1st class taken with a 93% (I had 100s on the first 5 assignments, so the last 2 I basically did the bare minimum to secure an A)

This course is... interesting.

"You get out what you put in" is somewhat accurate. Besides 1 or 2 flags, the only way for you to get a flag is to actually learn something. Problem is, learning something can only really be done by self-study. There isn't any lectures or instruction besides links to Research Paper's (which no-one is reading let's be real).

Office hours are mostly there to poke fun at you, as the TA's are riddle master's narrowly avoiding answering any of your questions.

The ONLY way to learn anything directly from this class is those ED Discussions. Those guys are troopers pointing you to articles that will teach you what you need, but it's still quite difficult to realize what it is you're looking for.

Can't say my SWE career will really use any of this, but it was interesting. Not sure I'm the best person to write one of these as I'm grade focused not learning focused, but that being said I still managed to learn a decent bit from this (Wish I could have learned more about the TCP/IP stuff, but alas)

To be clear, this class isn't hard. I'm sure there are far more time consuming and difficult concept classes. My gripe with this class is if there was maybe a 30 minute video explaining things, the workload would really only drop to about 3 hours a week. Majority of time spent is basically research rather than studying the material.

If you are good at Ctrl+f and really know how to google specific things, I'd say about 7-8 hours a week, assuming you just want to finish the assignments.

This was my first course in the OMSCY program, and it was an extremely frustrating experience. To add some perspective for my review, I received an A for this course and have three years of experience as a security engineer working in cyber defense roles. Overall, I spent about 10-15 per project (5-7 hours a week) for this class.

==Instructors== To start, forget anything about the professor for this course. He had no interaction with the class during the semester. All teaching, grading, and office hours are handled by the TAs for this course. This makes sense in that the class is very large but some presence from the actual professor would have been nice. TAs are a mixed bag for this course. Some are very smart and clearly have a great deal of knowledge in their respective areas, most are satisfactory, and a few are so bad it absolutely ruins any good work the other TAs do. Announcements, project questions and general chatting occur in Ed Discussion and for the most part is not very helpful in that TAs rarely gave actual help, likely due to an overly strict interpretation of the OSI policy. It was a regular occurrence to see students genuinely asking for help/clarification on projects only to be put on blast by some of the TAs for not being “technical” enough. In some cases I saw I would even argue that it was borderline harassment/abusive. This toxic behavior and attitude throughout the semester was my biggest problem with the course and I cannot stress enough how much it bothered me that it was just accepted as normal behavior. If the desired outcome of this course really is a giant game of one-upmanship, then the TA team should be audited because there are zero acceptable reasons why someone who has no work experience in any information security role should be bullying others for their lack of knowledge on information security, much less serving as a subject matter expert for the course. The rationale given as to why this “approach” is done is that it’s a graduate level course with pre-defined prerequisites so it’s the individual students responsibility to have sufficient knowledge to do well in the class. In a vacuum this is a reasonable take, but the pre-requisites provided BEFORE the class lack the specific depth needed to actually prepare students for success. It’s like setting the pre-requisite for an operating systems class as “computer knowledge” and getting mad that people aren’t prepared. Providing detailed pre-requisites after the class has started serves no purpose and seems to be interjected as a scapegoat to prevent complaints.

==Projects== For this term there were seven projects, each taking about two weeks to complete. It is CTF style in that you collect flags to submit for your grade, but most projects were relatively undeveloped compared to free CTF resources available. Overall, it felt like you were paying a grand to play a game when you would have been better off studying free resources like SEED Labs, TryHackMe, etc. This course has a VM image you are supposed to use for most of the projects and it’s just an absolutely unmitigated dumpster fire. I don’t know why but they choose Lubuntu as the distro to build it off of? Its hosted somewhere that is very slow so the download time for me even on symmetrical gigabit internet was a few hours. Many students including me had issues where the Lubuntu login screen for the VM would not respond, making it impossible to interact with it unless you spun up a new instance from scratch. It’s also documented that the VM is only to be used with VirtualBox, but I never got full functionality like copy/paste until I moved it to VMWare Workstation so maybe give that a try from the start. Once you have the VM stood up and functioning, you can move on to downloading the project materials for the given project because the 10Gb image doesn’t actually contain the files need for many of the projects. For each project the tasks and instructions were posted to a Github site. Unfortunately, it was often the case that I spent more time trying to decipher exactly what was being expected in the task, than completing it. There were a lot of hours spent confused on what exactly it was asking for, followed by an aha moment and then a couple minutes of work to actually get the flag. Ed Discussion rarely had any additional insight to help clarify and often critical information such as the password for the user account to be used and grade weighting for each task was stored in inconsistent locations (Canvas, Ed Discussion, Github, etc).

Projects for the 2023 Fall term:

1. Man in the middle: Examine a pcap file to extract answers to a number of questions. Mostly decent, but the pcap file is quite large resulting in search acting inconsistently in wireshark for me making this much more difficult than it should have been. This project also has a short second part focusing on discovering hidden webpage content. The instructions describe this as directory traversal attacks when it is probably closer to manually directory busting. TAs directly contradicted OWASP several times in instruction and project discussions for this part.
2. Database security: Learn to bypass client and server-side SQL injection protections. This was alright but a bit too simplistic. If you have experience exploiting SQL injections, you’ll need to take a step back and simplify as traditional tools like Burp Suite and sqlmap won’t be helpful.
3. Malware Analysis: Review several Joe sandbox reports for various malware samples. This was a frustrating project as there is no feedback mechanism in gradescope and you only get a few submissions. Do your best the first time then pray your guess and check nets you a few more points before you run out of submissions. Second, part for this project was using machine learning to classify malware samples. I felt this part really could have been expanded. Felt like I didn’t learn much but was interesting and engaging and wish there was more.
4. API Security: Learn to exploit APIs with a provided swagger instance. Decent project but was somewhat dependent on doing the tasks in order, meaning you would have to redo work if you took a break and your VM was shutdown.
5. Cryptography: This was very clearly the toughest one given for most students. A decent understanding of certain math concepts is needed to be able to do this in a timely manner. Previous experience in an undergraduate level cryptography course was extremely helpful for me. Some issues with automatic grading timing out with no debug/feedback information. Be prepared to unnecessarily implement something in multiple ways to get it to pass the auto grader.
6. Binary Exploitation: I’d argue this is the best project of the course with the best instruction, but this would be another rough one to take on without any prior experience. Learned much from this project but unlikely to be directly useful except in other CTFs and certain offensive security or research roles.
7. Log4Shell: Nothing great, nothing terrible. Experience in certain privilege escalation techniques (overwriting files, race conditions, etc) will be helpful even though privilege escalation isn’t performed.

==Target audience and curriculum concerns== Throughout this course, it felt very confusing what the intended outcome and target audience of this course was supposed to be. In my head it made sense to think of it in terms of the three groups likely to be in this course: technical OMSCY students, OMSCS students with good computer science background and non-technical OMSCY students likely pursuing the policy track. Students with prior experience in technical information security roles will likely find this class flat and largely unhelpful. OMSCS students are probably the best served by this class in that they have the necessary background information to be able to absorb the why and how of each project and begin looking at things from an attacker perspective. From what I could gather from discussions, for students who aren’t technical in the OMSCY program this course is a terrible time and will require significant effort. From a content perspective, this class could use some changes as well. In addition to the project there are a number of optional lectures that cover the information security sphere much better than the projects alone. The issue arises in that the people who would benefit the most from this additional instruction are likely the people who are struggling with the projects. I know if I was spending 20+ hours a week on just the projects I wouldn’t want to spend any more time doing optional work.

Another concern regarding the content of the class is that there is a bias towards web security throughout the course since many of the projects focus on it. It was clear by comments made throughout the course that many TAs and students were developing a troubling attitude where web security is the only important part of security, or that security is only important for developers to pay attention to because it will prevent some security dude from pestering you about your application. Coming out of this course it became extremely apparent why we encounter software engineers telling us that a publicly available MongoDB instance hosting sensitive data without authentication is actually a SQL injection prevention measure during remediation. Ultimately, I get the importance of web security, but rarely is the initial access server or host also the system hosting the sensitive data an attacker wishes to exfiltrate or encrypt for ransomware purposes. Attackers are forced to move laterally, evaluate attack paths, and gain additional access to fully complete their job and most of that is just not covered. It would be great to see some focus on things like the cyber kill chain model, MITRE ATT&CK and Active Directory security. Additionally, while there are other classes covering the topics regarding information security policy, it would be nice to acknowledge that policy and GRC team members are extremely valuable information security professionals and that they aren’t lesser humans because of the topic of their work.

Overall, I can’t say I’d recommend this course to someone interested in information security. Unless you are in a program where you are required to take it, there are much better free resources that will teach you more with less effort.

I took this class along with GIOS. It is a perfect pair. Just projects. Definitely a good class to pair with a harder class.

This was my 1st course in the OMSCS program that started in the Fall of 2023. I wanted an easy one just to understand the format and to get familiar with OMSCS. This course is really easy and complete hands-on with project-based assignments. It is easy to get an A in this.

This course is not even a college course. The course is structured as if you are taking a certification, except, of course, this is IN FACT a college course. The instructors need to open a dictionary and look up the definition of college and certification. College is to learn, however, this class expects you already know everything and you should just be able to complete the "puzzles". If I know everything, what would be the point of enrolling in college? Are the instructors forgetting once upon a time they also didn't everything? Speaking of puzzles, there are no examinations in the course, there are projects with ambiguous instructions in the form of hints and thus results in everything being a puzzle. You need to waste time going to EdDiscussions asking for further clarification and waiting for a response in order to figure out how to progress through the projects. Did I mention there are no lectures? The instructors also are not allowed to detail how the projects work, so if you want to actually learn the meat of what you're working on, you can't. Something has to be done here. This is supposed to be a cybersecurity course, the main thing I learned from this course is security through obscurity. Make your instructions vague, don't explain how the project works, and don't provide any lectures. This will make the course harder, however, I haven't learned anything. At some point in this course, for one of the projects, you are told to look at a 20 page research paper, expect to understand all of it, and pull out an algorithm from it to create in python. If you confront the instructors about this, you are told that it's a small paper, and that they personally have read much larger papers and written some and you only needed a little snippet of information. Yet the instructions state to read the entire thing. You can use that interaction/attitude to sum up what the class is all about. Hint, it's not about you, we are students, put yourself in our shoes. If I have spent years taking and pulling apart motors its obviously very easy for me and it would be silly of me to expect a student to know how to do that simply because I did it many times before. This shouldn't even have to be explained.

The concepts of the course are very interesting, but like other reviewers have mentioned there is minimal lectures to leverage. I’d personally only watch the cryptography or the buffer overflow lectures as they were quite helpful. Otherwise I didn’t find the lectures valuable to the course.

Generally the TAs are below average in instruction and support. I’d be careful of the binary exploit project as the main TA is completely inappropriate and I’ve reported him due to his negative attitude and rude responses to students. Otherwise the TAs are ok but mostly unhelpful. I found the other students way more supportive and helpful.

It’s my first class and it was an easy A. I wouldn’t recommend it because of the lack of TA/professor support. I wish I learned more

I did my undergrad in CS and have interned at two big tech companies. This was my first OMSCS course. Here are my thoughts:

There are no exams in this course. Only projects, each in CTF style. The instructions are more like hints/riddles. This is the schedule we were given: Assignment: Release Date: Due Date: Weight: Man in the Middle August 26 September 5 13.0% Database Security September 6 September 16 13.0% Malware Analysis September 17 September 27 13.0% API Security September 28 October 8 13.0% RSA Cryptography October 9 October 22 16.0% Binary Exploitation October 23 November 5 16.0% Log4Shell November 6 November 19 16.0%

As you can see, it's about two weekends per project. Some projects are naturally harder than others. My grades were as follows: Man in the Middle 100 Database Security 100 Malware Analysis 97.5 API Security 100 Cryptography 85 Binary Exploitation 80 Log4Shell 80

It's worth noting that I only did enough to get an A, so I didn't try as much towards the end. I could generally finish all of these projects in 1 weekend (but like the WHOLE weekend morning till night). You can also space it out. Ed discussions are super helpful. If you want clear instructions, this course isn't for you. It is intentionally a ctf style class that promotes research style self learning. No lectures.

I'm a full-time SWE at big-tech (with 2 YOE), and this was my 1st OMSCS course. While the other reviews about this course are correct about this being more of a "capture the flag" kinda course that doesn't seem so graduate level or doesn't have much to offer in terms of learning, I want to highlight some other aspects here, so do give this a read.

The weekly assignments / tasks have just the right amount of difficulty to help a new student succeed easily with an A grade and get a gradual introduction to the more holistic experience that OMSCS has to offer, and also get an overview of what is expected from a part-time student. You would get a good hang of managing all your assignments, work, submitting them, participating in discussion forums, keeping regular track of communication / emails from the instructors / TAs etc. Even though this might sound lame to current students, these experiences are quite a big change for someone who is just starting out with part-time studies after many years.

Managing a full-time job along with a masters degree can be daunting, so it is only natural to find it difficult to immediately transition into a new routine after multiple years of working full-time. You would suddenly notice your weekends getting overused for coursework, and you might miss out on a lot of fun activities or social interactions.

I am glad that I took this as my first course - it didn't burn me out at all, and at the same time helped me inculcate a weekly, disciplined routine for managing coursework along with a full time job, while also leaving some time for my hobbies and indulgences, some of which I knew I might have to sacrifice in future semesters due to increased coursework.

OMSCS is a marathon, and this course was the perfect starter to smoothly transition into it and get well prepared before taking other OMSCS courses. I would totally recommend it to someone who is looking for their 1st course, and wants an experience that will help them get geared up for a long-term commitment towards getting a part-time degree, while also not drastically changing their ongoing lifestyle.

Having said that, this course can also be a viable option for experienced OMSCS students who don't really want to drop the semester, but would prefer a light course that would help them devote more time to their personal life for a bit.

P.S.: Here is a hint to help you succeed in this course and get an easy A:

• Contrary to most reviews or recommendations, try to start your weekly assignments a bit late, rather than as soon as they're posted. You'd have enough posts on the discussion forum to read through by then which will save some repetitive work from your end, and also skip experiencing modifications in the question prompt (if any) which might happen in case some students point out certain ambiguities.

Like many others, the allure of a project based course pulled me in.

However, don't let this course fool you.

If you have even a basic understanding of CS topics, and computer networking, this course likely will teach you absolutely nothing.

The hardest parts about the projects were not the concepts, they were deciphering the god awful project specs and trying to discern what "extra" stuff needs to be done in order to get points for the problems.

This often resorts to downright begging the rude and completely useless TA's for a crumb of a hint.

More often than not when you find out exactly what they want you to do, it's extremely trivial and you learn nothing from the process.

Project 1 was awesome, project 6 and project 7 were okay, the rest were outright useless.

Do not take this class, unless you want an easy A. It's a waste of $$$ and time.

Like many students, this was the first course I took to kick-off my OMS Cybersecurity journey. Honestly, this course left a bad taste in my mouth regarding the program. My biggest complaint is that this class feels less like higher education experience and more like capture the flag competition that costs you $1000 to play.

The good: All assignments are setup as projects. There are no quizzes, tests, term papers, or group projects. Also, GT has been able to scale this course up to huge class sizes, so often times projects are auto-graded (almost instantly, you'll receive a score that tells you which ones you got correct and which ones you didn't) and you have unlimited re-submissions.

The bad: There is minimal instruction. You are expected to have a somewhat deep knowledge of a wide breadth of topics. For the areas you are not well-versed in, you are expected to find the information on your own. And if you are not able to complete all tasks/goals, there no post-project debrief whereby you can actually learn and grow intellectually.

There is a lot of legacy video lectures and other information that while available on the course portal page, are not relevant to the current implementation of the course. My number one suggestion is to update the video lectures with content for each of the projects (network analysis, machine learning, cryptography, etc.). Let's face it, if you are a software engineer you are probably not well-versed in network analysis whereas if you are a network engineer you are probably not well-versed in machine learning. Sometimes not knowing what to search for can be a problem with this class.

The workload varied heavily for me. I was pretty knowledgeable regarding the first two projects, so my time per week on the first two projects was about 3-5 hours per week. On other projects, I spent 20+ hours per week and did not complete all the objectives.

Even with all its flaws, if you are an information security track student, this is probably the course you want to take first to make sure you have what it takes to complete the program. Otherwise, I recommend putting this class off for later.

Read my full review in a separate post. Thanks

https://the11d.wordpress.com/2023/08/15/my-thoughts-on-iis-omscs-review-2/

2nd paper in my OMSCS, got an A. I'm a little bit conflicted about IIS. The projects are incredible - they require the right amount of problem solving and are super engaging. Might be the best CS projects I've come across in my studies (incl. undergrad). However, the main drawback, is that there's no course plan as far as the lectures go (i.e. no guide as to which lectures to watch for each project). As such, I couldn't justify watching the lectures (which I normally like to do) as I did not know which lectures to watch for the week's project - and did not have the time to watch lectures which were not relevant to the project.

Fun course, I took it as course #2 to satisfy my Foundational Requirement. The assignments are all Capture the Flag (CTF) style, "Google it and figure it out/figure out what works" style, with some components requiring a little bit of trial and error, or some Python code (although very little, like 5-10 line functions at max). I had almost no knowledge of Information Security and that would be the ideal audience/student for this course too, because it covers a lot of breadth in multiple areas (but very little depth). Projects span various vulnerability areas around Networking, Web APIs, Binary Exploitation, Log4j, Databases etc. You'll love this course if searching and playing with details to solve problems is your jam.

Most of the assignments are really fun and engaging. Doing the assignment is like solving a puzzle. Except for the Machine Learning one, I hate it, completely pointless, the autograder will grade your submission based on how you match the indexes and column name of the data returned, which does not help students learn security nor machine learning in any shape or form. But besides this one assignment, loved this course.

Waste of money because no lectures. Most of the assignments are bullshit and you dont learn anything. Some are good. Some weeks you can do 0 hours.

I'm an OMSCS student and this was class #5 for me. I have experience working with C, C++, Python in coursework and did web development before.

In total, I averaged 6 hours/week over 16 weeks but this varied based on project. Man In the Middle and Project Malware Analysis projects took me 6-7 hours each to finish. On the other hand, ML on CLAMP took me 22 hours to finish.

I would say this class asks for you to use a lot of different skills depending on the project. The TAs were accessible and responsive in Ed and offers lots of resources and office hours. However you will need to be very proactive. For each project, I definitely had to scour the Ed threads to find any tips.

I think this class is good for someone if they are fine with googling things as needed and are comfortable with a course that is more projects-based. I got a lot of exposure to different types of security vulnerabilities. If you're not as comfortable with this setup, it might be a less pleasant experience.

If there is any extra credit, definitely do it! This allowed for me to take a lower grade in my final project and maintain my grade.

This course was okay. It had some very fun projects that opened your eyes to vulnerabilities. I'd probably recommend taking this one alone if you want to get the most out of it with an almost guaranteed A (effort required).

You'd have to be able to hammer out a few late nights during week days to get an A if you're balancing this with another class. I just couldn't give it attention every single day because of a demanding day job schedule/other class responsibilities. The schedule was 1 project every 2 weeks.

I ended up with an A in my other class and a B in this one. I could have easily made an A in this course if I would have taken it by itself and gave it the attention it deserved.

There are no lectures beneficial to the projects. A few projects had TAs that provided walkthrough YouTube videos and these were very nice and helpful. This is more of a "Google and figure out what works" type of course. Most TAs were helpful.

The only project I would warn future students of is ML on CLAMP. I haven't taken an ML course before and the learning curve for this was extremely frustrating, too demanding, and far too steep for THIS course.

TLDR: Take this one alone to get the most out of it. Be prepared to Google. Take the full 2 weeks on ML on CLAMP if you have no ML experience.

I've finished 4 classes in OMSCS: Game AI, VGD, HCI, and Intro to IS. So far, this course is the best. I had 0 experience in information security. I graduated Bachelors with an Economics degree. I still managed to get 100 on every project (except for the last one when I knew I could get an A). It's a tough class for newbies like me but it's doable.

Projects are due every two weeks. They are very well crafted. I generally spend around 24 hours on each project (3 full working days). They examine different exploits so I didn't feel like topics I learned in one project helped me in another. It's a fresh start every two weeks.

Ed Discussion was very helpful, so are the links TA provide in the doc. I read through almost everything. Use ChatGPT wisely as it's a great learning tool.

As for Machine Learning that a lot of students hated, I wasn't so against it, mainly because I knew nothing about Machine Learning. I followed the steps in the doc and did fine. Looking back I realize that the TAs only allowed one way to do it... So I guess if you learned Machine Learning before it could actually be harmful.

Overall this course is great. I recommend everyone interested in IS to take it. I learned a lot from the projects and they are fun to do.

Really enjoyed this course. All project-based, no lectures. Two weeks for each project. Most of them were both fun and stretched my brain and showed me something new. The ML one was annoying but not a big problem. I'd have liked a little more depth on some of the earlier projects, and I'm not sure how much knowledge I'll retain from capture the flag, but was a worthwhile introduction to security.

I really enjoyed this course. Took it for my foundational requirement. I had minimal knowledge in infosec, I took a course in my undergrad. It was a fun class, I enjoy more hands-on learning and this class was that. All assignments, no tests or exams. I was able to get an A, the key was to start assignments early and attend some office hours if you're having trouble.

Overall I thought this course was good. It covers a fairly broad range of topics in Security across the projects. The TAs and ED and Slack were extremely helpful. I think without one or more of those things I would have fared much worse. If you don't like to teach yourself things or learn them through research then this won't be the class for you. The projects are well-known exploits that have lots of information pertaining to them available on the internet. Due to this, you are not handed the solutions to the projects in the writeups or in a lecture somewhere. You have to be willing to use the internet as your guide. Some people don't like that fact, but I don't see it as an issue.

I think this class had lectures available but I never watched any. Having all projects for your grades was nice as I could work at my own pace and plan my effort across the two weeks it would be open.

Great course for people not already familiar with cybersecurity issues. The lectures are dry but every other part of this course is pretty sweet. It's strictly project-based, meaning that your whole grade falls on 7 projects. The projects are effectively a survey on information security, it's kinda broad but honestly, I learned so many new and interesting topics I never thought would be useful but it's extremely relevant. You learn what you'd wanna look for in your own applications.

