with another course. I am a full-time student and I have a background in Computer science and a few years of work experience in SW development.
This course is really great to begin the program. It is not heavy on coding so can be helpful for someone who is new to coding. Although the lectures and quizzes are okay, you learn a lot from the projects. There are 4 projects and an optional EC project. Depending on your background you would find some projects easy and some difficult. But you have plenty of time to learn new concepts/language specifics and finish the projects.
The quizzes are open book so they are pretty easy to ace. The exams are a bit tricky but fair.
I found the TAs to be helpful. They do provide helpful hints during projects but of course, they will not spoon-feed. I wish there were more opportunities to interact with the Professors.
Overall, this is a great class to begin the program. You will learn a lot and with the right efforts, you can easily score an A.
I took this as my 5th class in the program. I really disliked the majority of this class, but not because of the content. Also I rated it a medium on difficulty not because of the content but because of the atmosphere and TA rules/interactions. The toxicity of the environment made it difficult for me to want to do the work to get through the class.
As other reviews have stated there are 10 open-book quizzes and while you can CTRL-F on keywords, there is at least one question on each quiz that is worded with a double negative making it challenging to understand the intent of the question and subsequently a suitable answer. I’m a native US English speaker and found them very frustrating and terribly inappropriate given that there are numerous courses available on how to create quality multiple-choice questions that do not rely on double negatives.
Also on exams, the double negative questions persist and while you do take the exam and get a score back, you are not allowed to see the questions you got wrong because someone in the world might screenshot the exam and share it out in the world. I found this pretty irritating because it gives the student no room to challenge the question or the grading or even to understand what they got wrong and why. In the other classes I’ve taken in the program this was not the case - all exams were available to review after grading to see how you did / ask questions. If the instructor/TAs cannot come up with different sets of questions to ask on exams from semester to semester, that’s a real failure on their part.
The other reason I disliked the course is because while I could have contributed to discussions on Piazza, the TAs were constantly warning about cheating and inappropriate collaboration to the point that I purposely decided not to participate in order to avoid getting something I posted interpreted in such a way that it would be flagged for referral to OSI. In addition, there were several “anonymous” posters that sort of kept a back and forth going with the TAs and I found that very unprofessional on the part of both the students and the TAs. We are all adults.
Finally, the TAs were not helpful at all and there seemed to be a ‘security bros’ attitude in the few office hours I did watch (I could not attend due to time conflicts). As a woman in the program, I found this very off-putting. I did not expect it at an institution such as Georgia Tech and I have not experienced that in any of the other classes I’ve taken in the program.
As for content, Project 4 needs some work around adding content to the course lectures or supplemental reading outside of the textbook to ensure that students understand the full-stack and web request / response life-cycle since there are plenty of students who are in the OCY track that do not have this as was evident by their posts on Piazza. Other than that, the projects were reasonable and doable given the presented content, textbook and time allotted.
Given all that I did get an A in the course.
Joke of a class, TA’s are anal about grading writeups and you don’t really learn too much except from projects 3 and 4.
Project 1 - just google the answer. As long as you know how to paraphrase and cite your sources you won’t get sent to OSI.
Project 2 - literally just parsing json files for keywords to characterize a few malware files. I had no idea what I was doing, still don’t know, but aced the project because it’s brain dead easy if all you’re doing is checking to see if a keyword exists in the json file.
Project 3 - pretty good, learn about hashing, crypto, RSA. Best project of the class.
Project 4 - fun web development attacks. Find weaknesses in php files and use javascript to implement attacks.
Project 2.5 (EC) - machine learning to categorize malware. Also a brain dead project, you just iterate through various config files until the provided machine learning program passes
Lectures - cute drawings but doesn’t help much for tests or projects, the udacity quizzes were mostly a waste of time as they would ask you a question you had no exposure to prior to introducing the concepts
Quizzes - just ctrl+f
Exams - there are trick questions so be careful
Ultimately didn’t learn much, but didn’t spend much time on this class either. Take it if you want a high level exposure to security topics and are pairing this with another class.
I enjoyed this course, P1 and P2 might be fundamental. P3 and P4 are very useful, you can literally apply them for work. Personally I think it is truly a great course. You will learn RSA and find a lot of Python algorithm related.
The best part of the course is the learning progress.
I got an A and I didn’t spend a lot of time on it. As long as you take it serious, you can nail an “A”.
I won’t reiterate what a lot of the other reviews mention. I came into this class predisposed to how bad it is (and I figured it wouldn’t hurt as it is a survey course). Actually, this course is fantastic and the experience is greatly improved when you join the class slack channel imo. Many of the TAs and students hang out and discuss random and/or relevant topics which makes it a fun course to go through. The TAs communicate very well and as much as they don’t like it, they are down to rephrase their answers if it gets the point across.
Anyways to the core bits: Exams - really focus on the study guide and keep in mind that 10% is outside of that so hit the books.
Projects - P1 is a gradual introduction and may be rough for non-technical students but there are a ton of resources online for it. The textbook even lowkey does a majority of the heavy lifting. P2 is a shitfest of second guessing because it’s so easy to misinterpret so it can take an hour to many nights. P3 is the hardest project imo because there is a lot of topics not shown in lectures (but also the most interesting). P4 is the second hardest after P3 and it can be tough if you’re not familiar with web development.
Quizzes - Get an online copy of the textbook and ctrl+f your way to victory. It is also a good indication of how well you would do on the exam too (if you don’t do the ctrl+f route).
Concerns? The biggest issue I had with this course was how much they hammer it to you about OSI. It is understandable as this course has 3-4 programs with 1k students. It actually made me do more work than was necessary to try and make sure everything was completely cited. The grading process is a bit on the long side (but then again I can’t fault them on it as there are 1000 students and only so many TAs).
Lecture Videos: This is on canvas and they are fine, watch thru them once and for subsequent reviews just rely on omscs-notes.
Quiz: There are around 10 quiz which are due end of week, open book and most of the questions are from the course text book Computer Security. They are fine and if you put little effort you can score 90 to 80/100 in every quiz at minimum.
Projects: Not that hard if you are coming from software dev background. You have plenty of time to complete the projects. Most of them are easy. You are fine if you have some basic python or programming experience. Project 4 needs some web development knowledge, if you understand some basic web concepts you will do fine here with some additional effort. Also, for project 3 brush up on some modular arithmetic skills.
Exam: Average difficulty, multiple choice questions (25). If you prepare well you can do well here as well. You’ll get exam study guide on what topics are covered for the exam. Exam’s are closed book.
Professors: I haven’t seen them interact with students that much, personally I don’t care about this. Lecture videos were above average and communicated well on the topic they wanted to present.
TAs: Didn’t like TAs that much. Not sure if the TAs change for every semester but the Spring 2021 TA team is my least favorite during my OMSCS journey (this is my 6th course).
Communication: Piazza is the way to go if you need any clarifications or questions answered. There is a slack channel #CS6035 but don’t join there unless you want TAs and some students discuss some random topics. Slack is not official communication channel so it’s not a big deal and they can do whatever they want. But stay away from slack if you are bothered by this :)
Overall, easy class and you can pair it up with another class if you are coming from software engineering background. I liked the class overall minus the TAs.
Final note, the grading on this course is very slow. Could be because of the number of students or other reasons. But they take little longer to grade stuff compared to other courses I have taken.
This was my first course in OMSCS. I took it because, among the courses that were available when registration opened for me, I thought it would be the most useful. I am fairly certain I will get an A once the grades for Project 4 are released.
The projects were the best part of this course. I have a Python and web development background. In terms of difficulty(for me), I would say P4, P3, P1, P2(increasing). I think P2 was difficult because it had more to do with analysis and I was constantly second-guessing myself. P1 was also difficult because I hadn’t done anything in C after the 1st year in undergrad and had never used gdb. I felt comfortable doing P3 and P4 because I was familiar with the tools and had to just focus on the problems at hand. Most of my learnings from this course was from projects. They were also a big chunk of the grades.
I didn’t study/watch most of the textbook and lectures as I progressed through the course. The weekly quizzes were open book and I could find the answers to the 10 questions in an hour. I didn’t study them for the 1st exam but I got an okay score since a lot of the questions were from projects. I did see the lectures and selected topics from the book(using the study guides the TAs provided) for the second exam and got a decent score. I learned a lot while doing that and so now I regret not studying for the first part.
I didn’t have much interaction with the TAs, but that’s on me. I did see that they were fairly active on slack and piazza.
The work hour I provided is not evenly distributed. Since I didn’t do much studying weekly, most of the weeks it was around 2 hours per week. But that increased a lot in weeks(or 2 weeks) before the deadline for a project which took some time to tackle.
This was my first class in OMSCS and will probably be my last. I got a B in it and I think that an A would be very easy to do if you put the work in. The exams and quizzes are pretty easy, but the projects are hard. They are not much coding but are very ambiguous and difficult. I am not familiar with web dev so I struggled on P4. P2 was in my opinion a complete waste of time and should not be a part of the curriculum. While I never posted questions on Piazza, the TA on it were rude and condescending. I plan to drop out from OMSCS so take this review how you will.
This course is an amazing course. The professor definitely puts his best TAs in this course. There is an aura of camaraderie with the students in the form of mutual respect. The tone, coupled with mature responses and rigid requirements which is to be expected in a top graduate program, create a welcoming learning environment. Expectations are high in formatting and in content, so when it comes to grading written portions of labs, you’re able to answer with confidence. If you disagree with a grade, they even let you request a regrade!
I have every single professional certification related to this area of study. I took this class as a refresher. I did so well because of a complete understanding of cybersecurity by the TAs (and myself). Some of their actual work histories are impressive (I wish I was kidding, check their LinkedIn – yep, you got that right, I totally googled them and looked all of them up because that’s what normal, sane students do!). Any protest towards quiz questions or lab grading is met with a valid response.
The content of the course itself is great. Content, files, quizzes, are all clear. The slides and lectures overlap with the textbook. 90% of assessed material is straight from the book, not the lectures. Quiz and exam questions were written by someone with a mastery of the English language, and I would never be racist and accuse all the TAs of being ESL (some of the other reviews on here try to black knight this and say some very racist things about them, and to which I say this is unacceptable. Words matter.)
There is consistency with learning objectives and the content. Compared to 6262 (this course’s sequel), 6035 is a good jumping off point. The TA’s leverage autograders to the student’s benefit. On the last project, they even give you explicit details about how their autograder will test the exploits!
This course isn’t hard. Good luck.
If you’re looking for a cybersecurity course, this isn’t it. Projects are fun, although be prepared to receive no feedback on any of them. TA’s are real sticklers for plagiarism and anything revolving around cheating so dont risk it. Quizzes are based on trivia in the book and some topics from the lectures. Tests are trivia from the projects you did that part of the semester and the book. If you have a CS background and know a small fraction of web development, this class is easy in terms of the projects. Only read the book for tests but its pretty much unapplicable anywhere else. Lectures are dry and can be skipped if you know what youre doing.
This course is a dumpster fire. The professor definitely puts his worst TAs in this course. There is an aura of attitude against the students in the form of unearned superiority. The condescending tone, coupled with juvenile responses and inexplicably rigid requirements, create a hostile learning environment. Expectations are harsh in formatting, sparse in content, so when it comes to grading written portions of labs, you’re at the mercy of whatever subjective interpretation the TA has for your answer.
I have every single professional certification related this area of study. I took this class as a refresher. I did so poorly because of an oversimplified and completely naïve understanding of cybersecurity by the TAs. Some of their actual work has never left the confines of a summer camp (I wish I was kidding, check their linkedin). Any protest towards quiz questions or lab grading is met with outright disregard and disdain.
The content of the course itself is an organizational disaster. Content, files, quizzes, are all over the place. The slides and lectures rarely, if ever, overlap with the textbook. 90% of assessed material is straight from the book, not the lectures. Quiz and exam questions were written by someone with a poor mastery of the English language, which leads to vague propositional statements with open interpretation (some of the other reviews on here try to white knight this deficiency, and to which I say this is unacceptable. Words matter.)
There is little consistency with learning objectives and the content. Compared to 6262 (this course’s sequel), 6035 is a disaster. The TA’s have no clue how to leverage autograder to the student’s benefit.
This course isn’t hard. It’s frustrating having to deal with the teaching staff and their ineptitude. Their ego gets in the way of learning, and the entire TA staff needs to be discharged. Good luck.
First course. No CS background. No web development background. No IT background.
Content: The class text presents a lot of valuable content in terms of security, malware, and vulnerabilities in software.
Quizzes were easy; 15-20mins max to take each. If you’re disciplined you could read the text and watch the lectures beforehand but the actual quiz is an exercise in CTRL-F and needs no prior reading. The TAs try to customize the content from the verbatim text but it’s easy to filter out what they’re getting at. Every so often there’s a question that’s not referenced in the text or lectures.
Project 1 Buffer Overflow. 25 hours. It’s hard to visualize the stack but there’s Youtube videos on it that do well in explaining it. The project added a twist with jumping to a library and “cleanly exiting”. Don’t expect to be taught how to do this and don’t expect the TAs to explain it afterwards.
Project 2 Malware Analysis. 5 hours. This project did the best in providing resources to finding the solutions and was overall the best made. Navigating the VM was tedious and slow but it generally wasn’t a nebulous project.
Project 3 Crypto. 20 hours. Python code heavy but knowing how to do if, then, while statements is all you need.
Project 4 web security. 30 hours. The most scatterbrained and ambiguous instructions in the course. I believe the team that created this assumed the student is familiar with html, php, and javascript. Three different languages that need to be understood for this project. Understanding the flow of PHP, how it interacts with html and injection of javascript wasn’t trivial.
Exam 1 & 2 had study guides but you can essentially shred them. They listed 10 items to study which included “Project 1, 2, 3, 4 concepts” as a line item. Then the other 9 study items were the project concepts themselves. The bulk of the exams were the projects mixed in with random lecture and text trivia.
Admin: As a introduction to GT, this course was a shit show. The priority of the instructors isn’t the student’s education but rather the integrity of the graded material. If you’re taking this course to learn and be taught concepts from the experience and expertise of the instructors, you’ll be left disappointed.
Piazza was a good forum to ask questions and most of the TAs provided their best answer however, information in regards to how to implement the projects left the students wanting. The class was 600-700 students strong and there was the inevitable clash of personalities and keyboard warriors disparaging other students/TAs.
Slack was available for students to converse in a real time chat room however, TAs were also present in the rooms to moderate. 90% of the TAs in this space were sophomoric at best or hated their job so much you’ll question why they didn’t quit. I was disappointed in how the TAs interacted with students. Most were condescending, rude, and belittling while lecturing “woe is me” for so many students being in the class. As a representative of Georgia Tech’s faculty, their lack of professionalism reflected poorly on the school.
I have a non-CS undergrad background but I work in IT. This course was overall fun and interesting. This was my first security class and the 4th class in OMSCS program.
It is very well organized.
The course has 4 projects(15% each) and 2 exams(15% each), and weekly open book quizzes worth 1% each( 10 total ).
Project 1 involves understanding C programming and understanding GDB, as well as Buffer Overflow. This one was tough but not too scary. Although, some students never solved it.
Project 2 involves understanding malware detection. No coding involved. Fairly easy.
Project 3 involves Python and Cryptography - this was by far the hardest of the projects and took the longest to complete.
Project 4 involves Web Security and was very fun. Not difficult due to my background but some students felt it was the hardest project.
Quizzes are basically free points if you review a little prior to taking it. Plus its open book.
The exams aren’t too bad, maybe 1-2 days of review. They test your understanding of all the material for each half of the semester. There is no final.
TA’s are very helpful in piazza and slack. However, sometimes they can’t give much help because most of the help would give answers to the projects.
If you study the material and attend Office Hours you can easily get a A or B, even if you mess up on 1 project or exam. Update: I got an A.
It’s a good introduction class to security.
No help from TAs for the project. All they discussed in meetings was points and won’t actually help saying they do not want to reveal the answers. There was no way to figure out how to complete the projects. Waste of time and money. This class needs a makeover. Focus should be on making students learn and help them with projects. Found the TAs very unfriendly and unhelpful. Would not recommend this class to any one. Please take some other class and safe yourself.
2nd / 3rd class (taken with HPCA)
If you have any background with computer architecture and web development, this class is pathetically easy. It felt like the majority of my time was spent reading the textbook or watching lectures, most of which wasn’t even relevant to the projects.
There is zero reason why you should get anything less than As on the quizzes since they have a 1 hour time limit, are open book, and all of the questions are directly taken from the textbook.
The places where you are most likely to lose points is on exams or the project essays. If you understand the project material and use the provided study guides, the exams aren’t that difficult. The exams are short though, so if you miss one question it will hurt. The project essays are fairly straight forward, but there is a chance you will be docked points because some of the TAs didn’t like that your answer wasn’t exactly what they wanted.
The slack channel is very active and most of the students and TAs are helpful to the extent that they can be.
To be perfectly honest, save yourself the money. Do challenges on picoCTF or some other CTF site and grab a book or two. You’ll learn everything you would have learned from taking this class and more, but without the hassle of watching lectures, writing essays, or taking tests/quizzes.
The majority of students here are OMSCY, of them many are the policy specialty which has no coding background requirement. They are in for a rude awaking. You not only need to know coding, you also need to be able to read algorithms & have some background in discrete mathematics.
The course is intentionally hard to discourage cheating, which none the less is rampant. I still do not get how someone can think copy/pasta on code (and not even so much as a citation) is okay, but I digress. Half the class (well, 40-50%) dropped.
Write ups after projects are a part of this, but they need to be made smaller as our code can do the talking.
TAs can be hit/miss, typically kind/helpful - but get to know them on the slack page and potentially ask them direct questions there, as some on Piazza are pretty short with answers. But again - the majority are great.
This class is 99.999% TA, 0.001% Prof. Grading is fair.
Pro Tip - The first project is a total weed out, don’t cheat & know basic C compilation & debugging.
Background: Undergrad in CS (~5 years ago). Have never worked in software/tech in any capacity. Paired this with GA. Both courses have a portion on RSA midway through the course that tie in perfectly and help with one of the projects. Highly recommend if you’re trying to do two per semester.
The course has 10 quizzes, 2 exams, and 4 projects. The quizzes are mainly from the textbook. Quizzes are open book with an hour to complete it. No analysis other than finding the answer in the book. The exams cover textbook and projects. I haven’t taken the second exam at the time of this review, but the first was fair. If you at a minimum go through the course notes, you’ll be fine. Actual implementation portions of the projects are challenging and rewarding. The write-ups, especially for project 1, is an OSI witch hunt and is my biggest critique of the class. You will be given a high school level difficulty write-up of regurgitating definitions. Just go through the motions and reword the word for word answer in the book… Even if you feel like it is a joke… Unnecessarily painful. I will say the other write-ups were much better though and actually required some individual thought.
Projects took about 10-20 hours each. Other than that, this course only requires as much work as you would like to put in. You can very easily skate by with literally an hour per week outside of projects to do the quiz or spend hours actually going through the material.
Pros
1) TA’s were responsive on Piazza and Slack 2) Coding portion of projects is great 3) Exams are fair 4) The drawings in the videos make me happy every time.
Cons
1) This class is the most likely to throw you to the OSI Gods out of any I have taken. 2) Projects may be challenging if you do not have a CS background, but are definitely doable.
The worst course I’ve taken. Regarding the course content, it’s too outdated to catch up with the latest trend in cybersecurity. I’m working as a security researcher in one of the tech giants(FAAMG) and the content covered in this course is useless. The instructor team was not responsible at all. Whenever I ask questions on Piazza I get very vague answers, emails will never be replied. The textbook was super hard to read, I cannot focus on it for more than 30 minutes each time. It’s just dry and abstract. It’s not a hard course itself if you come with some decent CS background. Without prior CS fundamental knowledge, it’s gonna be challenging. I recommend giving another thought if you are up to take 6035.
Although I put a lot of time per week, I was consistently a week ahead of the material so you could probably get away with putting in significantly less time than I had. I also received an A for this course. A lot of the frustration comes from the fact that there isn’t a great way to measure your progress when doing the projects. I felt that I would struggle early and often on an project until something clicked or miraculously worked, only after which everything made sense. Having said that, I don’t think the material itself is too difficult; if you put in the time early and consistently I don’t think the course asks anything too much of you in terms of assignments. Tests, for the most part, were easy, but it really wasn’t clear to me what I should be studying in order to prepare for them. I felt that most of the test material was straightforward but some questions might have come out of nowhere; however, I think there shouldn’t be any issue on getting around a B for them. Overall, this class is a fairly good introduction class and serves as a good foundation for learning more about cybersecurity.
I will preface by saying I have little interest in Information Security and took this course as a course to ease back into the program after having taken a semester off. I was hoping it would engage me, and I went in with open mind.
Unfortunately, I did not enjoy this course at all. The projects were tricky and some entailed using a VM in a VM. As you can imagine it was painful doing these assignments. The lectures were dry and uninspiring, but they were okay.
I think this course has potential to be good. Some of the TA’s were great, but others gave no help. Some of the projects were tricky, and tricky as in being artificially difficult in a way that doesn’t add to educational value (i/e project 1, requirements were not adequately defined and entailed searching slack for hints). Some of the projects were interesting (hacking a website, rsa hacking). If I wasn’t so irritated by the beginning of the course, I would have maybe even enjoyed some of it.
But yes I can’t recommend, even if it is considered an easier course, the hassle it comes with makes it the least enjoyable class I’ve taken. I’m halfway through the program and have loved the other classes. Take it if you have interest in security, but otherwise avoid the hassle. Plenty of other great courses to take in this program.
I think the common theme for this course is that it can be quite difficult for folks without a CS undergrad degree. I fall into this category, and so the projects that focused on exploiting a program written in C and RSA key cracking forced me to really dive deep and teach myself some of the supporting material to get through them.
That being said, I learned a ton in this class and I would highly recommend it for anyone that is interested in exploring a broad set of topics in cybersecurity from a technical perspective.
This was my second class. The class was broken down into 4 projects and two tests. The tests were more about knowing different protocols and policies, this was a bit more about just remembering things than it was having to think through anything on the tests. I wasn’t a huge fan of the tests because of this, however it was really only the two tests you had to go through memorizations. The Projects were fun and worth more of your grade. The first project was about C and Linux, this to me was the hardest project due to my lack of C and OS experience. The other projects where Python or JS/PHP based which I found much easier to work through despite them supposedly being “harder”. This is a good high level intro course for anyone who is in the CS program to understand security which is a growing field of importance.
I took it as my first course in OMSCS with some background in SWE.
The Good
The TAs and other students were very helpful, giving guidance and sometimes even arranging last minute Office Hours to help students who were struggling with projects. Be sure to check in on Piazza regularly. The Slack channel is also helpful but not all TAs are there, good place to get to know other students though.
For me, the best part of this course are the projects. I had a lot of fun trying to figure them out like puzzles (they had some pretty humorous clues lying around) and when I did, boy, the sense of achievement is awesome. Brush up on C, Python and some web technologies like Javascript & HTML for projects.
There are no curves for this course but it’s not too difficult to get an A if you keep up with the pace and not fall behind too much. Extra credit projects are also offered to help boost grades.
The Bad
My main gripe with this course is just the textbook. It was pretty verbose, dry and jumps around quite a lot. Exams were better this semester as TAs re-wrote them to incorporate understanding from projects but there are still some tricky ones to watch out for.
Overall
It’s a great starter course and walked away learning a lot. Would recommend.
I’m a career-changer seeking my first software development role without a CS background. I took this course along with another as my first semester. The tests and quizzes weren’t very difficult so long as you watch the lectures and do the readings. Taking notes for the exams as a second watch through and review really helped.
I really enjoyed the projects, though they were quite challenging. The TAs do give hints, you just have to watch or attend the sessions and pay attention in piazza. However, either you get it or you don’t, so allow plenty of time to load the projects into your brain and let it work through them via diffuse learning. I had an A going into the fourth project, but did poorly on it and ended up with a B, and I’m still not sure why that was the case, but I would say be very diligent and take the projects very seriously, especially those with a non-CS background like myself, and you’ll be fine. This course exceeded my expectations though I was obviously not fond of the final project which seemed to go in multiple different directions and be less focused compared to the first three.
This course is super hard. I got an F. The TAs weren
t helpful. They never gave you hints. The Buffer Overflow project is hard. The RSA numbers and Nonce values are impossible to solve, Javascript exploits are hard to hack. You need to be Mark Zuckerberg to pass this course with an A.
Introduction to Information Security is a relatively low-effort not too challenging foundational course in the basics of InfoSec. The course lectures are a series of short, 1-5 minute videos, with about 15-30 to watch every week. I found the videos to be inadequate to cover the material and relied some on the book and more on the Internet to research topics, particularly for the projects. There were weekly open-book quizzes where the questions were often taken directly from the book or the lectures and that did not test understanding of the concepts at all.
The exams were likewise based heavily on regurgitating information from the lectures, the book, or the projects and were a terrible measure of how well students actually understood the content. Mostly, they tested student’s ability to memorize esoteric pieces of information that anyone would simply look up online in a real job. That being said, there were only two exams and they made up only 30% of the final grade so you don’t need to stress about them too much.
By far the best part of the course was the projects, of which there were 4 (Stack Overflows, Malware Analysis, Encryption Algorithms, Web Exploits) and a bonus project (Clustering Malware reports with machine learning). These projects were mildly challenging (I spent between 10-20 hours on each) and were actually rewarding to complete. They required a lot of independent researching of information (most of the material was not covered in the lectures or even in the textbook so use the Internet to find relevant information) and quite a bit of tinkering with code (C, SQL, html, JS, Python) to execute the exploit.
Overall, Introduction to Information Security was worthwhile because it made me aware of many security issues that I’d never noticed before and definitely increased my interest in the subject. I’d take this course again just for the projects even if some of the aspects (lectures and exams) were poorly executed. If you already have some experience with InfoSec, then you might want to skip this course (unless you want a low-effort class) but I’d recommend it to all students as information security will only increase in importance and adopting a security mindset is a crucial skill.
I started with not liking this course in the beginning. But with the passage of time, I believe I learned a lot and enjoyed the course content. TAs are very particular about grading and deduct a lot of marks for small mistakes. Projects are top notch and you learn a lot while doing them. Prof gave opportunity to earn 7 extra marks.
This was my first course in the program. I have no background in security and this is the first time ever that I’m getting introduced to security concepts. Projects are the best part about this course, 3 and 4 especially. Project 3 was the most time consuming. Project 4 was the most interesting. TAs were nice and office hours were helpful. I feel like I have learned a lot from this course.
The lecture and project are useful. You don’t even need to watch the video before you finish the weekly quiz. The weekly video is usually 15minutes to 60 minutes long. I usually spend 2 hours a week when there is no project and exam. And during the four project weeks and two exam weeks, I spend an average of 20 hours per week preparing them. Many extra point opportunities and easy to get an A. I like the project very much. When I am doing a project, I felt I have learned a lot myself and get an introduction hand-on knowledge of info security. I have no CS background. The only programming language I know is MATLAB. But I found the programming work in this class is not hard and TA gives some tutorials on learning python.
While I had some background in the field, overall, the content of the course is really interesting. In particular, the assignments are enjoyable and very rewarding. What I didn’t like was the inflexibility of the lecturer - I was told that we have to use a very specific version of the textbook, and it is not available in my country, so I asked for advice on what I can do to obviate this (perhaps suggestions on digital copies or contacts with other classmates in the same region so I can talk to them) but instead I was told that I am on my own.
Additionally, I requested a date adjustment 2 months ahead of the exam because the window would clash with a travel itinerary where I would not have access to internet or would be conducting a layover (which is impossible to attempt a proctored exam with people etc. around). I was told again that it was my problem to sort out.
Once I managed to find a “solution” to these two problems, I was at least able to manage all the assignments (they were really entertaining, and interesting).
Having done 3 other OMSCS courses at this stage, I found the lecture content to be very dry and difficult to follow, and the exam preparations were very specific to a very specific version of a text book. If you answered a theoretically correct answer, but it did not match the text book’s answer (at the time), you were marked wrong - which obviously was a big problem for me since I couldn’t get the right text book! Nonetheless, I earned an easy A in the course because I did extremely well on the assignments, to offset my challenges with the weekly quizzes and exam.
Overall, if it were not for the painful lecture content and inflexibility from the teaching staff (at the time I participated, this might have changed now), I would wholeheartedly recommend this course because the assignments are worth it. At this point, I must just caution you to what you might experience.
** I TOOK THIS COURSE IN CONJUNCTION WITH CS6250 AND THE WORKLOAD FOR BOTH WAS PROBABLY EQUIVALENT TO CS6290 OR CS6200 ON THEIR OWN - HIGHLY MANAGEABLE, ALBEIT CHALLENGING ADMIN-WISE **
This was actually a fun course (even though I have no experience/interest in security). Furthermore, I do not have a CS background (I did EE in undergrad and I am a web developer now). Here was my experience:
The TA’s run the class. Although I have a lot of respect for the TA’s, it was extremely frustrating that the professor was MIA during the ENTIRE class. I think Professor Lee did one office hour - but it was in conjunction with one of his other classes and it was not about the class material at all. In Piazza, the TA’s are listed as “instructors” so it is a bit confusing as to who is actually running the class.
The TA’s are really smart, but they are not experts. The questions on the quizzes and tests and the project instructions reflect this. The quiz questions come directly from the book and sometimes are taken out of context - or they use some erroneous information that happens to be in the book. I think that if the professor took a larger role in the class these kinds of things wouldn’t happen so frequently. If you complain about it, the TA’s have a bit of an ego and are super resistant to changing grades. Also, the TA’s spend zero time actually explaining the material. Most of what they spend time explaining is meta-data: answers about the questions themselves. But they give these as hints - which I found weird. It’s almost like they don’t want you to expect to get clear communication from them. Like it’s considered cheating to be clear.
However, I don’t want it to seem like I did not like the TA’s. I am actually shocked at people complaining about the TA’s being narcissistic… I consider myself very sensitive to rude behavior - and the TA’s displayed none of that. I did get frustrated with a couple of the quiz questions and their resistance to giving me and others our points back - but they were never rude about it. Stubborn, sure. But not rude… Sometimes, I think the students will give snarky answers (maybe in an effort to suck up to the TA’s?), but I didn’t see any TA being outright rude. I did see students being entitled and rude to TA’s and other students.
And maybe the lack of clear communication is a grad school thing… (this is my first semester, so I wouldn’t know).
My favorite TA (by far) was Joe. He is just super helpful and nice.
My biggest complaint about this class (and as I read other reviews - it seems like this is an issue with OMSCS in general) is the inability to collaborate (without it being considered cheating). Basically, if you aren’t in a group project, you can’t talk to others about the project. (You can’t even post a link that you found helpful to figure something out). I know some people work better individually, but others work better in collaboration with others. This policy encourages the former and discourages the latter, which unfairly cuts off a whole range of people. In this particular class, the project questions are so ambiguous and vague, a bit of collaboration would be super helpful.
All that being said, here is a path to doing well in the class:
1.) If you don’t have a CS background, you REALLY need to dig into C. It’s not about the language so much as about how C is implemented on the operating system level. Think registers and memory. A book that helps a lot is: Operating Systems, Three Easy Pieces
2.) Learn Python
3.) If you are not a web developer the last project may be difficult. Definitely spend some time looking into http protocol, html forms, CSRF, XSS, and SQLi.
4.) I did not like the book very much. I found it inconsistent in its level of detail - which can be confusing if this is your first time seeing this material. So, I found myself finding other resources to explain complex topics. In other words, use the book as a reference for the information on what you should know but not necessarily as an actual teaching device. The lectures (which are 5 years old) are practically useless… If you have time/inclination to watch some videos, I suggest youtube (search for the chapter/title headings in the book).
5.) Also google the projects. The TA’s spend zero time explaining the actual material you need to know.
But overall, it was a good class and I am glad I took it. Sorry for this long essay. I wanted to leave a review that I would find helpful. You are welcome. :D
This is the first class I have taken in the program. It was the only class I took this semester. I have an electrical engineering background with only minor programming experience. I do have some cyber experience and have the CISSP.
I have mixed feelings about this class. I did really enjoy the varied topics and the projects. The weekly reading & lecture load was too much for me to do completely, so I quickly focused more on the reading and watched less lectures. It become easier by the middle with some weeks having the same chapters or lecture sections assigned.
Though I did enjoy the project topics and the hands on nature of them, I did get frustrated because with most of them I found myself spending most of the time finding that one way to write the code, or hook needed to get the answer. I know from experience that this is how can happen IRL, but its a lot of ‘wasted’ hours. I’d say I spent at least 30-40 hours per project. Projects 3 & 4 were the most challenging for me.
The TA were excellent. Their office hours and prompt responses on Piazza were greatly appreciated.
Andy
This was my first class and I enjoyed working on the projects. This course takes about 10 hours per week on average. All my hour estimate below includes time I started + breaks for personal stuff. Taking 1 course per semester and working full time.
This might be an Intro to Info Security course, but it’s a master’s level Intro course. Basic requirement of OMSCS is some coding & CS background.
4 Projects
- Buffer Overflow
- Approximate hours : 5
- Read the prerequisites. You are expected to have computer architecture background. (I believe computer architecture I & II). If not, I imagine you have to do quite a bit of research because you might not even know where to start. (maybe 20 hours extra)
- Malware Analysis
- Approximate hours : 10
- Instructions were provided on how to use the tool for the analysis
- Cryptography
- Approximate hours: 25
- I waited until the last weekend to do this. Highly recommend you don’t for this project. I didn’t read the instructions or complete most of the lecture because I was procrastinating. I had to work very quickly and research the math and equations behind the task. Along with writing the report and citations and taking several breaks here and there for my personal house chores, I think I finished in 25 hours.
- If you don’t know python, add on another 5-10 hours to get use to it.
- Web Security
- Approximate hours : 20
- If you don’t have a background in HTML, JavaScript, and API , add another 10-20 hours of research and learning.
Readings/Lecture took about 10 hours per week. Exams took about 10 hour review for each. Altogether for me, it was about 10 hours per week for 16 weeks.
This class is overall pretty easy. This is great to pair with another course. If you’ve taken any sort of security course previously, this will likely be a giant review.
There’s weekly quizzes based off of the readings. You really can just ctrl+f the answers.
I also got through this course with just the readings and never really watched the lectures.
Homework is generally pretty easy. Project 4 is probably the most rewarding and fun class.
I would say otherwise, as a course it’s… fine.
I’m an OCY Policy Track student with a background in IT risk management governance, risk, and control. I had a limited technical CS background and brushed up a bit over the summer based on the materials provided via email. CS6035 was brutal for me, but glad I got it out of the way as my first course.
Pros:
- Communication on Slack and Piazza was helpful.
- Some TAs are really helpful and provide small hints.
- Book is dry, but good and interesting info in there.
- I learned a good amount through the projects and felt a sense of accomplishment when I completed a task.
- Enjoyed the office hours for each project and hope those continue for future students.
- Manageable workload with 10 quizzes, 2 exams, and 4 projects.
Cons:
- Book is dry
- Project tasks didn’t seem to align to material in the lectures or book. I suppose this was due to my limited CS background. This was my biggest issue that I had to work through.
- TAs were sometimes unhelpful.
- There was some cheating based on Piazza posts to all students from TAs. This could have been handled much better directly with those involved instead of posts to all students. I felt this lowered the morale of the class and made people nervous for no reason when they were doing things properly.
- Instructors were MIA except for one office hours session.
Note to fellow Policy Track students: This class is incredibly difficult if you have no or limited CS background. I suggest preparing beforehand and get it out of the way as soon as possible. Do well in Projects 1 and 2 and you’ll be fine in the second half of the course. Projects 3 and 4, especially 4, are brutal. Attend office hours, read the book, read the project write-ups, and read Piazza and Slack daily. When you’re struggling, remember why you wanted in this program and fight for it. It is one semester and you’ll get through it. Think positively!
I can’t agree more on this
“Communication with the TAs were “strained” at best most (not all) are arrogant, condescending and take it as a personal affront if you ask them a question. Someone described them as narcissistic, and I’d have to agree. “
If you don’t have previous knowledge about security, I warn you not to choose this one. The class contents are messy and the homework has nothing to do with videos. The exam is terribly organized. I don’t find the TAs to be helpful. “You need to figure it out by yourself” is all what they will reply.
I have taken this class along with CN in my first semester in OMSCS. My background is a BS in Physics and 5 YoE in tech, unrelated to Cybersecurity.
