Ed Spencer is currently studying for his CISSP exam, returning to college, works a full-time job, contributes to this site, and all with exemplary professionalism.
So what does he do when he wants to get a jump start on passing the CISSP?
He takes a course. But not a course like everyone else.
He takes an incredibly challenging all out information security security from a small technical college called MIT.
Below Ed shares his experience after passing the course, and how it could make him that much stronger when it comes to taking his CISSP.
Thank you for sharing Ed!
For those interested, I just wrapped up the MIT class in Cybersecurity: Technology, Application and Policy.
Here’s a short review of the class:
This is a 5-6 week course that starts fairly easy. You quickly realize that they’re about to a go a whole lot deeper than you expected though.
Week 2 was VERY deep. It covered hardware security – think electrical and computer engineering. Processor design. Then it went into Operating System design. Then application design. It was VERY rough for me. It took me a MASSIVE amount of time to work through this.
An understanding of C programming would he helpful for some of the discussions. Particularly the discussions on compiler based security issues. Trust me… they go DEEP – but are mindful of the time involved in the course – so they go deep enough for you to realize that if you were enrolled at MIT you’d be banging your head against the wall or have your face in a book 24/7. Or both. wink emoticon
They cover the basics of cryptography – but let’s just say it’s more than basics. They discuss modulus math and Boolean math. You really need to know XOR in particular because of how it applies to cryptography. This was a part of the course where it got a bit surreal for me. Ron Rivest, yes, THAT Ron Rivest, taught the cryptography section. Hint, this is the Ron Rivest of RSA Ron Rivest. wink emoticon One of the early developers of encryption and PKI into working protocols. The end of the course was on case studies. Places where the information is applied, or failed, etc.
All in all, it’s a great course, but a bit pricey at roughly $600USD.
If you have the time and money, or want the CEUs, it’s a good course. But it’s not something you can just waltz through either. It requires real effort to watch the videos, understand them, and complete. The grading is easy though…. and there isn’t any reason to not make 100%. It’s basically ‘open book’ so if you watch the videos on one screen you can answer the questions as you watch. So if you put in the time, you can pass.
Unfortunately, I didn’t get to participate in the discussions much. I was hammered with by boss being out of town and I was covering for him for 3 weeks of the course. However, the few times I did go into the discussion groups it was a lot of very talented people.
A by product of attending is membership into their LinkedIn group and a few other perks.
All in all, I recommend the course. But it’s important to understand the time demands in completing the videos and other coursework. To really get the most out of it you need to participate. If the price, time investment, and level of detail don’t scare you away – then I highly suggest it. Even if it’s just for the CEUs. smile emoticon
I want to be very clear. I’m a really smart guy. I read a lot. I study. I’ve qualified for membership to Mensa. But this course was one of the few times in my life I felt truly humbled. I thought at one point during week 2 that I was in so far over my head that quitting came to mind. I don’t have a background in C programming (though I do know some assembler and a lot of scripting). The level of detail nearly got me lost a few times so I had to stop and review. But later, I was quite glad I continued because some of material came easily to me. I’ve read Applied Cryptography so the Cryptography stuff came pretty easily until the homomorphic encryption (doing math on encrypted data without losing the encrypted data – impressive stuff!).
Doing the case studies was easy for me because it started to get into the application of security.
So, if you do opt to take the course and you feel overwhelmed, it happens. Keep plugging through. It does get easier. All in all, it was an awesome experience and a great learning opportunity. grin emoticon
My reasons for taking this course were as follows:
1. It’s friggin’ MIT baby!
2. I’m prepping for my CISSP – this seemed like a good way to jump start my process.
3. I’m about to return to college – I’m a Senior Information Security Professional and I don’t have a degree. Of any kind. From anywhere. I jokingly refer to myself as an ‘Uneducated Bum’. To advance much more in my career, that has to change. This was a chance to test myself and push myself to the next level. To refresh my knowledge and get an idea of what returning to college is going to feel like in terms of time commitment, etc.
4. The instructors for much of this course are people who are highly respected, knowledgeable, and legends in the cybersecurity community. To get a chance to learn from them – even if it’s just watching them talk about their topics on video – is downright surreal. The certificate itself is signed by Bhaskar Pant (Executive Director, MIT Professional Education), Daniela Rus (Professor & Directory, MIT Computer Science and Artificial Intelligence Laboratory), and Howard Shrobe (Principle Research Scientist, MIT Computer Science and Artificial Intelligence Laboratory).
That last name should sound familiar. He was at DARPA in the early years of the Internet/pre-internet.
My only disappointment? The certificate is a PDF. I really wish they had provided a paper certificate as well. frown emoticon