There are definitely weeks where the course is difficult but overall this is a great class to pair with something more brutal.

This class was easy, but I did not enjoy it nor would I recommend it. I feel like I have gained 0 knowledge from this course. The projects are of varying quality as it appears that they were all designed by different TAs who don't talk to each other, some of whom are better at project design than others. The ML on CLAMP project in particular felt like it was thrown together in a single weekend by someone who wanted to put that they designed a project involving ML on their resume. This was the first semester for this iteration of the project and there were over 700 comments in ed on the 2nd flag asking for clarification. Hopefully dear future class-takers this project is redesigned for you. ML on CLAMP is such an actively bad project it takes my rating from an "eh, whatever" to "do not take".

If I can up up with something positive to say it would be that I thought that the binary exploitation project was pretty fun and has inspired me to look at info security lab as a class in the future.

If reasoning and problem solving aren't your bag, you're going to have a hard time. Otherwise, this course is really fun and not very hard or time consuming. 11/10 would do again.

It's a must take course if you want to be a hacker or want to pursue a cybersecurity career. However, most students realize that they have either no talent or no interest in cybersecurity after finishing the course. It's a good designed, project based course. Finally, it is not hard to get A grade but will have a hard time to find where to apply the skills they learn from the course. I guess that is why people complain about it. No, I don't think I can hack my bank's website with the knowledge and skills I picked up from the course, so it is useless after all...

This is my fourth course in OMSCS. Course material is varied and focuses on different areas of information security. Projects are engaging and introduce new information and skills. I especially enjoyed the CTF style projects. TAs are extremely helpful and guide students to an answer rather than just giving out answers. The "How to Ask for Help" post is helpful in this regard. All in all, a great class, I learned a lot, and I bookmarked a ton of new resources and topics to dig in further on later.

This course is by far the most useless and the worst one I have taken in the program. The TA's are so ridiculously terrible that it frustrates me to even type this. One of the TA's is the most arrogant person I have ever come across in my life. Giving ridiculous responses to students like " You're a graduate student figure it out" and so many others. The prof has ZERO involvement with the course and NONE of the lectures is correlated to projects. The projects are not taught and no materials are given you are just assigned a project and expected to figure out how to do it by yourself.

My god are the TA's bad... like I can't even explain. By far the worst course I've taken in the program. Stay away!

I'm saying what everyone's been dying to say on Ed discussion.

Wow. What a class. Took this alongside GIOS for my first semester in OMSCS and the quality of the courses couldn't be more different. This class has been a massive source of frustration and a waste of time, and I have not gained any meaningful knowledge out of it.

My main griefs with the courses:

1. Two weeks per project, no information released beforehand.

For some reason the TAs don't want to release information about projects ahead of time, even if students want to prepare (rightfully so) and gain background knowledge on the subject matter if they're missing it. This leads to possibly learning entire new skills and technologies all while trying to solve the projects. We all know cramming does not lead to any meaningful knowledge retention, and by the time the next project has released I've already forgetting everything I did. (TAs even threw out quotes like "this is basic ML this should be easy" when students were asked to fit and score models despite this being a cybersecurity course) 2. Extremely questionable quality of most of the projects.

This has been the most disappointing for me. This is a top institution that is supposed to have rigorous courses, yet I have been served content of similar quality at online community colleges such as Oakton. This is not a compliment. Many projects had "resources" that consisted of a schizophrenic list of web page links (think medium blog posts) that were vaguely related to the subject but very rarely of any direct help. It truly feels like the TAs who make these projects rely on what they already know (usually being subject matter experts or people passionate about the subject), and then as an afterthought look for "acceptable" resources. 3. Threats of plagiarism and difficulty by obscurity

TAs throughout the course loved reminding students that all code should be their own, one project even going so far as to forcing you to write your own code and only reference pseudo-code (even for basic algorithms like square-root or next prime number). It's obvious why this is the case, when most of the projects were solved by using boilerplate code with very little room for personal code style. While most of the TAs were very active, they were NOT very helpful. Since the projects are so surface level, the slightest bit of help could lead a student to an answer and this is apparently not wanted so all answers were given in the form of obscure riddles. A frequent occurrence in these projects was being mislead by vague instructions and being sent down a rabbit hole.

I found the project based format much more engaging than just listening to lectures and studying for tests. I do not come from a CS background, but I felt that none of the projects were overly difficult. Most could be completed in a weekend, say about 6-12 hours. The longest so far has been the ML project, which took about 20 hours. I haven't yet done the binary exploit or Java project.

There are no required readings and lectures, so if you do not learn well by working on projects and learning on your own, this may not be a good class for you. Overall I would recommend this course as a low stress course alongside something harder. I am taking it with GIOS and it is a good fit with that.

I found this

The course is basically a waste of time. The TAs are there to deliver a project and that's about it. The lectures are completely unrelated to any project and not useful in the slightest. The projects range from easy to simply having to debug how the TAs want the answer to be formatted instead of actually learning anything. If you have patience it should be fine but I don't have the time to waste debugging the format of answers.

Background: BS CS, SWE with 5+ YOE, 1st OMSCS course.

I really liked the class format. Most projects were fun and engaging. Despite what some reviews say, in my experience, TAs were helpful and responsive. Other students were helpful too - posting useful videos and articles in Ed discussions. Slack is super active, I highly recommend using it. People from a CS background will do just fine.

The course is not that bad! TAs are the ones making it bad. They are clearly there just to monitor students and ensure no one is getting any help from other students. They won't answer any questions! They were honestly so unhelpful - there are no lectures to even help students know the concepts. It is a practical course with zero coverage of theory. There is no interaction with anyone except for the 1-hour office hour for each project (sometimes 2).

My bachelor's degree is in electrical engineering, and I started my career as a control systems engineer then moving to industrial cybersecurity (7 years' experience). I have many cyber related certificates but don't have any programming experience. All I had was a Udemy python course. You can succeed in the class by knowing how to use Google and lookup things on the web.

Don't go into the course expecting someone to actually teach you anything, the class is designed to weed non-technical students out. Be active on ED Discussions and put the self-learner hat on and you'll be fine.

The most difficult project for me is the first one, capture the flag (Stack overflow, etc.) because I have never liked assembly.

I finished the course with a solid A and if I could do it, you sure can!!

This is a fun and interesting survey style course on security that introduces students to variety of security domains through well-crafted projects. There were 7 projects, with quizzes accompanying some of them and each project covers a different security application. Regarding the difficulty of each project, I found that everything required can be covered easily within the two weeks allotted. Ed discussion and slack are lively, and clues can be picked up there easily. The learning from each project depends on the effort you put in. You can easily look up the tasks online and solve the puzzle, but you can also choose to really learn about the relevant topics by reading the resources (book) provided in Syllabus page. Personally, I had the necessary background for only the C/ASM first project so that one went smoothly, but I still learned a few things. I did not know anything at all about the other project topics and I would still rate them as fairly easy, even the ML on CLAMP project which most everyone hated. Finally, I would rate the course as extremely easy, provided that the format remains same for future offerings.

We are the first class to experience the revamped version of the class that is 100% graded on projects. There were no quizzes or exams.

I liked this approach, but felt like the course could be improved with a selection of pertinent readings that provide a WHY/background for the projects.

I think some people felt unsupported because you’re basically given an assignment spec and maybe (not always) some links to some resources. There was also no debrief on assignments, so if you didn’t “get it” yourself, you really wouldn’t ever get it.

If you come from a CS background (like me), you will do just fine and likely find the course easy and non-time-consuming. But if you’re pivoting from some other field and don’t have the equivalent background knowledge, I definitely recommend joining a study group where you can share and discuss resources that are helpful for the projects (not answers! ;) )

If you come from a CS background, join those study groups and help folks out! It’ll reinforce your own knowledge and make others feel included and supported.

I liked this class. I'm about halfway through OMSCS and paired this with another class. This is apparently the first time the class has been 100% assignments (i.e. the only thing that counts towards your grade are the biweekly assignments. The assignments are varied but all interesting and fun in their own ways. Except the ML assignment, I thought that one was garbage.

5th class in the program and my favorite thus far honestly. I have zero security background and found it to be really fun, engaging, and enjoyable (besides the ML project, that one wasn't the best). The breadth of the class is fantastic and a great way to see if you want to explore the topics more in depth in future classes. Slack/Ed Discussion helped a ton and I felt like each project was a fun, challenging puzzle that was never trivial but never frustrating either.

Think it would be a great first course or a relatively stress-free second course for those doubling up. Can't recommend it enough unless you're well-versed in the topic or a genius looking to have their face melted off by something more challenging.

Just finished the last project, on track to get an A. I have no comp-sci background but this is my last course in the program. No pressure from quizzes and exams, only 7 programming assignments, all on gradescope except the last one. Assigments usually target at finding vulnerbilities in a program, most are like brain twister questions and once you "click", the exploitation code is very trivial. Each assignment has a two week window in a fall semester, most of which can be done within 10 hours. The first one is the most difficult imo, as it requires knowledge of x86 ASM and C. Took me around 15 hours without getting the extra credit. Overall it's an easy course, the assignments are fun, but I don't feel like I learnt much. Won't recommend for anyone with a cybersecurity background.

I gave it 4 hours a week workload, which is generous at best. most of the two week assignments only took me a couple hours. Didnt get very much, if anything out of the course.

Its good for an easy A but not if you want to learn stuff.

Overall it is easy A with no gain. Even thought the professor's lectures are great, the TAs ruin the course. Especially, one TA is extremely arrogant.

This is my first class with OMSCS with a non-CS background. This class has been revamped this semester and has no quizzes and exams. Projects are 100% of your grade and are very diverse. The breadth of the class is amazing and you get learn from many different areas (network, CTF, ML... etc). These projects are cleverly designed and challenging and the TA(s) are active and helpful. Some projects can use some improvement, but overall I highly recommend this class to get exposure to different aspects of security.

Note: the ML project really got a lot of hate because people weren't expecting ML in a security class. I understand some of the frustrations, but the project instructions did a really good job guiding and teaching the concepts and you are just applying them with minor tweak. Having no ML experience, I was able to complete 100% of the project. I would take the negative comments on the ML portion with a grain of salt.

I took this course in Fall2019. This was the only course that gave me a "B". Don't get me wrong. I kinda enjoy the course materials. I got ~100 for all of the labs (except last one) and ~90 for all the quizzes and exams. Why did I get a B? Because the TAs just wouldn't be flexible enough to accept my correct answer for lab4 on the VM. And I was traveling in China so had to negotiate with them through VPN... I gave up in the end...

I came across this quote (https://ctfd.io/whats-a-ctf/) when doing Project 1:

"Capture The Flags ... can be a little hard. You definitely won't be spoon-fed. You'll probably get stuck at some point. But if you stick with it, you'll learn more about computers than you ever thought possible."

I think that is not only a great description of the Information Security (IIS) CS-6035 course, but of the whole OMSCS program! It is what makes IIS a great course to do. And it is a good first course for new OMSCS students (if you have the right expectations).

Let's tease this out a bit...

First, the breadth of the IIS course is amazing. The projects will get you hands-on with the following technologies: c-development, assembly, gdb, hypervisors, JSONPath, machine learning, python, PHP, REST, HTML, and JavaScript. And, oh yeah - almost forgot, you also learn about cryptography and security.

Second, you will probably get stuck. Do NOT be fooled into thinking the projects are easy. If you've got a background in a project then, yeah, it can go quite smoothly. But your background probably does not cover all four of the projects. So expect to struggle! You never write more than 10 lines of code for any sub-part of a project, but those 10 lines could take you 5 minutes or 5 days.

Third, you won't be spoon-fed. One week into the course, when we started the "Capture the Flag" project, students were required to be reading assembly code and interpreting register values. This shocked a lot of students who were expecting an easier warm-up. Our summer course had about 800 students (the fall / spring course are supposed to be around 1,000 students) but less than half of the students submitted project 1 for grading. The TA's and the other students are all there to help and are cheering you on, but you've got to do the work yourself.

Unfortunately, the nature of hacking means that you suffer many-many more failures than successes. So doing a project can often feel like banging your head against the wall. And the coded solution is so short that it is very hard for the TA's to give you hints. But the good news is that you will eventually crack each project if you've got enough time and enough block-headed-grit (this is what I meant earlier about having the right expectations). Don't give up!

Finally, let's talk about the course content. The lectures are uncommonly boring. The lecture quizzes are definitely worth doing, but you could honestly skip all of the videos. You can find much better resources online that can bring the material to life. The courses are now run exclusively by TA's (no professors) and the TA's have long forgotten what the videos precisely cover. So when setting graded quizzes and exams, the TA's will just look at the topic headings and make a gut-feel assessment of what you should know.

The graded quizzes and exams are multiple-choice (no re-grading requests). The TA's are not trying to trick you, but only a true expert would be able to eliminate all incorrect multiple-choice answers. That means it is hard to do well in the exams. One TA told us that he got 65/100 on his exam when he took the course (about average at the time though I believe the average is going up). The TA's emphasize that this is a project-based course and not to stress the exams. But there is a hard 90% cutoff if you want an A in the course. That effectively means your projects have got to be perfect.

My background: 6 years working in tech, CS undergrad w/ math minor, lots of hobbyist experience with networking and Linux.

This was my first OMSCS course and a good course overall. The projects were interesting even if some of the writeups were a bit unclear in their instructions. Some of the quizzes and exam questions were confusingly worded and seemed to be designed to confuse rather than evaluate but if you read the chapters for each assessment you shouldn't have a hard time scoring >80% on them.

My previous experience certainly helped with the projects but the resources to figure them out are out there. The TAs were a huge help on Slack and on Ed.

My advice if you're considering this course is to get started on each project as soon as it opens and attend or watch the recorded office hours. Keep an eye out on Ed and Slack for any clarifications from TAs and you should be able to get an A in this course.

Decent course, learned a decent amount. I think that this course wasn't particularly hard, however some of the mathematical concepts are a bit hard compared to other "easy" courses. Also there's a lot of info in this course because it is a general introduction to information security.

The projects are generally well thought out and I learned a lot from them. Project 3 was the most difficult in my opinion, but again I learned a lot. All of the projects take a bit of time, but none of them are crazy difficult.

No major issues for this class, but I will say that the class covers a large breadth of information considering it's an intro class. That can make studying for exams a bit more difficult.

Good experience all around, I would recommend it especially for people who know nothing about IS, like myself.

Took this class having prior work experience and classroom experience in cyber looking to ease my way into OMSCS. Felt like they did a really good job with the projects and covering multiple topics.

TA's were great and active on Ed and Slack which was helpful.

Overall I enjoyed the class. It seems there were a vocal group of individuals who felt certain changes/questions were confusing but if you just pay attention to the Ed board and leverage the textbook you should be good.

I'd recommend this class!

Overall I enjoyed the course, which covers Computing Security issues from C stack overflows all the way up to website XSS and CSRF attacks.

Textbook was published in 2017 and it shows; it talks about things like IoT and ECDSA cryptography as "new", and still talks about RC4 as a valid cipherset.

Lectures were clear to understand and very visually oriented.

The assignments were varied and challenging.

The TAs and IAs that I engaged with were helpful, especially if you were asking something that wasn't actually in the syllabus (pro tip: it probably is in there..). I freaked myself out on learning Python before the course, and you do need that, but a good understanding of Javascript is a really good idea too. I set 8 hours of work/week, but as others have said it varies depending on the project going on at the time. I barely looked at the book or the lectures during Project 4, which was probably a mistake.

You will need a way to run virtual machines somehow in order to complete this course. My windows based laptop was fine running virtual box; M1-based Mac users had a bad time, anecdotally.

I thought the assignments were interesting. The text book could be quite dry, although it's worth reading. The lectures are pretty high-level and you won't understand things deeply (e.g., encryption) unless you read the textbook a couple of times. The material on cryptography and web security were the best parts. Although this course has a reputation for being pretty easy, I found it was a bit tougher than advertised. I had to put in a fair number of hours to complete the assignments, particularly #4 (note that I rated the workload at 10 hrs/week, but that's because I put in a lot of hours when an assignment was due, and did little work some other weeks). I think if you've done web development, you would find project #4 easy, but Javascript was new to me so I had to learn that on the fly. Note, also, that the assignments are sometimes puzzles that you need to solve. So while you may put in some hours to complete a SQL injection attack, it's possible that you won't figure it out. I got close to 100% on all assignments, so I'm not saying it's that difficult, but it took me a while to solve some of the tasks and I could imagine running out of time and just settling for a lower score.

I lost major portion of my marks in reports and exams. Lectures and textbook are dry. Rote memorization is required for exams which I hate. There are projects where we have to do guesswork. I disliked this course because no matter how much effort you put in, it is not easy to get an A. For reports marks are reduced for little little things. Learned something about security but it wasn't worth it. I will not recommend this course.

I took this class after GIOS and together with HPCA.

Strategy when taking as a second course (minimal effort):

• Do great on the projects. It is doable but involves some frustration. Also, be detailed in the writeup + include some references to avoid losing easy points.
  • I found project 1 well described and I consider this the most fun project.
  • Project 2 is extremely wired. 90% of the grade are just grepping through some malware report files for keywords (took me like 2.5 hours total, but I heard others spent way more?). Tipp: do not overthink + read the posts in Ed. The frustrating part is that the 10% rest of the grade is 90% of the work. It's reading a fairly complicated machine learning paper (for someone without any machine learning background) and mindlessly tuning the parameters of a malware analysis tool until it gives you the right numbers. In addition, you have to write a lengthy report answering questions on the paper + how you tuned the tool's parameters. Again, do not overthink it, I did not give them a reason, but just in detail described the random parameters I tuned until it worked (idk why it worked at all). If you feel lazy, only do the first part.
  • Project 3 was by far the hardest. For me with little math background, understanding the math behind RSA was not trivial. You really need to understand the math in order to come up with the programmatic solutions, as you need to implement mathematical algorithms to solve the tasks. Took 1 - 2 days for the math + > 15 hours for the programming part.
  • Project 4 was not too bad, but you won't learn anything useful if you have seen JS, PHP + HTML before. Much easier for me than Project 3, but can be tricky.
• Do not study for the quizzes. I did that once and regretted it. You have an hour - all solutions are word for word in the textbook or you can use google.
• For the midterm, only use the lectures + knowledge from the projects to study. Knowing the details from the book was a waste of time (that's why I did not touch it anymore). I read the papers in detail and that was also unnecessary.
• The final counts also just 5% and has again a ridiculous amount of theory (based on the book chapters) that makes it not justifiable to study for. I did not study any theory since the midterm and do not have to take the final exam as it does not change my grade (nice, so much time saved).

Overall, the theory was extremely dry. It is so dry that I had a hard time motivating myself to study for it. The only useful theory for me was obtained from projects 1 and 3.

I got an A due to scoring well on projects and knowing how to use CTRF+F and google during the quizzes.

My Background

This was my first semester in the OMSCS program. I am a software engineer with ~2 years of experience.

Pros

• Great to take as a first course in the program. The TAs are supportive and accommodating, especially for folks who are new to the program.
• The course content is quite diverse, with a range of topics being covered during the semester. You will get a good idea about a lot of topics, which are relevant in today's world.
• A huge positive is the emphasis on projects that make up nearly the entire grade (80%), whereas the exams contribute only 10% to the final grade. The quizzes are open book & open internet, and fair in terms of the questions asked. The projects are well structured by and large, and for the most part, completing a project successfully leaves you feeling like you've learned something cool. None of the projects are extremely difficult, and putting in a decent amount of effort can secure you a B at the minimum.
• Evaluations are fair and regrade requests are made available.

Cons

• Lectures and the textbook can be a bit dry.
• Project 2 on Malware Analysis feels like it moves off on a tangent, and instead of potentially learning something cool about the topic, you are focusing on other aspects just to make sure the grade does not take a hit. Furthermore, there was a lot of confusion regarding some of the instructions that seemed to affect a fair share of students.

Tips

Stay ahead of the deadlines and start early on the projects, especially if you don't have the pre-requisite knowledge when it comes to basic computer science concepts (not a CS undergrad basically). As long as you put in some amount of work regularly, you can coast through the course and do well. (I was able to travel a couple of times during the semester).

The office hours are recorded and are a good reference when stuck on something during a project. Questions are generally received positively on the Ed platform, and the TAs do their level best to help within their constraints.

This was my first class ever so I think it was hard adjusting which is why I am putting medium difficulty. This semester they decided to try accelerate the course and finish a month early to see if there was room for a 5th project. This made it very stressful.

The projects were not very clear to me what was needed which made things difficult. The projects also kind of felt like I would either fail if I didn't totally get it or get 100 if I did. This makes things easy to grade but I was always really stressed out while trying to figure out what I needed to do.

Overall I think the class was graded fairly. The TA's weren't the nicest. I got an A but writing this review a semester later I am not sure how much I actually ended up taking from the class.

Overview

My background is non-CS undergrad, and I just started a SWE job, but have been programming on the side for many years. I am on pace for a B in this course, so even though I found this course easy overall, it was more due to lack of interest and effort on my part in not getting an A. I didn't learn much even though I passed the coding portions of the projects, and I regret taking this course.

Lectures / Book

The video lectures are very surface-level and also boring. Admittedly I only watched the first few lectures done by Professor Ahamad and stopped listening after one of the TA's in Slack said he just focused on the book after the first few lectures. Perhaps Professor Lee's lectures were better. The textbook is a better source for detail, but I didn't enjoy the book much either.

Projects

The project instructions were not well-written and sometimes were a little unclear. For each project, you get a 10+ page document with paragraphs of information, but the instructions oftentimes do not clearly spell out the objectives of the project. You have to decipher the task goals in many cases.

If you ask a question on Slack or Ed Discussion, they warn you of "giving too much away." After a project was completely over and graded, I asked for clarity on one of the questions we had to answer in the write-up, providing my reasoning for an answer. One of the TA's gave an explanation that was unrelated to the specific issue of the question, and brushed me aside saying that we can't discuss further in a public forum. So even as a student wanting to learn why I got something wrong and to promote discussion and learning, I was not given an explanation and I still don't know the answer.

There were several mistakes in the execution of the projects, and the corrections were only made known on Ed Discussion via pinned posts. The mistakes included incorrect wording in the projects, and more severe were incorrect mappings of files you had to analyze in project 2. After a week during project 2, the TA's released a brand new VM containing files that were correct because the prior VM contained incorrect files. I had put in quite some time into project 2 prior to the new VM being released so it was very frustrating, as I had asked specifically if the mapping was correct on Slack while I was using the first VM.