In the beginning, I was reluctant to sign up for the course because of some bad reviews here, especially concerning the demeanor of the TAs. However, since it was hard to find a class to take as an incoming student, I decided to stick with this one despite the cautionary tales.
Overall, my experience was positive. I think most reviews are from disgruntled students and thus have some charge of emotionality, which takes away some of the objectivity in the evaluation. Some other reviews aren’t accurate. These are the pros and cons that I found:
Pros:
- Little handholding culture. Personally, I don’t like classes where students feel entitled to answers to projects and TAs give away too much. This class had the optimal balance.
- Exams are different this semester and a lot easier in my opinion, since they don’t rely purely on rote memorization from the book and about half of the questions are from the projects (the others are, unfortunately, from the book, but out of a reduced set of chapters). If you’ve done the projects and remember the concepts that you used, there’s no need to study them further. I did some preparation for Exam 1, but for Exam 2 I probably studied for about 3 hours total and found it easy. I didn’t watch the lectures and only skimmed through the relevant parts of the book.
- Projects were fun, albeit too easy.
Cons:
- No interaction with the professor. He only held a single OH, which was not recorded, and just answered some ad-hoc questions students that attended the OH had.
- Quizzes only test your ability to CTRL+F through the textbook and are poorly written. No incentive to do some preparation. Overall, they were OK, but since the questions were very short (especially the T/F), the staff could have paid more attention to generalizations and exceptions to rules.
- The second exam had a lot of grammar errors that compromised my understanding of what was being asked, to some degree. I am not a native speaker but even I could spot glaring mistakes. It could have definitely benefitted from some proofreading.
- It’s a good thing that TAs don’t give away the answers to tests or projects, but I don’t think it’s OK to forbid discussions past the due date. Two examples come to mind: after Exam 1, students weren’t allowed to discuss the questions or even see which questions they had gotten right or wrong, unless through a private post. After the projects, no discussion on the solutions was allowed, under the justification that these solutions could be more prone to leak (and probably make the instructors to work on different versions of the projects in the next term).
- Projects were too easy. I finished all the coding parts on all the projects in about 1-4 hours. The writing took a lot longer since I had to make sure to track and cite everything thoroughly. Even if I knew the subject, I would spend time looking for sources just to add in there and avoid problems related to citations.
- Regarding citing, I believe it’s a good thing to enforce but this class takes it a bit too far. I remember having read on Piazza a post where a TA was teaching how to cite a content that was discussed in the office hours or in the lectures. That’s ridiculous.
- The extra credit (project 2.5) was poorly supervised. The TAs in charge of this project didn’t answer many questions on Piazza and some questions in the instructions writeup were poorly formulated. For example, there was a question that literally asked “What is the meaning of the following parameters?”, followed by a JSON containing the parameters. One day, I discovered that what the TAs wanted out of that was “Fill in the blanks below with the values that you used in your solution and explain why did you choose those values”.
To finish, I’d like to publicly acknowledge one TA that I saw who was genuinely trying to help students: Fahim Suhka. There were other TAs, but most of them were only active partially, and this one was active throughout the entire semester.
This is my 3rd MS degree, each degree at a different, also highly rated institution. That being said, this was by far the worst class I have ever had the displeasure of taking. The professors never respond to you if you email, or reach out to them via Piazza inbox. Communication with the TAs were “strained” at best most (not all) are arrogant, condescending and take it as a personal affront if you ask them a question. Someone described them as narcissistic, and I’d have to agree. The only nice TA was the one that did the office hours for project 4 - he was very amiable and not confrontational or arrogant like the other TAs.
The TAs constantly complain about how much work they have to do and that there’s over 800 students they need to take care of… which I find highly unprofessional and bad form to whine to your clientele about your clientele. If there are too many students in the program for GT to offer a modicum of decent customer service then perhaps GT needs to re-review how things are run. Students are being ignored/neglected here. The professors are basically absentee - I’m really wondering what they are getting paid for.
If you need help, you won’t get help that is of any use - at least from a majority of the TAs - definitely none from the professors. Look to your classmates for help - they’re the only ones available to help you, especially if you don’t want to be made to feel like an idiot for daring to ask a question.
The major projects, that account for a majority of your grade - are on NOTHING that you are actually taught. Seriously. You’re completely on your own. They don’t show you how to do anything by way of examples - you have to figure that out on your own too…so you’re basically teaching yourself - literally. The literature and links that they provide are of no help and sometimes broken links.
To offer a comparison - I found Harvard CS program to be a better value to GT. The classes are easier, they know HOW TO TEACH, they actually provide examples from which your understanding can grow, where you actually walk away feeling and knowing that you learned something.
As a side note: I have a classmate that mentioned that they were granted accommodations due to disability - which the professors/TAs ignored. Isn’t this behavior illegal? She said that she wouldn’t be coming back just to pay to teach herself - to which I also have to agree… I don’t think I’ll be coming back either. It’s not worth it.
I didn’t learn anything. This class was a horrifying experience and I’m seriously questioning how GT got such a high rating with absentee professors like this running their classes. I’ve always been a 4.00 CGPA student - even with difficult programs and classes. I’ve taken “brick and mortar” courses as well as online (mostly online), never experience the madness I experienced from this course. I don’t mind hard work, what I mind is crappy classes that don’t teach anything and having to pay a pretty penny for it. It really felt like my tuition was just robbed from me. If this were merchandise, I would immediately ask for a refund.
Interesting class with fun and challenging projects. The amount of time spent on the projects will depend on your experience. For example, one project is breaking into a website. If you work in web development, this will probably take only a few hours. If you don’t have web experience it will take quite some time to tackle. Overall the TA team was great, but there were some mixed messages at times. Lots of us learned the hard way CITE YOUR SOURCES, err on the side of over citing.
Weekly quizzes are not hard, but you need to have the book since the answers are all details that come from the book. Exams are harder but fair.
Since there are only four projects, this class is not difficult to pair with another medium/easy workload class.
I took this as my first course in OMSCS. With no previous CS experience. I found this to be a fun and relatively easy course. Projects feel very real, and you get multiple submission attempts to make sure you pass all the tests. I mean, who doesn’t enjoy finding vulnerabilities on a mock website? Or use math to crack passwords?
The exams are the worst part of the course. I’ve read that the course has gotten better at not making you memorize. For the midterm I skimmed over all the chapters and got a 78 on it. If you care about your grade you’ll probably need to read all the chapters thoroughly… It really seems like I’m taking two different courses, one is the lectures/projects, and the other one is the book/exams. But they never overlap timewise, so I appreciated that. Overall a great course.
UPDATE:
I see some very negative reviews with very high weekly hours… I don’t want to go the “ad hominem” route, but if you went to GT for undergrad or have any engineering degree you’ll probably spend <10h/week in this course.
I’m surprised by the negative reviews. IMO this is a great introduction to security. I took this as my fifth course in the program and wish I had taken it earlier. Covers most of the bases of security, and coming out of the class you will know if you want to move forward with security.
As for the structure, the course has weekly quizzes, two tests, and four projects. The weekly quizzes are open book and easy. People seem to complain about the tests, but if you read and take notes on the textbook you will do fine. I didn’t watch any lectures and had no problem. The projects I found quite interesting. You get to produce a buffer overflow, analyze some malware, break cryptography, and exploit a vulnerable web server. Good diversity and they can be time consuming, so do not save for the last weekend unless you want it to be stressful.
To sum up: it should be taken early in the program if you are interested in security. Projects are interesting and I learned a lot. Wish I had taken the course earlier.
Course which helps you start learning InfoSec - There are 4 projects in the course. Project 1 is all about buffer overflow. Download SEED labs material and practice them before you take this course. Project 2 is all about Malware analysis. Cuckoo sandbox reports. Go to hybrid analysis, and cuckoo sandbox online services and download the reports and analyze them before you take this course. App.any.run has valuable information to complete project 2. Quizzes are easy and 10% of the total grade. Don’t miss the quizzes, I missed 4 of them by not marking on my calendar. Project 3 is all about cryptography, in particular RSA, if you know how to find factors for a given number, it will be easy to complete this project. Try python programs for calculating the private key given the public key or one of the p and q values. Decrypting and encrypting using RSA key in python. Project 4 is websecurity, go to portswigger.net and acunetix site and complete the free labs. This will help you complete the project 4 with ease, Project 4 is the hardest one if you don’t know JavaScript and PHP. Portswigger.net and other learning resources can help you in this project. Exams are 30% of the total grade, study guides will help you concentrate on the topics. The VM for the projects is around 24 gb, don’t wait till the deadline to start the project 2. Downloading the VM is in itself a big task than doing the projects. Overall, this course is a real introduction to information security, no complaints.
Overall
This is my 7th course in the program. Good course that I enjoyed. The negative reviews I think could be that usually this class is taken first in the program and people don’t know what to expect with OMSCS, which I understand. However, this is also a good “Welcome to OMSCS” course. GaTech is a top CS institution so don’t think that because this course is “introductory” or online that it will be treated like a “everyone gets a trophy” class. I do not know of any classes that the TA’s are personal tutors. The TA’s were helpful I thought. The nature of the homework is such that if a TA gave too much of a hint, they would solve the problem for you. This can be frustrating I’m sure, but also with some time researching it is not overly difficult to solve. The course is challenging but most, if not all, of the topics covered are easily researched online and you have a very generous amount of time to figure the projects out. The slack channel is unofficial and not guaranteed to be monitored by TA’s but is the way I used for help/to help. Have a sense of humor and thick skin and this will make the semester a lot more fun. Colonel Kernel and Joe were a lot of fun on Slack. Fahim is great as well but I think he is more Piazza. A few resident moral boosters, mixed with sweetened condensed milk, were also a lot of fun. Use Piazza and do not use Slack if you like formal, straight shooting interaction.
Projects:
There were 4 projects, with the first two substantially easier than the last two. Do not be fooled.
- Buffer Overflow. You need to know C but nothing too in depth.
- Malware Analysis. Take time to get familiar with Cuckoo and this will make the project a lot easier.
- Cryptography. This one was the hardest for me because I didn’t have a strong math background. Python is important to know but so is the math. Read the book before starting this project.
- Web Security. This was my favorite. Don’t be scared of the PHP.
Exams:
I haven’t taken the final yet, but the midterm wasn’t overly difficult or unfair. They redid the midterm this semester I believe, so it was not a “memorize the book” kind of exam like previous semester reviews state. I didn’t do the greatest on it but had a terrible study strategy (Went for the memorize option). Don’t get too in the weeds studying and make sure you understand the topics they give in the study guide and revisit the projects.
Course Content
I thought the video’s were relevant but high level, which isn’t that what lectures are supposed to be? The book I started by reading it but found doing the questions at the end of each chapter made me retain/understand the topics better. I would read more if I felt the questions didn’t give me enough depth.
Tl;dr
Great course for security. Slack is lots of fun. Don’t be a stooge. Projects are challenging but plenty of time to figure out.
Seems like the people who did well have.a strong background in the course already. Either they have worked in the field or have mastered the prerequisites.
It’s kind of interesting that such prerequisites are required considering it is an introductory course.
As most of the negative reviews state, the TAs are not as helpful as one may hope. A lot of students and TAs included are afraid of the academic honesty policy that is put in place and do not want to offer up too much information in fear of being written up. These TAs are super strict. Which population has a large mirror they can freely move around and place behind them for a test?
Lectures are mostly useless because it is a very high level overview of the book. Doesn’t cover much but does have that one sentence that may be in a quiz that you can’t find in the book. Also, you can find the lectures on Udemy. The professor is actually nowhere to be found as well. I guess they are more of volunteers and are ok with the dated lectures.
Projects are primarily done through your own research. The book doesn’t describe much besides the theoretical aspect of each topic. There is a lot of contradicting information online so beware. TAs don’t help you differentiate the correct info because it will give away answers.
Maybe I just took this course at a bad time..
The projects are very useful. The lectures are too long and boring. And there are too many concepts, which will all be covered in exams.
Watch out for plagiarism checks in this class on project 4. You must watch out for random letters and numbers, and remove that line of code. Believe me, it may look useful since the instructor put the random “secret value” letters and numbers in the website, but it’s not needed. Mr. Lee’s English is very hard to understand. His lectures are awful. Project 4 is extremely hard. The rest of the class is easy. All you’ll learn is how to bypass paywalls on news websites by using the web browser inspector tools. Be prepared and heed my warnings. Take plagiarism seriously and review your own code-every single line before you go searching on the internet for help. The biggest lesson this class taught me was to take plagiarism very seriously and find the actual dictionary type sources, not just the code. Be wary, the documentation for javascript webdevelopment is non-existant. Javascript web development is completely alien to normal programming. The worst documentation I’ve every had to deal with. All they give you is a big fat text book, as if anyone has time for that AND answering the hard questions. You can read the whole text book and it won’t help either. A lot of teachers and students do not take plagiarism seriously. Now would be the time if you’re taking this course. Take that seriously.
Horrible. Horrible. Horrible. I would expect to learn something from taking a class, but you’re totally on your own for this one. It doesn’t makes sense to pay for a class when you aren’t taught anything from it. Don’t waste your money and take a different class if you can.
I really liked this course and could be an easy foundational course to start off. Be prepared to switch between a few programming languages viz. C and Python.
The only thing I didn’t like was the video lectures at the later part of the course. I felt they were rushed and could have benefited from slightly better articulation. The monotone occasionally made me loose interest.
Although the course required a lot of time in order to be successful, I found the coursework to be really exciting. The grading can be a little tough, but overall the TAs were helpful. Expect to be challenged. The projects did require knowledge of C and Python, and one of the projects required lots of research into math-related problem solving. so please be aware of that before taking the course.
Do yourself a favor and do not take this class. It sucks, there is no help whatsoever from TAs, when I was stuck on project 1 and asked a TA for help his answer was basically yeah it’s hard but you are on your own… Really? If that’s what I have to do why do I have to be paying? For the title? I am in the program because I want to learn and I’d like to receive help I won’t be able to learn everything by myself if that were the case I’d just use youtube and the internet no? I am so dissapointed. Again, read the first sentence please.
The head TA somehow became the instructor of this course as the registered instructor is gone in the wind. I really hate these type of no shit given instructorless course. And that TA is the most narcissistic instructors in the whole OMSCS course. Most of the useless replies seem like they are targeting you out of spite and you have somehow hurt their ego. The projects are the worst with no clear direction of grading. There are many problems which are highly subjective but you have to guess the only right answer. And don’t bother watching the lectures as they are actually old and irrelevant.
I was a little hesitated to take this course due to some previous reviews. However, after taking this course, I think it is very worthy. The projects are very interesting and rewarding. Especially, project 3 and project 4 are awesome. Project 1 had a lot of writing, which may be a little boring for some people. However, the difficulty of all projects are acceptable and not extremely difficult. I had no prior CS background with very little programming experience. I watched python programming in coursera prior to this course and had no java script or HTML experience. And I feel it is hard but not extremely hard to deal with project 3 and project 4. You may need to do some research online and learn the necessary skill on the flyer. But if you can spend some time, it is very doable without any prior experience or knowledge. The exams are closed book and may require some memory. However, since all the questions are either true/false or multiple choice, the requirement for memory is not that bad. The scores given are very general. For this summer, they give some generous extra points for extra assignment which makes it fairly easy to get an A.
The project are awesome, the exams are okay and the lectures and Text Book are boring. In order to maintain a good grade, need to perform well in all projects and exams.
I was a bit hesitant to take this course since the reviews are largely mixed, but I am glad that I did. The course was well paced, even for a summer course, and never felt overwhelming. However, I think the determining factor in how you perceive the course is dependent on your background. If you have a CS degree and have been working in the field, you’ll most likely be fine, but I can see how people without that background would struggle. I don’t have an undergrad CS degree, but have been working in the field for about 5 years and found the projects to be manageable. Taking GIOS before this class helped with the first project, but even if I hadn’t, the concepts are easily learned through some research.
The projects are pretty different from one another in the fact that they use some very different technologies, but I would say the depth of knowledge needed for each one is pretty shallow. Project 1 used C, but the real exercise was learning to use gdb to examine the program stack and registers. Project 4 was focused on web security, so you deal with web technologies like JavaScript and HTML. In order to be successful in the class, you’re going to need to be willing to do research on the various technologies you need to use. The TAs provide some resources, but be prepared to look for things yourself.
The time it takes to complete a project is largely determined by your experience with that technology, but I think most were in the 10-15 hour range per project for me. Project 3 probably took the longest since it was focused on mathematical concepts, but it was also the most fun.
I found the TAs to be pretty helpful throughout the semester, and I think they get a lot of undeserved criticism. They drop hints, but don’t expect them to spoon feed you the answers.
Overall, the projects were fun and I learned a lot, so I recommend the class.
The projects are awesome. They cover a wide range of topics from C to cracking RSA (my favorite) to HTML and are like solving a puzzle. A lot of people were complaining about not being spooned fed the answer or instructions… obviously have never worked in a software engineering role lol.
The exams are what keeps this class from being great. They are random verbatim snippets from the textbook. What?? I’m paying for this and I thought this was Georgia Tech. IMO they should just get rid of them and have another project or something. Incredibly obnoxious to study for.
This class is an absolute dumpster fire. The course materials and TAs don’t provide the resources needed to learn and succeed in completing the projects. The instructors were entirely absent. I’ve never been more frustrated by a class. It needs to be blown up and completely redesigned.
This class is intense for non-programmers. Unfortunately it’s a prerequisite course so it’s mandatory. The first 2 projects are the easiest and you can easily get an A on each. The last 2 projects are the toughest so good luck! Each project is 15% of the final grade, quizzes are only 10% and the exams are 30%.
This is the last class I took as part of OMSCS and by far the worst. The quizzes and tests are taken straight from the book and mostly include questions that the lectures make no mention of. These questions sometimes include topics only from the latest edition of the book too, so you are forced to shell out whatever the cost of a textbook is. There is a ton of content in the lectures, but it is a waste of time to watch them and takes notes on them as they only vaguely help you with some project content.
The only time I ever required assistance from TAs was for the first project and they were completely useless. In retrospect, there were a number of hints they could have provided that helped me but did not give away the answer but they did not.
Grading is the worst of any class I have ever taken. Despite most parts of assignments being autogradeable, grades take weeks to get released. There is always a period of regrading where you grade is subject to change while other students point out all of the inconsistencies in how assignments are graded/argue correctly that the opinionated TA’s answer is wrong. The quizzes, despite being just multiple choice Canvas quizzes, are also littered with errors and inconsistencies.
I have never been so frustrated with a course from the OMSCS program. While I learned some basic concepts about security, it was not worth it. Pick any other class. I have never reviewed a class before so please take this as a warning of how awful this class is.
This course was a good summer class. The workload is light if you stay on top of it. I read all the textbook chapters (dry and uninteresting) and watched all the lectures (a broad overview of the related textbook chapter). You can probably make it through the class without watching any of the lectures. The quizzes are true/false or multiple choice and derived from exact sentences from the textbook. I probably spent 10-15 minutes on each quiz. The exams are more difficult because it’s closed book and covers a lot of disjoint material. I spent 1-2 hours each weekday reading/watching the material.
The projects require minimal googling and you don’t need to know too much about C, Python, HTML, or Javascript. They were enjoyable! Most of the takeaways from the class came from the projects. I think the most code I wrote was Project 3 in Python but that was under 100 lines. The writeups are frustrating and the TAs require very specific answers and buzz words.
I found the TA’s comments helpful. I never needed to post on Piazza but was able to glean hints from other student’s questions. Start the projects early so you know what the ask is. As other students start and face roadblocks, you can revise your answers and learn the key google terms.
If you need to take a summer class for the credits, this one was exceptionally manageable (while working a full time job and planning a wedding). Otherwise, don’t waste your time. The class was light and easy but I did not enjoy the content nor how it was presented.
This course introduces how stack overflow, malware, fishing work to endanger the security of account. As a non-CS background student, I feel these knowledge is impressive and interesting. Projects mostly requires python programming, some php. There are open book quizzes, which contains some tricky questions. Mid-term and final are not too difficult if you carefully revise all the ppt.
Overall: I’m happy I took this course because of what I learned from the book and the projects. The class is badly run, though. And I did not like the way I saw my fellow classmates treated.
Good things:
- I learned a lot despite being a security conscious developer
- I was forced to learn things that did not interest me and it was amazing
- I was made my study on my own and adhere to a strict set of rules
- There was at least one TA that helped everyone he saw: Fahim Sunka
- The classmates were really nice
Bad things:
- I never once saw the professor anywhere. The TAs ran this course, and ran it badly
- The videos were mostly subsets of the book, and at a certain point I stopped watching them because the exam was just testing your memorization of the textbook
- There were often typos in the quizzes, and at one point there was an obvious typo but instead of handling it like adults, the TAs let the class debate about it ad nauseam.
- When something negative was said on Piazza, the TAs ignored it
- If you played the teacher’s pet, you would get additional help from the TAs. So that is what I did.
- A lot of time, you didn’t pay attention on Slack, the TAs would drop hints and delete them
- If students asked questions like when the grades would come out, the TAs would take this as an opportunity to poke fun at them.
Projects:
- This will take a lot of time if you haven’t worked with C
- This is easy and frankly weird that it is a project, or that I have to use Virtual Box.
- This is a lot of fun
- This is the most fun.
I don’t like the fact that all these projects use Virtual Box. Students could run these projects much faster and easily with Docker but it’s likely that the TA that created these is no longer working on the course, or not interested in recreating them.
Completely no quality control. Lecture is really boring and book is painful to read. You rely 100 percent on yourself and google. TA’s comments for deduction in project are somtimes ridiculous wrong. (my answer was eaxactly the same as TA comments but he just took all the points! I have to regrade and argue for my harworking scores) It is just a waster of money, time, and effort.
Absolutely horrible. I’m shocked this is a Georgia Tech class…would have thought there would be some sort of content and quality control performed before putting this out. It’s outdated, the delivery is bad, projects are painful, and TAs are not helpful. Seems like maybe it was better in previous semesters which is disappointing. Sad that I took this class when I didn’t have to.
I came into this class excited and feeling optimistic, but I honestly felt let down by how out-of-date the labs were.
The heavy use of virtual boxes inside of virtual boxes felt like it was giving my computer cancer and would frequently take 1-2 hours just to set up the environment. Suggestions to improve the environment went without response from the faculty, so I have no reason to believe it will get better.
Then, the environment that would be set up would typically contain project files that hadn’t been touched or updated since 2014-2016 and frequently rely deprecated versions of software or languages (i.e. Python 2 or Chrome 66 vs 80)
I got an A, but I don’t feel like I learned a great deal of useful information for the present day.
Dry and boring lectures. This class is completely lifeless. Assignments are the only cool thing about the course. It is easy, however the exams can have gotchas that can be frustrating. I ended up with an A.
This class was honestly a letdown. I really disliked the recorded lectures and the textbook was so painful to read. The projects were okay but it was impossible to get help from TAs. Was really excited to take this class but it ended up not meeting expectations.
This was my first course and I think it was a good way to dip my toes in the water. Relatively easy, but important, foundational, and sometimes interesting information.
Pro: -100% participation is not required if you have an IT or Security background. I skipped the lecture videos and was able to get by skimming the lecture notes and book. You will want to save as much time for the projects as you can. Piazza was sufficient to communicate with the TAs. Slack and BlueJeans are optional. -All projects allow for you to request a regrade. You will need to use this.
Con: -There are ~900 students in this class. It’s run by a team of TAs and the instructors are barely involved. -The exams are “proctored”. This means that you are required to install invasive spyware on a PC to take the exams. -Exams and quizzes do not evaluate your understanding of concepts. Instead, questions appear to be arbitrary lines copy/pasted from the text with a few words changed to test your memorization. -These mangled statements used to create the exams and quizzes result in a lot of errors that have to corrected after the fact by the TAs when the students complain. -Project instructions are not clear and contain errors. You will have to get clarification from the TAs and/or wait for updated instructions to be released. -Project grades take forever to be returned. -Project grading is sloppy and very opinionated. If a rubric is given, it is very vague. TAs will deduct points for items not required by the instructions or will skip parts of your answer and deduct points for missing the items they skipped over. Expect to submit a Regrade Request for every project you submit. -The prerequisites state “CS6035 assumes classical computer science (CS) background, preferably from an accredited undergraduate CS program.” The lecture videos will refer to concepts that you should have learned in your CS undergrad. However, this is a required class for several graduate majors outside of the OMCS program (like me). This places those students at a considerable disadvantage. If you do not have the intuition to understand new programming languages and write functional code from a few hours of research, you will have a hard time. The time commitment would have been a lot shorter if I didn’t have to teach myself new programming languages before the projects (C, x86 Assembly, Python, Javascript, PHP).
In general, the subject matter of this class should make it an easy class as the “Intro” title implies. However, the quality of delivery is so poor that most of the time commitment and “rigor” is spent trying work around the Cons listed above. I had to fight for every grade, but was able to pass with an A.
CS courses like ML and RL required much more abstract understanding and application of concepts, whereas this course was much more straight forward memorization (from the book and lectures).
The staff was great (especially in the time of COVID-19) by being responsive and flexible with timelines (pushing most deadlines back a week).
Overall, I enjoyed this class. While the lectures and readings weren’t my favorite, they were generally clear. There were clear sections to each of the modules, and the study guides online made studying for the quizzes and exams really easy. I really enjoyed the projects though. Each one provided some concrete examples of different pieces of information security. Generally, they were well thought out and the TAs would answer questions as best as they could without giving away answers.
As far as negatives go, there were only a couple. The lectures and projects are only tangentially related to one another. Both cover topics in information security, but it would be nice to have a few lectures that went over the topics covered in the projects. I understand that the point of the projects is to research on your own, but I believe it would be valuable to cover some of the general concepts in advance of the project. Also, there were a couple of times that the instructions were unclear, but the TAs were really good about providing clarification along the way.
The class wasn’t easy by any stretch, but it was rewarding.
This course provides a good overview on the information security. You can read all of the information in the text book. But the lectures highlight all importance and current trends of security that you need to know. The best of all were the projects which provides the useful and practical knowledge on information security.
The projects did consume some of my time (but not as much as the AI class). You need to be serious and thoroughly do the projects to gain the good practical knowledge since they worth 60% of the final grade. All quizzes were open book and worth 10%. But the two exams were close book and worth 15% each. I believe that instructor/TA would provide bonus projects (5% for this semester) if the class average is low. I did not spend much time to study for quizzes and exams. Most of my time was on watching lectures to get a general overview on the topics and work on projects (a lot of Google search). Also recommend to utilize the web page, omscs-notes.com, to make it simple to study for exams.
I might have few disagreement with the way of project descriptions and grading. I can say that some project descriptions were not lined up well with the mind set of the learners since the descriptions were written by the experts who knew the subject inside out. Most of the time, I had to rely on the discussion of the piazza to find a correct way to answer the project questions. I do agree most of point deductions on my projects make a lot of sense in practice, but the project description do not reflect well that emphasis. It was lucky for me that those deductions was trivial, but I sympathized to other students who consciously worry about their grade. Improvement on wording of quizzes, exams, and project description along with clear and consistent rubric for grading is needed to make this course more pleasant.
Overall, this course provides useful and practical knowledge on information security that we need to know when working in the computer field.
Seems to be a consensus among the reviews here…problem TAs, absent instructors, bad coursework, problems with projects…was a constant headache. Take a different class if you can.
Avoid this course. Incoherent curriculum development and disrespectful behavior. Grievance reconciliation process is immature and subjective.
I’d recommend avoiding this class. Textbook is boring and lectures are just bad, and you’re entirely on your own for projects. The class doesn’t teach you anything to help with projects. TAs are either willing to help (very few of them) or entirely unhelpful with questions. Was not worth the frustration and I didn’t learn much.
This class was fun. A fair amount of work if you want to get the most of it and do all the readings. The first project can be a little tough if you do not have a great grasp of C and how the stack and heap work. There was a lot of drama with the students and TAs during my semester, but I liked the course and the projects were fun. It was fun to take the role of hacker in the projects.
The projects and exams contain lots of errors. Obviously, NO TAs checked them before making them public. Zero quality control. TAs don’t understand what students are actually seeing in this particular semester. Therefore, they can’t answer the students’ questions properly.
TA Chris Taylor is professional enough on Piazza. However, his alter ego “The Kernel” on Slack has a different personality who treats students a bunch of whiners. The office-hour channel is full of non-stop irrelevant chatting between The Kernel and his entourages with emojis and memes. This is where TAs mock students with laugh-cry emojis.
The projects are not clearly instructed and worded. Students have to ask questions on Piazza and Slack repeatedly for clearer definitions and have to spend lots of their important hours to solve riddles rather than learning new stuff. TAs blame students for this, when there are issues on their quality control and unnecessary obscured course materials.
Unfortunately, this course is a “Let’s-find-hints-that-TAs-drop-time-to-time-on-Piazza-and-Slack” course, not a proper CS course.
The level of difficulty a student will have in this class is heavily influenced by your professional experience. If you are an experienced software engineer then you will not struggle as much with the programming aspects of this class but if you are not then you could have problems. That said this was a very enjoyable course and I learned a lot. This is what grad school should be. The TA’s were great so when you see people complaining about them just know that their complaints are HIGHLY subjective. The TA’s were very fair and their goal was for students to do well by actually putting in the work. The slack channel was great and served as a great platform to learn and to interact with your fellow students. Do not take this class thinking that it is an easy A or that you won’t have to do much. Overall it’s a great course. I would definitely recommend it. Also, the hate for the head T.A. is ridiculous. I can see certain types of people not being a fan of his but he’s really a good guy and is one of the better T.A’s I’ve had. He is very accessible and was on slack all the time helping students. People can have their own opinions but remember that they are just opinions and not facts.
Never interacted with a professor. Wasn’t an issue because there was always a TA available in Slack. Slack, Slack, Slack! TAs are wonderful and patient in my experience. Enjoyed all of their help and comments greatly, especially “The Kernel,” Fahim Sunka and Csims. I found the head TA Chris Taylor just fine to get along with. People complain about him being unprofessional and etc., but really, I appreciate direct conversations. Never found him or any of the other TAs offensive or unprofessional.
Unless you think posting memes is offensive and unprofessional – in which case, you must be a Karen and are likely pupset 24/7.
I wouldn’t recommend this course to someone in a manager/director/upper-level position who hasn’t coded in a while (because the projects require programming and make up a large portion of the grade).
I would strongly recommend it to someone who is in the trenches at work and loves fixing things and figuring out stuff on their own. The projects were super fun to work through and I learned a lot from them.
An example of whether or not this is the class for you… there was one point where I was stuck on something in a project and I pinged a TA. I told them what I had done, what I think should be done and where I think it all needs to go from there once I figure it out. The TA didn’t give me any hints or answers, but simply said, “Sounds like you’re on a good path.” And that was it – that’s all I needed. If you are someone who would need more to go on (like if you needed to be told which direction to go vs. getting validation you were on it), then don’t take this class. The projects will wreck you.
As for hours per week, the first project took a good 30-40hrs to get it done well and get it done correctly. Be prepared and ready to lose some evenings and a couple weekends to Project 1. After that, I had a relatively easier time in the course and spent more like 6-10hrs max per project. Based on this, I’m averaging it out to 8hrs a week. Should also note that I have no CS-background but 10+ years experience in software engineering and development. I found the class overall to be easy for my skill set.
DO NOT TAKE THIS COURSE IF YOU WANT TO LEARN. Take CS6238 instead. The material during the first half is identical - the second half of the course does diverge a bit, but if you are looking for general security background CS6238 will serve you well.
Exams and quiz content is terrible - the method appears to be “Find a sentence from the textbook and change a few words around” so you end up with a lot of questions which aren’t really testing on content. (They end up test things like acronyms, memorizing the headers in the text appeared). There were many errors on many of the quizzes and final exam. The TAs gave some points back on some but not all of the errors.
Projects were not very useful and graded extremely poorly. There is no rubric so you really don’t know what to include in the write up and can end up with a poor grade due to that.
The TAs are extremely unprofessional on slack but do seem to want to help.
Let me preface my review for those who are attacking the legitimacy of others who are identifying actual issues this class has by saying that I am happy with the grade I received, I was actively engaged on Slack and Piazza, and I started every project within two days of its release. I have been through nearly 20 years of education and am a cybersecurity director with a laundry list of certifications. This class is by far the worst attempt at education I have ever experienced.
Roughly half of all recent reviews of this course are negative in nature because there are legitimate problems. The class does not teach you anything to help complete the projects which make up a majority of your grade and pairs that with a prevalent culture of TAs that assume students aren’t genuinely trying and therefore resist providing any form of meaningful assistance to them. The biggest flaw is that student learning is not central to how this class was designed and is currently run.
Breakdown of the class:
• Quizzes: 10% of the grade. These were open-book and easy to complete if you know how to use Ctrl+F. There were a handful of grading errors, although TAs would issue points back for them. The quizzes were generally unremarkable.
• Tests: 30% of the grade. Two exams; the second was non-cumulative. I found the tests to be pretty fair and easy, but they had enough trickery that the first exam average was only 79%, and the second was only 75%.
• Projects: 60% of the grade. The projects are what made this class incredibly disappointing. I walked away from the class frustrated because of the lack of instruction surrounding concepts that were necessary to complete the projects, the superfluous trickery that was inserted into projects, and most TAs being entirely unhelpful in assisting students in making any progress on the assignments. Occasionally you could find a reasonable TA that passed on resources in DMs and basically said “don’t tell anyone I gave you this link” acting like they were committing a capital offense or something. I appreciate the minority of TAs that did try to help students and seem to be acting against the broader TA culture. However, the general TA response to students asking questions was to not provide assistance and say something along the lines of “this is a graduate program, we aren’t going to hold your hand.” Apparently providing any level of instruction is considered “hand holding” in this class. My argument against this prevalent “graduate program” attitude is that I already hold a master’s degree from a program ranked #1 in its field and the instructors there recognized that students were paying hard-earned money to receive instruction and gain skills and knowledge they previously didn’t have. Instead, this class felt like paying $1200 to Georgia Tech for the grand opportunity to endlessly Google things that weren’t even tangentially related to the provided course content in order to complete the projects.
• Project 1: Stack overflow exploits. This used gdb and examination of C programming to create a buffer overflow. However, the instructors had to put a “trick” into the buffer overflow exploit to prevent it from working unless you could figure out the cryptic meaning behind “having the wrong address” in the exploit. While I was ultimately able to figure this out and received 100% on my code, I found this “trick” to be incredibly unfair, a total waste of several hours of my life, and in no way did it advance my understanding of buffer overflows or the stack. This seems to be an arbitrary barrier that was placed into the project to “prevent cheating,” also known as doing research on Google about performing buffer overflows since you would in no way be able to perform one based on the course instruction provided.
• Project 2: Malware analysis. This involved a course-provided VM and examination of malware using Cuckoo Sandbox. I found this to be an easy assignment; however, there didn’t seem to be any learning outcomes from the project. If you don’t have a background in malware analysis, you likely didn’t understand what you were looking for or why the pieces of information you were being asked to look for were significant, as again, no relevant instruction about what you were doing was provided in the course content.
• Project 3: Cryptography. This project was insufferable and yet another instance of lack of relevant instruction related to the project. You were entirely on your own for figuring out which algorithms to use and understanding the complex math behind the algorithms for explanations in your write-ups. You couldn’t even mention a specific algorithm in Slack or Canvas, because, “cheating.” I was able to figure out all the coding, but it took 40+ hours for this project. Again, Google is your instructor because the course fails to provide information that will help you complete the assignment. I got 100% on the coding but walked away incredibly frustrated and disappointed that I and other students were left hung out to dry for the project.
• Project 4: Web exploits. This project has you code in HTML and JavaScript to exploit a highly vulnerable webpage. Any “help” provided by the TAs was effectively “why don’t you Google ‘JavaScript.’” Real helpful. Again, you’re on your own to figure everything out because the TAs won’t assist in the learning process and students aren’t provided with adequate resources to accomplish the project objectives. If a student can’t identify why something isn’t working on their own and reaches out to a TA, the response is effectively “too bad, we were on our own to figure this out when we took this class.” One TA’s actual words in the Slack channel: “when people message me they spent x hours, and then I remember I spent 10 days on Task 2 alone hoping for magical help but of course it was all up to me.” TAs having received a poor educational experience in this class in prior semesters does not justify providing poor educational experiences to current students. Instead, it should motivate TAs and instructors to improve upon the educational experience. I simply don’t understand the cultural resistance to helping students, or more fundamentally, not teaching anything that is relevant to the projects. Students are here to learn, we’ve paid good money to learn, the vast majority of us are putting in the effort to learn, and when we hit a wall and spend hours or days spinning our wheels because we haven’t been provided with adequate resources to complete the projects, the TAs refuse to assist in the learning process. And if a student never figures out some component of the project they were supposed to magically “learn” entirely on their own? You’ll never know what you were missing and consequently never learn what you were “supposed to” because project solutions aren’t provided due to irrational paranoia about cheating in next semesters. This is simply a poor attempt at education without student learning being the ultimate objective.