Various other essential details were only discussed in Ed or in the office hours. So you have to be vigilant in keeping up with the Ed posts and in attending office hours for details not explained at all in the written instructions.

Quizzes / Exams

There are four quizzes that are open book and notes. As other reviews have stated, Ctrl + F your way to success. Each quiz counts for 2.5% totaling 10% of your grade.

There are two exams (midterm and final), and each counts for just 5% of your grade. The exams are fair but they do test some minutiae, so you would have to study quite a bit to get good marks here.

I liked the lower weight of the exams, as it makes the course project-focused. However this area does count for 20% of your overall grade, so you need to perform decently well.

Grades

There is no curve, so you have to score 90% or higher to get an A. Due to the lower weighting of the quizzes and exams, I thought going into this course that I'd be fine. I figured if I got 90%+ on the quizzes and just 60% on the exams, I'd still be in good position if I did well on the projects. The problem with grading on the projects is the TA's will nit-pick your write up. Projects 3 and 4 require you to submit code to an autograder as well as submit a JDF formatted write up. Even if you score 100% on the autograder for the coding portion, the written portion of the assignment may cut your grade down to 90% or less. Then you may not end up with an A comfortably. You might be firmly in B territory. There is an optional extra credit assignment tacked onto project 1 worth 2.5%. This will help if you're at a borderline score.

Conclusion

I do not recommend taking this course. Hacking seems like a fun topic that could be done well, but the nature of this course makes the learning environment not interesting or informative. As mentioned previously, I am walking away from this course with little knowledge gained. The course is however easy. I only put in on average 5 hours/week. When a project was released, I put in around 20-25 hours/week for each, but other weeks during the course, I put in 0-3 hours/week. On balance it averaged to not much work during the semester. FWIW I got an A without the curve in GIOS during my first semester, and I consider that a great class.

This course is pretty interesting. I'd recommend taking this course first for the OMS-Cybersecurity program as it has more of a survey of topics for the whole program, and you'll get an idea of how you might do in later courses. You will be interacting with TAs exclusively with the professor having a seemingly hands-off approach to the course, but the TAs are knowledgeable and helpful. They are mindful of hosting Office Hours to answer questions as well as responding to questions in Ed Discussion.

The projects are interesting, but they can take a lot of time if you're not familiar with the concepts. Start on the projects as soon as possible to make sure you complete them in time. You will be doing research for the projects to apply the concepts from the textbook and lectures, so don't rely solely on the lectures and textbook--again, make sure you get your assignments started early so you don't run out of time as late penalties can hurt your grade. Let me also stress this point: "research" doesn't mean cutting and pasting from StackOverflow. You must cite your sources--for both write-ups and code--so you don't get hit with plagiarism accusations.

As for the grade breakdown, most of your grade comes from the four projects (worth 20% each) that cover stack overflows, malware, cryptography, and web exploits--programming knowledge is required for the first, third, and fourth projects. The other parts of your grade will come from 4 open-book quizzes (worth 2.5% each) and 2 closed-book exams (worth 5% each). Make sure to read the questions carefully--it seems like the TAs want to make sure you're paying attention to details.

This is one of those classes where it doesn't feel like you're paying for anything. The teaching staff is utterly unhelpful, the projects are easy but onerous, the quizzes are unrelated to the lecture content, etc. You'll spend (at least I did) more than 50% of your time trying to follow the hyper-finicky instructions for each assignment — every other line of every single project description is a highlighted, all-caps warning, in the vein of "YOU MUST SUBMIT THIS FILE HERE AND THAT FILE THERE AND FOLLOW THESE EXACT NAMING CONVENTIONS OR YOU'LL RECEIVE A ZERO FOR THE COURSE." It's all very infantilizing, presumably because no one will ever even glance at the work you've done (and the autograder doesn't know better). The material's interesting enough, but I recommend just watching the freely-available lecture videos and saving yourself the headache.

Some intro courses like GIOS have much better projects, are better organized, and have visible, helpful teaching staff that actually care about learning outcomes. Take one of those. The only semi-positive thing I can say about IIS is that it's not a particularly challenging class, so if that's all you're looking for, have at it.

This is my first class in the program and I enjoyed it. It is a project heavy course so if you do well on the projects, then you'll pass. The TA's try to be helpful, but a lot of the time the only answer they give is to re-read the writeup or other material. It's also hard to give the workload because some weeks I contributed 0 hours and others were close to 20. My biggest complaint is that a lot of the deliverables for the projects are sort of gotcha's in a sense. For example, there was a machine learning aspect to one of the projects that really comes out of no where and the description of what is needed was very vague. So you end up spending a lot of time on a project figuring out what they're really asking for and unless you have the "aha" moment, then you might not deliver the completed project.

Ok class, pretty easy material. I would not call this a graduate level class though.

Great course and I never blame the TAs for being mean. The students they are admitting into these programs are not qualified and need to be taken down a notch otherwise the whole program will be a joke.

I'm really liking this class so far. The only thing I EXTREMELY dislike, hate and loath are the smart ass TAs. They get hostile for a simple question like "when are quiz grades coming out?" If you're busy grading them, then sorry for annoying you. It's been two weeks, a simple update would be fine even if it's just "we're back logged". Fucking assholes need to check themselves before mouthing off.

There’s a couple things that I don’t think other reviewers get across very well.

First, this class is not an easy class. I think it gets the reputation of an easy class because it’s easier than other classes in the program. The reported difficulty is relative, not absolute.

Second, the class has peaks and valleys in terms of time commitment. There was weeks where I would do almost nothing (after project 4), then there was weeks where I was working on a project for 20-30 hours.

Now to the projects. First project involved debugging some C and understanding buffer overflow attacks, registers, call stack and how to debug with GDB. This project can be a bit frustrating because it’s like finding a needle in a haystack.

Second project was malware analysis. Even though I got the worst grade on this project out of all the projects it’s honestly the easiest. No programming, just analyzing some output. Best advice I can give is don’t overthink your answers.

Third project is by far the hardest and most time consuming. I can see a lot of people dropping the class because of project #1 and this third project. You not only have to know Python, but you should know at a high level how encryption works and how to attack encryption vulnerabilities. There’s some semi-complicated math involved as well that you need to know.

Fourth project was pretty easy. It will be especially easy for you if you know JavaScript and web development in general. Your just doing some exploits like XSS and SQL injection. You don’t have to write PHP but you should be able to at least read it and understand what the code is doing.

Quizzes are stupid easy and there’s no reason why you should get less than 90% on all of them.

Mid term and final are kind of hard but don’t sweat it because they are not worth much.

Overall, I’m pretty neutral on the course. There was some cool things that I learned and I liked some of the projects. There were some tedious moments and some “gotcha” scenarios in the projects that I didn’t like. I got an A in the class but I had to do the extra credit in order to get me over that 90% threshold.

For starters make sure that you have a good grasp on Python, C, Intel Architecture, DOM, and how RSA works. These will be important for your Projects.
So, two of the projects were very good as each step in the project took you to the next step. Two of them were much harder consisting of different objects for parts of the project. It felt like during those projects you were not building on what you learned but having to attack it from the beginning.
The Quizes were open book, and the answers are all right in there, I would make sure you read each one carefully as there may be a single word choice that changes the answer.
The exams were very hard to study for and I would say 50% are from the projects and 50% were the book and lecture. My mistake on the second exam was not to really review the projects completely.

Most importantly the Projects are 80% of the entire grade so it is critical to get as many points as possible here. Make sure when you upload your files you upload the correct ones, I made a mistake on Project 4 and lost 15 points out of 100 because of it, Luckly I recovered but learn from my mistake, after you upload double check that it's the file you wanted.

Background

• B.S. in Computer Engineering from a state school
• 9th class in the program
• Software Engineer

If you have a somewhat similar background, this class is pretty easy. A few tips from my experience with the class:

• Don't buy/rent the physical copy of the textbook despite what the TAs tell you (oh the pages might be different, you won't get the latest, etc.). You will waste your money if you do. You only need the book for quizzes and the older PDF version of it that can be found only has everything you need to do the quizzes
• Try to get > 90 for all the projects, they account for the bulk of the grades
• TAs are helpful if you know how to play along with their troll games on Slack
• Some of the TAs are very against Python. One, in particular, said something along the line that anyone with a brain won't run Python on the server. Uhh, so the engineers from Instagram, Reddit, Dropbox, etc. are dumb? Gimme a break
• Exams are OK. If you do the projects and understand them, you will do well on at least the last 1/3 of each exam. The first 2/3 is rote memorization. They are only 10% of your grades so don't spend too much time studying.

Easy class, easy to get an A. The good part is that this course verifies who is really passionate about computer science and cybersecurity. If you struggle with this class, it wont get easier later in the program.

Easy class but I did not like it at all even though I got a high A.

The projects are worth 80% of your grade, which sounds stress-free at first. The problem is that the instructions are so messy that messing up on something can easily happen, and this could mean losing an entire letter grade given they are worth 20% each. Some instructions are on a page of the pdf, some at the end or beginning, some on edx and some on canvas. Oh, you did not read the post on edX saying that for section 2.1.4 you had to do x thing? Too bad, here goes 4-7 points off from your final grade. As such the stress of this class comes from making sure you did not misread something by going thorugh the instructions and retracing your steps multiple times. To make matters worse TAs barely answer any questions on edX, and when they do they often give vague answers as if I am expected to somehow keep track of all the places where instructions are and also understand them perfectly.

The projects are Ok in difficulty but pretty much all of them had an "a-ha" moment where you had to think outside the box and figure things out which I found very tedious and boring. A lot of students got stuck in these portions and spent tons of hours figuring them out. The projects also are super spread out tech wise which may be intimidating to some people. There is one about c memory programming which uses gdb, another one where you have to have solid foundations on javascript php and sql, another one about heavy math and modular arithmetic, and another one about reading malware analysis and machine learning for some reason.

If there is anything I took from this class is that hacking is boring as hell.

My original, long form review errored out on submission. So instead here's the elevator pitch review instead as it doesn't say much that nobody else hasn't said before.

This was my first course. I enjoyed it a lot and highly recommend it as a good first course for new OMSCS students. Definitely easier if you have a CS background.

Projects are the best part. Exams are barely worth studying for if you did well on the projects. Quizzes are Ctrl-F to success. Textbook is drier than the Atacama desert and has minimal relevance to the projects.

Watch the office hours recordings, they're full of gold.

Fall 2021 was very busy for the first half of the semester as it was supposed to run on the summer schedule. I was probably doing 18-20 hours per week. The second half was far more relaxed at more like 8-12 hours per week as the schedule went back to that of a normal semester.

I overdid it on this course timewise as I wanted to do well. I also did all the readings and am a slow reader. I got an A, I could probably have done so for 20% less effort, but I'm happy with how I did.

This is my first course in the program so I don't have any benchmarks to pit my ratings against. Overall, I liked the course.

Pros:

1. TAs: The TAs were just fabulous. Very helpful and tending to each and every query in Ed. They ran the course really well. Since this was my first course, I am not sure if this is the norm (i hope so).
2. Assignments: I liked all of them except the second one which was a bit tedious. They challenge you sufficiently and at the end of it, you come out learning some new things.

Cons:

1. Lecture videos: For the most part, lecture videos were wishy-washy. They skim over the topic like a breeze.
2. Too much reliance on the textbook: As the lectures lacked strength, combined with the fact that they don't cover all materials required for exams, courses, make you too reliant on the text.
3. Zero faculty presence: Like literally zero.

tl;dr: This was a nice first course to get into the waters. I wouldn't "highly" recommend it, but you can take it, you'll learn something useful.

This was my first course in OMSCS and I have a CS undergrad degree.

For someone with a prior CS degree this will be an easy course. The course gives a nice introduction to the world of information security. If you have no prior experience with security, then I recommend taking this course. This course covers a lot of topics and domains in information security. It covers the breadth of topics but doesn't go too deep into any of them.

The lectures for this course are pretty high level at times and doesn't go too much into details. You have to read the textbook to get a deeper understanding of the topics.

Projects are the best part of this course. They have some really cool and fun projects. Buffer overflows, Malware analysis, cracking RSA, XSS, CSRF, etc. Projects require you to do a bit of research on your own. All projects are pretty easy but require you do a bit of extra research and thinking as they aren't straightforward. All projects are enjoyable and you'll learn something new once you've finished it.

Quizzes and exams are easy too. Quizzes are open book and the questions are very direct and picked from the book, hence its basically free points. Exams are harder than quizzes, closed book and cover more content and have application based questions (which is nice).

The IAs and TAs of this class are excellent. They were very active on Ed and Slack and responded to all questions on time. They were also helpful and gave hints for people who were stuck on projects. They were well organized w.r.t class logistics. They held Office Hours for all projects and exams. Grading was very fair. All the project documents were very detailed, accurate and crystal clear. Kudos to them for that.

Prof. Lee wasn't involved in the class apart from holding a single OH. This was disappointing as I expected more interaction with him.

Overall this is a good and easy class. I'd recommend taking this class in the summer as the workload is ideal for it. This class can also be paired with another class in Spring/Fall semesters.

Designed to Weed out Students. Spent most of the time searching for code on the internet, and going down rabbit holes. Some of the projects were cool but it was very frustrating with out any satisfaction on why the solution worked. No protocol to review answers after projects/quizes to allow students to learn from their mistakes.

Class content was honestly very interesting. The projects in this were relatively well designed and touched on a TON of really cool topics that I've always wanted to know about. We did some blockchain stuff, some RSA stuff, some code injection and other web stuff. Fantastic.

However, there were a ton of sticking points in the projects, and in a course fully online, with no one to talk to, it is really hard to push through. The instructors only made it worse by basically answering every question with "just google it" on topics that are very hard to figure out what to google and then saying things like "if you can't handle this class, you should consider if doing a masters is for you" to students. The other review saying that students wanted to be spoonfed answers is wrong. In fact, there was a student on almost every thread of frustrated students commenting "yeah well i found the answer just fine" as though that matters or helps lol.

I personally got through all of the projects except one (for which i wasn't able to optimize my ML algorithm enough in time) with only 1 or 2 days of moderate work, but had individual moments of extreme frustration. A minimal amount of help is reasonable to ask for.

Additionally, the questions for quizzes and exams are unclear and poorly worded. The TAs would release "study guides" for the exams (lists of like 10 topics, basically just the names of lectures, zero study material), but also stated that they "reserve the right" to include stuff in the exam that's not on the guides "in order to separate A students from B students" which is ridiculous. Felt like a lot of the questions were trying to trick me. One of the questions was "what is the best way to ___" and the answer was "all of the above". Pretty sure the instructors said stuff like "we're trying to test concepts, not memorization" and "we're not trying to trick you" in office hours for the exam, and then put memorizing acronyms and weirdly worded questions in the quizzes and exams. I got a 50% on the first exam but I'm still probably going to get an A because they're underweighted, and I did well on the projects and okay on the quizzes....

Some of the lectures are unwatchable due to just explaining how different standards order data differently and stuff with zero motivation at all....

I would strongly, STRONGLY recommend this class if it weren't for that stuff. The projects were truly awesome to go through

You can give some consideration to this course if you need to fill in an elective. You will learn something if you don't know much about Information Security. There is some programming in C, Python, and Javascript -- but nothing you can't handle if you have some idea about coding. Unless you hate PHP like I did, in which case you will hate the final project. There is a fair bit of forensics and digging around logs and program outputs which may seem detail-focused and thankless but it's not that bad. The course load is fine as well. Most of the weightage is on projects and open book quizzes. Closed book exams only account for 20% of grades, which is great.

I agree with the criticism that the TA's are mostly grammar and font police. Not sure why they suck so much in this course versus others, but they do. Chopping points for "Improper Formats" and even penalizing with negative points. I cannot believe these folks pass judgments on whether other students deserve to be in a grad program! Actually, this is an epidemic that has impacted many courses. Its less emphasis on content and more around formats and fonts. I think these aspiring bureaucrats would make a glorious addition to the local DMV.

This course is more an exercise in reading instructions and learning how to cite stuff. Here I thought I was gonna learn CS, not how to get papers in perfect JDF format with IEEE or APA citations among other BS. Incredibly useful skill, especially considering the demographics of OMSCS students. Hot tip - most of us work full-time and aren't looking to get a PhD. Can you make the standards for a citation a little less intensive? Not sure why they haven't figured out how to make the assignments more rigorous and less administrative. You'll waste at least 2 hours per assignment just making sure everything is in the right format and that your works cited is in order.

Each assignment feels like a chore to slog through. Little to no guidance is provided and you're expected to google stuff to finish them. That shouldn't be an issue under normal circumstances, but this isn't a normal class. Example: assignment 3, class wasn't told which algorithms to use, but were expected to google to figure out. No biggie right? Wrong. Had to find and cite pseudocode for those specific algorithms, otherwise couldn't use them or had to implement them from scratch somehow, even if you knew which algorithm to use. You might find implemented code that works perfectly, but you wouldn't be able to submit it unless the source was pseudocode.

Every time you submit an assignment, it feels like you just have to roll the dice and pray that the grader doesn't think you plagiarized something, even if it's cited. Oh yea, don't expect to get grades back in a timely fashion for the most basic autograded things. 10 question multiple choice quizzes takes 2+ weeks to figure out apparently.

Also which idiot decided to make each project only 2 weeks long? We're through all 4 of the projects as of tonight and 92.5% of our grades have already been accounted for. It's not even November. This is the best schedule that a staff of 10+ was able to figure out? Hot tip my genius TAs / instructors: projects 3 and 4 take way more time so give your students an extra week for those. Another hot tip - why are the exams only 5% each? They're hard enough that you need to study at least 5+ hours to do well on them but they're worth so little that it doesn't make sense to put in that many hours.

It's incredible that this is one of the oldest courses in OMSCS and it's still run like hot garbage. How have these things not been figured out? Don't know which idiot decided this course should be this tedious for the sake of "being a master's level course", but this course is just not worth it. I'm 8 classes deep and I feel like I'm a hostage to this course. My honest assessment of OMSCS is that the courses are mostly garbage.

Don't take this course if you can't spend 30 hrs researching a week here and there . There are 3 kinds of people in this course who learn everything and perform. Others just take help from friends and family who already have taken the course and submit their assignments. Or simple google search will yield solutions sometimes but it's mostly trying to figure out solutions rather than learning . Absurd and basic videos and lecturers. Minimal efforts from lecturers and TA's. No flexibility for students. They have very complex mechanism of submission assignments. Quizzes are mostly taken from other resources. Submission of assignments is complex.

This class this semester seems like a circus. It seems like a lot of people just aren't prepared for the class, and don't have the skills to make up the gaps, based on what gets posted on Ed.

Also seen is people being a d**k to the TAs. Maybe they have a legitimate gripe, maybe not. The way to get help in a class is to remain professional at all times, and that's not happening enough in this class from the students. The TAs get a little punchy but also there's a number of posts twice that I've ever seen in another class. Right now there's a project due tomorrow night and new posts pop up every couple minutes. So good luck searching Ed in this course for answers, it's very cluttered.

Academically, it's a challenge because you only have two weeks for the projects and jump from C/GDB to Machine Learning to Python/Crypto to web dev with Javascript and PHP. For a lot of people, it's not an easy class.

I had a similar experience to most of the other reviews here. The course itself is very well organized, and I did learn a lot overall (being from a non-CS background). Having said that, I still certainly did have a hard time with the grading (I got an A with 94% in the end though) at certain times which were mildly frustrating. Here are a few instances:

1. The format for report writing for each project is strict with the reference section being a must, and rightly so considering that it is a grad program. However, there is no exact information anywhere as to how to putdown the references from the websites that were referred. The document that they share for references provide instances about how to cite a paper, which is all well and good, but they don't contain any examples for websites. This led to points being deducted (and a substantial number) for "wrong" format followed for the reference section. I did eventually get back the points via regrade request, but this is a hassle with many weeks of waiting.
2. The Project 2 is newly introduced (previously was optional), and is according to me shouldn't really exist or should undergo a massive revamp. There is no autograder, and points were deducted saying the submission doesn't satisfy the requirements when it certainly did in my local VM. I challenged this again through a regrade request with a screenshot from my VM but got the same reply. They should definitely be adding an autograder for all the assignments to avoid any sort of confusion.

The grading/regrading was also delayed by significant duration for each project, and while I understand that they may have been short staffed - this is still an area to improve on.

Overall I would still rate this 4/5 because of the good organization of the course and the learning outcomes lectures and projects.

Great intro course on security concepts.

Pros: Covers many info security concepts. Nice labs. Fun TAs.

Cons: TAs don't go in depth when help is needed. Very strict on providing references in the format requested. Lectures and labs don't mix well. At times I felt they are separate things.

I am a non-CS student who is in the second semester in OMSCS. The projects were pretty fun and documentation is quite clear (contrary to negative reviews here).

Exams were quite tricky but I would say that I do prefer that we were weighted 80% on projects, 10% on exams and 10% on quizzes (which were just simply from the textbook).

For the former negative reviews on this course, I don't quite understand why or where this is coming from. The TAs seem super patient and looking at the questions that get asked e.g. "What textbook do we have to read?" "How do we debug the code?" "How do we install the VM?" "When do grades come out?" I mean...these are questions already answered by posts / the syllabus / documentation / just Googling. Answering these questions over and over again must be frustrating, so I do think that we need to consider the situation from the TAs and prof's POV.

Yes, the presence of the TAs and prof are lacking in comparison to other courses but Piazza posts are always promptly replied so I don't see an issue.

Course material is relatively easy and manageable as a second course into OMSCS. I do enjoy the variety of material taught and happy that I took this course in Summer.

For what it is worth, I received a 98/100 in this class.

I missed several questions on the quizzes due to poor wording and missing punctuation. When this issue was raised on the forum, a teaching assistant who never uses punctuation marks in their communications assured us that they were on the "question writing team" and that these questions had been reviewed and were OK. If you are taking this class, be prepared to think deeper and interpret questions less literally. Several quiz questions were also regraded after grades were released, which also gave me less confidence that these are rigorously vetted.

The grading in this class is inconsistent and petty. For example, on essays you might be asked to describe a process at the "high-level" and "in your own words," and teaching assistants on the forum assure you to be brief in your answer and that it is not a trick question, but then lose half the points because you did not write the math equation you used in the coding portion which is absolutely blindsiding. I also suspect some graders are just CTRL+F searching for keywords. For example, one essay question asked to list 1 way to enhance something, I listed 5 unique methods to be applied together, and lost all points because the last method was insecure by itself. My regrade request was successful, but this was a frequent occurrence in this class.