• Extra Credit (5%) : Malware Analysis Machine Learning. This was yet another black hole project with no relevant instruction or resources. It involved using a machine learning tool to classify malware samples by modifying a machine learning configuration file. I spent at least six hours on this project and got nowhere. I decided the frustration wasn’t worth it—it was yet another project with no helpful instruction and probably wouldn’t result in productive learning outcomes, just like the other projects.
Other problems:
TA grading was sloppy, at best. I had to request regrades on multiple projects due to grading errors made by the TAs, each of which impacted my grade for the assignments by an entire letter. Grades also took forever to get back, often 3+ weeks, because “cheating.” Even for things that were auto graded, it took weeks to get assignments back. It’s hard to know where you stand in the class when its feedback mechanism of grades is so delayed.
The head TA Chris Taylor is an embarrassment. He was incredibly unprofessional on Slack, often replying to legitimate questions in a condescending fashion and openly complaining about students. I get that with a class size so big there are going to be problem students. I was a graduate assistant in my previous master’s program and have dealt with my fair share of them. However, airing dirty laundry on the public Slack channel is unnecessary and just unprofessional. Chris’s superiority complex and unhelpful attitude towards students seems to have created a negative culture among the other TAs, with those who are willing to provide meaningful help to students being in the minority.
I am truly disappointed in this course. My entire motivation in starting a master’s program and paying out of pocket for it is to gain new skills that I previously did not have. Unfortunately, this class is clearly not centered around student learning. It does not provide students with new skills or teach you anything. Instead, you are on our own spending endless hours on Google trying to fish for the right piece of obscure information you need to figure things out for yourself. I am questioning why I paid $1200 to take this course because the actual information and skillset I gained was self-taught from resources found on Google, not from Georgia Tech. Had I wanted to teach myself these concepts, I would not have signed up and paid for an allegedly structured master’s program. I will also never know what I was “supposed to” learn on parts of the projects I got wrong or was not able to complete because of the ridiculous paranoia this class has with cheating. Thanks for not teaching concepts for the projects, and then not allowing us to learn how the projects are successfully completed when we can’t figure them out due to lack of provided resources. It’s a disservice to students that this class was clearly not designed with student learning in mind, which is usually the entire point of a university-level course. Again, I’d like to point to my previous master’s degree as an example of how quality educational experiences work: students pay tuition in exchange for instruction in order to gain new skills and abilities they previously did not have. That is simply not the case with this class, and I am disappointed in the instructors, TAs, and the institution of Georgia Tech for failing to provide positive educational outcomes to students who have taken this course.
Overall a good introductory course to infosec.
Lectures: The first set were good, the second set were very dry and boring. I eventually stopped watching them and just read the book.
Quizzes: There are weekly quizzes on the lecture/reading material that are open book/note. They can be done without watching the lectures/readings and just searching the textbook (as I did on more than one occasion) but if you have done them, the quizzes can take less than 5 minutes each.
Projects: The projects throughout this course were very useful and provided a good lesson on why we program certain ways and what we should be thinking about to prevent attacks.
Project 1 was about stack overflow attacks. The project itself was very easy if you have some understanding of C and how a stack/heap structure looks like in a program context. From Piazza, it seemed like there were two groups of people - one group finished the project in an afternoon, the other took weeks.
Project 2 was running and analyzing malware in a sandbox environment, probably the least interesting and most tedious project of the course.
Project 3 was around cryptography and RSA encryption attacks. This project took some time as I had to learn math that I have never been exposed to before.
Project 4 was difficult and I wasn’t able to finish in time (due to reasons unrelated to the course). It is mostly focused on html/javascript attacks on unsecured websites.
Exams: Difficult and somewhat annoying. The first exam was much better than the second. They are more or less the quizzes but no open note/book so you need to memorize a lot of random facts. I got an A on the first with minimal studying but the second exam asked a lot more specific questions so my guess is my grade is a lot lower than the first.
There seems to be a lot of hate for this class that is unwarranted in my opinion. The material is broad and encompasses a lot of different topics so naturally there is a lot to learn and most of it can be done by simply reading the textbook. The TA’s do their best but most of the time, people ask the same question over and over which often was put directly in the instructions or the sticky posts. Example: the number of times people have asked about when final grades and if there will be a curve this week is probably in the dozens, despite there having been explicit posts from the TA’s throughout the entire semester stating the same thing every time. I’ve never seen this level of complaining/repeat questions in any of the 6 other classes I’ve taken and I really don’t understand why it happens so often here.
So there’s a lot of hate going toward the Head TA, but I feel like it’s unwarranted. All you had to do to get help from any of the TAs was talk to them like human beings not answer machines. I spoke with at least 5 TAs during the projects and got plenty of hints.
I agree with a below post that a lot of hints should have just been included in the project, because there was no hope sometimes of getting the answer without the hints. However, I don’t think that treating the TAs like a hint button is the right answer. I always explained where I was on the project, what I was struggling to understand, and they would help.
The lectures were pretty dull, I didn’t even watch most of them at a certain point I just went to the slides/notes page and read through it rather than suffer through the monotone.
The quizzes were copypasta from the lectures and book.
The 2 exams were difficult but not crazy.
The projects like I said above, were hard especially without hints. My only gripe in fact with the entire class is that the fact that the projects were disconnected from the material. There was no natural buildup in the lectures where you learn about something, maybe try it out a bit, then have a project where you do it with one or two extra steps or twists.
Solid first course for me overall, I took it alongside CS6262 while having a full time job, and did well in both. Workload was manageable.
Pros: The TA’s were outstanding, the instructor content and contribution was good. The class was flexible due to the TA/instructor engagement during a challenging environment. I ended up learning a ton of useful information that I have used at my current job.
Cons: Probably more due to my background - The start of projects was very difficult for me and led to the high amount of hours listed. I really just struggled in understanding some basic system concepts while jumping into some of the different programming languages covered. They had warm up questions on project 4 that alleviated this immensely and I hope they use and extend that idea elsewhere in the course.
General comment I have a limited programming background and struggled immensely in this course. I put in the equivalent hours needed to pass the CFA level 1 & 2 and did not get a high grade (and am very worried about what this means for student course grade requirements as a new student). I think the most helpful feedback I can say is students should start the projects as soon as they are released despite their work and personal life situation if possible.
Pros
The course covers reasonable amount of material for tests. The lectures are decent. The assignments are well balanced.
Cons
The instructor is MIA. Disappointing in of itself but it’s even a bigger deal since the head TA is full of himself. Struggling with project? You’ll have to ask him for hints “privately”. Even though the assignments are not hard, they turn out to be so because of critical information being left out. So instead of making these “hints” which are basically pieces of information that were left out available to the public, we have to put up with his useless banter on slack to pry them out of him. Seriously TA dude, get a life.
If you’re in the policy track and have limited programming experience, good luck. You’ll need it as you’re hopping over the fence into the computer science world for a brief period of time. The guidance about starting projects as early as possible is completely accurate and is my best piece of advice to students taking this class. If you start them too late, you’re going to have a very bad time.
The TAs are firm, but fair. They need to be given the class size is in the hundreds and Piazza quickly gets inundated with duplicate questions, simple questions without individuals doing basic research, and even back and forth bickering between students. If you show a legitimate effort, however, they are more than willing to assist.
I’m giving this course a “meh”. Background - I’m in the infosec path of OMSCyber. No strong programming background, but I do a bit of scripting here and there.
The instruction in this course is basically 0, and you are required to learn everything from google/stackoverflow etc.. I’m not a fan of the micro-lecture format and I took very little out of the lectures. The book is dry and tough to read, but there is some good, in-depth content.
The professors are non-existent and the course is run entirely by TAs. TAs could be fairly standoffish and I didn’t feel like I ever received useful feedback. To be fair, there are 700 students in the class and people keep posting the same questions without looking if it had been asked before. Regardless, if I’m paying for education, I should be able to get input from the instructors.
Quizzes: As others have said, basically ctrl+f the lecture slides/book or use google. The questions feel like trivia and I really questioned the accuracy of some of the answers.
Exams: Basically, the same format as the quizzes but closed book. In the final, there were 3 questions that were incorrect so the whole class was given credit. I’m fine with the credit boost, but the tests are only 34 questions, and this is a grad program. When roughly 10% of the exam is broken, it makes you feel like the TAs and professors don’t care about quality control.
Projects: Overall pretty good. The course content doesn’t prepare you for any of it so be prepared to self-teach yourself through 60% of your grade. Whenever someone had a somewhat basic question, the TAs would reply “This is a graduate program, you should know this already” or “Google it”. I get that it is a graduate program, but everyone has different backgrounds. In project 4 I’d been working on a problem for like 10 hours and made little headway. I was frustrated with the google response.
Project 1: Buffer overflow. I really liked this project but was having a hard time adjusting my life back to schooling mode, so I think that I could have received a better grade if I hadn’t been out of school for a few years.
Project 2: Malware Analysis. Ok project. Super easy, didn’t learn much.
Project 2.5: (extra credit) - I learned a lot and really enjoyed it. Basically, making your own AV malware classification using ML.
Project 3: Cryptography. Kicked my ass. I probably dropped a whole grade letter because of this. I was struggling to implement some of the math algorithms in python.
Project 4: Web Security. I loved this and learned a ton. They give you a vulnerable web page and you try to exploit various XSS/sqli.
I’m giving this 20 hours/week because of the projects. Usually it is less, but I easily put 20+ hours into each project.
This course is worth every penny!
This is the first time I can say I learned and retained so much from a course. The course is challenging and time consuming. The projects force you to learn the material and actually problem solve instead of googling the answer. The TAs were extremely helpful and active via the slack channel and piazza. I would recommend this class to anyone interested in cyber security. Great course!
Easyish class to pair with something hard with. The projects are stimulating, lecture content is very summary level. Not a must-take course
Well, I just want to debunk the debunk comment below, who obvious is a TA or has some insight of the class.
First, the TAs have zero respects to the students. I am surprised the head TA still has his job due to all the things he posted on Slack. But hey, it’s GaTech, it’s not like they care about the students anyway. But just beware. BTW, the TA has told students to drop the class if they don’t like it. So professional.
Next, about question. There are many duplicated questions on piazza because the TAs will not answer questions. Also, if you ask anything on Slack, the TA will expect you to go through about 400 messages to find the answer, instead of just answer you, which is stupid. I am not sure on how the student below knows that most people did not do the 5% extra credit project, as the grade is not yet released nor has the TAs made a comment on how many students actually did it. But if you are a TA, then you will know.
Talk about the project, they are barely class material related. Many questions on project 1 and 4 does not related to this class at all. Project 1 is basically a project for an embedded class and 4 is basically a web development class, instead of a security class. Oh, did I mention that the TAs will not post solutions for the project, so you have no idea what you did wrong in the project?
Talk about the test. Do you remember the history course that we all hate from freshmen year? Yeah, the one that we basically have to memorize the whole textbook and hope that we did not miss any information. That’s this course here. The difference is that the materials for this course is way more boring than the history book and way easier to google.
Overall: RUN, DO NOT TAKE THIS COURSE IF YOU DO NOT HAVE TO. IT SUCKS. JK. But honestly, if I can redo the past few month, I will never take this course.
Let me debunk some of the false claims made in some of these reviews. OMSCentral reviews, like any reviews, should be taken with a grain of salt.
First, this class was made mandatory for OCY students, many of whom do not have the prerequisite background for the course. That’s ultimately the fault of program administrators, but the TAs bore the resulting backlash from those students. The solution is to design degree requirements in such a way that makes sense for students’ backgrounds, not to water down the class (as some would like).
Second, there was an incredible amount of entitlement by some students. Some examples:
- Due to the pandemic, we were given 1-week extensions on both Projects 3 and 4. That wasn’t enough for some, who still found reasons to complain about the projects.
- We were also given a 5% extra credit project. There were students who just wanted the extra credit without working on it, or additionally for the class to be curved (despite the syllabus saying upfront that there would be no curve).
- Countless duplicate or nonsense questions by students who couldn’t be bothered to search Piazza/Slack or read the project write-up before asking
- Complaints about delays in getting grades back, despite the TAs repeatedly saying there were students who had project/quiz extensions for medical/other reasons. Can’t really release grades until everyone has submitted.
- Students who clearly put very little effort into the projects but expected TAs to spoon-feed them the answers
Just because TAs didn’t kowtow to unreasonable demands and whiny, entitled students, doesn’t make them “mean” or “unprofessional” or “obnoxious”.
PROJECTS - overall, I enjoyed them a lot. They’re not perfect - Project 1 hinged too much on your having a single moment of insight, that if you didn’t have, would significantly decrease your grade. Project 2 had a fair number of ambiguous questions, but this project is likely getting overhauled. The write-ups weren’t perfect either, but the level of outrage in some of these reviews is ridiculous.
QUIZZES - intended to get students to keep up with the lectures/reading, but not super helpful in that regard as you could easily Ctrl-F the textbook to answer. Some poorly-worded questions and lots of “trivia” type questions in general. These definitely need to be revamped.
EXAMS - similar to quizzes, but with better-worded questions. Multiple choice and true/false questions don’t really belong in a graduate program either.
TEXTBOOK - a chore to read, but necessary in order to do well on the exams. I would definitely prefer a textbook focused a lot more on practical attacks and less on RFCs, standards, acronyms, and vocabulary.
Overall: this is a solid class. It’s by no means perfect, but many of the reviews on here were clearly written by disgruntled students with a bone to pick. Contrary to another review, the concepts are very much relevant today (search the CVE database if you don’t believe me). The quizzes/exams could be written better, and the class is in need of a better textbook that’s more aligned with the projects, but I learned a ton.
Overall a fantastic consolidation of various topics in Security. excellent course to start with. TAs are quite helpful and very responsive.
There’s a variety of reviews here that say the class is easy, but that’s not the experience for some. If you don’t have the prerequisites, you are in for a hard ride. There’s a lot of learning to be had in the projects. You’ll be exposed to C, gdb, malware, machine learning, Python, cryptography, HTML, Javascript, PHP. If you don’t already have some webdev experience, Project 4 can be a real challenge. If you’ve never touched architecture, C or the gdb debugger, Project 1 will be a hard ride.
Part of the challenge, yes the projects do not require much coding, but what coding and problem solving you have to do is often based on “aha moments” after hours of grueling study. For many students on Slack, there were extreme emotional highs and lows during the projects.
I rated the class “Very Hard” not so much because it was so hard for me but to offset the “Easy” reviews. There are plenty of people without a proper CS background (esp from the OCY program) who may not be prepared for what others call an easy class.
Now, there is (and hopefully will continue to be) a very active Slack channel where a lot of students bounce ideas off each other. There’s also a very fine line between what is acceptable to say in helping others, and what’s not acceptable. Don’t take the complaints about the TAs seriously, in my semester there were 20 Slack office hours every week and plenty of TA participation outside their office hours.
I’d have to especially call out Fahim, “Robo Cop”, The Kernel and Augustinius and others I am forgetting for being very active on Slack outside their office hours. The TAs, especially The Kernel, get a bad rap from some disgruntled students. THIS IS GRAD SCHOOL. No one is gonna hold your hand while you earn a CS degree from a top 10 CS program! If you post too much info your post is gonna get zapped faster than you can imagine.
In summary, if you don’t have a solid CS / Algorithms background, don’t take this because you think it’s gonna be an easy class – it won’t be!
Having taken a lot of classes in this program, this is easily the most garbage class in the entire program in my opinion (I have really enjoyed most of my other classes). Instructors are practically useless, other then for giving empty, sometimes unprofessional, answers to any questions, and taking forever to provide highly subjective grading on poorly written assignments. Even the autograded assignments and quizzes, take unreasonably long to release scores for sometimes lol. I mean this is a course in a graduate CS program, you’d think the course organizers would have the technical skills to improve the process smh. Not much coding/critical thinking/problem solving, (my favorite part of CS), required for pretty much all of the assignments, its a lot of fluff writing to simplistic questions, which they expect formal citations for because a unreasonably paranoid fear of cheating.
Its expected one needs to learn pretty much all of the information needed for the assignments from outside sources, and close to zero discussion is allowed even about the knowledge needed to complete the assignments, or even potentially where to go to find the knowledge. There’s a difference between being not holding some one’s hand, and straight up not teaching.
Browsing the course’s Piazza thread its easy to see many students’ questions receive empty answers.
Sure’s it an easy class, if you enjoy writing fluff, but it isn’t worth the headache, plenty of outside sources to learn about security. (which I think is a really interesting subject)
Lectures are boring, and exams/quizzes are just copied from the textbook.
CS-6035 is my first class at GaTech and for the record, I am not failing the class, so consider this as my input and opinion without any other bias.
I am a C level IT executive with over 30 years of experience and have degrees from 2 other universities. I enrolled in GaTech with the expectation to enhance my knowledge. After all, I have worked on Burroughs B700 systems, IBM System , 32 36, 3090, DataPoint, Wang and so on. You can say I have “some” knowledge around infrastructure, application development, security as I hold 7 active Microsoft certifications, cloud certified in VMware (since version 3 to 6.7) , Azure, EMC Storage (from Clariion to VNX’s) , and over 18 years of experience with SAP. So… was really looking forward to learning something new.
To my surprise, the material in this class is over 20 years old and mostly irrelevant for today’s world. It does cover general aspects, but zero real applicable knowledge you can take back to work and enhance your career or apply your gained knowledge.
There is no teaching at all, instead you watch pre-recorded videos on professors reading a script and PowerPoints with cartoon animations provided by the book publisher. They are not eloquent and most importantly, they are not engaging. They are so boring that most comments among students is to speed them up as otherwise you fall as sleep.
With so many students registering, It is clear to me that OMS has become the cash cow for GaTech and has small to no Academic oversight as it is running by a bunch of TA’s bulling everyone to their hearts content.
I was extremely surprised and disappointed to see the head TA write in Slack “So begins the procrastinators calling for help. Everyone feel free to point them to piazza or to search the channels”. This would have been considered grounds for immediate dismissal of employment in any of the companies I have worked, and shows how little customer focus attention exist regardless if they are late.
Most project assignments and instructions have errors and you spend a bit of time just getting clarification as they are so baldly written. On Project 4 for instance, they ask how to fix PHP to eliminate bad coding and SQL injections. While I agree with the concept, they are not teaching you PHP, JavaScript etc, but are grading you on it.
It takes years of experience to become proficient in web development and technology is not one size fits all, it is deep, and specific. You don’t go to your dentist to get your heart checked, you should not ask students to fix code and grade them on how good they are at it unless you take ownership of teaching them the correct habits and proper coding methods.
Instead, what you got is everyone struggling and google solutions they don’t even know are correct, but there you go. You can pass the class without a clue of what you are doing or learning anything new. You really want to stop cheating and plagiarism? Then teach a class worth attending, mentor and nurture people mind, and inspire them.
Anyone can read a book at home or watch silly videos, but that is not teaching my friends. Just knowing how to program in C does not make you a Professor, teacher or TA and if you clearly don’t care about your audience, then for sure you should never be in that position.
If you read the comments in OMSCentral, something is clearly wrong. It is a shame nobody at the University cares.
Really considering going elsewhere as clearly will not learn here, and I do have better things to do with my time.
I took this as my first class of my OMSCS masters, and this was a great first class. Some of the highlights were a student attempting to hold the TA’s for ransom due to a “bug” that he found in Project 1… Turns out he compiled the project wrong. Another student complained he couldn’t ask people on StackExchange for help on how to do the projects. “In real life, you can get answers from anyone you can reach”, apparently that completely condones cheating. Anyways, main points are quizzes and exams are memorization from the book, projects are a lot of fun with an huge amount of hints given by the TAs on Slack. Speaking of the TAs, the amount of crap they had to deal with from lazy students was insane. Here’s an example when I was trying to help a student on Slack after finishing a project early.
- Student: anybody have a suggestion for TaskX nothing works
- Me: search taskX on slack, see if you can find any hints (knowing that a giant hint from a TA will be the 2nd thing to come up)
- Student replies 10 seconds later: None
Seriously, this is the amount of handholding that some students expected. Can’t be bothered to spend more than a minute trying to learn, just gimme the answer now. I’d like to thing that earning a master’s degree actually means that I am intelligent, instead of that I could crowd source my projects from people on StackExchange and whine until I got my way. Read through the pre-reqs for this class, if you are semi-familiar with them and like to actually try and learn things for yourself you’ll have a blast in this class.
While this class is labeled as “introduction” it is definitely a graduate class, introducing several security topics that will be covered later in the program (if you’re InfoSec like me). The class has 4 main projects and 2 exams (no cumulative exam). All the information is either readily available in the book (you need to buy/rent) or a quick google search away. The projects follow along with the general topics of the class as best as I could see fit, and all the TA’s are very helpful and have some superior amount of patience after seeing what some people ask/demand of them. Make sure you go over the requirements for the class that was given during orientation. You must know basic system architecture (how memory is broken up in a linux system, how C handles memory, etc) being overly familiar in linux is a plus, mostly because the project’s VMs are based in Linux. I would find a good introduction to cryptography and number theory if you have the time.
As long as you prepare with the widely available list of topics this class covers, you should do fine. Kudos to Chris/Joseph/Fahim/Jeff for going above and beyond to make sure students have accessible help almost any hour of the day.
I’m almost finished the program, and was putting off this class for a very long time. I first tried taking it a couple years ago as a summer class, and the projects were in very bad shape - confusing and huge amounts of busy work. Combine that with the rest of the class and I withdrew pretty early on, hoping another class would come along for the CS specialization so I could skip this one.
Long story short, no such class has happened. So I finally took IIS.
The good news is the projects have massively improved since I last took it. This alone has changed the class from “terrible, avoid at all costs” to “I liked it”. I learned a lot and the projects give a really great overview of various security aspects. I think this is down to the heavy work of the TAs - so kudos to you all for doing such a great job making this class so much better.
A lot of the original problems in the class remain, however.
The book is incredibly verbose and terminology-laden - it is a complete chore and bore to read, and you won’t even remember 90% of it due to the acronym overload. Unfortunately, the quizzes and exams pretty much lift sentences word for word from the book. For the quizzes you can just search the relevant chapters. For the exams - well good luck. I just tried to understand the general concepts well, and then made educated guesses when it asked a terminology specific question that you would only know if you had memorized the book word for word. On the positive side, you can answer most answers on the exam with common sense/general knowledge.
The lectures are a mixed bag, borderline bad. I think this is a common problem across OMSCS actually - there is no revising of lectures as far as I know, so we get stuck with the first iteration forever. Dr Ahamad’s lectures were okay, but were in general far too verbose. Those by Dr Lee seemed to make no effort other than reciting what the textbook says verbatim. I’m sure it still took a lot of effort to put these together, but I think they could be improved significantly if the professors re-recorded some of it.
Meta-wise, I didn’t have any problems w/ the TAs or their behavior as people seem to be complaining about. I did think the Slack could be improved - the two rooms you get thrown into are bombarded by off-topic messages and meme gifs, which made me just give up following them (simply due to lack of time to filter through it). I think IOS has this organized much better - with dedicated rooms to discuss specific projects, exams, and papers. Off-topic discussion happens in other rooms.
There was a lot of whining from a small minority of students, but this is par for the course in large intake intro classes like this one - you can see this in some of the reviews on this site. Best to ignore such students.
Overall I recommend this class simply for the projects - you’ll get a nice intro to security with them. I would try to minimize your effort on the other aspects of the class though.
This was my final course in the program.
This class had interesting source material. The quizzes are just reading checks since they are open book. Exams are worth a small percentage of the grade and are multiple choice, the questions were fair.
The projects are the highlight of the class. Some of them are well designed and interesting. They are clearly created by different people over the years, and there’s some sense that someone decided they should be a little harder so they shoehorned in some additional challenge. Id say these additions were not great, they rarely related to learning but were more like artificial difficulty. Still, the projects were quite interesting on the whole.
The major downside of this course is the TAs. The head TA, Chris Taylor, is probably the worst TA in the program. Unprofessional, obnoxious, bent on making sure the class runs exactly how he wants. Unfortunately, since he sets the culture, even some of the good TAs I saw were drowned out. Don’t expect to have TAs that are actually interested in helping struggling students learn or providing helpful clarity against ambiguous grading requirements.
On the whole the class was fairly easy and projects interesting. Class would benefit from a better head TA, or if instructors weren’t totally absent.
Don’t ever really care to make reviews, but this class was next level awful/trash. Security is a very interesting topic, but it isn’t worth taking this class. Every assignment has highly subjective grading, which one would expect in maybe a writing program, not a CS program. Assignments are all boring, easy, tedious, and require little programming. It’s mainly writing answers to ridiculous questions (such as “what is a pointer?” I mean you really going to make me have to find a formal citation for my answer because this is such a legitimate research question).
Many questions require researching online, which is normal, but what annoys me most, is literally no discussion is really possible on any of the assignments and all information is expected to be learned externally online and cited, or it’s basically a violation of academic integrity, and this is because of the way the assignments are poorly setup.
Its not unreasonable to be expected to be able to learn and collaborate with fellow students and TAs on a theoretical level and discuss algorithms at least, but instead no discussion is allowed and TAs give sorry responses like “sorry can’t discuss” on essentially everything.
Assignments should be about applying knowledge learned, not learning everything on your own. I have no problem learning information on my own, and overall this class is still super easy, but what’s the purpose of the class if you can’t communicate with anyone?
Lecture material has little to do with assignments directly, and professors and TAs won’t discuss assignments with the students at all basically, so what is the purpose of them other than grading?
Quizzes are garbage, (basically ctrl-f) textbook, and Exams are kind of tough, only because so much information is covered in large textbook.
There’s other classes that are similarly easy, but don’t have these issues, so I would take those instead if one is looking for a light course.
Good coverage of security topics. Reasonable amount of technical engagement, and the content is just as advertised. The lectures are overly basic, the textbook is overly verbose, but the projects are a lot of fun and where I really learned. This was my first course in the program (first college class in 15 years) and I had fun with it. Light programming skills are required (e.g. scripting), but there’s no serious dev skills required as prereq.
Absent instructors. Material covered is OK; lectures are not worth watching. Just read the book.
Project 1 was made unnecessarily hard for many students by enabling sorting. That didn’t add to the learning for students.
Head TA Chris is very unprofessional on slack; mocking students for asking questions.
This was my first class in the OMSCybersecurity program, and it was both easier and harder than I had expected. I have a Comp Sci undergrad, but it’s been some time since I’ve been in any academic program and rather have spent my life working full time in development roles, most recently in a large company writing security software where I interact both with customers who want to protect THEIR company, and internal IR and SOC teams protecting OUR company.
overview
The class is an amalgam of computer science subjects, haphazardly thrown together under the idea that this is an “overview” of information security. I’m told that the entire Cybersecurity program is like this; a set of the Comp Sci program that happens to tangentially relate to security. Hopefully this will get better over time.
This class, given the projects, is COMPLETELY inappropriate for the Policy track, and maybe even the Energy track.
It is, perhaps, best described as a good hazing intro to the land of OMS courses.
“classroom” instruction
The classroom lectures are a mix of Drs Lee and Ahamad. Dr. Ahamad spends way too much time circling around the subject, and I found myself using the video speed control at 1.5x most of the time. In a lot of cases I just skipped the video altogether and just read the transcripts, although some of the slides appear over time so there is a possibility of missing things.
Dr. Lee is much more direct, although I found his accent a bit hard to grok so had to slow his down some.
This is, as I will note later, about the ONLY interaction with the professors you will have.
content
Other than the fact that the subject matter is thrown together, I found it mostly engaging. There are some really, really dry spots (like the common criteria sections), but the content copies mostly (80%) from the book and where they don’t, are largely complimentary.
I found the book worthwhile and spent a majority of my “input” time there rather than the videos, which I used to get an idea of what portion of the book to concentrate studies on.
projects
There are 4 projects, 3 of which require either coding or knowledge of coding. Project 1 is to provide data for a program to get it to buffer overflow. While I feel having the knowledge of buffer overflow is absolutely useful, this project was bizarrely oriented to topics and tasks that don’t enforce the concept. You will need some non-trivial gdb
knowledge to debug your way through the project, which was presented by the TA’s as some sort of secret knowledge passed in guild-like fashion from master to apprentice, and only when worthy.
Too, there is a “magic nugget” that must be deduced from the documentation that is easy to miss, and if you do, makes the project uncomplete-able. Which was one of my 2 biggest gripes about this project specifically, and all of them in general. In order to ramp up the “difficulty” of the project to fit the TA’s “this is a graduate level course” narrative (more on this later), instead of taking time to design a good project they use this hack solution of adding an element that doesn’t teach the concept, doesn’t help understanding, and is simply an irritant.
For example, one person posted a handy guide to gdb
, without even mentioning which of the 100 or so commands on it were useful. It was removed, and the student scolded for posting it. This project was NOT ABOUT gdb
! Way to miss the point, TA.
Project 2 was mostly pointless. You run an analysis script over malware samples, and try to grok its output to answer questions. This was the most “busywork” project of the 4. This one was so forgettable that I had to go back to my project directories to even see what it was to write this review.
Project 3 was using Python to code various aspects surrounding an asymmetric encryption program. This one was the project I felt I got the most out of. I’ll never code one of these ever again, but it did mostly use the coding exercises to illustrate interesting points of the algorithms; pitfalls, strengths, why things work and why they don’t. Whichever TA designed this one gets my admiration. (Although one of the writeup questions asks a question in so vague a manner that a vast % of students got points off even though the content was correct. If slack/piazza was any guide, by this point most of them/us have given up trying to reason with the TAs about it. See below.)
Project 4 uses PHP to illustrate a badly written “banking” site, and given the source code the student is asked to break it in several ways. Like project 3, this one uses code and exercises to illustrate and teach various points. Beware the autograder, however; points will be removed for things that work perfectly on your machine but fail the autograder. Because a regrade of one of the tests wouldn’t have affected my final grade, and this was the last project, my auto-grade request was denied so I don’t know what aspect of my submission “failed” the grader (but worked locally) in the provided VM.
It is PAINFULLY obvious that the projects were designed by different people. The style and specificity of questions, the rigor in putting them together, the level of sadism in hiding the inevitable “trick” that if found makes the project trivial, and if not, impossible, etc. was WILDLY different among them.
tests and quizzes
Quizzes were open book, single-attempt, and 1 hour long. (I’m told the single attempt aspect is a change from previous semesters) They took generally way less time than that, and mostly could be looked up easily in the material. One took the class by surprise and got a much lower average score. My suspicion is the TA’s were trying to be clever with the questions on this one.
The 2 tests where T/F and MC, and were not overly surprising in content. Test 2 actually took some questions from student-written study guides, which I felt was a nice touch. The questions I got wrong, I felt I got legitimately wrong, with only a few instances of TA’s being deliberate in trying to trick the student.
That said, the non-student questions were taken right from the book. Sometimes with a word or 2 changed, to completely reverse the meaning of the phrase. This is just more TA laziness; making the material APPARENTLY “hard” without actually trying to put the work in to test the student’s knowledge. It was mentioned in slack several times that this sort of pickyness would not happen, but it did.
That there are only 2 for the entire course is just more laziness, however. A 4 exam semester would have alleviated much of the intense cramming that people had to fall back on. Even 3 would have helped.
Personnel/Interaction
As I’ve mentioned before, my view of how the TA’s operated is on the fence.
I used slack more than Piazza as it was way more interactive, and the TA’s were more responsive and candid.
There were 2 TA’s that were the bulk of the interaction. One was quite chatty and friendly, the other mostly superior and standoffish, although both were “around” a lot, which is helpful.
My biggest issue with this class, is that it is TA run. That in itself is not a problem, but the TAs that run it are mostly absent (I think one of the Canvas pages showed something like 8-10 TAs, but we only interacted with 2 on a regular basis, and maybe saw another 2 or 3 of them once or twice during the semester), and none of them have actual professional teaching experience.
Here’s what this led to.
- No problems with “chatty” (although I get the impression he was asked to tone it down for getting too friendly? Not in any untowards manner, but he got very “professional” later in the semester and mentioned some sort of wrist slap from on-high).
- “surly” was outwardly adversarial and arrogant. He had a script for human interaction.
- When asked a question, defer to “google it”
- If pushed for more information, fall back on “this is a graduate course, it’s supposed to be hard”
- If pushed past this, claim superior knowledge of “we spent X hours on this, it’s correct”
- If shown to be not correct, “If you think this is so easy, you volunteer”
- If presented with options, like putting some of this on git and look at pull requests, absolute silence.
I saw this pattern repeated many, many times. (Also, he was proud of mentioning how this is how it is in the real world. Let me tell you, Surly, I have at least 5 years on you, and no, it is not.)
The “us/them” mentality was manifested in other ways as well. One TA thought it absolutely hilarious to answer questions with “implement the function”. Once in a while, for an obvious question, sure. But daily, for legitimate things people need help on that they’ve obviously tried to work out on their own, it’s just offensive.
I get this position requires some volunteers to get paid to do, and that we as students can be entitled **s, but the mindset of not helping got pretty deep later in the semester. Luckily we had some even-tempered and helpful STUDENTS doing much of the TA’s work.
They need a LOT more training. They never “taught”, and rarely “assisted”.
The instructors were completely absent. If I remember correctly, Dr. Lee did one (maybe 2?) office hours.
denouement
This class is required (for OMSCyber, anyway), so there’s little point in suggesting you don’t take it. And, I did get something out of it.
But don’t feel that you’re going to get a lot of “information security” information out of it, unless you spend a lot more time in the book than is required. The stuff that tends to “stick” with you will be project based, and they were way too tricky for the sake of it and focused on too specific of a subject for a class like this.
Did I learn something? Sure, but mostly from the book (and arguably, projects 3 and 4).
I really think the instructors ought to be more proactive. Having people go out fishing for information for the entirety of a project is not an efficient learning experience. You should be very familiar with Assembly and GDB before taking this.
The class material is boring to watch and the homework aren’t very useful and practical. Most annoying thing is the grade is just unfair. If you miss some score on one of two exams, most likely you wont get a A for this class.
The class was very interesting and covered most of the current security concerns that should be in any developers mind as they write code. The front half of the class and project 1 had a higher time commitment (12 hours / week) for me compared to the second half (4-6 hours / week). The videos are good, but not the best ones I’ve seen in the OMS CS program. The videos didn’t always illustrate complex things such as DES, AES, RSA, and TLS hand-shake clearly, but supplementing with other sources and the book cleared that up. I used the international edition of the book which is less expensive, but sacrifices the on-line material and some additional chapters which would have been helpful in a couple cases. The first assignment in C was more challenging for me, but the other assignments were fairly easy and straight forward. We used C, Python, and JavaScript, but you don’t have to have a significant amount of programming experience in those; you can Google your way through most of it. The hardest part of the class is retaining all of the facts about all the different aspects of Info Sec for the tests.
This was my first class in the OMSCS program. My final score was 86.41%. I learned a lot in this class so I’m glad I took it. However, the lectures and book are not exactly exciting. The course work is not too demanding but you must start the projects early and put in at least 12 hours a week if you want to actually learn. I am surprised that some students were able to pass the class with less than 8 hours a week of studying.
The professor and TA warned the class about cheating. Their warnings were very blunt and it offended many students. The warning came after the first exam. I too was surprised by the warnings. I then realized the administration’s frustration. Here are some observations.
-
The first project is difficult if you don’t have C programming experience or haven’t used GDB before.
-
The fourth and last project is difficult if you don’t have web development experience (HTML, CSS, JavaScript, SQL). I have over 10+ years web development experience and it still took me a lot of time to complete the project but I did get 96/100. I disagreed with the grading but i did not challenge it.
-
One of the students was frustrated that his question to the TAs was not being answered. The TA informed the student that there was about 1000 students in the class. There were only 33 TAs. It takes time for the TAs to answer all the student inquiries.
-
There were 741 unique Piazza logins on the second to last week of the class.