I also had one essay miss three questions that I wrote each a half page answer for, with the unhelpful feedback of "the answer was not adequate enough." This type of feedback is "not adequate enough" to challenge in a regrade since it does not actually explain what is wrong, but I submitted a regrade request stating I wrote half a page answer for each. After a while I forgot about this regrade request and a student asked for status, and the regraders did not respond until 5 days later stating that they were running behind because of a new question introduced our semester but reassured us that next semester should not have this issue. I had already received my regrade response for the next project, but after 30 days I finally received a response with full points for 2/3 of the questions. The regrader was not sure why I missed the question but suspected the first grader did not find a term they were CTRL+F searching for, affirming my suspicion that some graders do not actually read the essays. The regrader did not even respond to the third question I asked about, which is disheartening after waiting over a month, but since my score was decent I did not pursue it.

The projects and quizzes did not always sync up with me. Sometimes I felt like I was focused on a "quiz week" and then a "project week" with less common ground than I would like. One project required significant outside research since the lectures and book did not cover the questions asked. This was my favorite project because of the topics covered, but several times I wished I spent less time Googling for various algorithms and StackExchange answers and more time watching lectures in the course I am paying for. One saving grace is that the final project is a breeze for web developers; I did not read the book or watch lectures for this project and I finished the coding portion in under 3 hours, though the essay portion took me a couple days.

Overall I learned a lot and thought this class was useful, but I am not a fan of how it is graded and wished it focused more on learning, less on writing. Two surveys were offered which added +2 points to the total grade which was nice.

This was taken as my ninth OMSCS class. Overall I would say this course is much more interesting than the name makes it out to be. The difficulty here is weird, overall the assignments were on the easier side when compared to courses such as AI, however each one of them has some small "gotcha" that may take a significant amount of time to overcome.

Other reviews are spot on in that the instructors are not that helpful. I found that the instructors were not as paranoid about student misconduct/plagurism as other reviews made them out to be, but they certainly were the most paranoid out of all classes I have taken so far.

A secret tip: if you're stuck on a project and a student has posted something they thought was helpful, take a look at it and ask yourself why. This was key to get myself through the first project and lead to my "aha" moment that made everything fall into place.

Grades were not curved,70-80 C, 80-90 B, 90+ A. 80% of the grade was off of projects (and there were 4, each worth 20%), 10% quizzes (4), and 10% exams (2). We were also given two surveys for 1% extra credit each, but I would NOT expect that to happen in a future semester. Quizzes tended to be 10 questions each, multiple choice. Exams were 20 questions each, multiple choice.

Given that 80% of the grade are projects, this is where you want to spend your time. For us every project except project 1 involved a write up. This is where your luck is drawn from, as not every grader is fair. I was lucky in my project 2/3 grader was awesome, but my project 4 grader was awful, graded my paper in such a way that they were ctrl+f-ing through your paper looking for terms in the rubric. You could answer the question spot on but unless it included the specific term they were looking for you didn't get points.

They'll stress a bunch on citing resources in your paper and the JDF format. I found the graders not to be too strict on these. You'll definitely need to cite your sources, however don't worry too much about getting perfect APA formatting, just try your best, use some resource like citation machine to do them, and make sure it's obvious which source you're citing. I didn't have any issues with mine and they were a mess.

Every project except project 2 had some hidden "gotcha" that became the biggest hurdle. So even if you are an experienced programmer I would still start these assignments early to give yourself time to work through those. One of those gotcha's had me stuck for six hours until I pieced it together.

This class was pretty great, I learned a lot. The material tended to be a bit on the outdated side, but i think it was still a worthwhile class to take. It took me about 10h a week of work, but mostly due to the tedious quizzes, otherwise it was pretty much a freebie with the added bonus of learning security from a different approach. I am a web developer by trade, and I am used to the security aspect, but this was the first time that I had to put on the "hacker hat", and honestly it was fun and interesting. Thank you CS 6035 staff for this class, and specially the new guy Loan on P4. Wow I was impressed to see a lot of helpful responses for almost each post. Thanks!

This class is an embarrassment and does not belong in a masters program, let alone Georgia Tech. Stop defending bullshit. Anyone who complains must be a whiner? Must not want to work? Piss off. Learning experiences do not require constant handholding but they do require value. I also do not want to hear one more idiot claim, "this is a master's program!" You know nothing about masters programs. Nothing.

Because if you spend one minute "learning" things that do not matter, you are probably a liability to your organization, whatever that may be. It's not a question of content, but purpose. Did you train your mind for example? Problem solve? Or did you just play a game to get a grade. This class is a game to play, that is all.

Also, the head TA is frequently offensive and should be reprimanded or removed by the university if they do not want Title IX investigations.

Don't let the reviews cribbing about the TAs or professor sway you. Remember, a lot of students take IIS. Most (as in my case) will successfully complete the course with a stellar grade and move on to their next OMSCS challenge.

From a pure content perspective, this is not a challenging course. That is why the open-book quizzes and two exams only account for 20% of the grade. The challenging part is the projects which each account for 20% of the grade (4 projects * 20% each). All of the projects do relate back to book/lecture material. That's why I cited the textbook in every project. However, you will have to find additional sources to augment the lecures and textbook learnings.

It's very possible for someone with a CS background to scoot through this course without breaking a sweat. However, it seems like a lot of non-CS people are the ones whining on OMS Central. This is a masters program which means that learning is not about regurgitating the textbook or lectures. Yes, some of the project writes ups could be a bit clearer, but they aren't so terrible that a little research won't get you over the hump. Or how about checking Piazza or office hours recordings?

The bottomline is that I learned a great deal in this class. Some material was review from my current occupation as an application development director at a large company (i.e. risk management, IT security policy). However, most of the material was new to me. Projects 3 and 4 were directly applicable to my current role. Project 1 & 2 were applicable, but not necessarily on a day to day basis.

There are a lot of students in this class. TAs have to be direct to answer everyone's questions on Piazza so there's no warm fuzzy feeling in most interactions. Also, a lot of students ask questions that were either already answered directly in the syllabus or by other students' posts. That's really annoying and I'm not even a TA. It clutters up Piazza. Imagine if you had to respond to all those as a TA... Frankly, they seemed quite patient to me.

I would recommend the course. And if you're a non-CS person (as I was), come prepared to do research and not be spoon fed. That's how you learn. And that is why I will be walking away with a substantial body of knowledge.

One other note: anyone who wrote a review expecting a professor to be consistently present in a 300 student section must not have attended a large institution for undergrad. Most in-person classes of this size would have the professor teaching the lectures and the rest of the course (office hours, proctoring, Etc.) largely handled by TAs. I know because I was one of those TAs in undergrad. Same applies here. The professors put together the lecture material (see videos). TAs manage the rest of the course with escalations going to the professors. Smaller courses later down the line in OMSCS have more professor interaction (see reviews for Video Game Design or GA).

All in all, a pretty well run course. The assignments (especially 3 and 4) are extremely well written. Some of the most clear and understandable requirements I've seen in the OMSCS. The TAs sometimes come across as hostile on piazza, which I think lead to a very inactive forum. The tests and quizzes have a lot of poorly written questions, and they're weighted so low that they feel like an after thought. I think the course would benefit from just dropping the quizzes and tests and adding a fifth project.

The review body has been replaced with this text due to violation of platform policies.

This was a pretty decent class, I needed to sharpen up my skills for work while still keeping a pretty light schedule. This class fit the bill perfectly. TAs were nice and knowledgeable. I recommend it!

Quick Summary: The quizzes are very easy, the midterm/final are moderately difficult but not crazy, the projects are very hard with the exception of project 2, and the hourly workload for me varied from 2 hours per week during light weeks to 40 hours per week during a difficult project.

Overall Review: I strongly disliked this class.

As a mostly non-CS person, this class was extremely difficult. That, however, is not my issue with this class. I am one who doesn't shy away from asking questions, asking for help, and putting in the hard work to learn something new. This class was difficult for me because the professor rarely chimes in, and the TAs (who are very knowledgeable and I got the sense WANT to help) were completely unable to help in any way. The projects have a high learning curve, and you are given no help to push you along. I asked a few questions to the TAs early on in project 1 and was basically told to "try harder". Further, the lectures and reading have very little to do with the projects except for the most general of background information. This lead to all of the projects being a lesson in Google and YouTube searches, which is not why I am paying to go to college. Further, the projects 1, 3, and 4 were (in my opinion) hard for the sake of being hard and did not do a good job at helping me learn along the way.

That being said, I got a decent, but not great, grade in this class. I am happy that this class is behind me.

This course is great, the TAs are awesome and they put a lot of effort in running the course. Instructor is disengaged, never had a lecture or at least a chat about any of the course’s topics.

The course involves weekly quizzes, projects and a couple of exams. Quizzes are good to keep in sync with the topics. The projects are awesome. They are what I liked the most of this course. Projects have a nice level of challenge and really demand you to understand the topic. Exams are good, got decent grades without studying, got a final A grade.

Overall I really enjoyed the course, just felt some topics were outdated (old data and articles), and that the materials/projects could add some topics with newer technologies (container security, newer web stacks, software supply chain, etc.).

I started the OMSCS program in Spring 2021 and took this is course as the first class along with another course. I am a full-time student and I have a background in Computer science and a few years of work experience in SW development.

This course is really great to begin the program. It is not heavy on coding so can be helpful for someone who is new to coding. Although the lectures and quizzes are okay, you learn a lot from the projects. There are 4 projects and an optional EC project. Depending on your background you would find some projects easy and some difficult. But you have plenty of time to learn new concepts/language specifics and finish the projects.

The quizzes are open book so they are pretty easy to ace. The exams are a bit tricky but fair.

I found the TAs to be helpful. They do provide helpful hints during projects but of course, they will not spoon-feed. I wish there were more opportunities to interact with the Professors.

Overall, this is a great class to begin the program. You will learn a lot and with the right efforts, you can easily score an A.

I took this as my 5th class in the program. I really disliked the majority of this class, but not because of the content. Also I rated it a medium on difficulty not because of the content but because of the atmosphere and TA rules/interactions. The toxicity of the environment made it difficult for me to want to do the work to get through the class.

As other reviews have stated there are 10 open-book quizzes and while you can CTRL-F on keywords, there is at least one question on each quiz that is worded with a double negative making it challenging to understand the intent of the question and subsequently a suitable answer. I'm a native US English speaker and found them very frustrating and terribly inappropriate given that there are numerous courses available on how to create quality multiple-choice questions that do not rely on double negatives.

Also on exams, the double negative questions persist and while you do take the exam and get a score back, you are not allowed to see the questions you got wrong because someone in the world might screenshot the exam and share it out in the world. I found this pretty irritating because it gives the student no room to challenge the question or the grading or even to understand what they got wrong and why. In the other classes I've taken in the program this was not the case - all exams were available to review after grading to see how you did / ask questions. If the instructor/TAs cannot come up with different sets of questions to ask on exams from semester to semester, that's a real failure on their part.

The other reason I disliked the course is because while I could have contributed to discussions on Piazza, the TAs were constantly warning about cheating and inappropriate collaboration to the point that I purposely decided not to participate in order to avoid getting something I posted interpreted in such a way that it would be flagged for referral to OSI. In addition, there were several "anonymous" posters that sort of kept a back and forth going with the TAs and I found that very unprofessional on the part of both the students and the TAs. We are all adults.

Finally, the TAs were not helpful at all and there seemed to be a 'security bros' attitude in the few office hours I did watch (I could not attend due to time conflicts). As a woman in the program, I found this very off-putting. I did not expect it at an institution such as Georgia Tech and I have not experienced that in any of the other classes I've taken in the program.

As for content, Project 4 needs some work around adding content to the course lectures or supplemental reading outside of the textbook to ensure that students understand the full-stack and web request / response life-cycle since there are plenty of students who are in the OCY track that do not have this as was evident by their posts on Piazza. Other than that, the projects were reasonable and doable given the presented content, textbook and time allotted.

Given all that I did get an A in the course.

Joke of a class, TA's are anal about grading writeups and you don't really learn too much except from projects 3 and 4.

Project 1 - just google the answer. As long as you know how to paraphrase and cite your sources you won't get sent to OSI.

Project 2 - literally just parsing json files for keywords to characterize a few malware files. I had no idea what I was doing, still don't know, but aced the project because it's brain dead easy if all you're doing is checking to see if a keyword exists in the json file.

Project 3 - pretty good, learn about hashing, crypto, RSA. Best project of the class.

Project 4 - fun web development attacks. Find weaknesses in php files and use javascript to implement attacks.

Project 2.5 (EC) - machine learning to categorize malware. Also a brain dead project, you just iterate through various config files until the provided machine learning program passes

Lectures - cute drawings but doesn't help much for tests or projects, the udacity quizzes were mostly a waste of time as they would ask you a question you had no exposure to prior to introducing the concepts

Quizzes - just ctrl+f

Exams - there are trick questions so be careful

Ultimately didn't learn much, but didn't spend much time on this class either. Take it if you want a high level exposure to security topics and are pairing this with another class.

I enjoyed this course, P1 and P2 might be fundamental. P3 and P4 are very useful, you can literally apply them for work. Personally I think it is truly a great course. You will learn RSA and find a lot of Python algorithm related.

The best part of the course is the learning progress.

I got an A and I didn't spend a lot of time on it. As long as you take it serious, you can nail an "A".

I won't reiterate what a lot of the other reviews mention. I came into this class predisposed to how bad it is (and I figured it wouldn't hurt as it is a survey course). Actually, this course is fantastic and the experience is greatly improved when you join the class slack channel imo. Many of the TAs and students hang out and discuss random and/or relevant topics which makes it a fun course to go through. The TAs communicate very well and as much as they don't like it, they are down to rephrase their answers if it gets the point across.

Anyways to the core bits: Exams - really focus on the study guide and keep in mind that 10% is outside of that so hit the books.

Projects - P1 is a gradual introduction and may be rough for non-technical students but there are a ton of resources online for it. The textbook even lowkey does a majority of the heavy lifting. P2 is a shitfest of second guessing because it's so easy to misinterpret so it can take an hour to many nights. P3 is the hardest project imo because there is a lot of topics not shown in lectures (but also the most interesting). P4 is the second hardest after P3 and it can be tough if you're not familiar with web development.

Quizzes - Get an online copy of the textbook and ctrl+f your way to victory. It is also a good indication of how well you would do on the exam too (if you don't do the ctrl+f route).

Concerns? The biggest issue I had with this course was how much they hammer it to you about OSI. It is understandable as this course has 3-4 programs with 1k students. It actually made me do more work than was necessary to try and make sure everything was completely cited. The grading process is a bit on the long side (but then again I can't fault them on it as there are 1000 students and only so many TAs).

Lecture Videos: This is on canvas and they are fine, watch thru them once and for subsequent reviews just rely on omscs-notes.

Quiz: There are around 10 quiz which are due end of week, open book and most of the questions are from the course text book Computer Security. They are fine and if you put little effort you can score 90 to 80/100 in every quiz at minimum.

Projects: Not that hard if you are coming from software dev background. You have plenty of time to complete the projects. Most of them are easy. You are fine if you have some basic python or programming experience. Project 4 needs some web development knowledge, if you understand some basic web concepts you will do fine here with some additional effort. Also, for project 3 brush up on some modular arithmetic skills.

Exam: Average difficulty, multiple choice questions (25). If you prepare well you can do well here as well. You'll get exam study guide on what topics are covered for the exam. Exam's are closed book.

Professors: I haven't seen them interact with students that much, personally I don't care about this. Lecture videos were above average and communicated well on the topic they wanted to present.

TAs: Didn't like TAs that much. Not sure if the TAs change for every semester but the Spring 2021 TA team is my least favorite during my OMSCS journey (this is my 6th course).

Communication: Piazza is the way to go if you need any clarifications or questions answered. There is a slack channel #CS6035 but don't join there unless you want TAs and some students discuss some random topics. Slack is not official communication channel so it's not a big deal and they can do whatever they want. But stay away from slack if you are bothered by this :)

Overall, easy class and you can pair it up with another class if you are coming from software engineering background. I liked the class overall minus the TAs.

Final note, the grading on this course is very slow. Could be because of the number of students or other reasons. But they take little longer to grade stuff compared to other courses I have taken.

This was my first course in OMSCS. I took it because, among the courses that were available when registration opened for me, I thought it would be the most useful. I am fairly certain I will get an A once the grades for Project 4 are released.

The projects were the best part of this course. I have a Python and web development background. In terms of difficulty(for me), I would say P4, P3, P1, P2(increasing). I think P2 was difficult because it had more to do with analysis and I was constantly second-guessing myself. P1 was also difficult because I hadn't done anything in C after the 1st year in undergrad and had never used gdb. I felt comfortable doing P3 and P4 because I was familiar with the tools and had to just focus on the problems at hand. Most of my learnings from this course was from projects. They were also a big chunk of the grades.

I didn't study/watch most of the textbook and lectures as I progressed through the course. The weekly quizzes were open book and I could find the answers to the 10 questions in an hour. I didn't study them for the 1st exam but I got an okay score since a lot of the questions were from projects. I did see the lectures and selected topics from the book(using the study guides the TAs provided) for the second exam and got a decent score. I learned a lot while doing that and so now I regret not studying for the first part.

I didn't have much interaction with the TAs, but that's on me. I did see that they were fairly active on slack and piazza.

The work hour I provided is not evenly distributed. Since I didn't do much studying weekly, most of the weeks it was around 2 hours per week. But that increased a lot in weeks(or 2 weeks) before the deadline for a project which took some time to tackle.

This was my first class in OMSCS and will probably be my last. I got a B in it and I think that an A would be very easy to do if you put the work in. The exams and quizzes are pretty easy, but the projects are hard. They are not much coding but are very ambiguous and difficult. I am not familiar with web dev so I struggled on P4. P2 was in my opinion a complete waste of time and should not be a part of the curriculum. While I never posted questions on Piazza, the TA on it were rude and condescending. I plan to drop out from OMSCS so take this review how you will.

This course is an amazing course. The professor definitely puts his best TAs in this course. There is an aura of camaraderie with the students in the form of mutual respect. The tone, coupled with mature responses and rigid requirements which is to be expected in a top graduate program, create a welcoming learning environment. Expectations are high in formatting and in content, so when it comes to grading written portions of labs, you're able to answer with confidence. If you disagree with a grade, they even let you request a regrade!

I have every single professional certification related to this area of study. I took this class as a refresher. I did so well because of a complete understanding of cybersecurity by the TAs (and myself). Some of their actual work histories are impressive (I wish I was kidding, check their LinkedIn -- yep, you got that right, I totally googled them and looked all of them up because that's what normal, sane students do!). Any protest towards quiz questions or lab grading is met with a valid response.

The content of the course itself is great. Content, files, quizzes, are all clear. The slides and lectures overlap with the textbook. 90% of assessed material is straight from the book, not the lectures. Quiz and exam questions were written by someone with a mastery of the English language, and I would never be racist and accuse all the TAs of being ESL (some of the other reviews on here try to black knight this and say some very racist things about them, and to which I say this is unacceptable. Words matter.)

There is consistency with learning objectives and the content. Compared to 6262 (this course's sequel), 6035 is a good jumping off point. The TA's leverage autograders to the student's benefit. On the last project, they even give you explicit details about how their autograder will test the exploits!

This course isn't hard. Good luck.

If you're looking for a cybersecurity course, this isn't it. Projects are fun, although be prepared to receive no feedback on any of them. TA's are real sticklers for plagiarism and anything revolving around cheating so dont risk it. Quizzes are based on trivia in the book and some topics from the lectures. Tests are trivia from the projects you did that part of the semester and the book. If you have a CS background and know a small fraction of web development, this class is easy in terms of the projects. Only read the book for tests but its pretty much unapplicable anywhere else. Lectures are dry and can be skipped if you know what youre doing.

This course is a dumpster fire. The professor definitely puts his worst TAs in this course. There is an aura of attitude against the students in the form of unearned superiority. The condescending tone, coupled with juvenile responses and inexplicably rigid requirements, create a hostile learning environment. Expectations are harsh in formatting, sparse in content, so when it comes to grading written portions of labs, you're at the mercy of whatever subjective interpretation the TA has for your answer.

I have every single professional certification related this area of study. I took this class as a refresher. I did so poorly because of an oversimplified and completely naïve understanding of cybersecurity by the TAs. Some of their actual work has never left the confines of a summer camp (I wish I was kidding, check their linkedin). Any protest towards quiz questions or lab grading is met with outright disregard and disdain.

The content of the course itself is an organizational disaster. Content, files, quizzes, are all over the place. The slides and lectures rarely, if ever, overlap with the textbook. 90% of assessed material is straight from the book, not the lectures. Quiz and exam questions were written by someone with a poor mastery of the English language, which leads to vague propositional statements with open interpretation (some of the other reviews on here try to white knight this deficiency, and to which I say this is unacceptable. Words matter.)

There is little consistency with learning objectives and the content. Compared to 6262 (this course's sequel), 6035 is a disaster. The TA's have no clue how to leverage autograder to the student's benefit.

This course isn't hard. It's frustrating having to deal with the teaching staff and their ineptitude. Their ego gets in the way of learning, and the entire TA staff needs to be discharged. Good luck.

First course. No CS background. No web development background. No IT background.

Content: The class text presents a lot of valuable content in terms of security, malware, and vulnerabilities in software.

Quizzes were easy; 15-20mins max to take each. If you're disciplined you could read the text and watch the lectures beforehand but the actual quiz is an exercise in CTRL-F and needs no prior reading. The TAs try to customize the content from the verbatim text but it's easy to filter out what they're getting at. Every so often there's a question that's not referenced in the text or lectures.

Project 1 Buffer Overflow. 25 hours. It's hard to visualize the stack but there's Youtube videos on it that do well in explaining it. The project added a twist with jumping to a library and "cleanly exiting". Don't expect to be taught how to do this and don't expect the TAs to explain it afterwards.

Project 2 Malware Analysis. 5 hours. This project did the best in providing resources to finding the solutions and was overall the best made. Navigating the VM was tedious and slow but it generally wasn't a nebulous project.

Project 3 Crypto. 20 hours. Python code heavy but knowing how to do if, then, while statements is all you need.