-
Some students did not get their scores for project 3, project 4, and/or second exam. The instructor posted the following message:
If you have not received your P4, or P3 or you are missing Exam2 Grades its most likely because you committed academic misconduct. At this point, you will receive an incomplete and will have to settle up with OSI once they review your evidence.
- The last week of class had 701 unique Piazza logins. Keep in mind that there were 33 TAs.
From these observations it looks like the class shrunk from approximately from 1000 to less than 700. A lot of students dropped, withdrew, or got kicked out of the class. These aren’t official statistics. They are just my observation. Most of the students were able to pass the class. Unfortunately, a lot of students were not able to get credit for it.
This class felt like a weed out class. I’m sorry that so many of my fellow students were not able to complete the course. Many students did reach out to TAs but were not given additional assistance. This doesn’t justify the students cheating but it probably resulted in a lot of dropped or withdrawals. At the same time, I can understand the instructor and TAs’ frustration with the cheating. The numbers above gave me a sense of the wide spread cheating.
In summary, you will learn a lot and it is difficult if you
In summary, this class is challenging if you don’t cheat but it’s definitely doable. You will learn a lot. Expect at LEAST 10 hours of work between watching videos, reading, and doing projects.
This was my third class in the program. I do not have a CS Background but have been working as a software engineer for the last year.
Quizzes (10% weight)
- There are 10 open book quizzes (1 per week). You get two attempts to take the quiz and your score is the score you received on the last attempt. These quizzes are very easy and just a simple ctrl-f in the textbook (you can download a pdf version of the textbook for free). You don’t need to watch the lectures to take the quizzes. Allocate about 30-1 hour per week for each quiz.
Exams (20% weight)
- There are two closed exams. The exam questions are poorly written and many of the exam questions come from the book. Review the bold terms in the textbook (don’t bother reading - its too dry) and review the lectures for the exam.
Projects (60% weight)
- Don’t spend any time before the class trying to learn material. You can pick everything up once the project starts.
- The projects are writing heavy. Very little coding is required for the projects. Spend time understanding the concepts presented in the project. Be detailed in your writeup - the TAs look for specifics.
- Projects 1 and 4 use a VM.
- There are 4 projects in the class. Try to get 100% on the projects. You get about 1 month for each project (slightly less in the summer but the projects overlap so if you finish one early you can start on the next one).
- Project 1: Buffer Overflow in C. Minimal C Code + Written report. The bulk of this project was writing a report about stack memory, heap memory, and buffer overflow. Very little code is written for this project. Spend enough time reading about the subject material and answering the questions in the project prompt to get full marks. The TAs do look for details so mention more than less in your report! The coding part of the project involves using GDB to understand memory addresses. Time Estimate: ~15 hours (+ a bit more if you are new to C and GDB)
- Project 2: Malware Anaylsis using Cuckoo (no coding involved). This was a very easy and straightforward project. Follow the instructions in the project prompt to run some malware. Analyze the results and submit your answers on a website. Time Estimate: 5 hours
- Project 3: RSA Cryptography. Python Coding + Written Report. Implement parts of the RSA algorithm in Python. The coding part is minimal (under 30 lines). If you just google the prompt for each question, you will find a stack overflow post with pseudocode for the task. Convert the psuedocode to Python code. Read about the algorithms on Wikipedia to help answer the questions for the report. Time Estimate: Coding ~5 hours, Report ~10.
- Project 4: Web Security/Vulnerability. HTMl/Javascript + Written Report. This project required some trial and error since I didn’t have any experience with html/javascript. I spent the bulk of this project reading online about how to approach each task - how to find each vulnerability and how to fix it. Time Estimate: ~15 hours (8 for figuring out what code to write, 2 for the coding/testing part, 5 for writing the report).
General
- TAs are not very helpful on Slack or Piazza. Some TAs are aggressive and rude on Slack.
- The projects were more at an undergraduate level
This is my first review.
I believe this to be a fair course. You should not miss an opportunity to learn about security.
The TAs are like us. Be fair to them and they will be fair to you. I would approach the interaction with the TAs as your opportunity to extract the most out of them. They have been nothing but fair to me.
The one aspect that will help this course is to inject positivism. Like declaring the best papers on Piazza and why they were best to counter the negative posts.
The second aspect is for the TAs to provide continuous feedback – perhaps, this will provide an incentive to start early and also an opportunity for students to learn. Some TAs provided continuous feedback and I benefited from such feedback from Project 2 onward.
The third aspect is to publish the question bank to the students. While this may take some work, it will provide consistency, allow students to expect the result and also a finality to the exam.
Path to a good grade: Start early. Connect with TAs and ask for feedback. Complete the coding part in the first week and spend the rest of the time writing the paper – this is doable. For the paper, do more than what is asked. Prepare for the exams early and pay attention to Slack for tips on performing well. Attend office hours and ask questions – I was able to solve several aspects of the course with direct help from the TAs. Be positive and enjoy life.
Also, pay attention to Project 3 – you need to submit with your id; the supplied test cases dont guarantee passing the auto grader.
Really enjoyed this class and learned a lot. TAs were great and very active on Slack at all hours always willing to help out. This class requires self-guided learning in order to get an A, it is a graduate-level course after all, but nothing they ask you to do is impossible. I would recommend this class to anyone, especially first semester students.
Don’t worry too much about the programming languages required for the projects. All all of the projects combined I probably wrote 100 lines of code. You need to be able to read code more than you need to be able to write it. Project 3 is the only one where you really write any significant code, and it is in python. So, easy to pick up if needed. Reading and understanding is far more important. I’ve never written a line of php in my life but made an A on project 4 just by being able to read the php. I thought the projects were enjoyable and good reinforcers of knowledge gained in the course.
Tests were fair but not as fun as the projects. I thought the lectures were enjoyable too.
Another outdated course of the OMSCS.
If English is not your main language and/or if you are not good with memorization be prepared to put more load on Projects.
- Exams are awful. All based on memorization and taught me nothing at the and. Just a pain before and after.
- Projects are kinda fun but they’re mostly outdated and won’t help you if you are working in the field right now.
- Only good part is projects are released earlier so that you can work on it
- All projects require reflection. So if your English is not your major or native language, then be prepared to proof check your reflection papers. You can do the programming 100% but still get 55% from the project because of the poor written reflection paper.
While I think some of the reviews on here highlight the difficulties of the class, I did not find it as dramatic or drastic as others. TAs can come across rude, but at the same time there were tons of repeat questions on slack and piazza. Piazza also had some very questionable piazza posts where the students were acting very entitled and disrespectful to the class. At one point during the semester students @’d a TA over and over in a channel (I am assuming his phone was blowing up). With that being said, TAs were open to feedback and would open piazza posts specifically to address and accept feedback for projects and exams. If your background is in CS, I think this class is easy to get a B. The way that the grades are weighted and the exams being more memorization than critical thinking – I would say its very difficult to get an A in this class. The projects are the real core to learning and are the most fun part of the class.
Not my favorite course of my career, but certainly not the worst like others are making it out to be.
While the content is interesting and relevant, the execution is sometimes lacking. Projects are quite fun and very useful, you will learn a lot but the lectures are boring and sometimes inconsistent, quizes are poorly worded and full of mistakes. Overall I recommend this course, it will make you write more secure software.
This was my first class of the program and I think it was a great first course in terms of getting accustomed to the program. I wouldn’t consider myself the strongest programmer and this course isn’t too intensive on the programming in terms of the assignments so I found them manageable. I did find that the readings were the worst part about this course in terms of studying for the exam in that I found it to be a lot, especially if you fell behind. But other than that it wasn’t crazy hard. I would definitely suggest this course as an introduction to the program.
This is the worst course that I have taken in OMSCS, possibly the worst course that I have taken anywhere at any college. There are several reasons why:
-
This is the first course that I have taken where the professor was completely hands off. Not sure if he gave the course even a passing glance, and it showed in what was put out.
-
TA’s – (I can only go by Piazza, as I didn’t use slack at all based on the conduct that was displayed on Piazza) a. Rude – Just generally rude to the class as a whole b. Arrogant – They thought they were good, not really sure why? Maybe there just isn’t oversite so they can feel that way. As one small example from the very beginning of the course when referring to grading – “If you are truly frustrated with the pace at which we grade things, you better buckle up because we are one of the fastest in OMSCS”. The reality is all quizzes and exams are auto-graded, the projects are largely auto-graded, and they were still the slowest that I have experienced in OMSCS. Not that grading speed is the be all and end all of a course, just an example of how out of touch they are. c. Threatening – In the beginning of the course all they talked about was cheating, everyone is cheating, we know who is cheating, we’re coming after you! Good, do it, get the cheaters out of the program. I want my degree to mean something so by all means if someone is cheating take action and remove them, discipline them, whatever you can do, but the entire class doesn’t need to hear about it every day. They use some ridiculous metrics for plagiarism where no more than X% can be cited or reused, then use a plagiarism checker that flags the word “the” as plagiarism. Again, if someone cheated, they know it. If the checker shows huge blocks of writing as copied and uncited then that is a problem. There is no need to get everyone fired up with unintelligible plagiarism metrics.
-
Quizzes\Exams – Speaking of unintelligible, wait until you have to sit through one of these. There are two types of questions, questions that are statements copied directly from the book (possibly missing the most important part of the statement), and questions that are copied directly from the book where someone tried to get cute and changed some wording. If they changed the wording, they almost always did it in such a way that they either completely changed the question and their intended answer is now wrong, or that the question is now so vague that it is no longer answerable. The is no testing of any conceptual knowledge on these tests. If you like to memorize the book then these tests and quizzes are for you (at least the directly copied questions, the others will probably drive you insane).
-
Projects – Most see this as the redeeming part of the course, I disagree. Students get frustrated because other students in the course call the projects easy, and they are very easy, if you have a background in what is being covered or used in the project. The subject matter can be somewhat broad, but if you have an ungrad in CS you have probably seen most if not all of it already. What they do attempt to do is throw little “tricks” into the projects to make them feel harder than they really are. If you’ve already seen it then they’re generally no big deal, but if you have not then you are attempting to learn something entirely new with some inane twist thrown in for good measure. The overarching themes to these projects are: a. Basic computer architecture and low level programing languages (“C”) b. Malware analysis c. Cryptography (Math, Python) d. Web Vulnerability’s (HTML, PHP, Javascript)
This course is not difficult, if you can be somewhat diligent with reading the extremely dry textbook and you are somewhat familiar with the project topics it’s a fairly easy A. If you are not familiar with the concepts in one or more of the projects (except for project 2, that one can be picked up fairly quickly) you’re going to have to put a lot more effort in those projects, and probably feel like you’re putting in a lot more effort than everyone else taking the course.
It has been said that TAs are the lifeblood of this program, and I now realize how important they are. I love this program, and up to this point every course that I have taken has better than I would have expected, and I put much of that on the TAs as they are the people that make it possible. With that said someone has to oversee what is going on with this course. I don’t know what happened here, but I think there needs to be a little more oversite provided to improve the course, or at the very leaset make it somewhat coherent.
In short, this course as it stands is a train wreck. It’s not difficult, if you can deal with what I’ve outlined above you’ll get a good grade. If this is your first course and you are thinking about dropping out of the program, take another course it’ll get better from here. If you are thinking about taking this as your first course then I would recommend that you take another one that will give you a more accurate representation of what you can expect from this program.
Pros:
-
The course material provided a broad overview and the projects were fun and hands on.
-
A lot of time for the projects is given, although I wished they would have reduced the amount of time needed for each project and introduced one or two more.
-
Some students on Piazza and Slack were helpful and encouraged discussion for the projects and exams.
Cons:
-
The quizzes (10% of the overall grade) were meaningless and did not test you on your understanding of the chapter, but rather how well you can search for the answer using ctrl+f. Aim to get higher than 90% on this as it’s easy points.
-
The exams (30% of the overall grade) felt like trivia and how well you could memorize the textbook. The questions were ambiguous and poorly worded. If you don’t read the book, look over the study guides provided, but know that you’ll probably miss out on some points because you didn’t memorize or see one small detail that a question is talking about from the textbook. Aim to get higher than 80% on this.
-
The autograder isn’t provided for the projects, so if it happens to not work when grading, you’re out of luck. Multiple students had portions of project 3 fail the autograder despite it working on their machine resulting in them losing a big chunk of the project grade. Fortunately, the other three projects, you can somewhat test to see if they work manually.
-
Writing the report for the projects (60% of the overall grade) was a crap shoot. There is no rubric provided, so it is hard to gauge how in-depth the answers should be based on the questions asked. So, write as much as you can and hope that you cover all of the bases that they are asking for. Aim for 100% on the projects (90%+ on project 2).
-
Grading for this class is slow. It took almost a month to get back some of the project grades. Going into the final, it is hard to say where your grade stands knowing that it is possible that an issue with the project can tank your grade by a letter.
-
The worst part of the class was the communication. A lot of students were left in the dark regarding their grades and regrade requests. Also, despite Slack being an official part of the class with an individual workspace, some of the TAs were unprofessional and outright not helpful. If you had a question, it looked like it was better to just figure it out yourself than ask. They did not encourage discussion for the projects.
Overall, the course seems like an easy B, but a lot more effort is needed to get an A. Note that they changed the weight distribution for the exams and quizzes, so it is harder to get an A compared to previous semesters.
TLDR: Don’t take this course if you care about how a course is handled. The only silver lining is that the course content was informative and that the projects were fun.
This class is my first, and was a fantastic introduction to OMSCS. I strongly recommend it, especially if you have an interest in cybersecurity. The projects are hard, and you will want to start them as soon as they’re released. The first project in particular tosses you into the deep end, and unless you already know assembly how computer memory architecture works you’re going to struggle a bit. Start right away, grind through it, and the class is all smooth sailing from there. The projects are as fun and rewarding as they are challenging. The exception is Project 2, which is the least work but way less engaging.
The exams are pretty dry and mediocre. You memorize the textbook, regurgitate it into proctortrack, and then forget about it. They aren’t a huge chunk of the grade, which is nice. They are the low point of the class, but the rest of it makes up for them.
This class…
For background I’m a SWE who came to the role from a security position so this material was not new to me. For some it might be and that would change the difficulty/perception by a good amount.
Pros
- The projects are really fun. You get some high-level experience in crypto, web apps, and systems.
- I felt like the technical level expected was manageable. If you have never programmed in python, taken an architecture/OS class, or have never heard of modular arthimetic this might be a bit rough but if you have a traditional CS background you’re more than ready.
- The TA staff is responsive and excited about the material. You’ll almost always be able to find TAs on the slack channel and they will actually respond. I’ve never seen a class with TAs this helpful
Cons
- The quizzes feel a bit like a wasted opportunity. 10 quizzes open book worth 10% of your grad. Get ready the Ctrl+F your way through them.
- The exams were the worst part of the class imo. Many of the questions were very specific and word for word from the book. The idea was to have exams be more concept focused than the quizzes but I felt that they were similar.
- Grading can be a bit slow but isn’t too bad when compared to some other courses in the program (ie SDP).
- The malware projects is a bit of a bummer comparatively but isn’t too far off from reverse engineering in real life.
Overall take the class if you don’t have a good grasp on security or want a class you can put little time in and still get a good grade.
This was my first course in OMSCS and I liked it. The material presented can be a bit bland for some people and the lecture videos can sometimes be boring,so watch them in 2x! There were very few additional readings, only 1 as far as I remember and that was for project 3. There were 4 projects.
- Understanding and exploiting buffer overflow
- Malware analysis
- Cryptography - related to RSA
- Web security - related to XSS, XSRF and SQLi
Among the projects, Project 2 was the one which I did not like much as it involved understanding and analyzing results generated by a tool (Cuckoo Sandbox) and there was uncertainty in some answers. The other projects were all very interesting.
Coming to exams and quizzes. There were 10 quizzes, all containing multiple choice questions,open book and with 1 hour time limit. There was some discrepancy in the answers but most of them were resolved. The course had 2 exams - Midterm and Final. Both closed-book, multiple choice. They don’t require too much depth but you should have a basic understanding of the concepts. Another point about exams was that the students prepared questions and shared them with the class.I think the TAs were involved too. This was very helpful for both the midterms and finals.
Now for the TAs, they were very helpful and the slack channel was a very good resource throughout. Chris, Jeff and others kept things lively and were very approachable. Kudos to the TA team! They did a phenomenal job of managing so many people.
I definitely recommend this class. It will introduce you to basic software vulnerabilities and can prepare you for other courses like Network Security.
Very frustrating class.
Pros:
- Pretty interesting and informative projects, although the write ups were poor and grading included no worthwhile comments, so no idea why points were deducted.
Cons:
- Combative and accusatory TA’s. So many warnings and accusations of cheating that I gave up looking for or offering help.
- Quiz and test questions either wrong / ambiguous as to be thrown out, or just ambiguous and confusing enough so the official correct answer is elusive.
- Lectures are not great. There are nonsensical quizes given in the lectures before any pertinent information is given, or just asking about random historical information that is complete guesswork.
- Very little actual help given by TA’s, or allowed from fellow students. Most common response “read carefully for a big hint”
- The book is coma inducing.
- No interactions with instructors.
Suggestions:
- Start projects as soon as they come out.
- Search the book pdf and lecture text for the quizes
- Don’t bother studying anything other than the practice questions for the tests.
This was my 1st OMSCS course:
Projects: 3 were great, without them I would rate this class a 0, the other one was a waste of time and they refused to explain why parts were wrong or how to figure them out.
Quizzes: can you use ctrl+f? Open-book, waste of time, didn’t help the learning process.
Tests: MC/TF questions that were poorly worded (I think on purpose to keep scores down). If you like trying to memorize really dense/boring textbooks, you might like them.
TAs: I think there were like 35 of them, I’m guessing 33 of them were great.
Professor: Recorded lectures a few years ago, MIA now.
I’m sorry that people commented negatively on this course. It has a lot to offer. The Slack community, which had its childishness and puffery, also had some caring students and TAs. They worked to clean things up on Slack, and I think they did a pretty good job.
The projects are challenging if you don’t have experience using GDB or web development tools, but there was enough time to learn these things on the fly, if you started early. And as a bonus, you really learn something and feel a sense of pride after completing the projects. How can you complain about that?
The tests were challenging, but there was a lot of effort to help students prepare. They published a study guide ahead of time, students and TAs quizzed each other in Slack using a quiz app (Polly), and a handful of students put together quite a comprehensive study guide which helped immensely on the test.
I worked a lot of hours, and at times I felt that I would not figure out the projects or understand the reading, but I learned how to step back, take care of myself, and work persistently until I succeeded. Others may put in fewer hours, but they are probably also the ones who complain and didn’t like the course. You get what you put in, for sure.
Finally, the professor made attempts to reach out to students via Bluejeans. This is the first class I’ve taken where the professor reached out like this. The TA’s were really involved and did a good job directing, guiding, controlling, and having fun with students.
I highly recommend this course!
Also – regarding the remarks about cheating that I’ve read in other posts – there were probes sent out about cheating, but probably rightfully so. If you give too much help, well, you probably shouldn’t. TAs are bending over backwards to try to remind people NOT to do that. So no reason to blame them for trying to keep 600-ish students on the up and up. Nowhere near the extreme situation that I see mentioned in other posts. In fact, the most common comment I saw from TAs was “If you didn’t cheat, you have nothing to worry about”. Amen.
With it having been over 13 years since I finished my BS in Computer Science, I felt this would be a great way to ease back into the college scene. As a first course, it met all my expectations. The material was interesting, the projects were challenging but applicable, the tests covered the material properly, and the pace was very well planned. I really had no direct interactions with the professors, so the TAs were my sole go-to source. The TA’s were both knowledgeable and helpful. Not much of the project topics were covered prior to the projects becoming available, but the instructions were very detailed. One of the key things I learned from the projects was to “read the darn instructions.” There were 10 quizzes, which covered the material you read and watched in the lectures. If you haven’t ran across omscs-notes.com. you should definitely check it out. Matt offers his notes he has taken during his OMSCS progression to everyone. They were extremely helpful when it came quiz and test time. I didn’t care much for ProctorTrack, but I see its necessity. All in all, it is a very worthwhile course, especially if this is your first course in the GATech OMSCS program.
This was my fourth course in the program and probably the most difficult so far. (SDP, CN, CPS). You will have to do a lot of the heavy lifting on your own, but the TA staff is active and helpful, without revealing too much of the answer. When it comes to some of the projects, a decent hint would give away the answer. Much more satisfying to trudge through and come up with the solution on your own. One thing that sticks out in my mind was attending office hour with professor and asking him a pretty specific question about the project we were working on and his response was something along the lines of “What does this mean? Are you talking about the project? I don’t know what you are talking about.” Thanks Wenke.
Pros
- Projects were interesting and challenging.
- Project 1 - Buffer overflow: interesting to learn some C and gdb.
- Project 2 - Using malware analysis software. This project was more of an assignment. Follow directions, hope for the best.
- Project 3 - Cryptography + Python: Challenging but interesting. This was my most favorite project.
- Project 4 - Web Security: XSRF, XSS, SQLi hacking. Code part was simple, but getting the injection point was tough. Pro tip: Do SQLi before XSS
- Quizzes were easy enough with info straight from open book.
Cons
- Tests were half T/F and half multiple choice closed everything.
- Difficult format before content.
- Questions were too specific for a closed everything format.
- Class average on two exams were 80 and <70…
- Proctortrack was used, I am starting to get used to it.
TL;DR
Easy to medium course difficulty with decent learning opportunities available from the projects if you take advantage.
I felt compelled to write a review for this class, since it was my 10th class and by far my least favorite. Generally pretty easy and also extremely frustrating.
Pros:
- I learned from the projects.
Cons:
- Exams (worth 30%) didn’t teach you anything. It seemed like an exercise of rote memorization for no purpose. Questions are vague and tricky (for the sake of being tricky, again no educational purpose). Study guide is useless. It basically just lists all of the topics from book chapters/lectures in a convoluted form.
- No instructor presence at all. Entirely run by TAs, who mostly seemed to also be OMSCS students who had just taken the course.
- Most unprofessional course I’ve ever taken since high school, which left a bitter taste in my mouth. Some examples include:
- Constant whole-class threats about cheating. It seemed that after every assignment, we would get an email saying “This is the most cheating we’ve ever seen. If you cheated, reveal yourself or you’ll get reported to OSI and get a failing grade, blah blah blah.” This led to unnecessary paranoia among honest students. Deal with cheating on an individual basis next time, please.
- Project 2 about Malware. First, the TAs refused to answer any question. Second, and astoundingly, one TA was going through a few select students’ autograded assignments and revealing their current score and giving hints to specific students in the slack channel, BEFORE the assignment was due. Favoritism which I’ve honestly never seen in my educational experience in a long time.
- Project 1 instructions were terribly written – it had no logical flow. Like the headers literally go from Suggestions/Warnings -> Goals -> Helpful Suggestion -> Helpful Hint -> Information/Hints -> Part 1 etc. How many sections of disjointed hints and suggestions do you need before you actually describe the task at hand?
- TAs response to every question on Slack about the projects basically was: we can’t tell you, use Google, this is a graduate class and expectations are higher. Even conceptual questions. And guess what likely happened if you wanted to help someone else out and post a conceptual link from Google? Your comment would probably be removed and you would get reprimanded by a TA. It’s hard to understand the pedagogical value of doing this.
- Grades would take a while to get returned. Even stuff that was autograded, like multiple choice exams. The reason for this is apparently showing you the score for the exam (even if the questions/answers aren’t revealed) is a cheating risk. Makes little sense. And it makes even less sense given that one TA did allow you to post in a public Slack channel that you wanted your grade, and then that TA would reveal your grade PUBLICLY.
- And so on…
Recommendations:
- Get a head TA who is either a PhD student or adjunct professor or someone with more pedagogical experience to lead the course, if the professor isn’t involved. Hopefully this will rid the course of the unprofessional stink.
- Focus more on and add more projects, as these were most useful for learning.
Want to do well on quizzes/tests? Buy the book! Stuff is basically straight from the book, which can be quite dry.
Want to do well on projects? Start them the day they come out. And Google is your friend! The TAs aren’t going to guide you through the projects, but I thought the guidance in the project write-ups was pretty good.
I’m not sure what all the commotion is about TAs being bad, but I did not experience that at all. If you’re OMSCS and actually have a computing background, you should have no problem with this course. YMMV if you don’t have a computing background because there’s definitely some code analysis and programming in the projects.
Overall, I’m glad I took it but probably wouldn’t take it again unless they cut down on the rote memorization and added more projects (which were definitely the highlight of the course).
I think this class was good, especially for those that have not taken a CS-level security class before. It sticks to the fundamentals of security which is a good thing. Fundamental security knowledge is something that all developers should know.
Pros:
- Projects are interesting and very “applied”… I love the disclaimer warnings reminding students not to break the law after taking the course. 4 Projects total, start early on them especially the first one (Buffer overflow attacks)!
- Quizzes are open-book
- Good class to pair with a harder one or take it alone for a light semester
- No group projects! Your entire grade is in your hands alone! Can I get an amen?
Cons:
- The video lectures are long. The zooming in and out of the professors head drove me crazy, please for the sanity of future students edit those videos. It made him look like a human bobblehead!
- Obsession with threats to cheaters. I get it, you are warning students not to cheat. But this has been the only class so far (#6 for me) where the TA’s/instructors constantly warn the entire class that they will be reported to OSI. It really brings down the morale for the rest of us. By all means go after cheaters, but stop using fear tactics against the whole class, just deal with them in private and be professional
- Exams are closed book and worth 30% of your grade. Fortunately there are only 2 exams
Even with my gripes, I still enjoyed the content in the class and had fun doing the projects. If you already took an undergraduate level CS Security class, you can probably skip this one as it will likely be mostly review for you.
If this was my first experience in the program I would have strongly considered dropping it entirely. I would suggest that if you don’t have to take it, don’t. There are some good things to learn but in my opinion it’s not worth the stress of dealing with the TAs and just the overall unprofessional feel of the course.
I am a cybersecurity major, not a CS major. Whether or not this course is easy or hard for you will depend on whether or not your undergrad was in CS or programming. All but one project required some level of programming knowledge. While an in-depth understanding wasn’t needed, an understanding deep enough to read and understand the code, make changes to it, and write some additional code was needed. My background is in electrical engineering, and to succeed in this course I had to spend much more time (mostly on the projects) than people with a CS background. The slack channel was both a lifesaver and a super big morale sucker. Some people were happy to help and encourage, but there were a few people eager to share how easy this all was for them… not helpful when you’ve already spent 60+ hours on a project.
This is a pretty basic class… less the projects. If you don’t already know them — get ready to learn C, Python, Javascript, ajax, jquery, HTML, debugging and machine code reading all on top of the class workload. For the cyber major, the suggested prerequisites to prepare you for the curriculum was a python course and a discrete math course. I took both before beginning and was not prepared. Don’t expect any help from the TA’s or instructors — this is very much an on your own class.
I would have really loved this class had there been any teaching or guidance along with the projects. It seems pretty clear to me that this class was originally created for those enrolled in a CS masters program, not a Cyber program. While it is applicable to both programs, the class assumes a level of CS knowledge beyond what I have ever seen in any cyber program.
As others have said:
- Grades come out super slow, which makes it hard to adjust accordingly;
- Some TAs are fine but some are kind of awful, you’ll need to figure out which ones are worth discussing things with;
- Exams - feels like memorizing lots of oddly specific things that just aren’t that useful for anything;
- Projects are alright - but they will try to accuse everyone of cheating, and in the end I’m not sure what is allowed and what is not, making the learning experience much more awful than it needed to be - should I derive the extended Euclidean algorithm from scratch without any reference for you? Plagiarism and cheating should not be allowed for sure, but things could have been handled A LOT better.
- Projects, lectures and exams are kind of 3 separate things, could have integrate the components a bit better.
All in all, a fairly easy B, learned some stuff, but it could’ve been a lot better.
EDIT: The polarization of views on TAs just showcases the fact that if you are able to get along with the active ones, and have the time to keep up with the hundreds of daily Slack messages chatting about random things so you can be buddy-buddy with them, it does help a lot - but it’s a risky thing, since it’s quite obvious many don’t approve how the TAs are running the show and had undeniably experienced a ton of unnecessary stress over the course of the semester.
This is –by far– the worst class I have taken. Quizzes, lectures, reading, and exams were boring. Quizzes and exams uses ambiguous wording and taken directly from sections from the text book. This makes the class feel like little effort or caring went into the class by the professors. The first project demonstrates techniques which have been largely eradicated by modern operating systems. In fact, the VM that is distributed has been altered to disable the safeguards the OS provides. The second project uses tools which teaches the users absolutely nothing about Malware Analysis. This project is purely an academic exercise. The third and fourth projects are better in terms of the approach taken to convey the material.
Another major complaint is during the entire class I have not known where my grade stands. We have two week in the class left with the final exam due this week, and the final project due next. I still don’t know my grades from the last project which was turned in 3 weeks ago.
The piazza message board used in the class is awful. They also have a slack channel that is equally awful.
This is the first class I have taken in the program and I am deeply disappointed in both the content, presentation, and lack of effort it seems that went into creating the class. Hopefully the program courses from this point forward are better.
This is easily, by far, the worst and most painful class I’ve have ever taken in my 20 years of education.
This was a fair course. Unlike most, the book is very useful and I recommend getting it. The projects were challenging, but they are fairly standard security assignments. You can search for help on Google and there was lots of help to be found on Piazza.
The course material was presented really well. Although you still had to study for the tests, they are open book so that made it more manageable.
what a joke of a class, it would be insulting to say this is like a high school class because i had some well organized and informative classes. the quizzes are word for word lifted out of the textbook so all you needed to do was ctrl-f and you could get 100%. I made the mistake of actually trying to watch the lectures and read the materials before I did the quizzes(which meant not getting 100%). The exam questions were even worse than the quizzes, such oddly specific knowledge that wasn’t even relevant at times. It was absolutely not testing for understanding of material, but random things that you can ask google and it would easily return the answer.
since i’m totally new to the concepts i got a somewhat ok overview of info security from the textbook, definitely don’t bother with the lectures at all. the projects were so so, the last one was painful as i didn’t know any javascript or html.
Lectures and lecture notes are useless. All the content for the quizzes (open book) are in the textbook. Projects will require a lot of googling if you don’t have any prior experience in it because, like the quizzes, the lectures and lecture notes are useless.
*tl;dr: good course about security, useful for non-CS undergrads*
The lectures are presented by two professors who effectively cover the material using an entertaining approach. The textbook has around 700 pages and the course covers nearly the entire book. Read the textbook and view the lectures and you will have a good grasp of the material (plan about 50 pages/week). There are a few papers and web pages provided for reference. These illuminate the material, and a few of the papers are important.
There were ten (10) quizzes (20% of grade). Set an alarm, take them, they are easy points. Open book, open internet, low stress, good review/highlight of material.
There were four projects (60% of grade) that explore a variety of security topics.
- One project is a C program to exploit a stack buffer overflow, and requires student understand how to overflow a stack buffer and corrupt the return address. An interesting challenge that does not require much programming, but does require understanding stack layout and how to place the desired values.
- Another project is running malware in a VM, and observing malware symptoms. Interesting, and a bit of research was needed to understand certain Windows behaviors.
- My favorite project was the RSA cryptography project, where you learn about how RSA works, how to calculate public&private keypairs, how to exploit RSA attacks.
- The last project was learning about XSS, CSRF, and SQL injection attacks.
There were two exams (midterm, final) (20% of grade) that covered the lecture & textbook material. Exams were proctored, closed book, non-cumulative. Best to read the text and view the lectures during the course (closer to the exam). Material is not hard to comprehend, but tons of detail and facts. Many students found questions confusing or tricky. The exams were easy, but the averages were surprisingly low.
The biggest problem is the students who complain on piazza.
I didn’t like the course. Many of the covered subjects are old and not interesting at all. The classes are poorly dictated. Exams are strange and at some point seem to be random. Didn’t need to interact with TAs since the classes and the projects were easy enough. Projects were the best part of the class, almost acceptable.
tl;dr: Boring, easy. Wouldn’t recommend.
Misc
This is my third course, and least favourite so far. Pretty boring lectures, largely ripped directly out of the textbook, which is very dull.
I felt like I learned very little, and what I did learn could’ve been learned on my own in 2-3 days. That said, my background is full-stack development, so I know a fair bit about securing applications and servers.
The professors (there’s 2) were almost entirely absent from Piazza. I felt there was almost 0 engagement. I’ve had previous courses with shared lecture viewing, BlueJeans for just asking questions or hearing extra details, active instructors on Piazza… None of that here. This left the TAs to pick up all communication, and when questions were directly targeted at the professors, or above the TAs call, they often went unanswered.
Quizzes
Quizzes were awful. They’re open-book, no time-limit, questions directly out of the textbook. You can take it twice, but you can’t see your answers (correct or incorrect). I think they’re changing this to just one attempt though. I never felt motivated to try again, even when I got as low as a 70. Most of the time people were missing questions to bad wording or just plain wrong given other evidence in the textbook. But they gave credit back if 60% of the class got a question wrong, which happened more than it should have.
Projects
Most of the grade (60%) comes from projects. They were decent, none took more than a few hours for me. Some people had a lot of trouble on projects 3 and 4. The reports, write-ups, and submissions are incredibly inconsistent between each project. Some different TA must have written each project and the instructor never standardized them. So you’ll have 1 project do things one way, and another project be different for some reason. Projects 1, 3, and 4 were programming, with a detailed write-up as well.
- Had to exploit a simple C program with a memory overflow.
- Decent, be prepared to really get in the weeds of GDB. I don’t work with C much, so I learned a bit there. Not useful if you plan to only ever work with languages that handle your memory management.
- Malware analysis with Cuckoo
- Terrible and pointless project. You just run an open source scanning tool within a VM and CTRL+F through tens of thousands of lines generated in the reports to answer some T/F questions. Learned nothing.
- Exploiting cryptography
- This was probably my favourite project. Using Python, cracked some private keys with various vulnerabilities.
- Exploiting a website (CSRF, XSS, SQL Injection)
- Attack a fake website with the three main web attack. Also pretty fun, but as a full-stack dev I found it pretty easy.
Exams
~35 multiple choice questions on ProctoTrack/Canvas. Not a good assessment of knowledge. Not too hard though, pretty easy B with some light studying.
Piazza Management
Piazza was awful and not managed at all. People asking the same question 10 times, complaining about the TAs, or just asking for re-grades on poorly worded quiz questions. Instructor/pinned posts and announcements were inconsistent and easily missed in the spam from students complaining about the course. TAs apparently cracked down on people stealing code without citing, which is good, but felt like it was handled really menacingly with just threatening language on Piazza to turn yourself in before it gets worse.
We were told there would be extra credit. A month later, when a student asked about, the instructors said they’d changed their mind. I don’t think we’re entitled to extra credit or a curve, but a class announcement like that taken back reeks of poor management.
Ease
That said, it’s a pretty easy A if you try. You could get a B with minimal effort. There were 2 weeks where a quiz, a project, and an exam were due in the same week, which may hurt if you’re not staying ahead on the project and need to study.
Overall
Overall, I had a decent experience in this course. I would call it somewhere between Easy and Medium, but would lean towards Medium if taken in the Summer semester since you are condensing 16 weeks of material into 12 weeks. The topics were interesting and eye-opening. Gave me a greater appreciation of security (or lack thereof!) in today’s cyberworld.
Here is a link to the breakdown of my time spent on course activities: https://drive.google.com/open?id=15Ll6j4fTIpe9GNzM-MH1rCyxRzHv49nV. I averaged 12.65 hours per week.
Quizzes
They re-made the quizzes this semester since all the old quizzes were available on Quizlet and it was a joke. So that was good… it increases the value of our degree. That said… there were NUMEROUS issues with the quizzes. Every single one of the 10 quizzes had a problem, whether it was the wrong answer in the answer key or a question that was worded VERY AMBIGUOUSLY. This was very frustrating… but I concluded that hey, quizzes were only worth 20% so losing 1% of my total grade was probably not worth the stress/effort/emotions involved in complaining/whining/being a spectacle on Piazza.
Overall, quizzes were mostly Ctrl-F in the eBook to find the answer. Very little cognitive effort required. I did actually read through the assigned textbook chapters, so this helped me rip through the quizzes quickly since I had an idea of which section the answer was located in. I took about an hour on each quiz so that I could write additional notes on topics that the questions were on.
Projects
4 projects worth 15% each. Won’t bother including many details here since everyone else’s reviews have plenty of details.
- P1: Stack overflow (make a text file with input that will execute a return to libc attack). 19 hours.
- P2: Run Cuckoo in a VM to figure out what actions malware ran (least favorite project… it was very ambiguous, little direction from TA’s, just busy work without need for ingenuity). 11 hours.
- P3: 2nd favorite project, Python coding to perform RSA and other crypto attacks. 19 hours.
- P4: web security (favorite project!), CSRF, XSS, and SQL injection attack. 6 hours (I have web dev experience, YMMV heavily here)
Projects were fun overall. P1 and P2 did not take much brainpower. P1, P3, and P4 required writeups, no limits, just answer prompts. P3 and P4 were my favorites since I was actually required to use my brain.
Exams
I watched all the lectures and read through the assigned textbook chapters once. For exam study, I read through my notes (3.5 hours per exam). 88% on Exam 1, 82% on Exam 2.
IIS was my first course in the OMSCS, and I learned a lot from the book, the lectures, and the projects. I am already applying many of the things I learned at my work and my day-to-day.
The quizzes help you study, but read the book, and take notes, because the exams count on you memorizing the concepts in the book, so, don’t wait until the last minute because there is a lot of material to remember.
The projects are fun, but they can be hard if you don’t have any programming experience, especially because you will use different languages in different environments. There is also some cool Math involved.
The TAs are very helpful, don’t be afraid to ask the questions after you’ve done the research.
Start early! Keep organized, mind the office hours, pay attention to the deadlines.
Quizzes and tests are kind of BS, really specific multiple choice. Projects are fun and engaging. TAs are kind of… mean?
Overall meh course
Easily the worst class I’ve taken so far.
The quizzes and exams were awful. Many questions had ambiguous answers and they occasionally conflicted with the textbook. The quiz questions themselves aren’t thought provoking at all, almost all of them can be answered by searching for a specific sentence in the textbook.
Piazza is pretty much useless but that’s mostly due to the students and not the TAs or professor. The class seems to attract toxic students.
Projects were fun and interesting but the written reports were odd. It seems like the requirements for the reports were different for every project, they didn’t feel consistent at all.
Only the projects seem to teach you anything about the material. I got an A in the class and feel like I didn’t learn anything, mostly due to quizzes and exams having poor questions. The lectures are quite boring and aren’t even that useful.
If this was my first class I would have likely left this program. The course material was fine, but the behavior of the instructors and TAs was highly unprofessional. The quizzes were filled with “gotcha” questions and in many instances were wrong/poorly phrased. Students had to fight with instructors and TAs to get grade adjustments on almost every quiz. Similar issues were seen on the tests, which were multiple-choice and true-false style. The tests and quizzes were similar, but the detail level of the test questions seemed far too demanding for a closed book/notes test. The real issue with the regrade requests was that many student concerns weren’t responded to and course policy was ultimately changed to privatize regrade concerns. I think a lot of students felt there was a lack of transparency in the class. There were also some issues with TAs making inappropriate/threatening comments, which I have never seen before. Fortunatley instructors did step in and remove those TAs. The professors also backtracked on promised extra credit.
The projects were not too difficult, but a lot of the tools and techniques used weren’t explicitly covered in the class and required students to do extensive research to complete. I think the projects also were a little vague in some of the descriptions, but overall they were well thought out.
I learned a good amount from this course, but the attitude/response from faculty was disappointing. I think as a semester long course it would have been much easier.
Summer 2019.
Not much to add to the other reviews. The quizzes were annoying because of question wording. Probably the same with the exams, not much feedback. Suggest the TAs make a question bank of 400-500 approved and vetted questions and pick from those.
Rote memorization of the relevant chapters and lecture transcripts/slides is the name of the game for the quizzes and exams. Not really my thing, I prefer concepts and theory (this is Computer Science after all), but it’s a valid approach at the end of the day.
The projects were a real high point, and they made us think about how things could be purposefully structured to exploit weaknesses.
You could probably get a “B” out of this class relatively easily by going through the motions. It’s on you to put in the extra brain-cycles and understand how to translate the text to the projects. I put “Medium” difficulty because we should be self-motivated enough to understand we need to put in those extra 4 hours to integrate the concepts every week. :)
Pretty Good course to start with. The topic was interesting. XSS and SQL injection, once you get them to work, you get that a’ha moment. Workload was average for me.
Quizzes and exams were a bit frustrating for having wrong or ambiguous answers, but they usually gave back the points for their mistakes.
Pros:
- The projects are good learning and were fun
- Content provides a good learning
- TAs are mostly responsive
Cons
- Grading of project 2 was weird. It asked to analyze malware and search for around 20 activities. Grades were awarded only for the activities the malware performed. No credit awarded for correctly identifying activities the malware did not perform.
- The course instructor Prof Lee is completely missing. The class is completely run by TAs
- We had issues with quizzes and tests.
- Project feedback could have been more detailed.
This was not the best class I had taken in OMSCS. Yes, there were many problems with answer keys of quizzes and tests. But the concerns were addressed.
This was probably the easiest class I have taken which made it a great summer class. Even with the condescend schedule and weekly quizzes I often felt I was on auto pilot and often forgot I was in school this semester. I found the projects pretty fun and stimulating while the text book and lectures I didn’t finish due to how dry the content was. The TA staff got a lot of flack in my semester which I didn’t think was warranted because if anything they were exceptionally dedicated to improving the class.
Overall, if looking for easy class for summer or to double up with IIS is probably right for you. As for basics of information security I think this class is alright even though many loud people on Slack/Piazza will constantly remind you the material is “out of date”.
I really enjoyed the projects in this course and that’s about it.
To say the quizzes were a hot mess is an understatement. The quizzes were riddled with errors and turned into an exercise in sentence structure interpretation rather than understanding the concepts. The general response from the TAs was “we discussed it among ourselves and Dr. Lee and felt that the wording was confusing but not confusing enough to matter”….great.
The midterms were an exercise in brute force memorization of the chapters in the book.
In conclusion: This course, in its current state, is an disgrace to the GT OMSCS program. But if you take it, do well in the project and do ok-ish in the midterms and you should be able to get an A.
I took the course in Summer 2019 but chose Summer 2018 as the option was not available.
I wanted to take an easy course for the summer after a difficult Fall & Spring semester and I was not disappointed. This is not a very exciting course but does offer great insightsand learnings about security. If you want to learn about Buffer Overflows, Security Software (Cuckoo), RSA and Web Security - the projects are fun and rewarding.
I wouldn’t say this course is an easy A - Though I know I have done well throughout the course, I have a B. Just goofing up in one of the projects brought down my overall score drastically.
Stay active on Piazza and Slack - The TAs are very active and helpful: To name a few: Chris Taylor, Cecil Bowe, Brent (Thank you!) . I experienced strange behavior from students in this semester. Students were unusually combative and accusative during this course, which dampened the overall learning experience.
Students were mostly unhappy about the grading on the Quizzes. And rightfully so: Many questions were wrongly worded & also graded and there were many retracted questions. This lead to multiple arguments on Piazza and on Slack. I hope this will be corrected in the future.
This is an ideal summer course/ first course and yes, I would recommend it
Agree with most of the feedback below, so the only thing of value I can think to add: seeing as the quizzes are pulled verbatim from the text, it pays to get exactly the edition quoted, even if they say that others are equivalent.
Also worth noting, just as a head’s up: we were told before the withdrawal date that extra credit would be offered, and were then told after it that it wouldn’t, so don’t base your decision on that possibility.
There were one or two TA’s this term who seem to believe that the price we have to pay for access to their help is that they get to act like 4chan trolls on our class Slack channel. (Or maybe it was just one TA propped up, like most bullies, by a gang of sycophantic yes men – alumni he had invited on for that purpose who had no other business in our class.) I pray that either they grow up, or that GT declines to inflict them on any future OMS classes, as the tradeoff is far from worth it.
This was my second class in the program after IOS. I enjoyed the material and was able to take away a lot from the course. There were some logistical issues at the beginning of the term such as incorrect dates on the syllabus, misunderstandings between students and TAs, etc. However these were (from my point of view) mostly fixed by the middle point of the term. I would recommend the class for anyone looking to get a solid foundation about computer and network security.
IIS was a good course. It was my 4th of the program and I took it in summer of 2019. It was fairly well organized and run. There were some issues with poorly worded quizzes that became an issue in the course, but they were each a fairly small percentage of your grade and the TAs did a reasonable job of trying to resolve the issues.
The class had 4 projects. I didn’t find any of them particularly difficult, but most did require a solid effort. The course also had two exams. The exams somewhat reflected the major topics in the course, but many questions were also kind of specific details about concepts that I didn’t feel were very important nor were they really stressed throughout the course.
The textbook is used a lot in the course. I didn’t watch very much of the lecture videos, as most of the content I needed to know was found in the textbook. The videos may have covered some of the same topics, but the videos for this course just seemed kind of dry.
Overall it was a really interesting course where I learned a lot. It’s not a cakewalk like I thought it would be going in, but it’s not too difficult of a course.
This course wasn’t well taught or well managed. The lectures were often slow but very shallow. The tests and quizzes were riddled with mistakes. Opinions of the TAs vary, but I wasn’t a fan. They got more helpful as time went on, but that was mainly because they were basically forced to act more mature by the professor. I’ll agree with others that some students acted entitled and annoying on Piazza, but I’ll also argue that the TAs and professors reaped what they sowed.
The projects were pretty good. For future students, I’ll say start Project 1 early. I wasn’t too familiar with GDB, and that was stressful getting that done on the last day. The instructions, as was the case on all of the other projects, were clear though, so the stress was entirely my fault.
The exams were odd. They had errors like all of the other quizzes, but they were basically hidden away from us which caused some uncertainly and unneeded chaos on Piazza. Some of the questions were also way too specific. Specific questions were fine on quizzes, where you could just Ctrl-F to find the answer, but needed specific facts out of a dry, 800+ page book was a little much. It’s a graduate level course though, and the exams aren’t worth much, so whatever.
Like others have said, if you do well on the quizzes and projects, this class can be a pretty easy A.
Pros:
- Really interesting projects
- Extremely helpful TA staff
- Quizzes were word for word out of the book. They were basically a free 18-20 points if you have half a brain and actually answer the questions rather than worry about the wording
- Video lectures were very well produced
Cons:
- Some of the lectures are pretty boring
- The 2 exams covered a lot of material and probably wasn’t the best format for evaluating comprehension
- The Prof. should have cracked down on the entitled students trying to ruin the class (more on this below)
Overall the class was interesting and the TA’s were fair and helpful. The only issue was with several very annoying students in the class. From the beginning these students actively tried to foment insurrection in order to get points back on any and everything. It got so bad that they started conspiracies about piazza posts getting deleted and accused the teaching staff of plagiarizing material from another university (despite the fact that it is common practice for professors from different universities to share material in order to ensure that people are evaluated consistently).
All of this is to say that it’s too bad we can’t review our fellow students, and if you want a fair picture of the course don’t put too much weight on the negative reviews from this summer. Also, if you are one of those students, learn to take a breath. The world isn’t gaslighting you.
This class isn’t good, and this particular semester was an embarrassment to the program.
The good:
- The projects were pretty fun. Luckily they account for most of your grade.
The bad:
- The lectures. Incredibly dull, but maybe I’m spoiled by how good they were in ML.
- The textbook. Just do yourself a favor and never read it.
- The material. It’s just too broad of a course.
- The professor. Absent.
The ugly:
- The quizzes and exams. I just don’t understand how mistakes kept happening. Almost every quiz would have mistakes in the questions, the answers, or the keys. Coupling this with a two-attempt policy made everything worse, because students then went back thinking that they were fixing their answers when instead they had nothing wrong in the first place. We were assured these issues would not be present on the first exam. Unsurprisingly, around 6 of the 34 questions had issues and ended up being regraded. I’m not confident that the second exam didn’t have issues either, but we’ll probably get our grades too late to make a difference anyways.
- The TAs. The class has its own Slack workspace to ask students and TAs questions, host office hours, etc. This isn’t unusual. However, some TAs thought it was appropriate to use the workspace like their own private Discord server, posting vulgar messages and whatnot. While I’m not personally offended by any of that, you can imagine why that creates an issue when you’re supposed to be acting like a professional adult whose being hired to help teach a graduate-level course, not telling students to “Read the fucking manual.” Shockingly, some students (myself not included, by the way) complained and Slack usage was restricted. They then proceeded to whine and complain instead of taking responsibility and performing a little introspection. One excuse was that Slack wasn’t an official platform and shouldn’t be treated as such. Yeah, that’s just BS. Every student in the course was emailed an invite link. Almost all TA’s hosted their office hours there. The workspace itself is on the Slack Plus plan for god’s sake. That’s more than $10 a month per user, which isn’t cheap. So yeah, it’s an official part of the course.
- Piazza. This is really a culmination of the above. Once mistakes kept appearing, some students obviously lost faith in the course and the teaching staff. Some posts got pretty combative, and while some were over the top, I mostly agreed with the sentiment.
Overall, would I take this again as a Summer course? Maybe. Even after all that, getting an A wasn’t all that hard. It’s just that the teaching staff made it way harder to get through than it needed to be.
I took this class because I had some gaps in my security knowledge since I come from an engineering background. I can say that I definitely learned a few things, but I did not enjoy this class.
The biggest problem with the class was the quizzes. There are weekly quizzes which are open note and you are allowed two attempts, which sounds super reasonable and great. However, there were constantly errors in the grading which made the quizzes super frustrating. The response from the TA was usually something along the lines of “these errors in quizzes are just inevitable”, but this is my 6th class and first one where I’ve experienced this at all. I usually think people are way too critical of the TAs in OMSCS classes, but IDK this one was rough. Seems like they could’ve done much better.
The exams were OK. I don’t think they really tested anything other than ability to memorize small details.
Some pros: I did think the projects were fun. None of them took me more than one day to complete.
This course is very unorganized. There are 10 quiz, 2 exams, and 4 projects. Workload is a few hours a week. The Udacity video is unbearably boring. It’s basically an introduction to everything security related. The video is so long and covers so many items. You will not be able to prepare for the exams. The quiz are all filled with ambiguous questions and answers. All you need to do is to download the pdf book, crtl-f to find the keyword, and try to figure out what trap they put in the questions. The TA loves playing with words and pretty much every quiz is a fight on Piazza with students complaining about ambiguity. It’s the same non-sense with exam. Project is mostly auto-graded, so there is no depth in these projects. They are not difficult, but TA pretty much won’t allow any kind of real discussion on slack or piazza. So you are pretty much on your own to try to figure it out. This course is easy to get a B, but difficult to get an A. There is no curving and TA acts like it hurts their feelings when you say this course is easy on omscentral. If you want to learn about buffer overflow, RSA, cryptography, SQL injection, XSS, CSRF, you are better off going to youtube and watch some videos. This course would be perfect if you don’t care about B and you want to pair with another course so you can graduate. Piazza is constant battleground, and TA started their own slack to stop you from having any real discussion. Towards the end of the semester, TA was being combative and blasted about plagiarism to the whole class on Piazza and emails. This is the first course I feel like this OMSCS program is deteriorating in quality because of too many students. Nothing is worse than taking a useless boring course that you don’t learn anything and end up getting a B.
The only thing you will get out of this course are the interesting projects : I started out doing the reading and stuff but i gave up after two chapters or so, reading the textbook was just taking so much time and i didn’t see the point since i wasn’t going to retain much of what i was reading anyways, according to me, the textbook is adapted to be a quick reference more than a cover to cover read . the textbook is only useful to get the few extra points in the exam so i didn’t see the point. Quizzes were a joke, too many mistakes and were absolutely useless in understanding the material. most of the questions on the quizzes were copy pastes from the textbook and could be easily Ctrl-F’d, Projects are interesting and easy to medium on the difficulty scale depending on your skill set. I don’t know my grade yet but it will probably be an A, here is a recipe to get an A with least effort:
- Ace the projects, start as soon as possible, ask a lot of questions if stuff is unclear
- skip the textbook , Ace the quizzes, they can be solved with Ctrl-f in the textbook
- master the concepts for the exam, skip the details you wont be able to remember
This should keep you in the 91-93% range , if you get high 90’s in the projects
Good course, but the term was marred with few back and forth issues between students and TAs. Primary issue was quizzes, my personal opinion was this could have been managed better. Well again the quizzes count towards 20% of your grade so significant if the experience isn’t right.
The projects were fun, but mind you they can take up time. So start early once the project window starts. Be careful of plagiarism. I screwed up one of my projects - Summer is tough at times, with a full time job. But not trying get over with a reason - completely own it.
Overall fun, but in could have been better.
Pros: The projects are varied and interesting, and even if you have no knowledge about information security or the tools involved, you can complete them with some grit. TAs in my semester were willing to give ample hints via Slack.
Cons: I am not exaggerating here, over half of the assignments in this course had errors that required regrades or modification by TAs to return points. I don’t know how this could be since I don’t think this is a new course. We’re talking 7/10 of the quizzes, both exams, and a few minor issues with projects. You have very little confidence in the veracity of your instruction, and you never know what your grade will be even if you’re confident you did well. In addition to that, the book is very boring, with long chapters that take hours to get through if you’re taking notes, and you have to read 2-3 every week. Half of the lectures are from Dr. Ahamad and are very long and inefficient, and half are from Dr. Lee and are to the point.
I didn’t have much interest in security before taking this course, so with all of the issues, I didn’t enjoy it at all. It’s too bad because the projects actually did gather a little bit of interest from me. I took the course because I wanted a less time-intensive course over the summer, but it ended up taking me as long as KBAI. I would strongly recommend against taking this course until they work out the issues unless you have lots of time to police the posted answers and submit regrade requests.
I don’t recommend this course.
PROS:
-
Fit in my 2 week long vacation. The workload was nice if you will settle for a B or C. For once it was not one of those breakneck stressful classes requiring 25-40 hours of work even for the smarty pants among us.
-
Projects are nice and account for 60% of the grade and most of the learning. If it was not for the projects, I would review this class as “Strongly Disliked”.
CONS:
-
TAs were disorganized and combative. Instructor was 100% not present. Many quiz and exam questions are ambiguously worded, causing a lot of Piazza arguments.
-
I did not cheat. Regardless, all students were bombarded with anxiety-inducing honor code violation threats which make you question everything you did. There is no way my solutions were totally unique in the entire world. I’m 50% done with the degree and this made me wonder if I should continue with this garbage.
-
Unfair - some people could see the correct quiz answers after attempt 1 and get 100% on their 2nd attempt (not me of course), but that is really not fair. Quizzes were easy points. Mildly educational.
-
Canvas quiz rubrics were always messed up, causing confusion and regrades for basically every single quiz.
-
Lectures can (and should) be totally ignored. The book is awful.
-
2 proctored exams were truly HORRIBLE. Just way too much undigestible book content to hammer down. Don’t study - just guess and take the B. Workload to get a B is 4 hours a week. To get an A is a whole lot more hours just because of the exams.
This has been my least favorite OMSCS course.
- Lectures: Dull.
- Textbook: Dull and disorganized.
- Quizzes and exams: Riddled with errors that will make you pull your hair out.
- TAs: Combative.
- Piazza: Toxic. A battleground between students and TAs.
- Homework projects: Very nice. Interesting and challenging.
It’s an easy course, materials are like undergrads
This course was fun and easy. I enjoyed the projects (except for one of them). It was fun learning how to exploit software. I have at least 6 years of programming experience, so learning the concepts and writing the code was quite easy for me. The quizzes were easy to do if you have a digital version of the textbook, since the questions were worded similar to the textbook. The only thing I didn’t do well on were the exams, which were mostly based on the questions similar to the quizzes, but with some additional question that you’d have to read the book to know.
This was my first course in the OMSCS program, and I enjoyed it.
Thoughts:
- The projects are the highlight of the course. They’re interesting and well put together, and they require you to do a lot of independent learning.
- Exams are frustrating. They’re closed book, and some questions are confusing/have grammar mistakes that make them easy to get wrong. TAs and the instructor aren’t responsive to requests to explain/correct the questions.
- I wouldn’t recommend the ‘required’ textbook. It goes into much more detail than the lectures, and I didn’t find it particularly well written. For the first exam I did all the recommended textbook readings, and was massively over prepared. For the second exam I skimmed a couple of chapters, but mostly focused on the lectures and quizzes. I got a score in the high 80s and didn’t waste hours of my life.
As the title mentioned, it is introduction to information security. Students with Computer Science background, will find it to be a good refresher. A little bit of programming experience will make life easy.
20% - 2 Exams (Proctored - Closed - multiple choice - Require lot of reading) 60% - 4 Projects (Individual - Medium Hard) 20% - 10 Quizzes (Open book)
Take your projects seriously because of weightage, start early and do not miss deadline. In this semester, TAs, released few projects little early. Those who took advantage of this, completed projects on-time.
Piazza is a good place to share knowledge and seek information. I found answers to my questions in Piazza before posting questions to TAs.
The book recommended for this course is a very good one. It gives many insights on Computer Security, Security incidents, security design, ethical hacking. I enjoyed the RSA segment of the course where I learnt about modular arithmetic, encryption and decryption.
Overall is a good course.
Tip: Add this course, along with a tough course for your Spring and Fall Sems.
This was a challenging course and it b**tched slapped me in a way that I did not anticipate. It was also my first course in the program so if this is what an easy class looks like, I will probably have to drop. I found balancing the workload with a full-time job and a family a little over the top. Also, I had no desire to take this course to begin with, but it was the only class I was able to get into. I ended up with a C (I got a 77.2 and a B was 78. So close, but yet so far). This is a review from someone that is not a Ga Tech genius and had to spend more than 3 hours a week on the course. So not sure how applicable this will be to others.
Here is the skinny: The labs are pretty much everything - 60% of the grade. The quizzes are easy and you can take them twice. Just watch the videos and that should be good enough. I got a 95% average on them and as I already stated, I ‘ain’t no genius’. The tests are tricky with a fair amount of sneaky and even bad (some seemingly incorrect correct answers) questions. For the first exam I read the chapters and used the book mostly. Big mistake. The book is worthless, unless you need it for a lab or to go deeper into a topic of interest. Just stick with the course notes - which are excellent. I just used the course notes for the second exam and crushed it even with the average being a 71%. My problem came with the projects.
Project 1: Stack/Buffer overflow exploit This one killed me. I had no idea what I was getting into. Started late but still spent a lot of time trying to figure it out. Could not, got a big fat zero. The auto-grader is merciless. I lost 50% of the points on the lab, but ironically got a perfect on the report. Grade was 50%, which was an F. I started out with an F. No partial credit. I should have dropped here, but stuck with it. For the rest of the class I had to pull myself out from a huge chasm. I never really did.
Project 2: This was a weird one. This project was running and analyzing malware in a sand-boxed environment. It was difficult to know if you were correct or not. Honestly, even if I spent another 6 months on this project not sure I could do any better. And the grading was kind of secretive. Not really sure why I got stuff wrong that I did. I hit the median on this one, but left me scratching my head as to why I missed what I did.
Project 3: Cryptography This was my favorite and honestly the only topic I really had an interest in going into the class. I enjoyed the topic and did well on everything cryptography related in the course. I think I got every single quiz and exam question correct on it. However, I only got a 90 on the lab. They provided a test bed to verify your algorithms were correct. For some reason, depending if your key was positive or negative your unit tests would pass while the actual grading by the TAs could still fail. Kind of a tricky gotcha. They accepted regrade requests for this and provided half credit. I got 10/20 (half).. To me this was a bit unfair…they should have given us a warning or a note in the instructions and provided full credit if the test bed passed. But hey - that is just me complaining. In the end, a 90 was the best lab I had so can’t really complain.
Project 4: Web Exploits - XSS, CSFR, and SQL Injection This was a cool lab and probably the most relevant for the typical software developer working in a standard IT environment. I actually liked this lab and learned a lot. I also screwed it up big time. But that was totally my fault. I knew going in I had to get a B or better to get a B in the class and I totally blew it. For the XSS explot (which was 30%) I added a print/debug statement in the server code that I completely forgot about. This ended up allowing my injection to work. I finished a week early, but did not realize that I left this debug statement in the code!!! So of course, the grader could not get my exploit to work. and failed me. I got a 67% on the lab and a D.
That last lab brought my grade down to a 77.2%. A B was 78%. What a freakin bummer. I chalk this up to bad luck, but also a learning experience. Start the projects early and make sure you double check them. By doing well on the labs and the quizzes you should be able to easily get a B. Screw up the labs and you are doomed.
Now I have to get an A in my next class or I will be kicked out of the program.
In summary: The labs are very instructive if you can get them to work. The course notes and lecture are very well organized. If you are interested in security you will get a really good introduction to all things security and this is really an excellent class. Grading wise - make sure you do well on the labs, start them early. Don’t read the book unless you want to, and focus on the course notes.
A few things they can do in my opinion to improve this course: More opportunities for partial credit. Losing 50 points on a buffer overflow problem is a killer. Losing 30 on the XSS is also not great. They should be able grant more partial credit for people that are close, but no cigar. Maybe extra credit would be good for those that are borderline between grades.
One last thing…I found the slack and piazza channels a bit noisy. The TAs will remove any post that actually helps you solve the labs. So if you mentioned how you approached something or what algorithm you used, you would be threatened with academic misconduct. So in the end, there was nothing to really say for fear of revealing too much. The only use I got out of Piazza was clarifying the requirements and/or assignment. Other than that, I did not find it very useful. I posted a number of direct questions to instructors, but they never responded. The slack channel was more of the same, with a lot more social talk. People hang out on it, but same rules applied.
The grading was slow and took forever and I thought it was tough to get time from the TAs and Instructors, even though they did check Piazza regularly, they easily fell behind since there were so few of them and so many students.
TLDR; Good for a first course: easy A, with a broad overview of infosec. Grade breakdown: Projects- 60% Midterm- 10% Final- 10% Quizzes- 20%
Projects require a very shallow knowledge of coding- you can learn all you need to know on the fly, provided you start projects early (ie 1-2 weeks before the due date): Project 1 (easy): Buffer Overflow; C. Project 2 (easy): Identifying malware; no coding required. Project 3 (medium): RSA; Python. Project 4 (medium): XSRF, SQL Injection; HTML, Javascript.
The midterm and final are both closed-book, ~30 multiple choice questions, taken with Proctortrack. The largest challenge with these tests is how poorly the questions are worded. You can easily get a B by just watching the lectures and taking notes. A couple questions are taken from the assigned reading, as well.
The quizzes (10) are open-book, non-proctored, and you get 2 attempts on each quiz with feedback about which questions you got wrong on each attempt. Essentially, these are a free 20 points.
The Slack channel is very active and can be helpful for the projects. However, it is also has a very strong brogrammer attitude and can be abrasive at times (aka multiple students have reported the TA(s) for their behavior on Slack and Piazza). Hopefully these behavioral issues will be addressed in future semesters, so all students can feel comfortable engaging in Piazza and Slack.
I came into the class with an interest in cybersecurity, although having taken some intro classes during my undergrad, a lot of the material presented in lectures wasn’t new to me. I found the lectures well written, nonetheless, though having different lecturers with different lecture styles was hard to adjust. One took his time with explaining each slide, while the other read the bullet points and went to the next slide within seconds.
I really enjoyed the hands on projects, especially the one where you “break” a simplified RSA key. Each project supplemented the lectures very well.
There were also 10 reading quizzes that were very easy and had a max of 2 attempts - no proctortrack required. Proctortrack was used for the 2 exams that were given.
I took this course alongside CS 6300 and found both classes very manageable for my first semester at OMSCS. I highly recommend this course to anyone interested in cybersecurity (who hasn’t already taken an intro class), as well as anyone looking for an easy foundational course to start off their degree.
IIS was a good first class to take as a new student of the program. The projects were very interesting and this is where I learned the most. Most of the test and quizzes is just memorization.
It’s hard for me to estimate my hours for this course. There were several weeks where I barely did any work, and then others where I was putting in 20-30 hours on the projects. I’m coming from a non-CS background however, so my time is probably inflated.
This is my second course and I don’t know if I would suggest it as a first class for a non-CS person. It goes from C to Python to Javascript/HTML/PHP/SQL, so if those are all new to you it’s going to require more work to switch gears every 3-4 weeks. It’s definitely doable, but it might be a bit much for the first semester back in school if you don’t have a strong CS background.
I enjoyed this course, and I would definitely recommend it. The buffer overflow, RSA, and web security projects were very interesting and I learned a lot. The second project on malware was an interesting topic as well, but it was plagued with technical problems and needs to be reworked, specifically Phase I. You can run into some frustrating (out of scope) network issues on Phase I that make it so you cannot successfully complete Phase II. The issue is that SOME of the malware behavior in Phase II will be missing, but you won’t realize it until grade time, and there’s no way to check beforehand. That makes Project 2 really feel more like an open book exam than a project.
That said, the TAs in this class are amazing! Chris and Jeff are constantly in the slack channel and go well beyond their duties as TAs. This course has office hours, but you can basically go to slack and get help at any time.
JOIN THE SLACK CHANNEL AND USE IT! This course would have been significantly harder without Slack and you are handicapping yourself by not checking it. I read it daily.
Professor Lee appears to be active behind the scenes, but was completely absent from a student’s perspective. I do think some of the “easy” ratings from a few years ago should be taken with a grain of salt. It appeared that the projects get updated each semester to have more content, which means the class is harder (and higher quality) than it was in the past.
This was my first foray into any type of programming contained in a course. I have a MS in Management and Systems, which was not programming intensive at all. Coming to the course, we were encouraged to get or have an understanding of programming (Python, Java, etc.) and to have a grasp of discrete mathematics. So I was warned. However.
The online lectures were GREAT. Loved them. Short; easy to understand, and they complimented the required text. Someone took all the lectures and made pdf of each as well as a ppt slide deck. Totally useful material to have to study from.
Quizzes were open book, and relatively straightforward. Exams (2) were proctortrack, and more difficult, even though they were multi-choice and T/F.
Projects. There were four (4) and we had 3-4 weeks each to complete them. Ughh. So, while the directions were mostly clear, and google was my friend, I still struggled to even complete some of the tasks as I lacked any programming foundation whatsoever. The projects were involved and required a significant time commitment to execute them well. #FailForMe on those.
The balance of the weight on all items was fair–if you were not a great exam taker but excelled on the projects you were probably fine. If you could not get 95-100 on all the quizzes, well, that’s totally on you, as they were open book.
Overall, the instructors were great–nice bit at the end of the course lectures bringing in an alum to chat with us; I really appreciated that bit of tape. Others have commented on the TAs, but I never really interacted with them, as my questions were foundational, and a silly ask, sa I should already have known the basics.
What would be helpful for folks like myself, would be a pass-fail or NC intro to programming course offered as a pre-req. Not that I am looking for more work, but obviously I failed in this class to meet the expectations of a student entering the program.
So, looks like, unless there is a MASSIVE curve, I’ll be taking the class again in the Fall. Time to learn programming….
This course has a reputation for being on the easy side, but I found the projects to be enjoyably challenging. (For context, I have a CS background but not much that is related to security.) The projects were the highlight of the course. They were each very different and stretched my knowledge across multiple areas. You have 3-4 weeks per project, so plenty of time to learn and to get them correct. This is a class you can definitely pair with another course since you have plenty of time to complete everything. The one exception to this was the final week, where we had the second exam and a project due on the same day. Kudos to the TAs for agreeing to move the exam back a day, but honestly I think the exam could have been moved back a few days since there was still over a full week before grades were due.
I recommend renting an electronic copy of the textbook. That is crucial for studying for quizzes and the tests. It’s also a lot cheaper than buying a new or even used version.
The usual advice of ‘start the projects early’ definitely applies. Slack was active and helpful. Some of the TA posts early in the semester were somewhat defensive and condescending. I did see a change in tone the second half of the semester, which was good. The TAs seemed overwhelmed at times because of the large class size, which is understandable, but I hope the instructors are able to maintain a positive tone for future semesters. It really does make a difference for a lot of students (especially those in their first course). The professor did one office hours I think, otherwise he was completely absent. It would have been nice to have more involvement from him.
Decent introductory course. Not engaging unless you get on the Slack Channel, which was extremely helpful. Quizzes are super easy and are a grade boost. Exams are only worth 20% of your grade (same as all quizzes combined), and not worth studying for if you do well on the projects. The four projects are worth 60% of your final grade, so focus on those above all else. They were very challenging for me, given my entire CS experience before the program was 2 undergraduate freshmen courses, but the workload of the projects are likely quite light for folks with coding experience. Overall, I recommend this course.
Took IIS as my first course. I came from a background of 2 years undergrad CS, 1.5 years industry experience.
The four projects are very interesting and provide a good breadth of practical subject matter. Unless you have already done projects similar to the four (overflow exploits, malware analysis, public key encryption, web security) you will probably have to at least put a weekend into any of the projects and will learn something new. If you know C, Python, basic BASH/linux CLI, PHP, JS, and SQL, it will help you on the projects a lot. The projects require you to run an Ubuntu VM, so make sure you have enough RAM or the experience will be miserable.
There were weekly quizzes. While I found them kind of silly since they were open book (and in many cases taken verbatim from the textbook), I did appreciate that they at least got me to open the textbook on a weekly basis, since I have generally bad study habits.
The 2 exams were mostly about having read the textbook and watched the lectures. The second exam was way harder than the first as it covered a lot more material.
Transcriptions of the lectures are provided, which I was very thankful for.
Success in this course depends pretty heavily on doing the four projects well and scoring decently on the exams. The quizzes are basically free points. The exams matter but you can afford to bomb one of them if you ace the projects and do the quizzes.
TAs were very active and helpful on Slack - I’d highly recommend at least lurking the #cs6035 Slack channel. They also respond to Piazza posts. I only ever felt the need to contact a TA for clarification once, and I ultimately would not have needed to if I had just lurked the Slack channel a little bit more, or read to the very end of the project instructions before beginning.
Overall I’d say the course was relatively easy and fun, with the workload spiking when each project was released/due (unless you’re a good student and read the textbook/supplementary readings, then there’s a decent amount to read). It’s a good first course for a well-rounded student with a good programming background.
This was my 6th course in the program. Overall, I felt this course was really organized and well paced. There was never a moment where I felt I didn’t have enough time to complete the projects or other assignments .
The TAs are some of the most engaged I’ve seen throughout the program. The slack channel ran by the TAs was extremely helpful. However, I do feel they can be a bit too sarcastic and snarky at times. This upset several students throughout the semester. However, if you don’t take yourself too seriously then this is not an issue. I learned a lot in this course and really enjoyed it.
Be aware that although this is one of the easier courses in the program. You should not approach this course as if the grade will be handed to you. The projects are not trivial and require a lot of time. The tests are fair, as long as you read the book, you will do well on them. I definitely recommend taking this course if you’re new to security, you will learn a lot.
This was my first semester, and I have to say I really enjoyed this class. I was pleasantly surprised that for being a survey class, the materials seemed relevant and up to date. I would very much recommend this course as a starter course for new students in the program. Because of the overall size of the class, information in Piazza is only moderately helpful, as this class is a starter course for many students matriculating into the program, and those students do not often at times know what to expect or what is expected of them coming into the program. Therefore, an inordinate amount of noise, repeat communications, and redundant questions are generated from these facts. Can I say, the Slack channel to rescue!? The Slack channel was absolutely a godsend to the class. A few of the TAs in there were teaching gold. If you learn the material and ask good questions, they will be tons of great help on the projects. DISCLAIMER: TAs and students are not in Slack to give you the answers to challenging components of the project and will not assist you in this way. You need to learn the material do your due diligence in research before approaching for help and demonstrate a knowledge of the material, they are not there to help you cheat.
Tips:
Quizzes are open book, and you get two tries. Use the quizzes as a guide to target the main concepts it tests upon, your Exam scores will thank you.