Project 4 web security. 30 hours. The most scatterbrained and ambiguous instructions in the course. I believe the team that created this assumed the student is familiar with html, php, and javascript. Three different languages that need to be understood for this project. Understanding the flow of PHP, how it interacts with html and injection of javascript wasn't trivial.

Exam 1 & 2 had study guides but you can essentially shred them. They listed 10 items to study which included "Project 1, 2, 3, 4 concepts" as a line item. Then the other 9 study items were the project concepts themselves. The bulk of the exams were the projects mixed in with random lecture and text trivia.

Admin: As a introduction to GT, this course was a shit show. The priority of the instructors isn't the student's education but rather the integrity of the graded material. If you're taking this course to learn and be taught concepts from the experience and expertise of the instructors, you'll be left disappointed.

Piazza was a good forum to ask questions and most of the TAs provided their best answer however, information in regards to how to implement the projects left the students wanting. The class was 600-700 students strong and there was the inevitable clash of personalities and keyboard warriors disparaging other students/TAs.

Slack was available for students to converse in a real time chat room however, TAs were also present in the rooms to moderate. 90% of the TAs in this space were sophomoric at best or hated their job so much you'll question why they didn't quit. I was disappointed in how the TAs interacted with students. Most were condescending, rude, and belittling while lecturing "woe is me" for so many students being in the class. As a representative of Georgia Tech's faculty, their lack of professionalism reflected poorly on the school.

I have a non-CS undergrad background but I work in IT. This course was overall fun and interesting. This was my first security class and the 4th class in OMSCS program.

It is very well organized.

The course has 4 projects(15% each) and 2 exams(15% each), and weekly open book quizzes worth 1% each( 10 total ).

Project 1 involves understanding C programming and understanding GDB, as well as Buffer Overflow. This one was tough but not too scary. Although, some students never solved it.

Project 2 involves understanding malware detection. No coding involved. Fairly easy.

Project 3 involves Python and Cryptography - this was by far the hardest of the projects and took the longest to complete.

Project 4 involves Web Security and was very fun. Not difficult due to my background but some students felt it was the hardest project.

Quizzes are basically free points if you review a little prior to taking it. Plus its open book.

The exams aren't too bad, maybe 1-2 days of review. They test your understanding of all the material for each half of the semester. There is no final.

TA's are very helpful in piazza and slack. However, sometimes they can't give much help because most of the help would give answers to the projects.

If you study the material and attend Office Hours you can easily get a A or B, even if you mess up on 1 project or exam. Update: I got an A.

It's a good introduction class to security.

No help from TAs for the project. All they discussed in meetings was points and won't actually help saying they do not want to reveal the answers. There was no way to figure out how to complete the projects. Waste of time and money. This class needs a makeover. Focus should be on making students learn and help them with projects. Found the TAs very unfriendly and unhelpful. Would not recommend this class to any one. Please take some other class and safe yourself.

2nd / 3rd class (taken with HPCA)

If you have any background with computer architecture and web development, this class is pathetically easy. It felt like the majority of my time was spent reading the textbook or watching lectures, most of which wasn't even relevant to the projects.

There is zero reason why you should get anything less than As on the quizzes since they have a 1 hour time limit, are open book, and all of the questions are directly taken from the textbook.

The places where you are most likely to lose points is on exams or the project essays. If you understand the project material and use the provided study guides, the exams aren't that difficult. The exams are short though, so if you miss one question it will hurt. The project essays are fairly straight forward, but there is a chance you will be docked points because some of the TAs didn't like that your answer wasn't exactly what they wanted.

The slack channel is very active and most of the students and TAs are helpful to the extent that they can be.

To be perfectly honest, save yourself the money. Do challenges on picoCTF or some other CTF site and grab a book or two. You'll learn everything you would have learned from taking this class and more, but without the hassle of watching lectures, writing essays, or taking tests/quizzes.

The majority of students here are OMSCY, of them many are the policy specialty which has no coding background requirement. They are in for a rude awaking. You not only need to know coding, you also need to be able to read algorithms & have some background in discrete mathematics.

The course is intentionally hard to discourage cheating, which none the less is rampant. I still do not get how someone can think copy/pasta on code (and not even so much as a citation) is okay, but I digress. Half the class (well, 40-50%) dropped.

Write ups after projects are a part of this, but they need to be made smaller as our code can do the talking.

TAs can be hit/miss, typically kind/helpful - but get to know them on the slack page and potentially ask them direct questions there, as some on Piazza are pretty short with answers. But again - the majority are great.

This class is 99.999% TA, 0.001% Prof. Grading is fair.

Pro Tip - The first project is a total weed out, don't cheat & know basic C compilation & debugging.

Background: Undergrad in CS (~5 years ago). Have never worked in software/tech in any capacity. Paired this with GA. Both courses have a portion on RSA midway through the course that tie in perfectly and help with one of the projects. Highly recommend if you're trying to do two per semester.

The course has 10 quizzes, 2 exams, and 4 projects. The quizzes are mainly from the textbook. Quizzes are open book with an hour to complete it. No analysis other than finding the answer in the book. The exams cover textbook and projects. I haven't taken the second exam at the time of this review, but the first was fair. If you at a minimum go through the course notes, you'll be fine. Actual implementation portions of the projects are challenging and rewarding. The write-ups, especially for project 1, is an OSI witch hunt and is my biggest critique of the class. You will be given a high school level difficulty write-up of regurgitating definitions. Just go through the motions and reword the word for word answer in the book... Even if you feel like it is a joke... Unnecessarily painful. I will say the other write-ups were much better though and actually required some individual thought.

Projects took about 10-20 hours each. Other than that, this course only requires as much work as you would like to put in. You can very easily skate by with literally an hour per week outside of projects to do the quiz or spend hours actually going through the material.

Pros

1. TA's were responsive on Piazza and Slack
2. Coding portion of projects is great
3. Exams are fair
4. The drawings in the videos make me happy every time.

Cons

1. This class is the most likely to throw you to the OSI Gods out of any I have taken.
2. Projects may be challenging if you do not have a CS background, but are definitely doable.

The worst course I've taken. Regarding the course content, it's too outdated to catch up with the latest trend in cybersecurity. I'm working as a security researcher in one of the tech giants(FAAMG) and the content covered in this course is useless. The instructor team was not responsible at all. Whenever I ask questions on Piazza I get very vague answers, emails will never be replied. The textbook was super hard to read, I cannot focus on it for more than 30 minutes each time. It's just dry and abstract. It's not a hard course itself if you come with some decent CS background. Without prior CS fundamental knowledge, it's gonna be challenging. I recommend giving another thought if you are up to take 6035.

Although I put a lot of time per week, I was consistently a week ahead of the material so you could probably get away with putting in significantly less time than I had. I also received an A for this course. A lot of the frustration comes from the fact that there isn't a great way to measure your progress when doing the projects. I felt that I would struggle early and often on an project until something clicked or miraculously worked, only after which everything made sense. Having said that, I don't think the material itself is too difficult; if you put in the time early and consistently I don't think the course asks anything too much of you in terms of assignments. Tests, for the most part, were easy, but it really wasn't clear to me what I should be studying in order to prepare for them. I felt that most of the test material was straightforward but some questions might have come out of nowhere; however, I think there shouldn't be any issue on getting around a B for them. Overall, this class is a fairly good introduction class and serves as a good foundation for learning more about cybersecurity.

I will preface by saying I have little interest in Information Security and took this course as a course to ease back into the program after having taken a semester off. I was hoping it would engage me, and I went in with open mind.

Unfortunately, I did not enjoy this course at all. The projects were tricky and some entailed using a VM in a VM. As you can imagine it was painful doing these assignments. The lectures were dry and uninspiring, but they were okay.

I think this course has potential to be good. Some of the TA's were great, but others gave no help. Some of the projects were tricky, and tricky as in being artificially difficult in a way that doesn't add to educational value (i/e project 1, requirements were not adequately defined and entailed searching slack for hints). Some of the projects were interesting (hacking a website, rsa hacking). If I wasn't so irritated by the beginning of the course, I would have maybe even enjoyed some of it.

But yes I can't recommend, even if it is considered an easier course, the hassle it comes with makes it the least enjoyable class I've taken. I'm halfway through the program and have loved the other classes. Take it if you have interest in security, but otherwise avoid the hassle. Plenty of other great courses to take in this program.

I think the common theme for this course is that it can be quite difficult for folks without a CS undergrad degree. I fall into this category, and so the projects that focused on exploiting a program written in C and RSA key cracking forced me to really dive deep and teach myself some of the supporting material to get through them.

That being said, I learned a ton in this class and I would highly recommend it for anyone that is interested in exploring a broad set of topics in cybersecurity from a technical perspective.

This was my second class. The class was broken down into 4 projects and two tests. The tests were more about knowing different protocols and policies, this was a bit more about just remembering things than it was having to think through anything on the tests. I wasn't a huge fan of the tests because of this, however it was really only the two tests you had to go through memorizations. The Projects were fun and worth more of your grade. The first project was about C and Linux, this to me was the hardest project due to my lack of C and OS experience. The other projects where Python or JS/PHP based which I found much easier to work through despite them supposedly being "harder". This is a good high level intro course for anyone who is in the CS program to understand security which is a growing field of importance.

I took it as my first course in OMSCS with some background in SWE.

The Good

The TAs and other students were very helpful, giving guidance and sometimes even arranging last minute Office Hours to help students who were struggling with projects. Be sure to check in on Piazza regularly. The Slack channel is also helpful but not all TAs are there, good place to get to know other students though.

For me, the best part of this course are the projects. I had a lot of fun trying to figure them out like puzzles (they had some pretty humorous clues lying around) and when I did, boy, the sense of achievement is awesome. Brush up on C, Python and some web technologies like Javascript & HTML for projects.

There are no curves for this course but it's not too difficult to get an A if you keep up with the pace and not fall behind too much. Extra credit projects are also offered to help boost grades.

The Bad

My main gripe with this course is just the textbook. It was pretty verbose, dry and jumps around quite a lot. Exams were better this semester as TAs re-wrote them to incorporate understanding from projects but there are still some tricky ones to watch out for.

Overall

It's a great starter course and walked away learning a lot. Would recommend.

I'm a career-changer seeking my first software development role without a CS background. I took this course along with another as my first semester. The tests and quizzes weren't very difficult so long as you watch the lectures and do the readings. Taking notes for the exams as a second watch through and review really helped.

I really enjoyed the projects, though they were quite challenging. The TAs do give hints, you just have to watch or attend the sessions and pay attention in piazza. However, either you get it or you don't, so allow plenty of time to load the projects into your brain and let it work through them via diffuse learning. I had an A going into the fourth project, but did poorly on it and ended up with a B, and I'm still not sure why that was the case, but I would say be very diligent and take the projects very seriously, especially those with a non-CS background like myself, and you'll be fine. This course exceeded my expectations though I was obviously not fond of the final project which seemed to go in multiple different directions and be less focused compared to the first three.

This course is super hard. I got an F. The TAs werent helpful. They never gave you hints. The Buffer Overflow project is hard. The RSA numbers and Nonce values are impossible to solve, Javascript exploits are hard to hack. You need to be Mark Zuckerberg to pass this course with an A.

Introduction to Information Security is a relatively low-effort not too challenging foundational course in the basics of InfoSec. The course lectures are a series of short, 1-5 minute videos, with about 15-30 to watch every week. I found the videos to be inadequate to cover the material and relied some on the book and more on the Internet to research topics, particularly for the projects. There were weekly open-book quizzes where the questions were often taken directly from the book or the lectures and that did not test understanding of the concepts at all.

The exams were likewise based heavily on regurgitating information from the lectures, the book, or the projects and were a terrible measure of how well students actually understood the content. Mostly, they tested student's ability to memorize esoteric pieces of information that anyone would simply look up online in a real job. That being said, there were only two exams and they made up only 30% of the final grade so you don't need to stress about them too much.

By far the best part of the course was the projects, of which there were 4 (Stack Overflows, Malware Analysis, Encryption Algorithms, Web Exploits) and a bonus project (Clustering Malware reports with machine learning). These projects were mildly challenging (I spent between 10-20 hours on each) and were actually rewarding to complete. They required a lot of independent researching of information (most of the material was not covered in the lectures or even in the textbook so use the Internet to find relevant information) and quite a bit of tinkering with code (C, SQL, html, JS, Python) to execute the exploit.

Overall, Introduction to Information Security was worthwhile because it made me aware of many security issues that I'd never noticed before and definitely increased my interest in the subject. I'd take this course again just for the projects even if some of the aspects (lectures and exams) were poorly executed. If you already have some experience with InfoSec, then you might want to skip this course (unless you want a low-effort class) but I'd recommend it to all students as information security will only increase in importance and adopting a security mindset is a crucial skill.

I started with not liking this course in the beginning. But with the passage of time, I believe I learned a lot and enjoyed the course content. TAs are very particular about grading and deduct a lot of marks for small mistakes. Projects are top notch and you learn a lot while doing them. Prof gave opportunity to earn 7 extra marks.

This was my first course in the program. I have no background in security and this is the first time ever that I'm getting introduced to security concepts. Projects are the best part about this course, 3 and 4 especially. Project 3 was the most time consuming. Project 4 was the most interesting. TAs were nice and office hours were helpful. I feel like I have learned a lot from this course.

The lecture and project are useful. You don't even need to watch the video before you finish the weekly quiz. The weekly video is usually 15minutes to 60 minutes long. I usually spend 2 hours a week when there is no project and exam. And during the four project weeks and two exam weeks, I spend an average of 20 hours per week preparing them. Many extra point opportunities and easy to get an A. I like the project very much. When I am doing a project, I felt I have learned a lot myself and get an introduction hand-on knowledge of info security. I have no CS background. The only programming language I know is MATLAB. But I found the programming work in this class is not hard and TA gives some tutorials on learning python.

While I had some background in the field, overall, the content of the course is really interesting. In particular, the assignments are enjoyable and very rewarding. What I didn't like was the inflexibility of the lecturer - I was told that we have to use a very specific version of the textbook, and it is not available in my country, so I asked for advice on what I can do to obviate this (perhaps suggestions on digital copies or contacts with other classmates in the same region so I can talk to them) but instead I was told that I am on my own.

Additionally, I requested a date adjustment 2 months ahead of the exam because the window would clash with a travel itinerary where I would not have access to internet or would be conducting a layover (which is impossible to attempt a proctored exam with people etc. around). I was told again that it was my problem to sort out.

Once I managed to find a "solution" to these two problems, I was at least able to manage all the assignments (they were really entertaining, and interesting).

Having done 3 other OMSCS courses at this stage, I found the lecture content to be very dry and difficult to follow, and the exam preparations were very specific to a very specific version of a text book. If you answered a theoretically correct answer, but it did not match the text book's answer (at the time), you were marked wrong - which obviously was a big problem for me since I couldn't get the right text book! Nonetheless, I earned an easy A in the course because I did extremely well on the assignments, to offset my challenges with the weekly quizzes and exam.

Overall, if it were not for the painful lecture content and inflexibility from the teaching staff (at the time I participated, this might have changed now), I would wholeheartedly recommend this course because the assignments are worth it. At this point, I must just caution you to what you might experience.

*** I TOOK THIS COURSE IN CONJUNCTION WITH CS6250 AND THE WORKLOAD FOR BOTH WAS PROBABLY EQUIVALENT TO CS6290 OR CS6200 ON THEIR OWN - HIGHLY MANAGEABLE, ALBEIT CHALLENGING ADMIN-WISE ***

This was actually a fun course (even though I have no experience/interest in security). Furthermore, I do not have a CS background (I did EE in undergrad and I am a web developer now). Here was my experience:

The TA’s run the class. Although I have a lot of respect for the TA’s, it was extremely frustrating that the professor was MIA during the ENTIRE class. I think Professor Lee did one office hour - but it was in conjunction with one of his other classes and it was not about the class material at all. In Piazza, the TA’s are listed as “instructors” so it is a bit confusing as to who is actually running the class.

The TA’s are really smart, but they are not experts. The questions on the quizzes and tests and the project instructions reflect this. The quiz questions come directly from the book and sometimes are taken out of context - or they use some erroneous information that happens to be in the book. I think that if the professor took a larger role in the class these kinds of things wouldn’t happen so frequently. If you complain about it, the TA’s have a bit of an ego and are super resistant to changing grades. Also, the TA's spend zero time actually explaining the material. Most of what they spend time explaining is meta-data: answers about the questions themselves. But they give these as hints - which I found weird. It's almost like they don't want you to expect to get clear communication from them. Like it's considered cheating to be clear.

However, I don't want it to seem like I did not like the TA's. I am actually shocked at people complaining about the TA’s being narcissistic… I consider myself very sensitive to rude behavior - and the TA’s displayed none of that. I did get frustrated with a couple of the quiz questions and their resistance to giving me and others our points back - but they were never rude about it. Stubborn, sure. But not rude… Sometimes, I think the students will give snarky answers (maybe in an effort to suck up to the TA’s?), but I didn’t see any TA being outright rude. I did see students being entitled and rude to TA’s and other students.

And maybe the lack of clear communication is a grad school thing... (this is my first semester, so I wouldn't know).

My favorite TA (by far) was Joe. He is just super helpful and nice.

My biggest complaint about this class (and as I read other reviews - it seems like this is an issue with OMSCS in general) is the inability to collaborate (without it being considered cheating). Basically, if you aren’t in a group project, you can’t talk to others about the project. (You can't even post a link that you found helpful to figure something out). I know some people work better individually, but others work better in collaboration with others. This policy encourages the former and discourages the latter, which unfairly cuts off a whole range of people. In this particular class, the project questions are so ambiguous and vague, a bit of collaboration would be super helpful.

All that being said, here is a path to doing well in the class:

1.) If you don’t have a CS background, you REALLY need to dig into C. It’s not about the language so much as about how C is implemented on the operating system level. Think registers and memory. A book that helps a lot is: Operating Systems, Three Easy Pieces

2.) Learn Python

3.) If you are not a web developer the last project may be difficult. Definitely spend some time looking into http protocol, html forms, CSRF, XSS, and SQLi.

4.) I did not like the book very much. I found it inconsistent in its level of detail - which can be confusing if this is your first time seeing this material. So, I found myself finding other resources to explain complex topics. In other words, use the book as a reference for the information on what you should know but not necessarily as an actual teaching device. The lectures (which are 5 years old) are practically useless… If you have time/inclination to watch some videos, I suggest youtube (search for the chapter/title headings in the book).

5.) Also google the projects. The TA’s spend zero time explaining the actual material you need to know.

But overall, it was a good class and I am glad I took it. Sorry for this long essay. I wanted to leave a review that I would find helpful. You are welcome. :D

This is the first class I have taken in the program. It was the only class I took this semester. I have an electrical engineering background with only minor programming experience. I do have some cyber experience and have the CISSP.

I have mixed feelings about this class. I did really enjoy the varied topics and the projects. The weekly reading & lecture load was too much for me to do completely, so I quickly focused more on the reading and watched less lectures. It become easier by the middle with some weeks having the same chapters or lecture sections assigned.

Though I did enjoy the project topics and the hands on nature of them, I did get frustrated because with most of them I found myself spending most of the time finding that one way to write the code, or hook needed to get the answer. I know from experience that this is how can happen IRL, but its a lot of 'wasted' hours. I'd say I spent at least 30-40 hours per project. Projects 3 & 4 were the most challenging for me.

The TA were excellent. Their office hours and prompt responses on Piazza were greatly appreciated.

Andy

This was my first class and I enjoyed working on the projects. This course takes about 10 hours per week on average. All my hour estimate below includes time I started + breaks for personal stuff. Taking 1 course per semester and working full time.

This might be an Intro to Info Security course, but it's a master's level Intro course. Basic requirement of OMSCS is some coding & CS background.

4 Projects

1. Buffer Overflow

   • Approximate hours : 5
   • Read the prerequisites. You are expected to have computer architecture background. (I believe computer architecture I & II). If not, I imagine you have to do quite a bit of research because you might not even know where to start. (maybe 20 hours extra)

2. Malware Analysis

   • Approximate hours : 10
   • Instructions were provided on how to use the tool for the analysis

3. Cryptography

   • Approximate hours: 25
   • I waited until the last weekend to do this. Highly recommend you don't for this project. I didn't read the instructions or complete most of the lecture because I was procrastinating. I had to work very quickly and research the math and equations behind the task. Along with writing the report and citations and taking several breaks here and there for my personal house chores, I think I finished in 25 hours.
   • If you don't know python, add on another 5-10 hours to get use to it.

4. Web Security

   • Approximate hours : 20
   • If you don't have a background in HTML, JavaScript, and API , add another 10-20 hours of research and learning.

Readings/Lecture took about 10 hours per week. Exams took about 10 hour review for each. Altogether for me, it was about 10 hours per week for 16 weeks.

This class is overall pretty easy. This is great to pair with another course. If you've taken any sort of security course previously, this will likely be a giant review.

There's weekly quizzes based off of the readings. You really can just ctrl+f the answers.

I also got through this course with just the readings and never really watched the lectures.

Homework is generally pretty easy. Project 4 is probably the most rewarding and fun class.

I would say otherwise, as a course it's... fine.

I'm an OCY Policy Track student with a background in IT risk management governance, risk, and control. I had a limited technical CS background and brushed up a bit over the summer based on the materials provided via email. CS6035 was brutal for me, but glad I got it out of the way as my first course.

Pros:

1. Communication on Slack and Piazza was helpful.
2. Some TAs are really helpful and provide small hints.
3. Book is dry, but good and interesting info in there.
4. I learned a good amount through the projects and felt a sense of accomplishment when I completed a task.
5. Enjoyed the office hours for each project and hope those continue for future students.
6. Manageable workload with 10 quizzes, 2 exams, and 4 projects.

Cons:

1. Book is dry
2. Project tasks didn't seem to align to material in the lectures or book. I suppose this was due to my limited CS background. This was my biggest issue that I had to work through.
3. TAs were sometimes unhelpful.
4. There was some cheating based on Piazza posts to all students from TAs. This could have been handled much better directly with those involved instead of posts to all students. I felt this lowered the morale of the class and made people nervous for no reason when they were doing things properly.
5. Instructors were MIA except for one office hours session.

Note to fellow Policy Track students: This class is incredibly difficult if you have no or limited CS background. I suggest preparing beforehand and get it out of the way as soon as possible. Do well in Projects 1 and 2 and you'll be fine in the second half of the course. Projects 3 and 4, especially 4, are brutal. Attend office hours, read the book, read the project write-ups, and read Piazza and Slack daily. When you're struggling, remember why you wanted in this program and fight for it. It is one semester and you'll get through it. Think positively!