There is a BOAT LOAD of material surveyed by this course, the Exams are more difficult than the Quizzes and test a relatively small fraction of the overall material. I recommend starting with the quizzes, then study and take notes on all lecture materials, and supplement the lecture materials with embellishments from the textbook on top-level topics presented in the lectures when preparing for the Exams. Memorizing the textbook is not necessarily going to improve your exam grades, as the Exams test more your ability to understand the concepts rather than just general memorization of the terms and definitions. One of the reasons for this, out of the two exams, about 30% of the material was on the first one, and 70% on the second one… two weeks from the end of the course, I found myself 13 lectures and 14 chapters behind in the reading. I basically just studied the quizzes and caught up on the lectures and did reasonably well on Exam 2. The grades are balanced toward the projects anyway…
The projects are the best elements of the course, they are very well put together. For students with limited CS exposure (OMSA/OMSCY), this class maybe more on the difficult side. Although overall the coding and coding knowledge required is minimal, basic knowledge of a wide variety of topics are required to master the projects. C, GNU Debugger (GDB), Python3, PHP/JavaScript/HTML/SQL are all required at the basic-level, and are still doable with limited/partial knowledge. The instructors where very generous, particularly with opening projects early, in some cases an entire week early. For those that didn’t procrastinate, it seems that most students were successful in their endeavors. Let me reiterate, and the TAs seem to have to have do this too often for a graduate-level class: DO NOT PROCRASTINATE AND WAIT UNTIL THE LAST MINUTE TO WORK ON THE PROJECTS. Just because this class is known for being one of the easier CS classes in the program, there can be gotchas in these projects, especially for those with limited CS exposure. Start on the projects as early as you can, and get to work. Students that wait until the last minute almost always freak out, as evidenced by the exponential increase in frantic Piazza posts and Slack meltdowns.
In my opinion, this was a great first course. Don’t let the term “Introduction” fool you. I came in without any real programming/development in my background and I found most of the projects pretty challenging. I’ve done scripting, but no real software development. This course and the projects seemed quite a bit easier for the students that have managed software for web, DB, and/or OS. If you do not have this in your background, you can still get full credit on all of the projects as long as you put the work in.
The good: The projects were fun, interesting, and challenging. The TA’s were very responsive and helpful on Slack. You were given more than enough time to complete the projects and assignments. The grading on the projects was very fair.
The bad: There was a bit of ambiguity which led to confusion around some of the requirements. I struggled with this because I tend to overthink things, specifically with P2 and the exams. Overall, it wasn’t enough to impact my overall grade in the course.
A couple of recommendations. Do not wait to start the projects. Start them the day they are assigned, or the first week if you can’t start them the day of. If you get stuck, the TA’s are very willing to help. From what I could tell, most of the students that felt like they weren’t getting the support they needed were the one’s procrastinating and wanted somebody to give them the answer the day before the project was due. The TA’s won’t give you an answer (nobody should), but they were very willing to help correct the path you are on when it’s obvious you are putting the work in.
This is a great choice for a first class. A few thoughts off the top of my head:
-
Join Slack! As the semester progresses, the signal-to-noise ratio on Piazza approaches zero. In contrast, the TAs on the Slack channel (particularly two or three of them – they know who they are) are incredibly helpful and seem to spend a curiously high percentage of their lives tethered to it. And sure, there’s noise on the Slack channel, but it’s fun noise.
- Projects! Projects are worth 60% of the grade, but will take 80% of your time and will constitute 90% of what you actually learn. They are also 95% of the fun (the other 5% being the Slack channel). Start early. Read the directions. This is a graduate-level course, so the instructions will of course not be intuitive like, say, your sixth-grade spelling tests. And keep your essays succinct; don’t write a dissertation when they tell you not to (see: reading instructions, supra).
- Test and Quizzes. Yeah, there were some of those, if I recall correctly. They don’t count for much. You can take quizzes twice, so there’s no excuse for getting lower than a 99%. The two Exams are difficult, particularly the second one, but don’t worry if you get C’s on these as long as you ace the projects and quizzes.
- Prep. If you want to prepare for the projects early (and why wouldn’t you), here’s what I suggest. Project 1: set up Virtual Box, buy and install 2 more GB of memory, learn to analyze a stack with ADB, read the wiki articles on stack and heap overflows, learn to read C, learn how to write complete sentences. Project 2: Look at some sample Cuckoo malware reports, familiarize yourself with the online docs for Windows registry keys, buy and install 2 more GB of memory, pray that your many guesses were correct. Project 3: install an IDE for Python 3.x, uninstall the IDE and just use notepad++ and command line, read up on RSA and the various ways it can be exploited, try to grok modulo math. Project 4: Read up on common website vulnerabilities, such as xss, sql-injection, csrf, etc. Review basics of php, javascript, and html – particularly form submission.
- Pace. There is a lot of waiting around, frankly, for assignments to open up. If this is your only class, and you like to work ahead, it will be aggravating.
- Lectures. The videos were pretty good, and the instructors appeared to be very much into the subject matter. You’ll have to adjust the playback rate for each professor. You’ll see what I mean.
There are 4 projects, 2 Exams and 10 quiz in it. Project-1 (Hard) You have to have good understanding of C language. Write a .txt (which is your malicious code) to read the encrypted data/ to insert the malicious code.
Project-2 (Easy) You have to analyze the report generated by the tool.
Project-3 (Moderate to Hard) Using the python scripting(which is your malicious code) try to get the information from the files.
Project-4 (Hard) use of Javascript, HTML and SQL Write a HTML code (which is your malicious code) and try to steal the data from a website.
10-Quiz: These Quiz represent different lectures of Udacity and based on those lectures these Quiz are made. some questions are easy while some are tough.
Exam-1 and Exam-2 Most of the questions are from the 10-Quiz and Udacity Quiz, And some are knowledge base. If you have understood the lectures only then you will be able to answer these. But 20/34 question are from Quiz.
Overall suggestion: It’s hard course if you don’t know C/Python/HTML. If you know these three then it’s easy.
I’m following the lead of another fellow OCY student; since OCY isn’t a program option for the review, I selected OMSA to differentiate my perspective from the OMSCS students for whom this was unlikely their first GA Tech grad course and who likely have a much stronger technical/coding background than I.
Pros: The quizzes are like built-in grade enhancers. There are 10 quizzes covering the course material in phases, and they are open book/open material, with 2 takes per quiz, making it virtually impossible to do poorly unless you just fail to take them. They do a good job of enhancing the course material learning while providing some insight as to what sort of material to focus on for the exams. As such, I found the quizzes very helpful. The projects were, to me, the stars of the show. I learned more than I ever imagined, they were well designed and I found them very enjoyable (I love learning new things!) I had a bit of coding experience some time back which certainly helped, but there is plenty of time to complete the projects (unless you procrastinate! Don’t.) and the coding was minimal and rather simplistic, so it shouldn’t be much of a challenge even for a beginner. The best thing about this course was the TA involvment, particularly in the Slack channel (if you take this course, you simply HAVE to join the Slack channel!) The TAs were knowledeable, helpful, and I found them to be quite empathetic and fair. I would have graded this course much lower without the amazing TAs.
Cons: You need to understand code. For OMSCS students this is probably a no-brainer, but for non-CS types (such as many of the OCY students I worked with) it may be a bit of a challenge. There is a wealth of resources available, and the TAs and classmates are always willing to provide pointers to help you find the right resources, but don’t expect to get away from this class without being able to understand at least the basics of reading simple C, Python, javascript and PHP (and by basics, I mean things you could pick up in a couple hours or so). Not really a con, but something to be aware of: there are 2 closed-book exams that use Proctortrack. PT can be a little finicky, so be ready to jump through a few hoops to get it working. Just keep in mind, PT is there to deter cheating and thus maintain the integrity of the degree we’re all working for, so embrace the pain and deal with the false positives. Also, though I didn’t have any problems, some students had issues with uploading their projects in Canvas. Just be sure to follow the directions to a “t” and all should go smoothly.
This is a bit long, but if you are considering whether or not to take this course (well, if you’re OCY, you don’t really have a choice of “if” but you can technically decide “when”) I highly recommend it. It is probably on the lighter side as far as difficulty, and since many of the OCY courses build on concepts learned here, I suggest taking it early if you’re OCY, and perhaps during the summer or coupled with another lighter course during fall or spring for OMSCS students. All-in-all, this has been my favorite college course (and I’ve taken quite a few!).
I personally loved the class. I learned a lot of security aspects that I did not know before.
The 4 projects were the best part of the class. I learned from the projects the most and I think that is what I will retain from the class …. maybe because there was lot of suffering in doing them.
The rest of the class was lot of literature about security and I am not sure I will remember much. :-( .
The quizzes were a good practice of the lessons concepts, the quizzes are open book and you can take them twice, looking at your first try.
The exams can be tricky on the understanding of the questions. I did not score good there!
I will definitely recommend this class as a foundation for everyone security knowledge.
This was a very interesting intro into a broad range of topics ranging from how code works at an assembly level to how to hack (for good not evil) in the form of cross-site-scripting attacks, sql injection attacks, and the like.
I am OMS Cyber, which currently wasn’t a choice while doing the review. I did not have any professional experience coding. The course was doable, but the challenge was learning things that the CS students take for granted.
If you want to get ahead, you can watch the course videos ahead of time on EDx or Udacity and read the book. For the first half I did all of the readings and watched the videos. After taking the first exam, I stopped doing the readings. Most of the questions seemed to come from the videos.
There were 2 TAs that were amazing and actively participated in Slack. In fact, it almost seemed like they were never off of Slack. The Slack channel played a large role in getting the most of the class. There were always discussions or tips being given if you were stuck.
This was my first introductory course to the OMSCS program. It is a great introductory course because the syllabus is pretty much set and the projects are well organized. As explained previously by other reviewers - there are 4 projects, 2 exams and 10 quizzes. Quizzes are due each week, 2 separate exams splitting the course in two and 4 monthly projects basically. Each project is due in about a month which is a good amount of time. Stay in the slack channel (at least with this semester). The TAs are great on slack and will give out hints and good advice for those working on the projects. Other students will also help.
I felt this was a good amount of work for a first course. Eventually, the classes will get harder and more rigorous, however, the hardest courses fill up fast during registration. If you watch the lectures, and read the chapters, you will do fine on the quizzes. Quizzes are open book so get etext to make it easier to search.
Exams are difficult. Covers chapters and lectures and projects and quizzes. However, it is not cumulative so at least there is that.
As others have mentioned, if you have a background in CS with C/C++, Python, JS/HTML/PHP then you will be fine. Others may need to learn it for each project which will add hours to the workload. With my current full time job, this class took up a few hours each week and the projects took more time. With all projects (for any class), start early and you will have enough time. This is the one thing I learned from undergrad projects, the earlier you start, the more time you have to mull over the solutions and approach.
Many thanks to the TAs and other students in the slack channel. It was fun. Although I did not think this class would be interesting, there were some parts that piqued my interest and I actually learned some things like RSA, etc.
The highlight of the course are four insightful projects that, as someone with relatively little experience with a few core CS areas, helped me tie together some important concepts, including:
- how buffer overflows work and how this relates to the memory address space
- how cryptographic algorithms really work
- a bit about how webpages work and computer networks work (I have no computer networking background)
These projects in my mind are the highlights of the class. Getting through the projects was non-trivial for me. Many of the projects felt like picking locks or solving a riddle or a puzzle. The projects do not require many lines of code to solve, but I found myself chasing my tail for a few of them due to lack of sufficient CS background. Completing the projects felt mostly satisfying and helpful for reinforcing some fundamental concepts.
The rest of the class - including the exams and quizzes - were not memorable, with content that felt too dry and general. The lectures were particularly rote and full of terminology.
Overall, a good decent course to the OMSCS curriculum, with some elements that I liked and some that I didn’t.
It would be great if we could front load the work. They did release some items early. I felt like I was drinking from a firehose for the exams. Some of the TA’s were angry because people weren’t reading instructions. But to be fair, people never read instructions, you should just make it intuitive.
Had a quiz, an exam, and a project all due in the same weekend. No thanks. The first exam was mostly drawn from quizzes and problems we’ve seen before. The second exam required you to have a deeper understanding of the material. But when there is a project due at the same time, that required an honest 3-4 weeks of preparation. I didn’t come here to write a dissertation on Encapsulated Security Packets guys. It’s an introductory course, so you should have introductory level material reviews.
The staff had this mantra of saying “This is a graduate level course”. No, calm down.
Course was fun and moderately challenging. However I would not recommend the course for the Summer. There are 4 project that during that during fall/spring would be broke up 4x4 weeks. however during the summer projects 1&2 were 4 weeks and 3 was 3 weeks (it took one evening to complete). project 4 was released with 1 week left in the course and due the same day as the final. Project 4 was the hardest to do and near impossible in 1 week while also trying to study for the final. An easy A dropped to a mid B in the last week of class.
It is a good starting course. The lectures are great, the projects are fun.
Good first class.Tests are directly out of the book
This was a very interesting intro into a broad range of topics ranging from how code works at an assembly level to how to hack (for good not evil) in the form of cross-site-scripting attacks, sql injection attacks, and the like.
With no prior computer security training, this was a great introduction to the field and concepts. Not the hardest class since there’s a descent amount of busy work with quizzes and writing papers but 4 projects delve into some very interesting, if basic, computer security concepts. You’ll be by no means a l33t hacker but you’ll definitely feel like you’re seeing the “under-hood of the car” if you don’t normally program using assembly or command line tools. Some neat tricks, relatively low workload, and fairly good lectures (say no to Isbell!) make it a shoe-in for people new to the field with an elective to spare.
This was a fun course. The videos are semi-terrible (sorry Prof’s, I know you tried… but the point of a tablet and pen is to USE them, not just hold them and basically have a powerpoint). There is information in the videos you need for the tests, which are sorta tricky and had memorization required. So watch them (2x speed for Ashok and 1.5x for Wenke). The quizzes are sort of a joke, you can answer all the questions with the book. Really the best (and perhaps only truly good) part of the course, are the 4 projects. I feel like I know what stack overflow is, how to examine malware, I have some idea what crypto is and how to attack it, and I know the general concepts of XSS, and javascript attacks.
I would not take this course to become a hacker or learn to defend against them – IF you know anything about the field. You will be bored to tears probably. If you don’t know anything about security and want to find out – it’s great.
The projects are actually somewhat hard, #1 and #4 were hardest for me, it really depends what your skill set is. I’m good in python so #3 was easy.
Also, very important. The TA’s were incredible. They were EXTREMELY active and, more importantly – very kind. It was the kind of professional attitude / human compassion that really brought a lot of life and warmth into the course.
Fellow students were also amazing, I know for a fact I would not have been able to complete the 4th project without the tips, advice and help from others, so thanks to everyone.
Course content and quizzes/tests were pretty easy. Projects were of medium difficulty. There were around 20 video lectures, 10 quizzes, 2 exams, and 4 projects. Wish I had more feedback on projects/tests in terms of what I got wrong.
This is an introductory course on information security. It is one of the easier courses which doesn’t need not more than 9 hrs per week. I learnt a lot of things which I didn’t learn in undergraduate course of mine.
Lectures are not worth it at all. They give a primer on what is on the exams, but to be ready for that you need to really to read the book imo. And as a slow reader, that is what took me the most time with this course. Professor is MIA. TAs were good.
Imagine creating a (non-phishing) mirror website that looks exactly like the original but sends an email with the username and password you enter.
Imagine making a sorting program open a new shell purely by manipulating the data input you give it.
If these sound exciting and cool, you will love this course!
**"Go ahead, make my day!"**
The course consists of:
- Lectures: Cover the material well, and very manageable difficulty level (legalese for “it was easy, folks!”). Got away with watching them semi-regularly.
- Readings: All the “required” readings are from one textbook. You do not need them for the exams, but I recommend reading them for fun if you are into that sorta thing. I did not ever read any of the “recommended” readings, though some of them looked fun too. Some day.. some day..
- Quizzes: There was a quiz every week (10 in total)- all open book, limited attempts. You definitely need the textbook for these and I recommend getting the ebook because a lot of the quizzes were simply testing your ctrl+f skills. That said, by the end of the term I realized they did cover a good breadth of topics and helped you learn something. Each quiz takes about an hour to do (with ctrl+f and literally no reading or even lecture-watching)
- Exams: There were 2 exams, non-cumulative. You only had to watch the lectures (Tip: 2x them with subtitles) and review the quizzes to do really well. There were a few questions from the readings, but some of them were mentioned in passing in the lectures and even if you missed those, you’d get a pretty good score. I spent about 20 hours studying for each exam, not counting the time I watched the lectures before.
- Projects: Saved the best for the last. 4 projects. 3 of them different degrees of fun. Project 2 was dull, but guess you can’t have everything. This is the real deal, and everything you’d learn from this class.
The first took me ~12 hrs (I know C, gdb and some systems stuff already), the second took me like 10 but I spent at least 3 hours checking and re-checking answers (no coding in this one). The 3rd took me about 8 hrs (just requires basic Python) but I already heard some algorithms mentioned on Slack, so first timers probably took longer. The last project took me 20 hours since I had no javascript background, but just pushing on helped.
In total, I spent about 35 hrs on lecture watching and 100 hrs on everything else (Reading for fun, Slack and Piazza activity not included).
That reminds me- I would be remiss not to mention the awesome Slack channel and the great TAs who basically ran the class and were super helpful and without whom this class would be a real drag. Special mentions for Jeff, David and Brent- you guys were great!
Seriously, without the TAs (and the projects), you could simply strike out this section and write off this course as a failure.
**"It's time to call bullshit. On what? Every thing"**
If you are like me you’d think this sounds like an ad for this class so far, so let me balance it out with the minuses.
- The lectures are not great. Would you rather listen to someone who is clearly passionate about the material but rambles unto eternity or someone who delivers content in a crisp fashion but speaks in a robotic monotone such that the coolest topics sound like he is reading the draft of his user license agreement, only at at 2x the speed of sound? I personally preferred the former because the rambling gave me a ton of time to write real notes but honestly, I can’t believe somebody can talk about cryptography like the walking dead.
- The professor (the second guy from above) is entirely absent in the course. If not for the lecture videos, I’d think he were mythical.
- The course could include a lot more fun topics and/or projects- it seemed like watching a teaser to a good movie, but never getting to see the real movie. if they ever change it I hope they add extra credit assignments with more advanced exploits. On that note, I’d also welcome a discussion after each project on what people did and what else they could have done.
- They do not change the graders across projects. I happened to get stuck with the worst grader for mine and he literally lopped off points on the report while others who wrote much less specifics got a 100. Thankfully, he seemed like the black sheep, but I wish they had rotated graders for different projects.
**"Is it safe?"**
Take it if you want a light (or semi-light depending on your programming skills) course to pair with something else. Definitely take it if this is your first semester and you are not sure of what to take.
You can easily get an A in this course if you complete everything (exams, quizzes, projects). One piece of advice is - don’t take it too easy and end up with an 88 or 89- there may not be a curve most of the time!
Hasta la vista , baby!
Great course, really enjoyed the projects
I took this course in Fall 2018. It was a great course to take as your first course. I liked all project, except the 2nd one.
The second easiest course I have taken in this program. I like security staff but the knowledge learned in this course basically is just a “introduction”. Don’t expect you can become a geek after taking this course. You cannot even learn how to write a single virus detection tool from this class. The first and last project are interesting, other projects are just some tedious work.
Paired this with CN as my first semester in OMSCS. The class was very well run and quite fun. TAs are always there to help and you should have no problems at all when it comes to course management. Projects usually get 3-4 weeks each and first one is the toughest but that has plenty of time for you to figure out, which is C and learning to use GDB. I had prior knowledge of C and had some idea about GDB but took more than 20 hours to complete. Thereafter the course gets easier. Tests are based on textbook and some udacity lectures but nothing out of the ordinary. If you have understood the material well during the lectures and textbook reading you will be fine. Quizzes are similar.
10 quizzes 2% each should give you full grade. (Note only 2 attempts allowed unlike previously unlimited attempts though open book quizzes). 2 exams 10% each. You shouldn’t lose a lot here if you study well. 4 projects 15% each. Auto graded portion should get you full grade if you get everything right which is about 70-80% of the projects. Write ups for the projects is the only place where you should lose a lot of points since even getting 90/100 will mean you lose 1.5% on each project which adds up quickly to 6% total for 4 leaving little room for the tests to go wrong.
If you need fairly relaxed but fun semester go for this class. I got to learn a lot related to Security in general so I enjoyed the class. If you already work in this field (Computer Security) then you may not learn much.
This was my 8th course in the OMSCS program. I’ve been disappointed in the program as a whole, and just want to finish up as quickly as possible with easy courses, so I was pleasantly surprised to find this course quite engaging. This was is no small part due to the TAs, who were extraordinarily active on slack and piazza, and very quick with grading.
Pros:
- TAs were great. This will vary between semesters, so I guess Fall 2018 people were just lucky.
- Projects were engaging. In the first project you get to put on your hacker hat and do a buffer overflow attack (minimal C required), which was awesome (around 10 hours, including writeup). The second project involves some malware analysis (about 4 hours). Third project is hacking RSA encryption, which was way more fun than expected (around 10 hours), and the fourth project was hacking a webpage (8 hours or so if you have javascript experience, but if you don’t know JS you could potentially spend way more time on it).
- You have regular open book quizzes. These are great from a pedagogical perspective - regular checks on understanding help you study more frequently, and make you engage with the material more.
Cons:
- The lectures are a little boring. The first half are kind of common sense, while the second half are very dry and mathematical.
Overall, this was one of my favorite courses I’ve taken at GT. It’s a very light workload, but the projects will make you think, and I feel great now that I finally understand RSA. I paired it with computer networks, and feel that I could have taken a 3rd easy course at the same time.
This was my first course at Gatech. Coming from electrical engineering background with limited programming experience, I must say this was a fun class. Lecture videos are boring but need to pay attention for exams. Quizzes are open book and easy. Two exams in total but tricky. 4 projects in total through out the course. You better want to start working on projects as soon as you receive them. Very well written projects and knowledgeable. Prof is not much active on piazza but TAs are really helpful and much more active.
I found 2 of the 4 of the projects to be rather difficult but doable if you start early. As for the tests, they are medium in difficulty. They are difficult enough that getting an A is very hard but not so hard that you couldn’t get a B if you simply watched the lectures and took notes. This is only my second course. Compared to computer networks, the quality and difficulty of the class is comparable. You do learn a lot, and some of the topics are truly fascinating.
This course has been unfairly maligned by many as a “slacker” course - perfect for something to pair up because there’s very little effort needed. This may be true if you already know all the skillsets in the course - malware analysis, C, GDB, web dev, python, RSA, etc. If you do not already know at least half of these things, some of these items will make you struggle on at least one or two of the 4 projects.
With that said, I went into this course with low expectations in terms of content and what I’ll gain out of it - and I was wrong. There was a lot of material and knowledge that I had gained from this class. The TAs were extremely caring and helpful. (The prof was absent which is par for the course for OMSCS).
The course materials were well done and makes understanding of new concepts very easy. I went into the course without knowing much of the security-related aspects and did not have too much trouble with them.
Rumors are the course contents will undergo some non-trivial revisions for the next semester.
Solid class.
The projects require you to apply mindset of an hacker to attack/analyze different vulnerabilities, which is different from traditional programming. You don’t have to write much code really, but the code could be tricky.
Personally, I don’t do well on exams, so I spent more time on projects and quizzes which I almost got full points. Didn’t read the book and got a 62 on the first exam.
This is my first course in the OMSCS program. I have a background in Java from undergrad and write C/C++ code daily for work. This review will be based on that experience.
This class has 4 projects, 10 quizzes, and 2 tests. The quizzes are easy, and the tests are pretty hard.
Project 1 - PR 1 was on a VM using C code. Some say that this project was the hardest, but for me this project was pretty simple. It was asking about buffer overflow exploiting and concepts similar to this. The write up for this project is tough. Make sure you leave out no details and truly explain what is going on.
Project 2 - PR2 was a little different. For PR2 you opened up a VM and ran some malware that was given to you. You then have to read through the execution of it and figure out which malware was triggered and which wasn’t. Sounds easy enough? Wrong, many of the people in this Fall 2018 class did terribly on this assignment because the criteria for executing or not executing is not very clear. My advice, work with some classmates and talk about each exploit 1 by 1.
Project 3 - PR 3 was pretty cool. You got to play with some RSA cryptography stuff. This project is written 100% in Python 3. This project does take some time and have some major GOTCHA’s but with some due diligence, this project can be finished quickly and you will actually enjoy it.
Project 4 - PR4 for me was the toughest. You were doing things like XSRF attacks, sql injection, and things similar to phishing. Have 0 experience in HTML, PHP, or JS, I found this project to be extremely difficult. Others did not.
Test 1 & 2 - I HATE reading text books, but for these tests, I highly suggest that you at least follow along in the text book while the lecture is going on. I took test 1 using ONLY the lecture and got less than a 70. STUDY THE BOOK FOR THE EXAMS.
Quizzes - If you read the lecture notes or even studied the book a little bit the quizzes will be a breeze.
The TA’s for this semester were FREAKING AWESOME. They are absolutely helpful if you ask the right questions. The teacher was not around much, but the TA’s for this class this semester from what I heard were the best anyone has had in any class so far. Kudos to them.
OVERALL: I would definitely say this was a semi-good opener for the OMSCS program. I HIGHLY suggest that you start working on the projects soon after they are released. This will keep you up to date with all the people in the slack channel. OH, JOIN THE SLACK CHANNEL. It will make life so much easier. There were discussions on the daily about the projects and the best plan of attack. Once in a while you will even see someone slip and release a bit of information that wasn’t supposed to be released. JOIN THE SLACK CHANNEL.
Bit of advice: As stated at the top, C/C++ are my strong suit so I helped a lot of my fellow students with Project 1. When it came time for project 2, it was nice to have people to compare thoughts with about the Malware. Helped me get a high grade on the project. Then those same people when project 3 came around were there to bounce ideas and strategies off as well. Finally in project 4 where I struggled the hardest, I had people willing to help me understand because I had made friends with them and helped them along the way.
The class is about four projects and two exams that cover different material. There are ~20 lectures, some of which cover useful detail on attacks, defenses and crypto algos, many cover fluffier aspects. The book is full of detail, very dense and completely optional except for looking up quiz answers.
- Three projects are about solving a security or cryptography-related challenge and writing a brief report. One is about monitoring malware activity and a lot less interesting from my perspective (but comes with surprisingly harsh grading). Projects require some thinking and for me succeeded in illustrating important concepts, but are not difficult. I don’t have a CS background and spent no more than 1-2 days on each. Clearer expectations on reports would further streamline that.
- Exams require another 1-2 days review of lecture materials each and are pretty fair.
Overall, I got some 10 days of partly hands-on exposure to some info sec topics, not more and not less. Felt like a good class to get started with; paired with the ‘new DVA’ that was a lot less useful.
This was my first class in the OMSCS program and I thought it was a good introductory course. It wasn’t too intense and touched on a broad range of topics that are all great to understand.
This course is not hard.
Easy course with interesting projects. The reading material is a lot however the relevant sections are quite minimal. You would need to read the material to do well in the exams, or else go through all the flash cards. Projects mandatorily need to have good reports.
This course is an easy A as along as you see the lectures and do the projects. You do not need any programming skills the projects are pretty simple. If you took CS6262: Network Security this class will be a breeze and I highly recommend it.
The only project that is kinda hard is the stack overflow project because debugging is kinda hard and you need to know enough about C and Stacks to figure out how to break the application.
The exam is rote learning, pretty much watch the lectures, take a few notes and take the exam. There is nothing special here.
4 projects: one with C on buffer overflows, one without coding on Malware (no coding), one with Python on public-encryption (RSA), and one with JavaScript, PHP, and HTML on web vulnerabilities.
10 quizzes which were all straight forward. Watch the videos and read the textbook. Questions are often lifted directly from the reading.
Most of the exam questions come straight from the lecture slides or the book reading. The lectures will get you most of the way there (70%) but the readings will get you the rest of the way. Use Quizlet to review concepts.
Lots of content in this course. It’s definitely an overview. I found the cryptography and encryption Chapters to be the most interesting since I have a background in maths. The last projects was pretty easy for since I do web development for a living. Your mileage may vary. I didn’t think the first project was all that hard.
It helps to work with a group of students through the course to chat about content and questions you have about the project. There’s opportunity to verify your work (i.e. your exploits work) on Project 1, Project 3 and Project 4 so you generally know how well you will do.
The exams and quizzes are straight memorization and lookup (for quizzes only.) The projects were fun. This class is a nice introduction into info sec if you know nothing about it. Would recommend taking it in this course as it helps dive into an aspect many developers ignore.
** Choose this for your summer class **
There are four projects with distinct language requirements. The first one needs C programming, second one needs pure reading of documentation and searching on the web for matches and the last one was mainly web programming with PHP and SQL. The most lines of code you would need to write would be less than 100 lines.
The projects are clearly defined, though the C one was the toughest for me.
This was my first Summer class and it felt well suited for the short time span or as an additional course for Spring or Fall.
This was a fun class. I had some infosec experience going in, so it might have been easier for me than it otherwise would have been. That said, I still learned a fair amount and the projects were interesting.
Initial part of course was more difficult than later on. I took this as my first OMSCS class, and I almost forgot I was in school at times :)
Professor Lee is both absent with respect to course involvement and completely unenthusiastic in presentation of the lecture materials. Other than that, this was a fairly straightforward course. The biggest problem is that the projects often rely on gotcha-style insights orthogonal to the material being implemented, so you end up looking through dozens of examples of people doing similar hacks online, but since they aren’t affiliated with the course, it’s not dishonorable the way that asking someone to look at your code and point out what you’re doing wrong would be. Because reasons.
In any case, it’s conceptually very easy with moderate amounts of banging your head against the wall.
This class helped me get a job in InfoSec
This course was complete rote definition memorization straight out of the book for quizzes/exams. Just use the existing quizzes on Quizlet and you can get at least 70-75% on the exams just from that. (I didn’t do the readings.)
The lectures are okay- they pretty much just summarize the content of the book.
The projects for the most part are worthwhile, but I feel like the grading is overly slanted towards getting very specific points correct. Project 3 in particular had an auto-graded section that I just bombed because multiple answers were dependent on getting certain hashed values correct. Came out with a B solely because of that project. I’ve heard other semesters had extra credit offered, and it would be nice to have had that opportunity.
Overall I would say this course is below-average. When you get things incorrect for the project, the grading isn’t helpful about specifying what you should have done differently, which means that the course doesn’t offer much as a learning experience beyond what is already accessible in any security textbook.
Overall, I thought this was a great class to take over the summer. It wasn’t too hard especially towards the end. The subject was very entertaining even if the textbook and lectures could come off dry sometimes. The lecturer for most of the second half was much better than the first lecturer. TAs were very responsive to any concerns we had. The best part of this class by far was the projects. The projects really help you learn the material.
This was a very interesting course. The projects were cool and the lectures gave good information. It was overall pretty easy so I would recommend it as a first course or over the summer.
I don’t think the structure of this course has changed since it was created – 10 quizzes (20% of grade), 4 projects (60% of grade), 2 exams (20% of grade) – but I still enjoyed it. The book is quite dull, and has some repetitive content, but reading it is important for the quizzes and exams. Getting 100% of quiz points is easy but tedious, and I would argue that it’s worth it for pushing your grade to an A. The exams don’t do much to reinforce the content since it means drilling T/F and multiple choice questions, and some of the questions seemed out of left field. The head TA mentioned they are changing the exams for future offerings of the course, but I don’t know what this means. The lecture videos are mixed - some interesting, and some just regurgitate the book. The projects are the most engaging part of the course, and do a good job of reinforcing some of the topics. There is so much time to complete each project, and I was able to do the work in a handful of days. I wished there were more of these practical exercises. Grading and feedback is fair, and the TAs are pretty active on Piazza, though the professor is not visible at all on the forums. The peer feedback for this semester was amazing, and anytime I was stuck on a project issue, my fellow students came to the rescue. There are office hours held by TAs, but these are not recorded, and I didn’t attend any of them due to my time difference from the US.
Not too difficult a class. There was a bit of tedium in the exams, but actually reading the book made this course an easy A. The projects were really fun and interesting. The only one I found challenging was the first one - a C-based project on stack overflows. The rest were definitely more interesting than difficult, although starting early always helped. If you have any interest in information security and don’t know a lot about it, this is a great introduction. Also, probably a good class to pair with another if you’re taking two.
This was my third class and my first one during summer. Overall I enjoyed the topics and the projects. The schedule felt a little rushed however the subject was very interesting and well worth my time.
** Structure **
- 10 quizzes = 20% of grade
- Open book and can be taken many times while open.
- 2 exams = 20% grade
- Closed book and proctored.
- 4 projects = 60% grade
- Stack overflow attacks, malware analysis, cryptography, and web vulnerabilities.
** Pros **
- Covers plenty of topics in Information Security.
- Information is up-to-date and relevant to the current market.
- Projects are very interesting and provide hands-on experience.
- Overall, the TAs did a very good job at managing the class. Questions and grades were answered/returned promptly.
** Cons **
- Quizzes feel like busy work as they are literally taken straight out of the book. It is highly recommended to purchase the suggested book.
- Professors were completely absent from the class. Maybe they were on vacation?
- The coverage of each topic can feel a little shallow, but given the amount of information that is covered I can understand why.
** Conclusion **
This was a good summer course that complements Network Security (both classes are taught by professor Wenke Lee). Recommended as a summer course or introduction into OMSCS.
So this was my first summer course, and third overall course in the OMSCS program. Although I expect to receive and A, my feelings are very mixed about this class. On the one hand, three of the four projects were excellent (more on those in a moment). On the other, the quizzes and exams did not really seem to instill in me any huge amounts of security knowledge, and frankly I don’t think they added much to the class at all.
The four projects covered security topics ranging from low-level stack overflows, to OS manipulations via malware, to RSA algorithms, all the way to basic web browser security exploits. Projects 1, 3, and 4 were the only parts of the class which required coding, and all were adequately challenging and thought-provoking to learn the subject material. Project 2 could use a refactor in my opinion, as it mostly revolved around utilizing a pre-existing security tool on a VM to search for specific exploit characteristics (by search I mean cntrl-F through a few webpages on the VM).
As far as quizzes and exams went, if you went through the relevant book chapters, made flashcards of all the bold-faced words, and studied those cards until each definition was burned into your head, you would probably do well enough. This effect could easily have been replicated in my opinion by just handing each student a document containing all those definitions, and utilizing the quizzes for this type of material. A far better approach to the exams would have been some sort of hand-written coding assessment detailing a security exploit, the reason why an exploit occurred, and its fix (very similar to the 4th project’s written portion).
Overall, the saving grace of this class were its projects. The lectures were also good.
PS. From what I understand there is an extra-credit assignment worth 10 whole percentage points given ONLY in the normal Spring/Fall semesters. As the Summer semester did not have this assignment, I think a number of people expecting an easy A were a little surprised by the difficulty of the exams.
Immediately applicable
Can be a tough course as the projects can get a little difficult and require some knowledge of creating web pages and Python. Overall though it wasn’t too difficult to get an A. I believe there was 5 projects and 2 tests but the tests are weighed so little that you can kind of bomb them and still get at least a B, as long as you do well on the projects
This course gives a fairly good overview of most of the topics in information security. The lectures are alright. There are to professors that switch off depending on the topic. I find Wenke Lee’s lectures to be very boring since he is just reading something word-for-word.
Quizzes are pretty much pointless. The questions are taken straight from the book so they don’t teach all that much. However, be sure to stay on top of the due dates because (at least in the summer) they can be a bit erratic.
The first project can be a bit challenging, but once you have that ah-ha moment it is pretty straightforward. Be prepared for writing reports for a few of the projects. The second project requires no programming but the first, third, and fourth projects require C, Python, and HTML/JavaScript, respectively.
Don’t expect the professor to make any appearances. Don’t expect much from office hours since the TAs take turns running them, and most decide to have them on the Slack channel which I did not find useful since you couldn’t post questions ahead of time and it was difficult to find the discussion later.
I would reccomend this as a first course to take, a summer course, or as a course to pair with something more difficult.
There is a huge amount of reading and many long lectures you must do. Can’t really skim as much as in some other classes. Project aren’t too difficult but teach effectively and are insteresting. Tests are not difficult but are frustrating (poorly written, ambiguous questions).
If there is a reason to take this course, it’s the projects. There are four projects where you get to experience how near-real-world information security attacks are carried out and how they can be mitigated, including buffer overflow, malware analysis, asymmetric keys, and XSS, CSRF, and SQL injection attacks. Many project tasks were very challenging and there were times where I was nearly pulling my hair out, but then you figure it out and you’re on top of the world. The rest of the course felt somewhat rushed considering the summer semester schedule. This involved Udacity lectures (which I enjoy in OMSCS courses), textbook readings (you can just skim for quiz answers), 10 quizzes, and 2 closed-book cumulative exams. Overall the course was enjoyable and I learned a lot, though a good chuck of the information in lectures and the textbook I had already learned once in preparation for the CompTIA Security+ exam a couple years ago. Luckily this course brought back how this information is more useful to me as a computer scientist. The Piazza forum posts were primarily helpful when it came to working through the projects, and there were a number of helpful students on the Slack channel as well. The distributed office hours with TAs can be confusing at times (all live, there are no recordings), but by putting those in my calendar early on I was able to take advantage of a couple of them. I did think it was strange that the only thing that I witnessed the professor’s involvement in was the lecture videos, so he must be a busy guy.