I can't agree more on this

"Communication with the TAs were "strained" at best most (not all) are arrogant, condescending and take it as a personal affront if you ask them a question. Someone described them as narcissistic, and I'd have to agree. "

If you don't have previous knowledge about security, I warn you not to choose this one. The class contents are messy and the homework has nothing to do with videos. The exam is terribly organized. I don't find the TAs to be helpful. "You need to figure it out by yourself" is all what they will reply.

I have taken this class along with CN in my first semester in OMSCS. My background is a BS in Physics and 5 YoE in tech, unrelated to Cybersecurity.

In the beginning, I was reluctant to sign up for the course because of some bad reviews here, especially concerning the demeanor of the TAs. However, since it was hard to find a class to take as an incoming student, I decided to stick with this one despite the cautionary tales.

Overall, my experience was positive. I think most reviews are from disgruntled students and thus have some charge of emotionality, which takes away some of the objectivity in the evaluation. Some other reviews aren't accurate. These are the pros and cons that I found:

Pros:

• Little handholding culture. Personally, I don't like classes where students feel entitled to answers to projects and TAs give away too much. This class had the optimal balance.
• Exams are different this semester and a lot easier in my opinion, since they don't rely purely on rote memorization from the book and about half of the questions are from the projects (the others are, unfortunately, from the book, but out of a reduced set of chapters). If you've done the projects and remember the concepts that you used, there's no need to study them further. I did some preparation for Exam 1, but for Exam 2 I probably studied for about 3 hours total and found it easy. I didn't watch the lectures and only skimmed through the relevant parts of the book.
• Projects were fun, albeit too easy.

Cons:

• No interaction with the professor. He only held a single OH, which was not recorded, and just answered some ad-hoc questions students that attended the OH had.
• Quizzes only test your ability to CTRL+F through the textbook and are poorly written. No incentive to do some preparation. Overall, they were OK, but since the questions were very short (especially the T/F), the staff could have paid more attention to generalizations and exceptions to rules.
• The second exam had a lot of grammar errors that compromised my understanding of what was being asked, to some degree. I am not a native speaker but even I could spot glaring mistakes. It could have definitely benefitted from some proofreading.
• It's a good thing that TAs don't give away the answers to tests or projects, but I don't think it's OK to forbid discussions past the due date. Two examples come to mind: after Exam 1, students weren't allowed to discuss the questions or even see which questions they had gotten right or wrong, unless through a private post. After the projects, no discussion on the solutions was allowed, under the justification that these solutions could be more prone to leak (and probably make the instructors to work on different versions of the projects in the next term).
• Projects were too easy. I finished all the coding parts on all the projects in about 1-4 hours. The writing took a lot longer since I had to make sure to track and cite everything thoroughly. Even if I knew the subject, I would spend time looking for sources just to add in there and avoid problems related to citations.
• Regarding citing, I believe it's a good thing to enforce but this class takes it a bit too far. I remember having read on Piazza a post where a TA was teaching how to cite a content that was discussed in the office hours or in the lectures. That's ridiculous.
• The extra credit (project 2.5) was poorly supervised. The TAs in charge of this project didn't answer many questions on Piazza and some questions in the instructions writeup were poorly formulated. For example, there was a question that literally asked "What is the meaning of the following parameters?", followed by a JSON containing the parameters. One day, I discovered that what the TAs wanted out of that was "Fill in the blanks below with the values that you used in your solution and explain why did you choose those values".

To finish, I'd like to publicly acknowledge one TA that I saw who was genuinely trying to help students: Fahim Suhka. There were other TAs, but most of them were only active partially, and this one was active throughout the entire semester.

This is my 3rd MS degree, each degree at a different, also highly rated institution. That being said, this was by far the worst class I have ever had the displeasure of taking. The professors never respond to you if you email, or reach out to them via Piazza inbox. Communication with the TAs were "strained" at best most (not all) are arrogant, condescending and take it as a personal affront if you ask them a question. Someone described them as narcissistic, and I'd have to agree. The only nice TA was the one that did the office hours for project 4 - he was very amiable and not confrontational or arrogant like the other TAs.

The TAs constantly complain about how much work they have to do and that there's over 800 students they need to take care of... which I find highly unprofessional and bad form to whine to your clientele about your clientele. If there are too many students in the program for GT to offer a modicum of decent customer service then perhaps GT needs to re-review how things are run. Students are being ignored/neglected here. The professors are basically absentee - I'm really wondering what they are getting paid for.

If you need help, you won't get help that is of any use - at least from a majority of the TAs - definitely none from the professors. Look to your classmates for help - they're the only ones available to help you, especially if you don't want to be made to feel like an idiot for daring to ask a question.

The major projects, that account for a majority of your grade - are on NOTHING that you are actually taught. Seriously. You're completely on your own. They don't show you how to do anything by way of examples - you have to figure that out on your own too...so you're basically teaching yourself - literally. The literature and links that they provide are of no help and sometimes broken links.

To offer a comparison - I found Harvard CS program to be a better value to GT. The classes are easier, they know HOW TO TEACH, they actually provide examples from which your understanding can grow, where you actually walk away feeling and knowing that you learned something.

As a side note: I have a classmate that mentioned that they were granted accommodations due to disability - which the professors/TAs ignored. Isn't this behavior illegal? She said that she wouldn't be coming back just to pay to teach herself - to which I also have to agree... I don't think I'll be coming back either. It's not worth it.

I didn't learn anything. This class was a horrifying experience and I'm seriously questioning how GT got such a high rating with absentee professors like this running their classes. I've always been a 4.00 CGPA student - even with difficult programs and classes. I've taken "brick and mortar" courses as well as online (mostly online), never experience the madness I experienced from this course. I don't mind hard work, what I mind is crappy classes that don't teach anything and having to pay a pretty penny for it. It really felt like my tuition was just robbed from me. If this were merchandise, I would immediately ask for a refund.

Interesting class with fun and challenging projects. The amount of time spent on the projects will depend on your experience. For example, one project is breaking into a website. If you work in web development, this will probably take only a few hours. If you don't have web experience it will take quite some time to tackle. Overall the TA team was great, but there were some mixed messages at times. Lots of us learned the hard way CITE YOUR SOURCES, err on the side of over citing.

Weekly quizzes are not hard, but you need to have the book since the answers are all details that come from the book. Exams are harder but fair.

Since there are only four projects, this class is not difficult to pair with another medium/easy workload class.

I took this as my first course in OMSCS. With no previous CS experience. I found this to be a fun and relatively easy course. Projects feel very real, and you get multiple submission attempts to make sure you pass all the tests. I mean, who doesn't enjoy finding vulnerabilities on a mock website? Or use math to crack passwords?

The exams are the worst part of the course. I've read that the course has gotten better at not making you memorize. For the midterm I skimmed over all the chapters and got a 78 on it. If you care about your grade you'll probably need to read all the chapters thoroughly... It really seems like I'm taking two different courses, one is the lectures/projects, and the other one is the book/exams. But they never overlap timewise, so I appreciated that. Overall a great course.

UPDATE:

I see some very negative reviews with very high weekly hours... I don't want to go the "ad hominem" route, but if you went to GT for undergrad or have any engineering degree you'll probably spend <10h/week in this course.

I'm surprised by the negative reviews. IMO this is a great introduction to security. I took this as my fifth course in the program and wish I had taken it earlier. Covers most of the bases of security, and coming out of the class you will know if you want to move forward with security.

As for the structure, the course has weekly quizzes, two tests, and four projects. The weekly quizzes are open book and easy. People seem to complain about the tests, but if you read and take notes on the textbook you will do fine. I didn't watch any lectures and had no problem. The projects I found quite interesting. You get to produce a buffer overflow, analyze some malware, break cryptography, and exploit a vulnerable web server. Good diversity and they can be time consuming, so do not save for the last weekend unless you want it to be stressful.

To sum up: it should be taken early in the program if you are interested in security. Projects are interesting and I learned a lot. Wish I had taken the course earlier.

Course which helps you start learning InfoSec - There are 4 projects in the course. Project 1 is all about buffer overflow. Download SEED labs material and practice them before you take this course. Project 2 is all about Malware analysis. Cuckoo sandbox reports. Go to hybrid analysis, and cuckoo sandbox online services and download the reports and analyze them before you take this course. App.any.run has valuable information to complete project 2. Quizzes are easy and 10% of the total grade. Don't miss the quizzes, I missed 4 of them by not marking on my calendar. Project 3 is all about cryptography, in particular RSA, if you know how to find factors for a given number, it will be easy to complete this project. Try python programs for calculating the private key given the public key or one of the p and q values. Decrypting and encrypting using RSA key in python. Project 4 is websecurity, go to portswigger.net and acunetix site and complete the free labs. This will help you complete the project 4 with ease, Project 4 is the hardest one if you don't know JavaScript and PHP. Portswigger.net and other learning resources can help you in this project. Exams are 30% of the total grade, study guides will help you concentrate on the topics. The VM for the projects is around 24 gb, don't wait till the deadline to start the project 2. Downloading the VM is in itself a big task than doing the projects. Overall, this course is a real introduction to information security, no complaints.

Overall

This is my 7th course in the program. Good course that I enjoyed. The negative reviews I think could be that usually this class is taken first in the program and people don't know what to expect with OMSCS, which I understand. However, this is also a good "Welcome to OMSCS" course. GaTech is a top CS institution so don't think that because this course is "introductory" or online that it will be treated like a "everyone gets a trophy" class. I do not know of any classes that the TA's are personal tutors. The TA's were helpful I thought. The nature of the homework is such that if a TA gave too much of a hint, they would solve the problem for you. This can be frustrating I'm sure, but also with some time researching it is not overly difficult to solve. The course is challenging but most, if not all, of the topics covered are easily researched online and you have a very generous amount of time to figure the projects out. The slack channel is unofficial and not guaranteed to be monitored by TA's but is the way I used for help/to help. Have a sense of humor and thick skin and this will make the semester a lot more fun. Colonel Kernel and Joe were a lot of fun on Slack. Fahim is great as well but I think he is more Piazza. A few resident moral boosters, mixed with sweetened condensed milk, were also a lot of fun. Use Piazza and do not use Slack if you like formal, straight shooting interaction.

Projects:

There were 4 projects, with the first two substantially easier than the last two. Do not be fooled.

1. Buffer Overflow. You need to know C but nothing too in depth.
2. Malware Analysis. Take time to get familiar with Cuckoo and this will make the project a lot easier.
3. Cryptography. This one was the hardest for me because I didn't have a strong math background. Python is important to know but so is the math. Read the book before starting this project.
4. Web Security. This was my favorite. Don't be scared of the PHP.

Exams:

I haven't taken the final yet, but the midterm wasn't overly difficult or unfair. They redid the midterm this semester I believe, so it was not a "memorize the book" kind of exam like previous semester reviews state. I didn't do the greatest on it but had a terrible study strategy (Went for the memorize option). Don't get too in the weeds studying and make sure you understand the topics they give in the study guide and revisit the projects.

Course Content

I thought the video's were relevant but high level, which isn't that what lectures are supposed to be? The book I started by reading it but found doing the questions at the end of each chapter made me retain/understand the topics better. I would read more if I felt the questions didn't give me enough depth.

Tl;dr

Great course for security. Slack is lots of fun. Don't be a stooge. Projects are challenging but plenty of time to figure out.

Seems like the people who did well have.a strong background in the course already. Either they have worked in the field or have mastered the prerequisites.

It's kind of interesting that such prerequisites are required considering it is an introductory course.

As most of the negative reviews state, the TAs are not as helpful as one may hope. A lot of students and TAs included are afraid of the academic honesty policy that is put in place and do not want to offer up too much information in fear of being written up. These TAs are super strict. Which population has a large mirror they can freely move around and place behind them for a test?

Lectures are mostly useless because it is a very high level overview of the book. Doesn't cover much but does have that one sentence that may be in a quiz that you can't find in the book. Also, you can find the lectures on Udemy. The professor is actually nowhere to be found as well. I guess they are more of volunteers and are ok with the dated lectures.

Projects are primarily done through your own research. The book doesn't describe much besides the theoretical aspect of each topic. There is a lot of contradicting information online so beware. TAs don't help you differentiate the correct info because it will give away answers.

Maybe I just took this course at a bad time..

The projects are very useful. The lectures are too long and boring. And there are too many concepts, which will all be covered in exams.

Watch out for plagiarism checks in this class on project 4. You must watch out for random letters and numbers, and remove that line of code. Believe me, it may look useful since the instructor put the random "secret value" letters and numbers in the website, but it's not needed. Mr. Lee's English is very hard to understand. His lectures are awful. Project 4 is extremely hard. The rest of the class is easy. All you'll learn is how to bypass paywalls on news websites by using the web browser inspector tools. Be prepared and heed my warnings. Take plagiarism seriously and review your own code-every single line before you go searching on the internet for help. The biggest lesson this class taught me was to take plagiarism very seriously and find the actual dictionary type sources, not just the code. Be wary, the documentation for javascript webdevelopment is non-existant. Javascript web development is completely alien to normal programming. The worst documentation I've every had to deal with. All they give you is a big fat text book, as if anyone has time for that AND answering the hard questions. You can read the whole text book and it won't help either. A lot of teachers and students do not take plagiarism seriously. Now would be the time if you're taking this course. Take that seriously.

Horrible. Horrible. Horrible. I would expect to learn something from taking a class, but you're totally on your own for this one. It doesn't makes sense to pay for a class when you aren't taught anything from it. Don't waste your money and take a different class if you can.

I really liked this course and could be an easy foundational course to start off. Be prepared to switch between a few programming languages viz. C and Python.
The only thing I didn't like was the video lectures at the later part of the course. I felt they were rushed and could have benefited from slightly better articulation. The monotone occasionally made me loose interest.

Although the course required a lot of time in order to be successful, I found the coursework to be really exciting. The grading can be a little tough, but overall the TAs were helpful. Expect to be challenged. The projects did require knowledge of C and Python, and one of the projects required lots of research into math-related problem solving. so please be aware of that before taking the course.

Do yourself a favor and do not take this class. It sucks, there is no help whatsoever from TAs, when I was stuck on project 1 and asked a TA for help his answer was basically yeah it's hard but you are on your own... Really? If that's what I have to do why do I have to be paying? For the title? I am in the program because I want to learn and I'd like to receive help I won't be able to learn everything by myself if that were the case I'd just use youtube and the internet no? I am so dissapointed. Again, read the first sentence please.

The head TA somehow became the instructor of this course as the registered instructor is gone in the wind. I really hate these type of no shit given instructorless course. And that TA is the most narcissistic instructors in the whole OMSCS course. Most of the useless replies seem like they are targeting you out of spite and you have somehow hurt their ego. The projects are the worst with no clear direction of grading. There are many problems which are highly subjective but you have to guess the only right answer. And don't bother watching the lectures as they are actually old and irrelevant.

I was a little hesitated to take this course due to some previous reviews. However, after taking this course, I think it is very worthy. The projects are very interesting and rewarding. Especially, project 3 and project 4 are awesome. Project 1 had a lot of writing, which may be a little boring for some people. However, the difficulty of all projects are acceptable and not extremely difficult. I had no prior CS background with very little programming experience. I watched python programming in coursera prior to this course and had no java script or HTML experience. And I feel it is hard but not extremely hard to deal with project 3 and project 4. You may need to do some research online and learn the necessary skill on the flyer. But if you can spend some time, it is very doable without any prior experience or knowledge. The exams are closed book and may require some memory. However, since all the questions are either true/false or multiple choice, the requirement for memory is not that bad. The scores given are very general. For this summer, they give some generous extra points for extra assignment which makes it fairly easy to get an A.

The project are awesome, the exams are okay and the lectures and Text Book are boring. In order to maintain a good grade, need to perform well in all projects and exams.

I was a bit hesitant to take this course since the reviews are largely mixed, but I am glad that I did. The course was well paced, even for a summer course, and never felt overwhelming. However, I think the determining factor in how you perceive the course is dependent on your background. If you have a CS degree and have been working in the field, you'll most likely be fine, but I can see how people without that background would struggle. I don't have an undergrad CS degree, but have been working in the field for about 5 years and found the projects to be manageable. Taking GIOS before this class helped with the first project, but even if I hadn't, the concepts are easily learned through some research.

The projects are pretty different from one another in the fact that they use some very different technologies, but I would say the depth of knowledge needed for each one is pretty shallow. Project 1 used C, but the real exercise was learning to use gdb to examine the program stack and registers. Project 4 was focused on web security, so you deal with web technologies like JavaScript and HTML. In order to be successful in the class, you're going to need to be willing to do research on the various technologies you need to use. The TAs provide some resources, but be prepared to look for things yourself.

The time it takes to complete a project is largely determined by your experience with that technology, but I think most were in the 10-15 hour range per project for me. Project 3 probably took the longest since it was focused on mathematical concepts, but it was also the most fun.

I found the TAs to be pretty helpful throughout the semester, and I think they get a lot of undeserved criticism. They drop hints, but don't expect them to spoon feed you the answers.

Overall, the projects were fun and I learned a lot, so I recommend the class.

The projects are awesome. They cover a wide range of topics from C to cracking RSA (my favorite) to HTML and are like solving a puzzle. A lot of people were complaining about not being spooned fed the answer or instructions... obviously have never worked in a software engineering role lol.

The exams are what keeps this class from being great. They are random verbatim snippets from the textbook. What?? I'm paying for this and I thought this was Georgia Tech. IMO they should just get rid of them and have another project or something. Incredibly obnoxious to study for.

This class is an absolute dumpster fire. The course materials and TAs don't provide the resources needed to learn and succeed in completing the projects. The instructors were entirely absent. I've never been more frustrated by a class. It needs to be blown up and completely redesigned.

This class is intense for non-programmers. Unfortunately it's a prerequisite course so it's mandatory. The first 2 projects are the easiest and you can easily get an A on each. The last 2 projects are the toughest so good luck! Each project is 15% of the final grade, quizzes are only 10% and the exams are 30%.

This is the last class I took as part of OMSCS and by far the worst. The quizzes and tests are taken straight from the book and mostly include questions that the lectures make no mention of. These questions sometimes include topics only from the latest edition of the book too, so you are forced to shell out whatever the cost of a textbook is. There is a ton of content in the lectures, but it is a waste of time to watch them and takes notes on them as they only vaguely help you with some project content.

The only time I ever required assistance from TAs was for the first project and they were completely useless. In retrospect, there were a number of hints they could have provided that helped me but did not give away the answer but they did not.

Grading is the worst of any class I have ever taken. Despite most parts of assignments being autogradeable, grades take weeks to get released. There is always a period of regrading where you grade is subject to change while other students point out all of the inconsistencies in how assignments are graded/argue correctly that the opinionated TA's answer is wrong. The quizzes, despite being just multiple choice Canvas quizzes, are also littered with errors and inconsistencies.

I have never been so frustrated with a course from the OMSCS program. While I learned some basic concepts about security, it was not worth it. Pick any other class. I have never reviewed a class before so please take this as a warning of how awful this class is.

This course was a good summer class. The workload is light if you stay on top of it. I read all the textbook chapters (dry and uninteresting) and watched all the lectures (a broad overview of the related textbook chapter). You can probably make it through the class without watching any of the lectures. The quizzes are true/false or multiple choice and derived from exact sentences from the textbook. I probably spent 10-15 minutes on each quiz. The exams are more difficult because it's closed book and covers a lot of disjoint material. I spent 1-2 hours each weekday reading/watching the material.

The projects require minimal googling and you don't need to know too much about C, Python, HTML, or Javascript. They were enjoyable! Most of the takeaways from the class came from the projects. I think the most code I wrote was Project 3 in Python but that was under 100 lines. The writeups are frustrating and the TAs require very specific answers and buzz words.

I found the TA's comments helpful. I never needed to post on Piazza but was able to glean hints from other student's questions. Start the projects early so you know what the ask is. As other students start and face roadblocks, you can revise your answers and learn the key google terms.

If you need to take a summer class for the credits, this one was exceptionally manageable (while working a full time job and planning a wedding). Otherwise, don't waste your time. The class was light and easy but I did not enjoy the content nor how it was presented.

This course introduces how stack overflow, malware, fishing work to endanger the security of account. As a non-CS background student, I feel these knowledge is impressive and interesting. Projects mostly requires python programming, some php. There are open book quizzes, which contains some tricky questions. Mid-term and final are not too difficult if you carefully revise all the ppt.

Overall: I'm happy I took this course because of what I learned from the book and the projects. The class is badly run, though. And I did not like the way I saw my fellow classmates treated.

Good things:

1. I learned a lot despite being a security conscious developer
2. I was forced to learn things that did not interest me and it was amazing
3. I was made my study on my own and adhere to a strict set of rules
4. There was at least one TA that helped everyone he saw: Fahim Sunka
5. The classmates were really nice

Bad things:

1. I never once saw the professor anywhere. The TAs ran this course, and ran it badly
2. The videos were mostly subsets of the book, and at a certain point I stopped watching them because the exam was just testing your memorization of the textbook
3. There were often typos in the quizzes, and at one point there was an obvious typo but instead of handling it like adults, the TAs let the class debate about it ad nauseam.
4. When something negative was said on Piazza, the TAs ignored it
5. If you played the teacher's pet, you would get additional help from the TAs. So that is what I did.
6. A lot of time, you didn't pay attention on Slack, the TAs would drop hints and delete them
7. If students asked questions like when the grades would come out, the TAs would take this as an opportunity to poke fun at them.

Projects:

1. This will take a lot of time if you haven't worked with C
2. This is easy and frankly weird that it is a project, or that I have to use Virtual Box.
3. This is a lot of fun
4. This is the most fun.

I don't like the fact that all these projects use Virtual Box. Students could run these projects much faster and easily with Docker but it's likely that the TA that created these is no longer working on the course, or not interested in recreating them.

Completely no quality control. Lecture is really boring and book is painful to read. You rely 100 percent on yourself and google. TA's comments for deduction in project are somtimes ridiculous wrong. (my answer was eaxactly the same as TA comments but he just took all the points! I have to regrade and argue for my harworking scores) It is just a waster of money, time, and effort.

Absolutely horrible. I'm shocked this is a Georgia Tech class...would have thought there would be some sort of content and quality control performed before putting this out. It's outdated, the delivery is bad, projects are painful, and TAs are not helpful. Seems like maybe it was better in previous semesters which is disappointing. Sad that I took this class when I didn't have to.

I came into this class excited and feeling optimistic, but I honestly felt let down by how out-of-date the labs were.

The heavy use of virtual boxes inside of virtual boxes felt like it was giving my computer cancer and would frequently take 1-2 hours just to set up the environment. Suggestions to improve the environment went without response from the faculty, so I have no reason to believe it will get better.

Then, the environment that would be set up would typically contain project files that hadn't been touched or updated since 2014-2016 and frequently rely deprecated versions of software or languages (i.e. Python 2 or Chrome 66 vs 80)

I got an A, but I don't feel like I learned a great deal of useful information for the present day.

Dry and boring lectures. This class is completely lifeless. Assignments are the only cool thing about the course. It is easy, however the exams can have gotchas that can be frustrating. I ended up with an A.

This class was honestly a letdown. I really disliked the recorded lectures and the textbook was so painful to read. The projects were okay but it was impossible to get help from TAs. Was really excited to take this class but it ended up not meeting expectations.

This was my first course and I think it was a good way to dip my toes in the water. Relatively easy, but important, foundational, and sometimes interesting information.

Pro: -100% participation is not required if you have an IT or Security background. I skipped the lecture videos and was able to get by skimming the lecture notes and book. You will want to save as much time for the projects as you can. Piazza was sufficient to communicate with the TAs. Slack and BlueJeans are optional. -All projects allow for you to request a regrade. You will need to use this.

Con: -There are ~900 students in this class. It’s run by a team of TAs and the instructors are barely involved. -The exams are “proctored”. This means that you are required to install invasive spyware on a PC to take the exams. -Exams and quizzes do not evaluate your understanding of concepts. Instead, questions appear to be arbitrary lines copy/pasted from the text with a few words changed to test your memorization. -These mangled statements used to create the exams and quizzes result in a lot of errors that have to corrected after the fact by the TAs when the students complain. -Project instructions are not clear and contain errors. You will have to get clarification from the TAs and/or wait for updated instructions to be released. -Project grades take forever to be returned. -Project grading is sloppy and very opinionated. If a rubric is given, it is very vague. TAs will deduct points for items not required by the instructions or will skip parts of your answer and deduct points for missing the items they skipped over. Expect to submit a Regrade Request for every project you submit. -The prerequisites state “CS6035 assumes classical computer science (CS) background, preferably from an accredited undergraduate CS program.” The lecture videos will refer to concepts that you should have learned in your CS undergrad. However, this is a required class for several graduate majors outside of the OMCS program (like me). This places those students at a considerable disadvantage. If you do not have the intuition to understand new programming languages and write functional code from a few hours of research, you will have a hard time. The time commitment would have been a lot shorter if I didn’t have to teach myself new programming languages before the projects (C, x86 Assembly, Python, Javascript, PHP).

In general, the subject matter of this class should make it an easy class as the “Intro” title implies. However, the quality of delivery is so poor that most of the time commitment and “rigor” is spent trying work around the Cons listed above. I had to fight for every grade, but was able to pass with an A.

CS courses like ML and RL required much more abstract understanding and application of concepts, whereas this course was much more straight forward memorization (from the book and lectures).

The staff was great (especially in the time of COVID-19) by being responsive and flexible with timelines (pushing most deadlines back a week).

Overall, I enjoyed this class. While the lectures and readings weren't my favorite, they were generally clear. There were clear sections to each of the modules, and the study guides online made studying for the quizzes and exams really easy. I really enjoyed the projects though. Each one provided some concrete examples of different pieces of information security. Generally, they were well thought out and the TAs would answer questions as best as they could without giving away answers.

As far as negatives go, there were only a couple. The lectures and projects are only tangentially related to one another. Both cover topics in information security, but it would be nice to have a few lectures that went over the topics covered in the projects. I understand that the point of the projects is to research on your own, but I believe it would be valuable to cover some of the general concepts in advance of the project. Also, there were a couple of times that the instructions were unclear, but the TAs were really good about providing clarification along the way.

The class wasn't easy by any stretch, but it was rewarding.

This course provides a good overview on the information security. You can read all of the information in the text book. But the lectures highlight all importance and current trends of security that you need to know. The best of all were the projects which provides the useful and practical knowledge on information security.

The projects did consume some of my time (but not as much as the AI class). You need to be serious and thoroughly do the projects to gain the good practical knowledge since they worth 60% of the final grade. All quizzes were open book and worth 10%. But the two exams were close book and worth 15% each. I believe that instructor/TA would provide bonus projects (5% for this semester) if the class average is low. I did not spend much time to study for quizzes and exams. Most of my time was on watching lectures to get a general overview on the topics and work on projects (a lot of Google search). Also recommend to utilize the web page, omscs-notes.com, to make it simple to study for exams.

I might have few disagreement with the way of project descriptions and grading. I can say that some project descriptions were not lined up well with the mind set of the learners since the descriptions were written by the experts who knew the subject inside out. Most of the time, I had to rely on the discussion of the piazza to find a correct way to answer the project questions. I do agree most of point deductions on my projects make a lot of sense in practice, but the project description do not reflect well that emphasis. It was lucky for me that those deductions was trivial, but I sympathized to other students who consciously worry about their grade. Improvement on wording of quizzes, exams, and project description along with clear and consistent rubric for grading is needed to make this course more pleasant.

Overall, this course provides useful and practical knowledge on information security that we need to know when working in the computer field.

Seems to be a consensus among the reviews here...problem TAs, absent instructors, bad coursework, problems with projects...was a constant headache. Take a different class if you can.

Avoid this course. Incoherent curriculum development and disrespectful behavior. Grievance reconciliation process is immature and subjective.

I'd recommend avoiding this class. Textbook is boring and lectures are just bad, and you're entirely on your own for projects. The class doesn't teach you anything to help with projects. TAs are either willing to help (very few of them) or entirely unhelpful with questions. Was not worth the frustration and I didn't learn much.

This class was fun. A fair amount of work if you want to get the most of it and do all the readings. The first project can be a little tough if you do not have a great grasp of C and how the stack and heap work. There was a lot of drama with the students and TAs during my semester, but I liked the course and the projects were fun. It was fun to take the role of hacker in the projects.

The projects and exams contain lots of errors. Obviously, NO TAs checked them before making them public. Zero quality control. TAs don't understand what students are actually seeing in this particular semester. Therefore, they can't answer the students' questions properly.

TA Chris Taylor is professional enough on Piazza. However, his alter ego "The Kernel" on Slack has a different personality who treats students a bunch of whiners. The office-hour channel is full of non-stop irrelevant chatting between The Kernel and his entourages with emojis and memes. This is where TAs mock students with laugh-cry emojis.

The projects are not clearly instructed and worded. Students have to ask questions on Piazza and Slack repeatedly for clearer definitions and have to spend lots of their important hours to solve riddles rather than learning new stuff. TAs blame students for this, when there are issues on their quality control and unnecessary obscured course materials.

Unfortunately, this course is a "Let's-find-hints-that-TAs-drop-time-to-time-on-Piazza-and-Slack" course, not a proper CS course.

The level of difficulty a student will have in this class is heavily influenced by your professional experience. If you are an experienced software engineer then you will not struggle as much with the programming aspects of this class but if you are not then you could have problems. That said this was a very enjoyable course and I learned a lot. This is what grad school should be. The TA's were great so when you see people complaining about them just know that their complaints are HIGHLY subjective. The TA's were very fair and their goal was for students to do well by actually putting in the work. The slack channel was great and served as a great platform to learn and to interact with your fellow students. Do not take this class thinking that it is an easy A or that you won't have to do much. Overall it's a great course. I would definitely recommend it. Also, the hate for the head T.A. is ridiculous. I can see certain types of people not being a fan of his but he's really a good guy and is one of the better T.A's I've had. He is very accessible and was on slack all the time helping students. People can have their own opinions but remember that they are just opinions and not facts.

Never interacted with a professor. Wasn’t an issue because there was always a TA available in Slack. Slack, Slack, Slack! TAs are wonderful and patient in my experience. Enjoyed all of their help and comments greatly, especially “The Kernel,” Fahim Sunka and Csims. I found the head TA Chris Taylor just fine to get along with. People complain about him being unprofessional and etc., but really, I appreciate direct conversations. Never found him or any of the other TAs offensive or unprofessional.

Unless you think posting memes is offensive and unprofessional -- in which case, you must be a Karen and are likely pupset 24/7.

I wouldn’t recommend this course to someone in a manager/director/upper-level position who hasn’t coded in a while (because the projects require programming and make up a large portion of the grade).

I would strongly recommend it to someone who is in the trenches at work and loves fixing things and figuring out stuff on their own. The projects were super fun to work through and I learned a lot from them.

An example of whether or not this is the class for you… there was one point where I was stuck on something in a project and I pinged a TA. I told them what I had done, what I think should be done and where I think it all needs to go from there once I figure it out. The TA didn’t give me any hints or answers, but simply said, “Sounds like you’re on a good path.” And that was it -- that’s all I needed. If you are someone who would need more to go on (like if you needed to be told which direction to go vs. getting validation you were on it), then don’t take this class. The projects will wreck you.

As for hours per week, the first project took a good 30-40hrs to get it done well and get it done correctly. Be prepared and ready to lose some evenings and a couple weekends to Project 1. After that, I had a relatively easier time in the course and spent more like 6-10hrs max per project. Based on this, I’m averaging it out to 8hrs a week. Should also note that I have no CS-background but 10+ years experience in software engineering and development. I found the class overall to be easy for my skill set.

DO NOT TAKE THIS COURSE IF YOU WANT TO LEARN. Take CS6238 instead. The material during the first half is identical - the second half of the course does diverge a bit, but if you are looking for general security background CS6238 will serve you well.

Exams and quiz content is terrible - the method appears to be "Find a sentence from the textbook and change a few words around" so you end up with a lot of questions which aren't really testing on content. (They end up test things like acronyms, memorizing the headers in the text appeared). There were many errors on many of the quizzes and final exam. The TAs gave some points back on some but not all of the errors.

Projects were not very useful and graded extremely poorly. There is no rubric so you really don't know what to include in the write up and can end up with a poor grade due to that.

The TAs are extremely unprofessional on slack but do seem to want to help.

Let me preface my review for those who are attacking the legitimacy of others who are identifying actual issues this class has by saying that I am happy with the grade I received, I was actively engaged on Slack and Piazza, and I started every project within two days of its release. I have been through nearly 20 years of education and am a cybersecurity director with a laundry list of certifications. This class is by far the worst attempt at education I have ever experienced.

Roughly half of all recent reviews of this course are negative in nature because there are legitimate problems. The class does not teach you anything to help complete the projects which make up a majority of your grade and pairs that with a prevalent culture of TAs that assume students aren’t genuinely trying and therefore resist providing any form of meaningful assistance to them. The biggest flaw is that student learning is not central to how this class was designed and is currently run.

Breakdown of the class:

• Quizzes: 10% of the grade. These were open-book and easy to complete if you know how to use Ctrl+F. There were a handful of grading errors, although TAs would issue points back for them. The quizzes were generally unremarkable.

• Tests: 30% of the grade. Two exams; the second was non-cumulative. I found the tests to be pretty fair and easy, but they had enough trickery that the first exam average was only 79%, and the second was only 75%.

• Projects: 60% of the grade. The projects are what made this class incredibly disappointing. I walked away from the class frustrated because of the lack of instruction surrounding concepts that were necessary to complete the projects, the superfluous trickery that was inserted into projects, and most TAs being entirely unhelpful in assisting students in making any progress on the assignments. Occasionally you could find a reasonable TA that passed on resources in DMs and basically said “don’t tell anyone I gave you this link” acting like they were committing a capital offense or something. I appreciate the minority of TAs that did try to help students and seem to be acting against the broader TA culture. However, the general TA response to students asking questions was to not provide assistance and say something along the lines of “this is a graduate program, we aren’t going to hold your hand.” Apparently providing any level of instruction is considered “hand holding” in this class. My argument against this prevalent “graduate program” attitude is that I already hold a master’s degree from a program ranked #1 in its field and the instructors there recognized that students were paying hard-earned money to receive instruction and gain skills and knowledge they previously didn’t have. Instead, this class felt like paying $1200 to Georgia Tech for the grand opportunity to endlessly Google things that weren’t even tangentially related to the provided course content in order to complete the projects.

• Project 1: Stack overflow exploits. This used gdb and examination of C programming to create a buffer overflow. However, the instructors had to put a “trick” into the buffer overflow exploit to prevent it from working unless you could figure out the cryptic meaning behind “having the wrong address” in the exploit. While I was ultimately able to figure this out and received 100% on my code, I found this “trick” to be incredibly unfair, a total waste of several hours of my life, and in no way did it advance my understanding of buffer overflows or the stack. This seems to be an arbitrary barrier that was placed into the project to “prevent cheating,” also known as doing research on Google about performing buffer overflows since you would in no way be able to perform one based on the course instruction provided.

• Project 2: Malware analysis. This involved a course-provided VM and examination of malware using Cuckoo Sandbox. I found this to be an easy assignment; however, there didn’t seem to be any learning outcomes from the project. If you don’t have a background in malware analysis, you likely didn’t understand what you were looking for or why the pieces of information you were being asked to look for were significant, as again, no relevant instruction about what you were doing was provided in the course content.

• Project 3: Cryptography. This project was insufferable and yet another instance of lack of relevant instruction related to the project. You were entirely on your own for figuring out which algorithms to use and understanding the complex math behind the algorithms for explanations in your write-ups. You couldn’t even mention a specific algorithm in Slack or Canvas, because, “cheating.” I was able to figure out all the coding, but it took 40+ hours for this project. Again, Google is your instructor because the course fails to provide information that will help you complete the assignment. I got 100% on the coding but walked away incredibly frustrated and disappointed that I and other students were left hung out to dry for the project.

• Project 4: Web exploits. This project has you code in HTML and JavaScript to exploit a highly vulnerable webpage. Any “help” provided by the TAs was effectively “why don’t you Google ‘JavaScript.’” Real helpful. Again, you’re on your own to figure everything out because the TAs won’t assist in the learning process and students aren’t provided with adequate resources to accomplish the project objectives. If a student can’t identify why something isn’t working on their own and reaches out to a TA, the response is effectively “too bad, we were on our own to figure this out when we took this class.” One TA’s actual words in the Slack channel: “when people message me they spent x hours, and then I remember I spent 10 days on Task 2 alone hoping for magical help but of course it was all up to me.” TAs having received a poor educational experience in this class in prior semesters does not justify providing poor educational experiences to current students. Instead, it should motivate TAs and instructors to improve upon the educational experience. I simply don’t understand the cultural resistance to helping students, or more fundamentally, not teaching anything that is relevant to the projects. Students are here to learn, we’ve paid good money to learn, the vast majority of us are putting in the effort to learn, and when we hit a wall and spend hours or days spinning our wheels because we haven’t been provided with adequate resources to complete the projects, the TAs refuse to assist in the learning process. And if a student never figures out some component of the project they were supposed to magically “learn” entirely on their own? You’ll never know what you were missing and consequently never learn what you were “supposed to” because project solutions aren’t provided due to irrational paranoia about cheating in next semesters. This is simply a poor attempt at education without student learning being the ultimate objective.

• Extra Credit (5%) : Malware Analysis Machine Learning. This was yet another black hole project with no relevant instruction or resources. It involved using a machine learning tool to classify malware samples by modifying a machine learning configuration file. I spent at least six hours on this project and got nowhere. I decided the frustration wasn’t worth it—it was yet another project with no helpful instruction and probably wouldn’t result in productive learning outcomes, just like the other projects.

Other problems:

TA grading was sloppy, at best. I had to request regrades on multiple projects due to grading errors made by the TAs, each of which impacted my grade for the assignments by an entire letter. Grades also took forever to get back, often 3+ weeks, because “cheating.” Even for things that were auto graded, it took weeks to get assignments back. It’s hard to know where you stand in the class when its feedback mechanism of grades is so delayed.

The head TA Chris Taylor is an embarrassment. He was incredibly unprofessional on Slack, often replying to legitimate questions in a condescending fashion and openly complaining about students. I get that with a class size so big there are going to be problem students. I was a graduate assistant in my previous master’s program and have dealt with my fair share of them. However, airing dirty laundry on the public Slack channel is unnecessary and just unprofessional. Chris’s superiority complex and unhelpful attitude towards students seems to have created a negative culture among the other TAs, with those who are willing to provide meaningful help to students being in the minority.

I am truly disappointed in this course. My entire motivation in starting a master’s program and paying out of pocket for it is to gain new skills that I previously did not have. Unfortunately, this class is clearly not centered around student learning. It does not provide students with new skills or teach you anything. Instead, you are on our own spending endless hours on Google trying to fish for the right piece of obscure information you need to figure things out for yourself. I am questioning why I paid $1200 to take this course because the actual information and skillset I gained was self-taught from resources found on Google, not from Georgia Tech. Had I wanted to teach myself these concepts, I would not have signed up and paid for an allegedly structured master’s program. I will also never know what I was “supposed to” learn on parts of the projects I got wrong or was not able to complete because of the ridiculous paranoia this class has with cheating. Thanks for not teaching concepts for the projects, and then not allowing us to learn how the projects are successfully completed when we can’t figure them out due to lack of provided resources. It’s a disservice to students that this class was clearly not designed with student learning in mind, which is usually the entire point of a university-level course. Again, I’d like to point to my previous master’s degree as an example of how quality educational experiences work: students pay tuition in exchange for instruction in order to gain new skills and abilities they previously did not have. That is simply not the case with this class, and I am disappointed in the instructors, TAs, and the institution of Georgia Tech for failing to provide positive educational outcomes to students who have taken this course.

Overall a good introductory course to infosec.

Lectures: The first set were good, the second set were very dry and boring. I eventually stopped watching them and just read the book.

Quizzes: There are weekly quizzes on the lecture/reading material that are open book/note. They can be done without watching the lectures/readings and just searching the textbook (as I did on more than one occasion) but if you have done them, the quizzes can take less than 5 minutes each.

Projects: The projects throughout this course were very useful and provided a good lesson on why we program certain ways and what we should be thinking about to prevent attacks.

Project 1 was about stack overflow attacks. The project itself was very easy if you have some understanding of C and how a stack/heap structure looks like in a program context. From Piazza, it seemed like there were two groups of people - one group finished the project in an afternoon, the other took weeks.

Project 2 was running and analyzing malware in a sandbox environment, probably the least interesting and most tedious project of the course.

Project 3 was around cryptography and RSA encryption attacks. This project took some time as I had to learn math that I have never been exposed to before.

Project 4 was difficult and I wasn't able to finish in time (due to reasons unrelated to the course). It is mostly focused on html/javascript attacks on unsecured websites.

Exams: Difficult and somewhat annoying. The first exam was much better than the second. They are more or less the quizzes but no open note/book so you need to memorize a lot of random facts. I got an A on the first with minimal studying but the second exam asked a lot more specific questions so my guess is my grade is a lot lower than the first.

There seems to be a lot of hate for this class that is unwarranted in my opinion. The material is broad and encompasses a lot of different topics so naturally there is a lot to learn and most of it can be done by simply reading the textbook. The TA's do their best but most of the time, people ask the same question over and over which often was put directly in the instructions or the sticky posts. Example: the number of times people have asked about when final grades and if there will be a curve this week is probably in the dozens, despite there having been explicit posts from the TA's throughout the entire semester stating the same thing every time. I've never seen this level of complaining/repeat questions in any of the 6 other classes I've taken and I really don't understand why it happens so often here.

So there's a lot of hate going toward the Head TA, but I feel like it's unwarranted. All you had to do to get help from any of the TAs was talk to them like human beings not answer machines. I spoke with at least 5 TAs during the projects and got plenty of hints.

I agree with a below post that a lot of hints should have just been included in the project, because there was no hope sometimes of getting the answer without the hints. However, I don't think that treating the TAs like a hint button is the right answer. I always explained where I was on the project, what I was struggling to understand, and they would help.

The lectures were pretty dull, I didn't even watch most of them at a certain point I just went to the slides/notes page and read through it rather than suffer through the monotone.

The quizzes were copypasta from the lectures and book.

The 2 exams were difficult but not crazy.

The projects like I said above, were hard especially without hints. My only gripe in fact with the entire class is that the fact that the projects were disconnected from the material. There was no natural buildup in the lectures where you learn about something, maybe try it out a bit, then have a project where you do it with one or two extra steps or twists.

Solid first course for me overall, I took it alongside CS6262 while having a full time job, and did well in both. Workload was manageable.

Pros: The TA's were outstanding, the instructor content and contribution was good. The class was flexible due to the TA/instructor engagement during a challenging environment. I ended up learning a ton of useful information that I have used at my current job.

Cons: Probably more due to my background - The start of projects was very difficult for me and led to the high amount of hours listed. I really just struggled in understanding some basic system concepts while jumping into some of the different programming languages covered. They had warm up questions on project 4 that alleviated this immensely and I hope they use and extend that idea elsewhere in the course.

General comment I have a limited programming background and struggled immensely in this course. I put in the equivalent hours needed to pass the CFA level 1 & 2 and did not get a high grade (and am very worried about what this means for student course grade requirements as a new student). I think the most helpful feedback I can say is students should start the projects as soon as they are released despite their work and personal life situation if possible.

Pros

The course covers reasonable amount of material for tests. The lectures are decent. The assignments are well balanced.

Cons

The instructor is MIA. Disappointing in of itself but it's even a bigger deal since the head TA is full of himself. Struggling with project? You'll have to ask him for hints "privately". Even though the assignments are not hard, they turn out to be so because of critical information being left out. So instead of making these "hints" which are basically pieces of information that were left out available to the public, we have to put up with his useless banter on slack to pry them out of him. Seriously TA dude, get a life.

If you're in the policy track and have limited programming experience, good luck. You'll need it as you're hopping over the fence into the computer science world for a brief period of time. The guidance about starting projects as early as possible is completely accurate and is my best piece of advice to students taking this class. If you start them too late, you're going to have a very bad time.

The TAs are firm, but fair. They need to be given the class size is in the hundreds and Piazza quickly gets inundated with duplicate questions, simple questions without individuals doing basic research, and even back and forth bickering between students. If you show a legitimate effort, however, they are more than willing to assist.