Professor Lee was a no show on Piazza, which means the TA’s ran the course. They did a decent job for the most part. Piazza wasn’t particularly active and most of the interaction was via Slack. This meant that a lot of questions about the projects were repeated, over and over, in the Slack channels, along with a wave of activity just before a project was due.
The workload was very manageable. This was a summer course, and compared to the workload in GIOS, this required about half the effort.
The textbook is atrocious, and is designed to cram as many standards and terminology into the printed pages as possible. The quizzes are verbatim from the book, so you’ll need it to do well there. Lectures were much better. The first half of the course is by Professor Ahamad, who rambles a little bit, but sets a nice pace for taking notes. The second half is by Professor Lee, who moves very quickly, and you’ll need to pause the video if taking written notes.
The projects were the better part of the course, and covered topics such as stack overflows, malware analysis, encryption and web security. Most of them don’t take a lot of work, but you’ll likely get stuck and need to walk away for a bit. Therefore, you really shouldn’t leave them for the last minute.
Ultimately, it’s a decent introduction to Info Sec for a software engineer. If you are looking to specialize in Information Security as a Security Engineer, you’ll need to supplement this class with additional training.
I enjoyed this course. I learned a decent amount in regards to security principles and simple ways to protect your online sites.
Overall, I was disappointed by the course. It does not feel like a graduate level course. There is heavy weighting and emphasis on quizzes which test your ability to search a PDF version of the text book and spot the “Gotcha” questions where they change one word in a direct quote from the book. The exams are a similar style. I was really excited for this class and was looking forward to getting exposure to information security. Now, at the end, this felt more like boring required courses from an undergraduate program. The weighting on the quizzes seems to be designed to “force” students to read and watch the lectures–which as a graduate student you should be doing anyway–but do not seem to be designed to enhance learning or reward students for being diligent. Overall, I would say unless you already have a background in Info-Sec–which would make the class trivial–or are looking to transition to security, avoid this class. It was a significant disappointment.
The one saving point for the course is the projects. They are not terribly difficult but you can learn a lot and a few are pretty fun too. Ultimately, I would say that if the quizzes were dropped and more projects and papers were substituted the class would be excellent and would become one of my favorites. The course has potential but is weak in its current iteration.
Solid
I found the course to be a good introduction to security. The lectures were fine, and readings were a bit dry. However, the projects are very interesting and helped me to go in depth into the topics: buffer overflow, malware, cryptography and web security. The course involves some C, Python, JavaScript, HTML and PHP. Projects 1, 3 and 4 take some time to complete, so be sure to start early.
The TAs were very responsive and helpful in providing guidance on how to complete the project and giving small hints when students were stuck. Piazza was very active and helpful. Recommend as a first course or a summer course, even though the summer schedule is quite compressed (quiz almost every week, and project due every 2-3 weeks).
Interesting course. The time required for the projects varied significantly, so my recommendation would be to always front load. Diligently keep up with, and review notecards for, lectures and readings (which can get lengthy at times) and you should cruise on the exams.
Pretty decent class. There are interesting projects and weekly quizzes (very easy and open book). I put in very little time and still got an A. Good intro class for the program to get you back into the swing of school work, etc.
Having no background in security I found the course really interesting. The students were most engaging and you really have to rely on Piazza to understand the core of the projects. We had 4 Projects and you could elect to do an optional project for extra credit. I did fail well in the course but please do pay attention to due dates, we had random dates such as Wednesday at noon on EST and dates that are really non sensical. The material is interesting and the projects are linked to real world security encounters. Overall a great first course.
Fun. Not very hard. follow instructions carefully and it’s an easy, informative, and interesting course.
This was a good course. It has a pretty light workload and it’s a good class to pair with another light class (like SDP). The first project was hard at first (buffer overflow attack in C), but everything after was pretty simple. Even if you don’t have info security experience beforehand you’ll have a fun time.
It’s a very well run course. Well planned - all quizzes were released on time, and same with all the projects too - no hitches there. Grading turnaround time also was quite remarkable. I would recommend it as a first course, or as a course that can be combined with a very heavy load course like ML or AOS. The professor is not very much involved, it was entirely managed by the TAs - but it was awesome - almost everyday there were office hours with a TA, sometimes even 2 slots per day - which was great, so I didn’t have to wait too long for clarifications. The course had a very involved slack too - given the size of the class Piazza was cluttered and hence slack played a very important role as the medium for communication. I felt that to get more from the class, the project difficulty level could be rigged up - as most of the projects took a day or 2, but were given a month’s time to complete. Overall it was a good course.
Interesting concepts on security. Interchanging instructors between 1st 1/2 and the 2nd 1/2 of the course felt more of a detour, but none the less the projects were fun to work on. The only thing to add, start working on projects early as project 1 and 3 are very time consuming.
First things first: This was a course with an attached “easy” label”; I’d say this is a course with a reasonable difficulty, but I wouldn’t categorize it as easy. You’ll need to study quite a bit and do a lot of research if you want to succeed, and most of that you’ll do alone (books and resources are not provided).
The course lessons consist in video lectures from Udacity, and a textbook. They may overlap, but not necessarility.
Grading is based on four take-home projects - which are just slightly related to what you see in lectures, ten open-book quizzes, and two closed-everything, one-hour proctored exams.
The projects are nice, and they’ll force you to learn quite a bit on various security topics, but be aware: most of the time you’ll be on your own. TAs will provide very limited help, and the professor is nowhere to be seen.
Also, sometimes you’ll encounter badly worded, contradictory or plain wrong questions or requirements, be it in projects, exams, or quizzes: try asking for clarifications, but don’t expect proper answers. Most of the times you’ll be ignored. This is not so bad as it seems, because such questions are not a lot; but it can be frustrating if your final score is around a threshold for a grade. My suggestion is: ignore them and go on, you may think that spending time in “fighting” those will let you recover some points, but that won’t work. Just go on.
General recommendations:
- try achieving a 100% score in open-book quizzes. Their total value is the same as the two exams, so spend a bit of time on those, and take your time to crawl the textbook and the lessons for the proper answers.
- start working early on projects, so you can ask on Piazza and Slack if you’ve got problems. I recommend using textbooks about the various topics, sometimes online resources are vague and make you waste time.
- For the exams, you must study all the lessons and the relevant chapters in the textbook. Try understanding the underlying concept, but be advised that, without a good amount of luck, you won’t get perfect scores there; some questions in the exams are overwhelmingly specific and you won’t be able to answer them - but if you do well in projects and quizzes, an A is totally feasible. I wouldn’t waste too much time on “great exams”.
Over all this was a interesting and worthwhile class. The projects are really interesting and I learned a lot from them. The quizzes are kind of a waste of time; they feel like busywork. The tests were not exactly hard, but the questions were oddly worded with a lot of distracting errors which made them very tricky.
The projects are the biggest part of your grade, which is a good thing. They cover a wide range of topics and require a lot of different skills. They were challenging but doable.
The class was hard because it’s so wide ranging; you will almost definitely have to work with something you are totally unfamiliar with at some point. You will have to put in some time doing research outside of the class materials to learn the tool you are working with.
This was a much better course than I initially expected. The 4 projects were challenging but educational and doable. The video lectures and book readings were also good. This course makes me want to take other OMSCS security courses now.
I got what I wanted out of this course which was a survey introduction to Info Sec. As others have said the projects are the reason to take this course. They are fun and interesting.
There is a lot of reading required for this course but I I think it can be avoided since the book is dry and strangely organized. You’ll need to reference the text to complete the quizzes. For the exams, I found that skimming the text for information and then intense flashcard memorization before the test to be a successful strategy.
I liked the structure and presentation of the video lectures. I thought they were organized well and did a great job of distilling relevant information from the text.
For me the weak point of the class was in terms of the leadership and administration of the course. There were some outstanding TAs in this course, who were generally available to guide students on projects and the concepts underlying them. However, when it came to matters of policy and offering a cohesive message on things that came up, particularly in terms of graded content, there was no unified voice, and sometimes questions would go unanswered. There were some minor snags endured because the course switched from TSquare to Canvas but those were teeny and inconsequential. However, a few times, things that should not have mattered turned into frustrating issues because no one would address them. This was my fifth course in the program, and I’m not convinced that this frustration is rooted in an unreasonable expectation of course organization and leadership. These courses can’t entirely run themselves.
Overall, I’m glad I took this course and would recommend it to anyone who is curious about the topic and has had no exposure to it otherwise.
This was a great course. Its not difficult and the instructor isn’t around all the time but I don’t think he really needs to be either. The TA’s did their best to answer questions and correct any errors and I thought they did a good job.
You can put in little effort and pass the class. That’s completely okay. You can also do all of the readings assigned and independent research and expand on the projects on your own and learn a lot more. This class is the epitome of you get out of it what you put in.
I really enjoyed the projects. They are not heavy on the programming but more of puzzles. Projects included C, Python, Javascript, and reading PHP. You only need to do very basic tasks in these languages and you don’t need a deep knowledge in any of them.
I even enjoyed reading through the book and I can’t really say that about any other class. I must like the subject matter. :)
The exams are not difficult if you watch the lectures and do the readings. The exams are very similar to the quizzes you take weekly. The quizzes are open book.
I have learned a lot from doing the projects. Exam questions are sometimes not clear. People including me lost some points from T/F type of questions because of the grammar and ambiguity. For me, reading lecture notes created by other student helped me with exams.
For projects, make sure to use TA, piazza, and slack. Just try to prepare ahead of time since they give you like a month to do it after each project releases. I felt like I could have learned more if I started ahead of time because I probably would dived into the subject deeper. But I ended up working on projects too late so I worked just enough to get a good grade. Shame on me :(
I took it over the summer and thought it was a good fit for short summer term. I found the subject matter interesting even though I had no prior interest in security. Projects are not very challenging but rather tricky as most projects involve exploiting some security vulnerability.
easy couse
I have an engineering (not CS) background and got an A in this class. That said, I was quite disappointed with the class. I was surprised how poorly and lazily administered the class was. Regularly the students had to remind the instructors to open the quizzes or post projects based on the schedule. The textbook is a must only because the quiz questions are verbatim from the book. The exams, which are a major part of the grade, had very little quality control and were very unbalanced (neglecting several topics but focusing too many questions on a single topic). The only redeeming part is the projects, which are pretty interesting. But for a CS newbie, it required more time than it should have. Also, be prepared to think about breaking things rather than building. That was the challenge for me. Previous classes (CN, DBS, GIOS)
Very easy class. You can get many points from online quiz (open book and you can try as many times as you want) and projects. Projects are mostly straight forward expect for the stack buffer overflow assignment on Project 1. Project 3 and 4 are also fun (I like programming assignments). Tests can be tricky and sentences in questions I felt bit ambiguous. But if you do well in quizes and projects, you should be fine as long as you can secure 60% or so in these exams.
The lectures and a book are super dry and even you can skip totally if you want to focus on grading. I have a neutral impression on this class.
This course involves lots of computer security concepts. Need to complete both video lectures and textbook chapters in order to do quizzes once a week. Some people liked the projects more than the others. You will use python, c, and JavaScript when working on projects. It is more about how you are interested in this lesson. Lectures to me have no interests at all. Each one is about 60min long on average and full of concepts.
Cakewalk compared to many of the other courses in the program. The projects are the meat of the course but also where you learn the most, by far. Hit them immediately once they are released and you’ll finish them in a couple of days for the most part, but you might get stuck on a few parts and need additional days to do extra research. Don’t wait on the projects until the last few days.
You’ll find some people in this class whining and complaining. Here’s a rough piece of advice…if you can’t handle this course, leave the program.
I took this class in my second semester along with AI. My first semester consisted of CS 6250 CN and CS 6340 SAT. I completed a computer engineering degree in 2014 as my only previous computer science exposure before this program for comparison to your circumstances.
This course is lighter compared to the harder courses in terms of pace and difficulty. The projects are less frequent at about one a month and are easier to figure out, especially when you have no background in the topic. I fell in this category for all of the projects so I averaged about 20 hours total a project between coding and writing the report. If you have significant experience in C with buffer overflows, or HTML/Javascript, then all of these projects can be completed in one night for you. The quizzes are straight from the lectures and book, so the book has great value for these. The tests focus on details and terminology from large amounts of chapters and lectures so memorizing that much information is the hardest part. The TAs and professor run the course very well and all our issues with Canvas will be figured out by the time later students take this course.
I recommend this course as a great first course if you are coming from a technical background that is not computer science or engineering. This can also be paired with the harder courses like AI, ML, and GA.
Overall, this course was good, but not great. The 4 projects are where 90% of the learning occurs. The quizzes are easy but the 2 exams are nonsense. The questions were randomly pulled for the textbook and poorly worded. The TAs were very responsive and with some minor changes, the class could be great.
This is a great intro class to information security. Low workload and easy & fun projects. Highly recommended.
This is a solid course in that it balances a lot of content (some of which will be unavoidably dry) with fun assignments that teach you the concepts (like hacking a VM to get root privileges).
All 4 projects were tricky in their own way and can be harder/easier depending on your knowledge.
In terms of languages, Project 1 requires some C, Project 3 required Python and Project 4 required some HTML/javascript.
All project are doable but you need to give them like 3 full days each unless they are squarely within your knowledge area. Luckily, you usually have about a month for each one, so you can spread these 3 days out.
This course was hot and cold for me. I really liked 3 of the 4 projects. The first, third, and fourth projects I thought did a great job of demonstrating the security issues for each topic, exposing me to the programming related to the topic, but not requiring advanced programming techniques in any of them. This is a security course and they did well to teach that on these projects.
I didn’t feel like I learned much from the second project other than I don’t want to be a malware researcher.
The quizzes, book, lectures, and exams are all just ok. Maybe because I’m not in the security field, but I found the material and how it was covered to be pretty dry. Given that this course is highly relevant to our every day lives, I felt like the academic material could be more engaging.
Overall, I’d suggest this course for a student without a cyber-security background. Take this as your first course to hopefully start out strong or pair up later on with another class that’s not a time sink like cs-6200 was for me.
I enjoyed this class, mostly because the projects were quite fun. They are like a series of puzzles to solve. They are very open ended, and the steps to complete them are left to the student to figure out, but generally speaking, you know when you’ve got it right thanks to well defined completion criteria or provided test data to compare against. The first project requires GDB, which I’d never used before. If you’re comfortable with debugging in any language, this should be no problem. Knowing JavaScript, HTML, DOM, and some basics about how the event model works in a browser is very helpful for the last project. The weekly quizzes actually help learn the material because you can take them over and over. I took them at the beginning of the week, then looked for the answers while reading the text and watching the lectures. Then you can get a 100% by taking it again at the end of the week. There are two proctortrack exams that follow the same true/false and multiple choice format of the quizzes. They are not difficult, but some of the questions are poorly/awkwardly worded in a way that was frustrating. Getting the text book is required as many questions for the quizzes and exams come from the text and are not explicitly covered in the lectures.
EDIT 2: Project 4 grade received on May 4 in the late morning and apparently I was not suspected of cheating. A simple update on Piazza could have saved me, and probably many others, a lot of stress. I still stand by everything else I said below in the original review and edit 1.
EDIT 1: As of May 4, I have to downgrade my review from “liked” to “neutral” due to some stressful communication issues. We were told on May 1 that all project 4 grades were expected to be returned later that night. Also on the night of May 1, we were told that the instruction team found out some students used past projects on GitHub to complete project 4. After this, the instruction team basically fell silent with very little exception. Like many others, I don’t have my project 4 grade yet. I didn’t cheat on project 4 or at all in this course, so the fact that I have neither my grade nor even the smallest relevant update from the instruction team is getting very frustrating and making me anxious, especially since it’s now been 2.5 days since we heard anything relevant. I’m sure I’m not alone in this. My mind is racing at the thought of all the ridiculous hoops I’ll probably need to jump through to fight a wrongful cheating accusation, and it’s causing a lot of unnecessary stress. Take this course with caution.
Original review:
This was a great course and was not too demanding. There are 10 open-book quizzes, each worth 2% of the grade. Almost every question is verbatim from the textbook or lecture notes. There are two closed-book exams worth 10% each. They were on par with the quizzes in difficulty, maybe a little more so since notes weren’t allowed and they covered more material. The final exam was not cumulative. There were four projects, each worth 15%. The projects were some of the most interesting and fun I’ve ever done in CS, as an undergrad or grad student. We had about a month to do each project, which is way more than necessary. For that reason, IIS is a fantastic course to pair with another course.
Project 1 is all about buffer overflows. Knowing C helps a bit but is by no means a necessity. It’s probably more important to know about internal memory architecture at a somewhat high level. This project was definitely the most time consuming for me, and I think I can objectively say it’s the one with the most amount of work. (P4 might be more work if you have literally no web dev experience.)
Project 2 is about malware analysis. I’m not that interested in malware but I still enjoyed working on this project. It was a massive decrease in difficulty and workload from project 1 also. No programming required for this project; it’s all with a tool in a provided VM.
Project 3 is about cryptography. This one was awesome. Some basic cryptographic algorithm programming in Python. Previous knowledge of Python will absolutely be helpful, and even if you don’t there is plenty of time to learn it before the deadline. A ton of guidance is given and a lot of the code is already provided.
Project 4 is about web security and exploiting XSRF and XSS vulnerabilities, and doing an SQL injection. This one was extremely easy if you have previous HTML and JavaScript experience. There is some PHP code in the files we’re provided, so it helps to know that a bit. But if you have previous programming experience then understanding the PHP code will not be an issue. Also, the only code we actually had to write ourselves for this is HTML and JavaScript.
Really cool stuff. The textbook is dry AF and probably the worst part of the course. The lectures were so-so but informative. Mostly absentee professor on Piazza, but seriously, who cares? We learn material from the professors’ lecture videos, not from their Piazza posts.
I definitely recommend taking this class. If you’re lucky, your Piazza forum will be filled, like it was this semester, with highly entertaining posts from people constantly whining about the dumbest things, largely because they can’t read/follow instructions or they need some serious hand-holding and spoon-feeding.
This is my 2nd class in the program and I really enjoyed it overall. Although I took it in a full semester, I think this would be better as a summer course because there were about 4 “down” weeks in the course where I didn’t do anything.
The projects span a wide range of topics, but are very manageable. I thought the 1st project, Buffer Overflow was the hardest if you don’t have background in C and memory architecture. The 2nd, Malware Analysis, was very straightforward. The Cryptography project was also fairly easy since you don’t have to write your own mathematical algorithms unless you really want to. (So you can make it more challenging if you desire by not using libraries.) Finally, 4th Web Security project definitely seemed very hard for those who had never done any web development. If you have encountered JS/HTML/PHP, it is fine.
The Canvas quizzes are worth 20% of your grade and open book. So basically, 20% of your grade should be 100% right off the bat. The exams were a bit more random/tricky with some material included that is barely even covered in 2 sentences in the book. I read most of the book, but overall I probably won’t retain much since the book is dry and topics are quickly covered. I somewhat regret spending time reading since I don’t feel I walked away from the reading with a really deep understanding, but rather with a surface level acquaintance with terminology to pass an exam. I’m sure I will forget all the specialized terminology within a few weeks, hopefully the general concepts stick though.
Overall, it was a fun course.
This is my second course in the program, and I would consider this a good beginner OMSCS course. The workload is very manageable. The content is not too difficult to understand. The projects don’t require a very strong programming skillset. That being said, understanding some basic C and assembly will help with the first project which uses gdb to exploit a buffer overflow, so the ability to read/understand some assembly line by line is useful. The third project involves some Python but coding ability is again not the skill being tested. The final project involved HTML, PHP, Javascript. The exams are very conceptual and were significantly more challenging than the projects. Quizzes are easy and are the same final grade value as the two exams. The material starts off dry but gets very good by the first exam and the entire second half of the course covers some very interesting topics. Study hard for the exams, complete all the quizzes, and put some time into the projects, and it is a fairly easy A.
I took this my first semester in the program and thought it was a great first course.
There are 4 projects. The first project required some understanding of GDB, the 2nd required no programming (analysis of malware), and the 3rd was implementing mathematical logic in a few lines of code. I am currently working on the 4th project, which appears to be the most challenging and open-ended design project.
There are 10 open-book quizzes and 2 closed-book multiple choice exams. I found the first exam easy to study for by focusing on the assigned textbook readings and reviewing the quizzes. Definitely read the textbook as there is material covered on the exam that isn’t presented in lectures, only the textbook.
I took this course in combination with Intro to OS. I think Intro to Info Security is a good class to take in combination with others because you can easily catch up on it if you need to focus on a different class. I think the material is interesting and clearly presented.
Not much to say about this class. The topics were interesting, and the projects were easy but entertaining. This would be a great first course to take or to pair with another course, and I recommend it for anyone interested in computer security concepts. Just don’t expect a ton of depth - rather, this course provides general information about many different aspects of information security.
What I really appreciated about this class is the amount of prep work the professor and TAs did to give us semi-realistic systems to “hack”, viruses to inspect, and examples of compromised code. I distinctly remember the fake bank account that we had to get into and the scavenger hunt assignment. The assignments/mini-projects tied the course together very well.
I was looking forward to this class but found it disappointing.
The textbook is not very engaging and I felt like there was too much assigned reading every week. There are weekly open-book quizzes, but they essentially pull questions from the textbook verbatim.
The projects are interesting and they are the best aspect of the class. Unfortunately, they can be a nightmare logistically. Almost every project was extended due to technical errors and issues. These are the same issues that are reported in previous reviews on here, so there is no reason for them to happen each semester. Often the instructions are unclear and questions on Piazza can go unanswered for a long time.
There are two exams and they often focus on minutia and trivia from the textbook and lectures. Like the quizzes, they are true/false and multiple choice, but they are not open-book.
Overall, it feels like little effort was put into this class. There are two professors and only one briefly appeared on Piazza a few times during the semester. The tests focus on rote memorization rather than testing your understanding of the material and concepts. Despite all this, the class is still easy and can make a good choice to ease into the program with.
I really enjoyed this course. Lectures were well designed and we were given enough guidance on the projects in order to complete them successfully. Exams were relatively straightforward. Given that I did well on the projects, I hardly needed to even complete the final exam which was nice. Given the option of prioritizing projects was really nice since I’m not the greatest test taker.
Light course to begin with. Gives a basic idea of how various malware attacks work and how they can be detected.
There was a ton of reading assigned, and as I got further into the semester I decided to forego the reading.
Overall, the course was interesting and the projects were really fun. I would suggest leaving a lot of time for the first project (buffer overflow).
I went in knowing nothing much about security. I found the information very informative and learned a ton. I feel I can discuss problems intelligently and discuss solutions. The information was interesting. Videos were well done, even though the first professor explained better than the second even though he was a bit repetitive. Overall, I’d rank it as one of my more enjoyable classes. Two things I’d recommend for improvement. One, the quiz questions seemed out of context and were many times pulled straight from book. The exam questions had alot of vagueness and felt were not written that well. The second complaint is that while the TA’s were good about answering Piazza questions they were not so great at answering followups on Piazza. A followup question many times has as much meat as the original and kept seeing followups marked as satisfied when they clearly were not.
Overall, I’d recommend the class for the material and the projects were a blast and interestingly challenging. Only project I didn’t enjoy as much was the virus analysis one. All the rest were really fun and cool. These was the best part of the class. I disagree that the class was super easy, I found certain parts hard and the projects always took some level of cleverness to solve. The exam were fairly hard and again the questions were not the best. I’d recommend the class and hope you enjoy.
I took this course in my first semester as I could not get into any other courses. I did not like this course even though I got an A, may be its to do with the fact that I am planning to do ML specialization and therefore don’t really care for many topics discussed in the course and only took this course to meet the “Two foundation course” requirements.
Assignments are interesting but the nature of security industry is such that every vulnerability gets patched so fact so I felt like I was doing gimmicky assignments with not much practical use. I felt this was more like an undergraduate course.
TAs are useless, they hardly ever reply on Piazza. The lectures are Dry. This was a self taught class and students were replying to each other. I was searching youtube and google for solution to assignment/assignment like problems and found quite a few.
For few weeks during the second half of the course I did not spend even an hr on the course.
Take this class if a. You want a relatively easy A class. b. Security topic in general excites you. c. You want to take two courses in a semester and this one could be easier of the two.
I would personally not take this class, I think it was useless from learning outcome perspective. But I guess an “A” on transcript helps.
An entry-level class with interesting assignments.
Good intro to security for those who have interest. I thought I would be one of those but this class made it clear to me that I actually don’t! Back to the actual meat of the class though, I believe the projects is a good attempt to apply the topics learnt. The book can get very dry and lengthy. Without the readings,the workload for the class would be much less. The TAs are great in this class but I didn’t hear much from Prof. Wenke Lee at all. There were just a couple of posts from him throughout the entire semester.
This class was very informative but since I don’t have a great interest in security, it was kind of a drag. Although, some of the projects were enjoyable I don’t think we were given enough to really know what we were doing for some. They expected us to search for answers or ask around which I find strange.
A very simple class that provides a good overview of information security. Can be taken along with a time-consuming course as this course is an easy A.
Overall, a pretty good course covering a lot of high-level topics. The material in general is pretty easy and straight forward. The only thing difficult about this course, speaking only from my perspective, is that a couple of the projects took me a substantial amount of time not because of the security related topic but because to complete the assignment it required knowledge of the project environment that I had absolutely no experience with; e.g., in the last project dealing with web vulnerabilities you have to work with Javascript, which was completely foreign to me, so I took more time learning about Javascript than figuring out the vulnerability. Outside of the projects, I averaged 2 hours a week on this course to cover lectures, textbook, quizzes and exams. But factoring in the time I took on the projects which soaked up a lot of time, it bumps my average way up. They give you about 4 weeks for every project, so if you are not a procrastinator like me you should be good.
Like someone else said, this class was little more than a GPA booster. Don’t expect to come out with a portfolio of projects that will get you into the security industry. Some of the projects in this course were almost exactly the same as an undergrad info security course I took from another institution.
A great introductory course to the world of information security as well as to the OMSCS program itself. There is a bit of a learning curve (and a larger workload) at the start of the semester, but the workload goes way down as you progress through the course. The material is very interesting and the TAs are very active on piazza. The textbook readings weren’t very helpful, but the projects more than made up for it. There were 4 projects, all of which were very immersive and very interesting. I would definitely recommend spending most of the time just working and understanding the projects in greater detail.
A good course if you need to wrap your head around security aspects .. its a very good beginners course .. I used a lot of concepts in my job. The only thing is that instructors are not that active on piazza .. and the project descriptions can be a little vague, and would need clarifications on piazza ..
My first class in OMSCS and I really enjoyed it. Reading reviews of other classes vs. this class I’m really happy it was my first. It’s rather general but with no security knowledge coming in that was fine by mean. The lectures are easy to watch and you do get the general ideas you need from them. The book is SUPER dry but needed. Not necessarily to read all the way through but to skim for sure. Certain sections won’t be touched in the videos. Lots of googling and piazza will help you through the projects. They’re not hard you just don’t always have the specifics you need to complete them. Shout out to TA Scott for helping me through two of them when there was a bug in the VM / wasn’t given enough info to start with. Quizzes are crazy easy but the exam are definitely harder. Not sure hard but not as easy as everything else. You can’t always anticipate the questions and they can be really vague. You should be able to fine in the class regardless of the exams, though. Glad I took - think every dev should have at least a basic knowledge of security.
If you have never programmed in python before, or not even a programmer, you could potentially struggle in some of the projects. If you have NOT done any sort of security work/study before, you have a TON of terms to memorize. If you have a basic understanding of security concepts and have programmed with python before, this will probably be the easiest class you can take in the program.
It is an OK overview of some security concepts, nothing revolutionary or exceptional. It will definitely be a “filler” course for most people and is best paired with other courses or utilized as an “off” semester to prep for some of the more interesting and difficult courses.
I liked this class a lot! The material was really interesting and most of the projects were exciting (yes I think that’s the right word). Had a bit of difficulty studying for the test as the textbook covered many many terms, if you don’t have experience in the industry it may be overwhelming. My tactic was to hit the projects early/hard and struggle to a B on the exams which makes an A very achievable in the course.
This class was not too tough. The projects are fun (especially project 1). Project 2 was a bit dodgy, but the rest are alright. These are the projects that if you do it right, you know. The exam was multiple choice. The textbook is quite… boring. One wonders, this is the stuffs of Swordfish, Mr. Robot, and other hackers type movie. How did the text book writer managed to make it sound so boring? -. -
The support is terrible. They EMAIL quizes, I couldn’t even find them at times. Really one of the worst supported classes I have taken (i had taken 7 already at the time. ) I would highly recommend not taking this class.
Not too difficult. Projects were interesting for the most part - especially the RSA crypto one. The “analyzing malware” project was miserable, impossible to know if you were doing it right. I ended up mostly guessing on that one, and made up for it on the other assignments. The exams were very short and all multiple choice/true-false, easy to do well.
Readings were pretty verbose and a bit dry.
I am familiar with information security but never had any actual projects or have done work with it before. The reading/lectures were a bit dry and I found myself dozing off most of the time :^)
I was really interested in the cryptography section and this course was a great intro to the math and what goes behind the scenes.
I found project 1 (buffer overflow) the most time consuming (10 - 15 hours) out of all 4 projects since it has been a while since touching C. I really enjoyed project 3 (cryptography cracking with Python) and project 4 (exploiting website vulnerabilities, should be familiar with PHP, javascript, HTML)
For exams, I reviewed the Udacity lectures and skimmed through the book. Mostly rote memorization.
I liked the course material but the TA’s were largely disorganized. The questions for the quizzes are usually directly lifted sentences in the textbook with missing words. Makes them overly easy with a digital copy of the textbook. The projects were fun but grades were very slow to return and some of the submital instructions often unclear and contradictory to best practices.
The easiest class. I spent a total of six afternoons in the entire semester to deal with 4 projects and 2 exams. And in the end, I overdid it because the curving is generous. Forget about the book, slides and Udacity. Wikipedia is good enough. Overall the course is great!
This class is little more than a GPA booster. The projects aren’t too bad but cover the majority of your grades. If you read a few resources on the Internet (or wait until the last week so the project errata is ironed out and the relevant questions are answered in Piazza) you’ll breeze through the projects. I spent 5-10 on each project.
I took this in the summer, so there may not be as big of a workload in the fall or spring. There was also no extra credit offered. Overall the course is very informative, and I enjoyed taking it, but with the condensed semesters, I found it hard to keep up with everything, especially since I took the whole duration of time allotted to project 1 and was playing catch up for most of the semester.
The first project was in C, and was interesting, but took me a while to get. The second one did not involve any development, but was still interesting. The third was in Python, and the forth was in HTML / PHP / Javascript. I already took Networking and Network Security before taking this class, so the second half of the semester was pretty simple.
The quizzes aren’t too bad, and were useful when studying for the exams. There is a good deal of reading, and the lectures are informative, but do not cover enough for the exams. I would recommend doing both the readings and the lectures.
This class covered some basic topics around Information Security. There was a lot of reading to do but it was worth it to go in-depth into some topics. the projects were really interesting and taught me a lot.
The TAs are active on Piazza and Slack and help out a lot.
It was a little hard to keep up in the shortened summer semester, but it was definitely manageable.
Course was good, it had a lot of work in Fall 2015 with weekly quiz and multiple projects and 2 exams. Between the lectures, reading and projects, it was about 10-12 hours per week.
I took the summer version of this class so it didn’t have the extra credit options.
SKILLS NEEDED: some C and assembler required for first project. For last project, its important you understand HTML, HTML forms and some PHP. Not having that general understanding seemed to be a barrier for some taking the class.
This class gives you a good broad overview of Information Security. It doesn’t go too deeply into things. But the assignments are very well designed. The first one was challenging for me (even though I have lots of C and some Assembly experience).
The lectures cover a LOT and there’s a lot of reading as well. So it was a bit challenging to just keep up with it in a busy schedule (esp. after having taken several lecture-light courses). The quizzes do a good job of keeping you on track in the schedule and on getting a summary of what is learned.
The TAs and professor have plenty of office hours but its mostly drop in or by arrangement. So I didn’t really take advantage of this.
In terms of teaching I give this class full marks.
My only complaint is having to deal with strange wording issues in the Quizzes and Exams (as others have pointed out here). Generally such things don’t bother me, but in this case it was more trying to figure out how the grader will respond than what the correct answer was. That needs improvement.
The projects for this course are very fun. They seem simple at first, due to the fact that they are small, but they can be quite tricky to complete. You should brush up on C, pointers, Python, HTML and JavaScript prior to taking this course. The midterm and final are multiple choice questions using Proctortrack which come directly from the book. Ample time is provided to complete the exams, with time remaining to go over your answers. Make sure you complete one of the extra credit assignments, as it could make the difference between earning an A or a B in the course. Overall, you will learn a plethora of security concepts in this course, I highly recommend it.
Assignments are the best part of this course. They are challenging and help learn the concepts better. The lectures could have been better. As the course title says, it is an intro course and hence material is spread thin across multiple topics. Gives you kind of a nudge in the direction of understanding information security broadly but you will need much more in case you plan to work in this area. NS/IIS form a good combination for people pursuing Computing Systems specialization.
Pretty great class! Projects are awesome great way to learn about security. I’d recommend leaving time to read the chapters, the lecture doesn’t really cover a lot of the topics that will be on the exam. I’d recommend that you do one of the extra credits.
This course was much too easy. The projects were mildly interesting but each of them could be completed in a few hours. The exams were rote memorization based from the book. This is one of the easiest courses I’ve ever taken, not just in the OMSCS program. The TAs were involved but the professor didn’t write/respond to a single piazza post. This is a good course to pair with a difficult one (or if you’re thinking of taking 3 in a semester) and want an easy A.
I liked this course. Not having any real background in security, I felt it was good for my knowledge level. I can see where this could be mundane for those with security experience but thought the course was very well suited for my experience level with the subject matter. TAs were very good and responsive.
This course was a pretty good selection for my first semester in the program. The projects were by far the highlight of the course. All four of the projects are incredibly interesting and engaging and leave you with a much greater understanding of the topic of focus upon completion. Definitely touch up on your C and HTML/Javascript for the First and Fourth project before you take the course. The projects aren’t extremely difficult but do require a fair amount of research and thinking. The course lectures/book reading is pretty dry, and, bar a few topics, I didn’t really enjoy it. There’s also quite a lot of reading. If you plan on taking notes the reading can be quite a time sink from week to week. The Exams do require you to spend some time understanding the material at a level greater than just simple memorization.
I thought the class was extremely interesting. The lectures were a very high level overview of each topic. There were 10 quizzes (about one per week), 2 exams, and 4 projects. There was also an optional project for extra credit. Each of the projects probably only took 10-20 hours to do, but I enjoyed doing the work for them. I did not think it was too difficult or too easy. This is a class that you probably should have a background of C, Python, JavaScript, HTML, and PHP, but if you don’t, then you can probably pick up the skills required for this class pretty quickly.
Projects were fun and challenging, and illustrated various real-world concepts in infosec. Took around 5-10 hours per project. Lecture/textbook content was painfully dry and tests and quizzes were often poorly-worded multiple-choice gotcha questions surrounding random bullet points in the lectures and textbooks.
Overall, a good starter course for OMSCS.
The projects were the best part of this course. I found the first one to be pretty frustrating and a bit poorly executed (we had to use gdb and the only guidance provided was an inadequate ten minute YouTube video with no audio), but the other three projects were fun, interesting, and engaging, with manageable difficulty. There was also an optional project which meant even if you struggled on a project or exam you could still fare ok. Project 1 was C-based, and having some acquaintance with C was nice, though I think one could manage if familiar with another language. Project 2 was not especially language dependent. Project 3 required some basic python skills. Project 4 required you to be able to read or write HTML, JavaScript, and PHP, but having only minimal familiarity with those I was still able to figure it out, so I wouldn’t over-stress about those.
There was a ton of lecture material for the course, which got tiresome. In particular, the videos for the first half of the course are extremely long-winded and even at 1. 5x or 2x were quite repetitive.
Many of the quiz questions are lifted verbatim from the textbook. Because of this, many students found a searchable soft copy to be convenient. I had a hard copy of an old edition and it was definitely adequate.
Although I was successful on the exams, they didn’t feel like especially high quality assessments. The projects were certainly a superior source of learning.
The most disappointing part of the course was that there was virtually zero instructor presence on Piazza or office hours. Luckily a couple of the TAs were helpful via Piazza or available for consultation office hours and peers were helpful on Piazza. I got the feeling on Piazza that students who struggled on the projects would have appreciated a lot more guidance and instructor participation. Since it seemed the TAs were in charge of designing and managing the projects, it left me wondering what the instructors were actually contributing.
I had an overall positive experience with this course.
There are 4 projects, 2 optional projects, 10 quizzes, 2 exams, a book to read, and a bunnnnch of lectures (that also have quizzes).
The thing I disliked the most about this course is the busy work that comes with it. The projects were great and I watched all the lectures. But the quizzes, the exams, and the reading just did not help me learn at all. The hard part about the exams is that you really don’t know where questions are coming from… quizzes? book? lectures? projects? all of the above? So that makes studying harder.
What I liked about the course were the projects. They really helped me understand the material we were learning and I felt like I was able to really grasp some of the fundamental aspects of software security that I was missing from my undergrad. Since I had a computer science background these projects weren’t too difficult. You’ll need to know: C, Python, HTML, PHP, and JavaScript.
The only other comment I have is that the TAs/Instructor didn’t participate in Piazza as much as I would have liked. It made the whole semester feel disorganized. For example, the instructors didn’t post anything about the first exam until 2-3 days before it opened. Makes studying pretty hard. They also didn’t post anything about the final.
Overall, I liked the class and learned a lot from it!
This class had a lot of reading and covered a vast amount of material. Unfortunately for me, my reading comp is not what it used to be!!
The projects were great at demonstrating the subject material. However, from a non-CS background, they were INCREDIBLY (for me) time consuming, and occasionally frustrating. However, writing exploits (buffer overflows) and doing cross-site request forgeries, cross site scripting, sql injections - how cool! I havent written a line of C code in 25+ years, so learning some C and learning to use a C debugger would be helpful. I recommend starting early on the projects. Appreciated the optional extra-credit project. However, I didnt have time available during the semester (with the workload of 6300 and my job) to dedicate time to them. So, at the last minute I submitted half of the optional project 2. 5, and believe I got a few extra points to help the class average.
DO follow the assignment instructions. I lost 10 points on the first assignment for placing an exploit file within my writeup, and the instructions said to attach it separately. My bad!
I learned a tremendous amount in this course. Although there was minimal if any interaction with the instructor, the TAs were more than involved, had access to him (and in one instance interceded on my behalf), were highly knowledgeable and available daily. And, until the last project I didnt realize they had chat rooms during their office hours where we could get help when needed.
I do have another security text I purchased a few years ago. I found the Stallings text to be an awesome asset to one’s library. The book was great, and I feel was a key to the tests and quizzes. The second half of the class, given my overall daily workload, I was not able to keep up with the reading, and am cramming for the final.
To me, this should be a required course for anyone in CS. I look forward to taking the network security class.
This was one of my first courses in OMSCS. I had only surface level experience with information security, but after taking the course, feel quite knowledgeable. Most of it is directly applicable to my job, and is definitely a worthwhile course!
The best part of the course were the projects. Many of them were challenging (in a good way) and had a good coverage of a lot of different areas related to information security. The course definitely fulfilled my expectations of what Ga. Tech courses should be like.
Looking forward to the sequel (Network Security)
I enjoyed this course immensely. The lectures were straightforward, the book is excellent, and the assignments are interesting and informative without being too time consuming. If you’re going to take this course, it’s good to know some basic number theory for the cryptography portion, but aside from that everything is covered well and is easy to pick up even for absolute beginners.
Okay. If you have Security+ or similar backround, you have 90% of the material. A bit boring - a fair bit of reading, but not too hard.
Loved this class
A very good core course and relevant. Plenty of decent reading for students and you are free to make it as difficult and thorough as you would like to. It can however be very challenging though for those new to the subject matter.
A very well balanced and informative course. I took it over a summer that made it a bit more time consuming and difficult, but overall the pedagogy was very good. Most of the readings are from one book and the assignments were interesting to solve rather than tedious
This is an interesting class with some pretty fun projects.
You are graded on 10 open note quizzes, 4 projects, 1 optional project, and 2 closed book exams.
Most people I think get by with these quizzes pretty easily since you can find the answers on the internet or search for them through the textbook. Regardless of how you approach the quizzes, I would highly suggest reading the textbook for the exams. While the Udacity videos are very interesting, they do not provide enough of a background for you to be able to do well on the exams and it is likely the intention of the instructor that you really take the time to go over the material in the textbook.
The projects are pretty engaging and require a mixed bag of skills. Even if you’re not familiar with the language (like C for the first project) the instructors give you ample time to complete each of the 4 projects. Additionally you have the option to do an extra project to boost your average if you did poorly on one of the other ones.
I was a big fan of this class even though the exams killed me (I did not prepare well enough for them, totally on me). Here’s the breakdown of assignments:
10 quizzes - these are all easy and straight from the book and some lectures. Mostly quizzing you on definitions and a few characteristics of certain ideas. Very few times will you find a “gotcha” type of question here.
4 Projects - Project 1 was a stack overflow exploit in C. I was new to both C and this type of attack so there were some growing pains here (plenty of resources online). Project 2 I had a blast with, we analyzed malware running on VMs. Project 3 was about decrypting keys using Python. This was a lot of fun even though the grading came back less than I expected, probably my favorite project I’ve done in this program. Project 4 was all about using Javascript to exploit XSS attacks. The gotchas in this project were a bit rough for me but I got graded really well.
2 Exams (not open book/notes) - It seems that most of these questions came from different places from the text and lectures. At times they could seem like really minute details for questions but it is what it is. If I were to have to do this class over I would go through all the lectures and take notes. This would have helped me a lot. Also the proctoring was a hassle for some students (I had no issues).
Extra credit project - this is offered to give you an additional 10 points to your final grade. Unfortunately part of one of the extra credit projects is totally a “get all the points or none” kind of or deal. Seems like an odd format for students who need additional help.
Overall you should get a decent-good grade in this course. I enjoyed it and at times wish I could have focused more on certain aspects of InfoSec. A whole course on network security, or malware, or decryption would be a ton of fun! I recommend this course to anyone, just do a better job of taking lecture notes than I did.
Great class! The work load is somewhat light but the projects were extremely interesting and enlightening. It definitely opened my eyes to many security vulnerabilities I had not previously considered.
This is a fairly easy course with very interesting assignments. My favourite would have to be the first one on C with return to libc attacks and the web one with XSS attacks.
My recommendation for studying midsem+finals is go through the quizzes and memorise definitions. It is quite a dry way of studying, but that strategy you should be easily able to beat the class average. As others have previously pointed out before, the quizzes and exams feel more like excepts and definitions pulled out of the text book so be prepared for that.
very interesting projects, get hands on real attacks. great course overall.
Project 1 does include C programming, so be aware of that going in. With enough research, you can find some good sources to get you going in the right direction if you’re strong suit is not at the system level of programming. Project 2 is decent and includes some malware analysis. Project 3 is possibly the best I’ve done in my few classes, heavy on the math behind cryptography (public key). It is very interesting and was created new for this semester. P3 is very interesting, I’m sure all will enjoy. P4 is also pretty neat as it revolves around internet security exploits.
Overall workload for this class is pretty manageable. 5-10 hours a week. One major help is the bonus project, which can add 10% to your grade. This can cancel out a bad project or two if you need it (projects were 15% of our grade, tests 10%).
The downside during Fall 2016 semester was inattentive TAs. Our third project was released two weeks late due to all the TAs forgetting about it. It’s likely that the professor will be more active due to this management gap in future semesters, so I wouldn’t worry about it in the future.
Overall, I’d recommend this course. I learned a lot and found it very interesting. If there are any “Security Now” podcast listeners, this is the classroom version of the show; very interesting.
There ere weekly quizzes, and a lot of lectures & text book to cover each week, but manageable. The 4 projects were challenging if you didn’t know C, HTML, or whatever language, but were also fun. The TAs were great in helping sutdents, and also from students helping students on Piazza. I used to IT consider really dry (let’s be honest, it can be) but after this class I have new appreciation for it. I have no regrets taking this class. The Instructors did a great job designing it.
Really liked the class, but I liked more were the projects. You definitely must get the book for this class.
Great class and great structure.
One of the most practical courses in the program. If you’ve been around the interwebs for a while, some of the topics will be very familiar, but this course may fill in some gaps in knowledge and give you more practice breaking/protecting systems. I really enjoyed the Assignments – they’re almost like puzzles that don’t always seem clear at first, but there’s a solution that’s obvious after the fact.
The lectures are pretty unadorned, but cover the material. The one on RSA was a standout – I finally understood something I’ve “known” for years. The tests and quizzes are multiple choice and pretty much straight from the book and lectures, but the questions are sometimes a bit ambiguous.
This is a good course to pair with if you’re taking more than one.
Easy class and interesting material.
As mentioned in some earlier comments, It’s an intro course. That’s why it says “Intro” in the name. But if you’ve got little to no info sec experience this is a fun way to get some. The readings were a bit long, but there was a lot of material surveyed and they were well worth it. The lectures were very approachable, but there wasn’t much depth in most of them. They were typically a bit of a review of the readings rather than instruction of the material. But that may be an artifact of my habit of reading first, then watching the lectures. The projects though… These were the most fun of any projects I’ve had in the program so far and I learned a ton doing them. You will feel like a l33t H@x0r at least once in this class. You know. If you’re into that kind of thing…
I really enjoyed this course. The projects are fun and are more challenging than the tests or quizzes. This should go without saying but start the projects early. Use an electronic version of the book, which will help you study and take quizzes more efficiently. You’ll need some basic proficiency in one of (python, c/c++, java) and some basic web development experience. So if you have never built a webpage and used a bit of javascript, you should look into that some. Please don’t ignore Piazza no matter how smart you are. The TAs will clarify inconsistencies between the required text and the Udacity lectures and will remove confusion about quiz questions and assignments. You’ll probably kick yourself if you miss questions and parts of assignments just because you missed a good Piazza post.
This course covers a lot of topics and I love the projects. Work load is definitely not high, but those projects are not trivial.
I really enjoyed this class, and especially the projects. I had prior backgrounds on some of the topics covered, and this class helped me to assemble the bits and pieces together.
Lectures: they cover really broad range of topics, from buffer overflow (low level application security) to web security. Each topic is not discussed in great details, but given that this course is an introductory course, this is quite expected.
Quizzes: Most of the questions are taken straight from the book. If you watch the lectures and read the book, it is very easy to get 100% for the quizzes.
Projects: The projects are fun, and help to understand and appreciate the topics better. Sometimes it takes a while to get what each project is about, but once you get a hang of it, the project can be done in a reasonable amount of time. (I spent about 7 - 10 hours per project) Furthermore the classmates are very helpful with the projects, even to the extent of almost giving away some of the answers. Most of the projects are auto-graded, so the answers are only either correct or wrong and no room for subjectivity. There were some hiccups with the auto-grading but the TAs quickly rectified them.
Exams: Similar level of difficulty with quizzes, not that challenging but good understanding of the concepts is needed to provide correct answers.
Optional projects: Intended to be a grade boost, but it seems everybody did quite well so that the final grade curve was also boosted. Students are allowed to submit multiple optional projects but only one will go into the final grade.
Overall it is a fun class, worth taking if you have little or no background in computer security. The workload is quite reasonable, and definitely will be lighter on normal spring / fall semesters.
This is an intro course. Very intro. If you ever had any security experience in the past, this will be review. I was a bit surprised that is offered at this level for a graduate program. The lectures and textbook material is basically a vocabulary exercise. The projects are what make the class interesting. It was a bit more work than average this semester since it was the first time this class had been offered for the summer. Since the semester is shorter, there is a bit more work to be done per week. Very doable. Since this was the first summer semester for this course, the TAs and Professor did their best to try and make it better for the students. Although, sometimes the decisions seemed to be knee-jerk and ended up making things harder rather than easier.
I really enjoyed this course. This is a cursory review of security, so no topic is dwelled on for too long in class (but you are of course welcome to spend more time on it, as there is plenty of supporting material provided). Although the lectures were often blah, the projects were the highlight of the course.
I have very minimal programming experience, or experience with Linux, so I struggled with some of the projects, but they were very interesting and satisfying. I wish I was faster at figuring things out, as that would have given me time to do extra projects, which 1) counted for extra credit and 2) sounded very interesting. As it was, I learned a lot (mostly from projects but partly from lectures) and really enjoyed the semester.
I would recommend this course to those who do not have much programming background, as it is doable and interesting; and for those who do, you’ll spend way less time on the projects than I did, and that would enable you to dig into the subject matter even more.
Overall, a good course. Provides a decent overview of computer security concepts, but doesn’t dive into most of them very deeply.
Lectures: Some of the lectures are quite long. Most of them repeated or rephrased what was in the book. Not the best lectures I’ve had so far, but not terrible either.
Homework: There’s a quiz portion to your grade. The quizzes are open everything and were taken verbatim from phrases in the textbook. To make the best use of them, it’s best to read, watch lectures, and then attempt the quiz with everything put away. Afterwards, you can check your answers and submit.
The projects in this class were probably the best part. There are four projects that each focus on some aspect of computer security. Most required writing some code, while one consisted of analyzing malware. Each one took me 4 to 5 hours to complete, so not terribly hard. The project that dealt with finding vulnerabilities in a web application was the most fun. There were also some optional projects which could be used to bump up a low test or project grade.
Tests Tests were multiple choice and proctored. They didn’t take too long to complete, and if you actually were doing the reading, they were fairly straightforward.
Grading/Administration: The TAs were fairly active on Piazza. Grading seemed fair to me, with most projects auto graded. There were a few projects that had hiccups, but the TAs seemed to fix them within a few days.
Additionally, it was nice that the class offered optional projects.
Book: The textbook for this class was interesting at its best, and extremely dry at its worst. You might be able to get by without the textbook here, but it was extremely useful in studying for tests and quizzes.
Conclusion: Worth taking if you’re looking for a summer class and don’t have broad knowledge of information security concepts.
Really enjoyed the course.
Overall I liked the class and learned quite a few things on computer security - topics cover pretty much the entire course book. I found reading the book to help with understanding some of the lecture materials which were complicated. In some cases I skipped lectures and read the chapter instead.
In cryptography it was the first time I understood what cracking of prime numbers problem is really about - through theory of Modular arithmetic.
Overall, you will learn as much as you put in - if you come in just for the grade that’s what you will get. If you come in for the material you can read a lot in reference materails and on the web to supplement the course. It’s totally up to you.
Projects - many projects looked easy to start with, but by the time I was done with them I had spent a good 15 to 20 hours on each. In some cases even more time to setup and run the programs.
Overall, I recommend this course to all who are in the systems computing specialization.
Good: great topic and interesting materials. Challenging projects, with some hands on experience. Bad: lack of clarification on some assignments, some ambiguous questions in weekly quizzes, and, most upsetting, absolutely horrible communication (meaning - absence of it!!) from TAs on Piazza private messages and emails. Unless staff will be changed, do not expect questions about your projects, grades and re-grading to be answered in those individual messages…
I’ll start with the good:
1) The class has some fascinating topics. You’ll learn the basics of how to do things like buffer overflows, malware analysis, encryption (cracking), and exploiting vulnerable websites.
2)Some of the TAs were particularly good to work with. I’m looking at you Matt and Peter.
3) Some of the projects were really fun. Project #1 (overflows) and Project #4 (web vulnerabilities).
4) You get the opportunity for extra credit via an optional project that expands on one of the “official” projects.
Now unfortunately the things I didn’t like:
1) I can’t say this strongly enough, “logistics”. I get this is a summer course so everything is condensed, but there were problems across the board regarding issues with projects and issues with autograders. The “optional” project grading policy was changed no less than 3 times within a week of the end of the semester.
2) Get ready for some quizzes with “subjective” or “ambiguous” true/false questions. Good luck arguing them. They’ll say not to read into them too much; but then come back at your challenge with some convoluted worded reasoning why you’re wrong.
3) The book is absolutely tedious to read. The authors need to understand the concept of “run on” sentences.
4) Grades on practically EVERYTHING were held up because someone was suspected of cheating.
5) Some of the projects seemed like straight busy work (cough Project #2).
6) Some of the projects seemed like they added extraneous stuff just to make our life harder (cough Project #3).
7) They’ll crackdown on cheating, but let students ask questions on Piazza that practically go through step by step what to do. Seriously. Wait till a day or two before the projects are due and just read through Piazza and you won’t need to do any work. This has got to be the biggest “nope” for me. I think it demeans the value of the program when people no longer have to try or even research on their own.
The material: This course covers a LOT of ground. In the summer term, we read almost the entire book, and there were just under 18 hours of lectures. That being said, the material is broad and not very deep. This is definitely a survey course.
Grading: For this term, 20% of the final grade comes from ten quizzes (open book/open note), 60% from four projects (equally weighted), and 20% from two exams (equally weighted). The exams are a midterm and final, and the final is not cumulative.
The projects: These took me from 6 to 12 hours each. The projects were:
- Execute a buffer overflow attack - make sure you’re up on your C programming and have an intimate knowledge of how the OS lays programs out in memory.
- Malware analysis - we used a virtual machine to safely study malware. This project is basically following the instructions with no independent thought.
- Cryptography - implement cipher block chaining, and search a keyspace to try to crack ciphertext. Your choice of Python or Java for the assignment.
- Web security - launch a XSS, XSRF, and SQL injection attack against pre-supplied PHP code.
As you can see, these projects target different skillsets. You may have an easy time with one over the other.
The exams: There is very little required in the way of synthesis with the material, but there is a LOT of material to learn. The class average for the first exam was an 80. I’m writing this before getting the results of the final exam.
Bonus project: the professors graciously allowed us a 10% extra credit project. Do it - it’s fire insurance against a bad exam performance and can almost guarantee you the A.
Final verdict: this class was fun, and I learned a lot. When you solve the projects, it feels like magic (OMG - I just launched a buffer overflow attack!). I’d recommend this course.
Most of the projects were not as challenging as the other courses I’ve taken, but they were far more interesting and really helped us engage with the material. Overall, this class was the most fun of any I’ve taken so far and was the most rewarding. I feel like I took a lot away from this class, even though it was a fairly light time commitment.
The projects were interesting, challenging, and rewarding. I actually had fun doing a few of them. Several languages are required to understand or complete the projects: C++, Python, PHP, and SQL. Start and finish the projects early as possible and you’ll be alright. The tests, on the other hand, were at easy to fair level. I over studied for them.
Majority of my time was spent on reading practically the whole book to complete weekly quizzes, going through weekly lectures which didn’t always intersect with book, preparing for tests, and coding/doing the projects.
This class has its moments, both good and bad. As others pointed out, there is a large breadth of topics covered (and a corresponding lack of depth), which similarly has pros and cons.
The good: A lot of the topics are quite interesting, and if you are not a security person already, you will probably leave this class more aware of some area(s) of security that can help you in your career. The technical meat of some of the projects can be both interesting, challenging, and fun. They make it easy to get an A if you put in the effort.
The bad: Sometimes, getting started on the projects is hard for the wrong reasons (environment setup, somewhat lacking documentation for specific things, etc). It is nothing that one can’t get past, but if you have limited cycles, those problems can at times be frustrating. The really unfortunate result of that was that it was the crack in the foundation of the class opened up the floodgates of incessant whining on Piazza. I understand a bit of grumbling about the project setup problems, but people started complaining about every little thing, when the reality was that most people probably did fine in the class. I truly believe that if we hadn’t had those project problems, people would not have complained so much about other things. Sorry fellow students, but please make sure you are making a constructive comment before you reach for that “anonymous” button!
The ugly: As with any security class, you will leave realizing how insecure everything is. Good luck sleeping!
Secret key to success: Buckle down and do the readings (don’t just skim!). It will makes the quizzes and exams easier, and there is sometimes a deeper dive of content, or even non-overlapping content in the texts. You will get more out of the class.
Final note: To the anyone that suggests Googling for quiz answers: are you sure you want to be in the program? If you just want a piece of paper, I there are some other lovely online degrees you can pursue.
This class had a lot of interesting material, but it was presented too quickly and shallowly. It really should be split into two courses. The assignments were somewhat challenging, but didn’t do much to actually reinforce the material as it was taught.
Due to the condensed summer schedule and size of the class, there were some issues that arose due to changing how assignments were going to be graded at the last minute, with basically no warning.
The Professor and TAs varied significantly in their Piazza presence and willingness to help. Generally, it was low all around.
As with most summer courses, things moved along quickly due to a condensed schedule. This has led to some confusion around the extra credit assignment grading, but hopefully things will run more smoothly next Summer.
As per other reviews below, we are now required to complete all 4 assignments. They ranged from straightforward to tedious due to the wide range of skills needed. For example, the first assignment favored those who had a C-background while the last assignment favored those who were savvy with JavaScript. I would recommend doing a ‘bonus’ project, preferably one which is geared towards your own skill set.
Lectures were split between Mustaque Ahamad and Wenke Lee. Those given by Ahamad will literally put you to sleep. Lee keep a more brisk pace. I am not big into reading text books at all, but willed myself into reading this time due to many of the quiz (and therefore midterm and final) questions being pull from there. The quizzes are open book/notes and answers can easily be found online, but it is recommended to first attempt them without assistance since the midterm and final are closed book/notes.
The main reason that I took and would recommend this class is if you are going for the Computing Systems concentration. It fills that requirement nicely.
I have little good to say about this class, other than that it isn’t quite as pointless as Computer Networks. It’s somewhat more difficult, but that’s not saying much.
Grading consists of two rote memorization exams (easy), a lot of open book quizzes (which themselves appear to be plagiarized from Quizlet, so you know.. google them), and some projects (moderate difficulty).
The lectures are okay, if boring. I really can’t complain about them.
The projects are really only a challenge whenever the questions are ambiguous, nonsense, or rewritten by the TAs after release (formally or informally on Piazza via “clarifications”).
TAs are not very responsive on the forums, from what I’ve seen.
This course does not meet my expectations for this program. It’s certainly not on the same level as the CV, RLDM, ML, or CCA, etc. On the other hand, if you find yourself out of interesting courses to take and want to just finish the program, here’s an easy A.
This was my first dropped class. I found the content exceeding interesting, but the class is just poorly designed. I only went through two projects but the majority of my time spent was on set up and debugging the VMs provided. The second project literally wouldn’t work as it was assigned, and required amendment via fellow students in T-Square to work. So that was a day+ lost. If something didn’t work the recommendation was to rebuild the VM. Which even on my brand new MPB is a 20 minute process.
I followed past my drop and apparently project 3 is even worse, with multiple amendments to non-functional aspects of the setup. I don’t regret dropping it.
Everyone involved is trying very hard but it’s just not ready for prime time and doesn’t really compare well to the rest of the OMSCS program. I want to spend the majority of my time learning, not fixing setup/instruction issues. I imagine that’s true of most students in the program.
TAs run amok, more time spent trying to trick students with wording than honest knowledge evaluation. Third project was basically “use this really crappy app to gather research data for one of the TAs”. Seriously, I’m paying to run around surveying people.
Poor TA support during the semester I took the class, including one encryption assignment where the reference data file was just plain wrong. Perhaps to be expected in an intro/survey course, but frequent changes of tech stack were a bit maddening. Almost every assignment required a different programming language.
- Lectures was okay. I felt like the material could have been presented in a more natural manner, even though there were many technical terms to explain.
- Quizzes could definitely be improved. Many of the questions were taken straight from the textbook. If the instructors wrote their own quizzes, it could challenge the students to learn and understand the material better.
- Lots of reading to do from the textbook if you want to get the most from the course. Although the instructor says all the quiz answers can be derived from the slides, I think some of that is a far stretch. I feel it is easier to personally fill in the gaps through reading the textbook.
- Projects were enjoyable and challenging. There were four in total. The third was a new one in this semester that had a lot of technical issues and bugs. I don’t think it was an appropriate project to ask students to test out a smartphone app. Fortunately, there was an alternative option for that project (which was a literature project and designing a smartphone app that uses pki).
- Bonus extra credit was available if you complete additional problems related to a project.
- Exams were fair. Multiple choice and T/F on proctortrack.
- Professors and TAs were helpful. They even held office hours almost everyday in the week! That is amazing!!
- Overall I enjoyed the content and recommend others to take this course too.
This course covers some very interesting topics, but the execution needs work. Multiple projects were plagued with technical difficulties which, in some cases, kept students from being able to complete them. Others go fairly far beyond the material covered in class. This would be fine for more open-ended project requirements (we should all expect to do some solo research and problem-solving in a masters degree program), but it seemed that many students relied heavily upon the expertise of a few industry professionals amongst the student body to guide them through. Exams are somewhat boring and quizzes are word-for-word copies of book sentences. Again, not a terrible class, but not as well done as others I’ve taken in OMSCS. Definitely a class you can pair with another, though set aside lots of extra time if you want to get more out of it than just a good grade.
Great class. I would definitely recommend taking it with another class, especially if you have a hard class you need to take because the class is not difficult. The first half of the semester is basically common sense stuff, really if you know little about security, you know enough for the first half. The second half of the class, which I consider to start with cryptography, is a little more challenging, but it is not difficult to grasp the concepts.
My favorite part was the projects - 4 projects + 4 optional, of the optional you only can do 1. Project 1 - Easy, work with C and gdb Project 2 - Easy, triggering malware Project 3 - Easy, basically doing a test for an app that one of the TA’s built - Very bad project in my opinion because I didn’t learn anything and really did not get anything out of it. Project 4 - Easy, you “hack” a fake website. Not as easy as the other 3, but if you know JS and HTML you will be fine. It took me a bit more time than the others simply because I was confused as to what I was doing.
Midterm was not difficult, all true/false and multiple choice questions. You can only answer them one at a time, so that was annoying because you could not go back and double check. The questions were similar to the Quizzes, but some of the questions did get me.
I should mention this is my first class in the program and I would definitely recommend it to anyone who is new and thinking about taking it.
Course mostly taught straight from textbook; as are the exams and quizzes.
The projects reflected material in the lessons generally; and were relevant and informative. The projects tended to require pre-knowledge of C and JavaScript to complete without a lot of extra effort. Also a newer machine than the course requirements indicate is required to install/run one of the projects.
Sloppy, unclear presentation A lot of bad quizzes in the lectures (often all options are correct answers and similar things), not very helpful, ambiguous quiz answers Very strict weekly homework quizzes, often need to complete whole sentences from the book Last minute changes in due dates, confusing schedule, unclear pacing Incomplete project descriptions with a lot of fuzzy or under-specified requirements Fun little projects, they do not require much effort Don’t expect a deep dive, it’s a very broad and somewhat shallow overview of mainstream, old security topics. Despite all the negative points I still liked the class, but mainly because it just gives me a solid foundation to further explore topics when they arise in my daily work.
I went into this class already knowing a fair amount about security. However, I really enjoyed the projects. They got me to do things that really cemented my knowledge, and that I wouldn’t have done on my own. I’m glad they’re making all 4 projects required. I felt like it was too easy with just the 2. The book is really boring. You will fall asleep over it. However, it is necessary and the lectures are pretty good to make up for that. To study for exams, use Quizlet. There are questions in there that someone created for another class based on the same book, which was helpful.
There are now 4 required projects. Now takes more time than reported in Fall reviews. You could get by looking up the answers without reading the text, but if you want to get all you can out of the class, the reading can take a long time. The good: I’ve learned a lot. Interesting projects. Extra credit project available. The bad: poor or wrong instructions, mistakes in slides, and TAs who write wrong or confusing answers on piazza when they bother writing anything at all (which isn’t often). When students can’t figure out the mess they’re given, they blame it on the students. It’s hard to do project 2 without a good computer. You need 8G memory for the VM. 2 closed book exams, but not too difficult.
Seems like peoples concerns were heard. Spring 2016 syllabus has (20) 1% quizzes, (4) 15% projects, (2) 10% exams, and (1) optional 10% project for a grade boost. First project took a bit of time to learn about how to use gdb and machine code in general. Preparing for midterm now, which coveres 10 chapters. The second project was a bit annoying to get the VM set up. I was sure I ran the malware analysis correctly, but don’t think the results were coming out correctly. I got a new laptop after this project to ensure that I would not have any technical issues for the remainder of my OMSCS life. Project 4 and optional project 4. 5 were easy because I am familiar with JS and SQL. Project 3 was buggy, and the instructor recognized that stating that he will address that in future courses. I missed a bunch of quizzes because of poor time management, but still ended up with an A in the course. Overall the class touches upon many interesting topics and is a good second course to take with something more intense, such as ML.
Easy class with very interesting projects. Each project was very unique and needed different languages.
Course material is really interesting. Quizzes are straight from the book. Assignments are interesting too. The only drawback is the midterm and final exams. You need to read whole book to score good marks. However, Professor did mention they may remove the exams and have more assignments instead
The course was a good overview of security. Learned a good bit about software security, buffer overflows, network security and encryption. I thought the tests were just memorization, and the questions could have been a little more clear. That being said, they weren’t overly difficult. The projects were great and if you complete the projects, you’ll have a good grasp of the topics. I have a tendency to overdo the work and projects in courses - i feel it’s probably possible to spend less time.
Course material is interesting. Learn a little bit about a lot of things. Not a lot of work though, in a lot of ways it feels like an undergrad class. Each project shouldn’t take you more than an evening, exams are T/F and multiple choice. I was expecting this to be more challenging.
The projects were challenging but we were required to complete 2 out of 4 of them. There was a good amount of material, both in textbook and in the lectures. I learned quite a bit in this course.
This has been an interesting course because I’ve had an interest in security. Hopefully in the future, they reduce the weighting of the midterm/final exams, emphasize the projects, and break the projects apart a little more. Unfortunately, the quizzes and exams are essentially rote memory tests. I watched the lectures, but found the book more informative and that’s what the quizzes were largely based upon. The projects were the best part pedagogically.
The best part of this course is the projects. They are a lot of fun to do and gave a lot of details about concepts that I have heard about a lot for years. None of them were very time consuming- they were all easily accomplished on a Saturday (5-10 hours for each project). The lectures are also well done and informative. The assignments got a bit tedious- 20 assignments in the semester administered as quizzes on T-square, so more than 1 per week. They don’t take very long to do, but I didn’t feel like I learned much from any of them nor did they test my knowledge very well. They were simple true/false, multiple choice, and fill in the blank questions that basically just took a random sentence from the textbook or lecture and made it into a question. There were a few instances of the “correct” answer conflicting with other sources, or differences between the book and the lecture. The midterm was structured the same as these assignments, so it was just your ability to spit out random tidbits (mostly from the book).
All in all its a good course.
This is a good class to pair with one that is demanding of time. You will learn stuff in this class (unless you already know all of the material) and the instructors have made it enjoyable and satisfying. Put in effort and you should do fine. Don’t study and it will bite you!
This review done mid-semester. The projects in this class are the high points. They’re pretty great. The lectures are decent, and the book is fall asleep boring. The quizzes are based on the book. That said, the information is very useful, the professor and TAs are great. You’ll want to be sure you can setup a VM. A light bit of C is required in the first project. Linux knowledge is, as usual, helpful. Haven’t tackled the crypto section yet, so keep that in mind when reading this review.
Review also done mid-semester. The projects are fun and not too difficult. First project required writing a ~10 line C program and reading a ~10 line C program and exploiting it. Dont worry if you dont have any C knowedge, the C code isnt doing anything complex. Second project is simply running a program and interpreting its results, easily finished in a weekend. I didnt start on the third project (cryptology) yet but you can choose between C++, Java or Python. There is required reading and the weekly quizes and the midterm/final is based on the textbook. I never did any of the readings and got an A on every quiz and the midterm. I found most of the material to be common sense. Lectures are informative. Decent class, not my favorite so far but worth taking if you are interested in security. Probably one of the easiest classes I have taken so far (this is my 6th one).
I’m enjoying this class. It’s pretty interesting. The homeworks are basically a measure of whether you read the text or not as the answers can typically be found verbatim. The first project was a buffer overflow project which took a bit of time but wasn’t bad. The second project was running and analysing some malware. It was simple. The midterm was what you would expect from an ‘intro’ class. Overall an ideal class for someone that is busy with work and family.
This class has a strong undergrad feel to me. Heavily text-book driven and essentialy T/F, multiple choice and short answer driven with the exception of the projects. The projects are pretty good and not that much work. All in all the class is okay but I wouldn’t consider it a deep learning experience.
This review is written half way through the first semester, but so far I would consider this one of, if not the easiest class I have had so far. With that said, it is very interesting and I am learning a lot about IT security.
Class grades are based of quizes, midterm/final, and completing 2 out of 4 projects. The first 2 projects were very easy. On the first, only writing a simple C program is required (ie. can you write a program to ask for a username and a password. ) The second required no programming and was even easier. Havent gotten to the 3rd and 4th yet, but as I stated you only need to complete 2 of the 4 projects.
To complete the quizes you do have to buy (or ‘find’ online) and read the book as the questions are word for word out of it. This is a very comprehensive course covering a lot of area of IT security. I am learning a lot and am looking forward to finishing.
Writing this review just after mid term. Course is pretty easy though you need to read thru whole book to excel good score in midterm and final. 20 quizzes with 1 point each, 2 out of 4 projects needs to be done. Each project is 10 points. mid term is 25 and final will be 30 points. 5 points for class participation.
Syllabus is really good and interesting. The only point I can think of is you need to read whole book to score good points on mid term and final.
I’m writing this shortly after the mid term. So far the class has been easy and the material has been underwhelming.
The lectures for part one are very slow with lots of repitition. Definitely speed them up to 1. 5-2x as you watch. The text book is good but rather dry. Much of the first half of the course is just a formalization of things most of us already know.
It is still early but I am definitely liking the material in the 2nd half of the course better than the 1st. The lectures are faster and we are covering material with greater depth.
The projects are very nice. They are a bit challenging, require a good understanding of the concepts involved, and can be completed in a reasonable amount of time (~10-30 hours each).
The quizes and mid-term are basically regurgitations pulled verbatim out of the text at random. Quiz grades better reflect your ability to use the search function on the textbook PDF rather than an understanding of the concepts. The closed book mid-term had a median grade of 77. It is difficult not because of the material, but because the grader is looking for matches to random statements from the text book. TA’s revise grades heavily and I’m confident the overall course will be graded on a curve but if you experience grade anxiety, this course may give you heartburn.
This is one of the easier courses in the program similar to CN. There is a lot of theory with most of them being common sense material. There is a book to read which is very dry but the quiz questions come from the book. Most of the time was spent on reading the book. I don’t think the mid-term questions came from the book - they were mostly from the lectures. The projects are quite unique and interesting, but not too hard. You have the option of doing only 2 out of 4 projects. Workload is average but for the week leading up to the exams, you will have to set aside lot more time.
NOTE - This was written a few weeks after the midterm.
Quizzes are on average about 10 questions per section. The quiz questions are all either true/false, multiple guess, or fill-in-the-blank and mostly just test your ability to use Google and CTRL+F. The book material is a struggle to read through, the lectures are a bit more interesting, and the first half of the course gives you a lot of material to study for the midterm. The projects are great, but the first one can be frustrating if you’re unfamiliar with C and assembly. The second project was cool - we used Cuckoo to analyze the behaviors of cryptolocker malware, keyloggers, and other trojans.
The midterm itself was kind of a let-down. The class average was in the mid-70’s and the content was seemingly just testing your ability to regurgitate random phrases about concepts from the book and lectures, not how well you applied the content.
This course is easy for those who can read a lot, be focussed on long lectures. Assignments in form of quizzes appear every week. Projects have a gap of 3 weeks. Its doable but I did find Project 1 hard. Exams are based on whats covered in the book, lectures, slides. Feed that into your brain you can do really well. You need lots of time to read and go through the material. There is no brain-cracking stuff here. Its actually very simple. I enjoyed the content because it was really very interesting and worth knowing. I did enjoy the course, but as a first cohort student into this class, there were start-off glitches. But by now Prof. Lee and his awesome TAs have got the hang of it. Hopefully the future students will sail smooth.