I'm giving this course a "meh". Background - I’m in the infosec path of OMSCyber. No strong programming background, but I do a bit of scripting here and there.

The instruction in this course is basically 0, and you are required to learn everything from google/stackoverflow etc.. I'm not a fan of the micro-lecture format and I took very little out of the lectures. The book is dry and tough to read, but there is some good, in-depth content.

The professors are non-existent and the course is run entirely by TAs. TAs could be fairly standoffish and I didn't feel like I ever received useful feedback. To be fair, there are 700 students in the class and people keep posting the same questions without looking if it had been asked before. Regardless, if I'm paying for education, I should be able to get input from the instructors.

Quizzes: As others have said, basically ctrl+f the lecture slides/book or use google. The questions feel like trivia and I really questioned the accuracy of some of the answers.

Exams: Basically, the same format as the quizzes but closed book. In the final, there were 3 questions that were incorrect so the whole class was given credit. I'm fine with the credit boost, but the tests are only 34 questions, and this is a grad program. When roughly 10% of the exam is broken, it makes you feel like the TAs and professors don't care about quality control.

Projects: Overall pretty good. The course content doesn't prepare you for any of it so be prepared to self-teach yourself through 60% of your grade. Whenever someone had a somewhat basic question, the TAs would reply "This is a graduate program, you should know this already" or "Google it". I get that it is a graduate program, but everyone has different backgrounds. In project 4 I'd been working on a problem for like 10 hours and made little headway. I was frustrated with the google response.

Project 1: Buffer overflow. I really liked this project but was having a hard time adjusting my life back to schooling mode, so I think that I could have received a better grade if I hadn't been out of school for a few years.

Project 2: Malware Analysis. Ok project. Super easy, didn't learn much.

Project 2.5: (extra credit) - I learned a lot and really enjoyed it. Basically, making your own AV malware classification using ML.

Project 3: Cryptography. Kicked my ass. I probably dropped a whole grade letter because of this. I was struggling to implement some of the math algorithms in python.

Project 4: Web Security. I loved this and learned a ton. They give you a vulnerable web page and you try to exploit various XSS/sqli.

I'm giving this 20 hours/week because of the projects. Usually it is less, but I easily put 20+ hours into each project.

This course is worth every penny!

This is the first time I can say I learned and retained so much from a course. The course is challenging and time consuming. The projects force you to learn the material and actually problem solve instead of googling the answer. The TAs were extremely helpful and active via the slack channel and piazza. I would recommend this class to anyone interested in cyber security. Great course!

Easyish class to pair with something hard with. The projects are stimulating, lecture content is very summary level. Not a must-take course

Well, I just want to debunk the debunk comment below, who obvious is a TA or has some insight of the class.

First, the TAs have zero respects to the students. I am surprised the head TA still has his job due to all the things he posted on Slack. But hey, it’s GaTech, it’s not like they care about the students anyway. But just beware. BTW, the TA has told students to drop the class if they don’t like it. So professional.

Next, about question. There are many duplicated questions on piazza because the TAs will not answer questions. Also, if you ask anything on Slack, the TA will expect you to go through about 400 messages to find the answer, instead of just answer you, which is stupid. I am not sure on how the student below knows that most people did not do the 5% extra credit project, as the grade is not yet released nor has the TAs made a comment on how many students actually did it. But if you are a TA, then you will know.

Talk about the project, they are barely class material related. Many questions on project 1 and 4 does not related to this class at all. Project 1 is basically a project for an embedded class and 4 is basically a web development class, instead of a security class. Oh, did I mention that the TAs will not post solutions for the project, so you have no idea what you did wrong in the project?

Talk about the test. Do you remember the history course that we all hate from freshmen year? Yeah, the one that we basically have to memorize the whole textbook and hope that we did not miss any information. That’s this course here. The difference is that the materials for this course is way more boring than the history book and way easier to google.

Overall: RUN, DO NOT TAKE THIS COURSE IF YOU DO NOT HAVE TO. IT SUCKS. JK. But honestly, if I can redo the past few month, I will never take this course.

Let me debunk some of the false claims made in some of these reviews. OMSCentral reviews, like any reviews, should be taken with a grain of salt.

First, this class was made mandatory for OCY students, many of whom do not have the prerequisite background for the course. That’s ultimately the fault of program administrators, but the TAs bore the resulting backlash from those students. The solution is to design degree requirements in such a way that makes sense for students’ backgrounds, not to water down the class (as some would like).

Second, there was an incredible amount of entitlement by some students. Some examples:

• Due to the pandemic, we were given 1-week extensions on both Projects 3 and 4. That wasn’t enough for some, who still found reasons to complain about the projects.
• We were also given a 5% extra credit project. There were students who just wanted the extra credit without working on it, or additionally for the class to be curved (despite the syllabus saying upfront that there would be no curve).
• Countless duplicate or nonsense questions by students who couldn’t be bothered to search Piazza/Slack or read the project write-up before asking
• Complaints about delays in getting grades back, despite the TAs repeatedly saying there were students who had project/quiz extensions for medical/other reasons. Can’t really release grades until everyone has submitted.
• Students who clearly put very little effort into the projects but expected TAs to spoon-feed them the answers

Just because TAs didn’t kowtow to unreasonable demands and whiny, entitled students, doesn’t make them “mean” or “unprofessional” or “obnoxious”.

PROJECTS - overall, I enjoyed them a lot. They’re not perfect - Project 1 hinged too much on your having a single moment of insight, that if you didn’t have, would significantly decrease your grade. Project 2 had a fair number of ambiguous questions, but this project is likely getting overhauled. The write-ups weren’t perfect either, but the level of outrage in some of these reviews is ridiculous.

QUIZZES - intended to get students to keep up with the lectures/reading, but not super helpful in that regard as you could easily Ctrl-F the textbook to answer. Some poorly-worded questions and lots of “trivia” type questions in general. These definitely need to be revamped.

EXAMS - similar to quizzes, but with better-worded questions. Multiple choice and true/false questions don’t really belong in a graduate program either.

TEXTBOOK - a chore to read, but necessary in order to do well on the exams. I would definitely prefer a textbook focused a lot more on practical attacks and less on RFCs, standards, acronyms, and vocabulary.

Overall: this is a solid class. It’s by no means perfect, but many of the reviews on here were clearly written by disgruntled students with a bone to pick. Contrary to another review, the concepts are very much relevant today (search the CVE database if you don’t believe me). The quizzes/exams could be written better, and the class is in need of a better textbook that’s more aligned with the projects, but I learned a ton.

Overall a fantastic consolidation of various topics in Security. excellent course to start with. TAs are quite helpful and very responsive.

There's a variety of reviews here that say the class is easy, but that's not the experience for some. If you don't have the prerequisites, you are in for a hard ride. There's a lot of learning to be had in the projects. You'll be exposed to C, gdb, malware, machine learning, Python, cryptography, HTML, Javascript, PHP. If you don't already have some webdev experience, Project 4 can be a real challenge. If you've never touched architecture, C or the gdb debugger, Project 1 will be a hard ride.

Part of the challenge, yes the projects do not require much coding, but what coding and problem solving you have to do is often based on "aha moments" after hours of grueling study. For many students on Slack, there were extreme emotional highs and lows during the projects.

I rated the class "Very Hard" not so much because it was so hard for me but to offset the "Easy" reviews. There are plenty of people without a proper CS background (esp from the OCY program) who may not be prepared for what others call an easy class.

Now, there is (and hopefully will continue to be) a very active Slack channel where a lot of students bounce ideas off each other. There's also a very fine line between what is acceptable to say in helping others, and what's not acceptable. Don't take the complaints about the TAs seriously, in my semester there were 20 Slack office hours every week and plenty of TA participation outside their office hours.

I'd have to especially call out Fahim, "Robo Cop", The Kernel and Augustinius and others I am forgetting for being very active on Slack outside their office hours. The TAs, especially The Kernel, get a bad rap from some disgruntled students. THIS IS GRAD SCHOOL. No one is gonna hold your hand while you earn a CS degree from a top 10 CS program! If you post too much info your post is gonna get zapped faster than you can imagine.

In summary, if you don't have a solid CS / Algorithms background, don't take this because you think it's gonna be an easy class -- it won't be!

Having taken a lot of classes in this program, this is easily the most garbage class in the entire program in my opinion (I have really enjoyed most of my other classes). Instructors are practically useless, other then for giving empty, sometimes unprofessional, answers to any questions, and taking forever to provide highly subjective grading on poorly written assignments. Even the autograded assignments and quizzes, take unreasonably long to release scores for sometimes lol. I mean this is a course in a graduate CS program, you'd think the course organizers would have the technical skills to improve the process smh. Not much coding/critical thinking/problem solving, (my favorite part of CS), required for pretty much all of the assignments, its a lot of fluff writing to simplistic questions, which they expect formal citations for because a unreasonably paranoid fear of cheating.

Its expected one needs to learn pretty much all of the information needed for the assignments from outside sources, and close to zero discussion is allowed even about the knowledge needed to complete the assignments, or even potentially where to go to find the knowledge. There's a difference between being not holding some one's hand, and straight up not teaching.

Browsing the course's Piazza thread its easy to see many students' questions receive empty answers.

Sure's it an easy class, if you enjoy writing fluff, but it isn't worth the headache, plenty of outside sources to learn about security. (which I think is a really interesting subject)

Lectures are boring, and exams/quizzes are just copied from the textbook.

CS-6035 is my first class at GaTech and for the record, I am not failing the class, so consider this as my input and opinion without any other bias.

I am a C level IT executive with over 30 years of experience and have degrees from 2 other universities. I enrolled in GaTech with the expectation to enhance my knowledge. After all, I have worked on Burroughs B700 systems, IBM System , 32 36, 3090, DataPoint, Wang and so on. You can say I have “some” knowledge around infrastructure, application development, security as I hold 7 active Microsoft certifications, cloud certified in VMware (since version 3 to 6.7) , Azure, EMC Storage (from Clariion to VNX’s) , and over 18 years of experience with SAP. So… was really looking forward to learning something new.

To my surprise, the material in this class is over 20 years old and mostly irrelevant for today’s world. It does cover general aspects, but zero real applicable knowledge you can take back to work and enhance your career or apply your gained knowledge.

There is no teaching at all, instead you watch pre-recorded videos on professors reading a script and PowerPoints with cartoon animations provided by the book publisher. They are not eloquent and most importantly, they are not engaging. They are so boring that most comments among students is to speed them up as otherwise you fall as sleep.

With so many students registering, It is clear to me that OMS has become the cash cow for GaTech and has small to no Academic oversight as it is running by a bunch of TA’s bulling everyone to their hearts content.

I was extremely surprised and disappointed to see the head TA write in Slack “So begins the procrastinators calling for help. Everyone feel free to point them to piazza or to search the channels”. This would have been considered grounds for immediate dismissal of employment in any of the companies I have worked, and shows how little customer focus attention exist regardless if they are late.

Most project assignments and instructions have errors and you spend a bit of time just getting clarification as they are so baldly written. On Project 4 for instance, they ask how to fix PHP to eliminate bad coding and SQL injections. While I agree with the concept, they are not teaching you PHP, JavaScript etc, but are grading you on it.

It takes years of experience to become proficient in web development and technology is not one size fits all, it is deep, and specific. You don’t go to your dentist to get your heart checked, you should not ask students to fix code and grade them on how good they are at it unless you take ownership of teaching them the correct habits and proper coding methods.

Instead, what you got is everyone struggling and google solutions they don’t even know are correct, but there you go. You can pass the class without a clue of what you are doing or learning anything new. You really want to stop cheating and plagiarism? Then teach a class worth attending, mentor and nurture people mind, and inspire them.

Anyone can read a book at home or watch silly videos, but that is not teaching my friends. Just knowing how to program in C does not make you a Professor, teacher or TA and if you clearly don’t care about your audience, then for sure you should never be in that position.

If you read the comments in OMSCentral, something is clearly wrong. It is a shame nobody at the University cares.

Really considering going elsewhere as clearly will not learn here, and I do have better things to do with my time.

I took this as my first class of my OMSCS masters, and this was a great first class. Some of the highlights were a student attempting to hold the TA's for ransom due to a "bug" that he found in Project 1... Turns out he compiled the project wrong. Another student complained he couldn't ask people on StackExchange for help on how to do the projects. "In real life, you can get answers from anyone you can reach", apparently that completely condones cheating. Anyways, main points are quizzes and exams are memorization from the book, projects are a lot of fun with an huge amount of hints given by the TAs on Slack. Speaking of the TAs, the amount of crap they had to deal with from lazy students was insane. Here's an example when I was trying to help a student on Slack after finishing a project early.

• Student: anybody have a suggestion for TaskX nothing works
• Me: search taskX on slack, see if you can find any hints (knowing that a giant hint from a TA will be the 2nd thing to come up)
• Student replies 10 seconds later: None

Seriously, this is the amount of handholding that some students expected. Can't be bothered to spend more than a minute trying to learn, just gimme the answer now. I'd like to thing that earning a master's degree actually means that I am intelligent, instead of that I could crowd source my projects from people on StackExchange and whine until I got my way. Read through the pre-reqs for this class, if you are semi-familiar with them and like to actually try and learn things for yourself you'll have a blast in this class.

While this class is labeled as "introduction" it is definitely a graduate class, introducing several security topics that will be covered later in the program (if you're InfoSec like me). The class has 4 main projects and 2 exams (no cumulative exam). All the information is either readily available in the book (you need to buy/rent) or a quick google search away. The projects follow along with the general topics of the class as best as I could see fit, and all the TA's are very helpful and have some superior amount of patience after seeing what some people ask/demand of them. Make sure you go over the requirements for the class that was given during orientation. You must know basic system architecture (how memory is broken up in a linux system, how C handles memory, etc) being overly familiar in linux is a plus, mostly because the project's VMs are based in Linux. I would find a good introduction to cryptography and number theory if you have the time.

As long as you prepare with the widely available list of topics this class covers, you should do fine. Kudos to Chris/Joseph/Fahim/Jeff for going above and beyond to make sure students have accessible help almost any hour of the day.

I'm almost finished the program, and was putting off this class for a very long time. I first tried taking it a couple years ago as a summer class, and the projects were in very bad shape - confusing and huge amounts of busy work. Combine that with the rest of the class and I withdrew pretty early on, hoping another class would come along for the CS specialization so I could skip this one.

Long story short, no such class has happened. So I finally took IIS.

The good news is the projects have massively improved since I last took it. This alone has changed the class from "terrible, avoid at all costs" to "I liked it". I learned a lot and the projects give a really great overview of various security aspects. I think this is down to the heavy work of the TAs - so kudos to you all for doing such a great job making this class so much better.

A lot of the original problems in the class remain, however.

The book is incredibly verbose and terminology-laden - it is a complete chore and bore to read, and you won't even remember 90% of it due to the acronym overload. Unfortunately, the quizzes and exams pretty much lift sentences word for word from the book. For the quizzes you can just search the relevant chapters. For the exams - well good luck. I just tried to understand the general concepts well, and then made educated guesses when it asked a terminology specific question that you would only know if you had memorized the book word for word. On the positive side, you can answer most answers on the exam with common sense/general knowledge.

The lectures are a mixed bag, borderline bad. I think this is a common problem across OMSCS actually - there is no revising of lectures as far as I know, so we get stuck with the first iteration forever. Dr Ahamad's lectures were okay, but were in general far too verbose. Those by Dr Lee seemed to make no effort other than reciting what the textbook says verbatim. I'm sure it still took a lot of effort to put these together, but I think they could be improved significantly if the professors re-recorded some of it.

Meta-wise, I didn't have any problems w/ the TAs or their behavior as people seem to be complaining about. I did think the Slack could be improved - the two rooms you get thrown into are bombarded by off-topic messages and meme gifs, which made me just give up following them (simply due to lack of time to filter through it). I think IOS has this organized much better - with dedicated rooms to discuss specific projects, exams, and papers. Off-topic discussion happens in other rooms.

There was a lot of whining from a small minority of students, but this is par for the course in large intake intro classes like this one - you can see this in some of the reviews on this site. Best to ignore such students.

Overall I recommend this class simply for the projects - you'll get a nice intro to security with them. I would try to minimize your effort on the other aspects of the class though.

This was my final course in the program.

This class had interesting source material. The quizzes are just reading checks since they are open book. Exams are worth a small percentage of the grade and are multiple choice, the questions were fair.

The projects are the highlight of the class. Some of them are well designed and interesting. They are clearly created by different people over the years, and there's some sense that someone decided they should be a little harder so they shoehorned in some additional challenge. Id say these additions were not great, they rarely related to learning but were more like artificial difficulty. Still, the projects were quite interesting on the whole.

The major downside of this course is the TAs. The head TA, Chris Taylor, is probably the worst TA in the program. Unprofessional, obnoxious, bent on making sure the class runs exactly how he wants. Unfortunately, since he sets the culture, even some of the good TAs I saw were drowned out. Don't expect to have TAs that are actually interested in helping struggling students learn or providing helpful clarity against ambiguous grading requirements.

On the whole the class was fairly easy and projects interesting. Class would benefit from a better head TA, or if instructors weren't totally absent.

Don't ever really care to make reviews, but this class was next level awful/trash. Security is a very interesting topic, but it isn't worth taking this class. Every assignment has highly subjective grading, which one would expect in maybe a writing program, not a CS program. Assignments are all boring, easy, tedious, and require little programming. It's mainly writing answers to ridiculous questions (such as "what is a pointer?" I mean you really going to make me have to find a formal citation for my answer because this is such a legitimate research question).

Many questions require researching online, which is normal, but what annoys me most, is literally no discussion is really possible on any of the assignments and all information is expected to be learned externally online and cited, or it's basically a violation of academic integrity, and this is because of the way the assignments are poorly setup.

Its not unreasonable to be expected to be able to learn and collaborate with fellow students and TAs on a theoretical level and discuss algorithms at least, but instead no discussion is allowed and TAs give sorry responses like "sorry can't discuss" on essentially everything.

Assignments should be about applying knowledge learned, not learning everything on your own. I have no problem learning information on my own, and overall this class is still super easy, but what's the purpose of the class if you can't communicate with anyone?

Lecture material has little to do with assignments directly, and professors and TAs won't discuss assignments with the students at all basically, so what is the purpose of them other than grading?

Quizzes are garbage, (basically ctrl-f) textbook, and Exams are kind of tough, only because so much information is covered in large textbook.

There's other classes that are similarly easy, but don't have these issues, so I would take those instead if one is looking for a light course.

Good coverage of security topics. Reasonable amount of technical engagement, and the content is just as advertised. The lectures are overly basic, the textbook is overly verbose, but the projects are a lot of fun and where I really learned. This was my first course in the program (first college class in 15 years) and I had fun with it. Light programming skills are required (e.g. scripting), but there's no serious dev skills required as prereq.

Absent instructors. Material covered is OK; lectures are not worth watching. Just read the book.

Project 1 was made unnecessarily hard for many students by enabling sorting. That didn't add to the learning for students.

Head TA Chris is very unprofessional on slack; mocking students for asking questions.

This was my first class in the OMSCybersecurity program, and it was both easier and harder than I had expected. I have a Comp Sci undergrad, but it's been some time since I've been in any academic program and rather have spent my life working full time in development roles, most recently in a large company writing security software where I interact both with customers who want to protect THEIR company, and internal IR and SOC teams protecting OUR company.

overview

The class is an amalgam of computer science subjects, haphazardly thrown together under the idea that this is an "overview" of information security. I'm told that the entire Cybersecurity program is like this; a set of the Comp Sci program that happens to tangentially relate to security. Hopefully this will get better over time.

This class, given the projects, is COMPLETELY inappropriate for the Policy track, and maybe even the Energy track.

It is, perhaps, best described as a good hazing intro to the land of OMS courses.

"classroom" instruction

The classroom lectures are a mix of Drs Lee and Ahamad. Dr. Ahamad spends way too much time circling around the subject, and I found myself using the video speed control at 1.5x most of the time. In a lot of cases I just skipped the video altogether and just read the transcripts, although some of the slides appear over time so there is a possibility of missing things.

Dr. Lee is much more direct, although I found his accent a bit hard to grok so had to slow his down some.

This is, as I will note later, about the ONLY interaction with the professors you will have.

content

Other than the fact that the subject matter is thrown together, I found it mostly engaging. There are some really, really dry spots (like the common criteria sections), but the content copies mostly (80%) from the book and where they don't, are largely complimentary.

I found the book worthwhile and spent a majority of my "input" time there rather than the videos, which I used to get an idea of what portion of the book to concentrate studies on.

projects

There are 4 projects, 3 of which require either coding or knowledge of coding. Project 1 is to provide data for a program to get it to buffer overflow. While I feel having the knowledge of buffer overflow is absolutely useful, this project was bizarrely oriented to topics and tasks that don't enforce the concept. You will need some non-trivial gdb knowledge to debug your way through the project, which was presented by the TA's as some sort of secret knowledge passed in guild-like fashion from master to apprentice, and only when worthy.

Too, there is a "magic nugget" that must be deduced from the documentation that is easy to miss, and if you do, makes the project uncomplete-able. Which was one of my 2 biggest gripes about this project specifically, and all of them in general. In order to ramp up the "difficulty" of the project to fit the TA's "this is a graduate level course" narrative (more on this later), instead of taking time to design a good project they use this hack solution of adding an element that doesn't teach the concept, doesn't help understanding, and is simply an irritant.

For example, one person posted a handy guide to gdb, without even mentioning which of the 100 or so commands on it were useful. It was removed, and the student scolded for posting it. This project was NOT ABOUT gdb! Way to miss the point, TA.

Project 2 was mostly pointless. You run an analysis script over malware samples, and try to grok its output to answer questions. This was the most "busywork" project of the 4. This one was so forgettable that I had to go back to my project directories to even see what it was to write this review.

Project 3 was using Python to code various aspects surrounding an asymmetric encryption program. This one was the project I felt I got the most out of. I'll never code one of these ever again, but it did mostly use the coding exercises to illustrate interesting points of the algorithms; pitfalls, strengths, why things work and why they don't. Whichever TA designed this one gets my admiration. (Although one of the writeup questions asks a question in so vague a manner that a vast % of students got points off even though the content was correct. If slack/piazza was any guide, by this point most of them/us have given up trying to reason with the TAs about it. See below.)

Project 4 uses PHP to illustrate a badly written "banking" site, and given the source code the student is asked to break it in several ways. Like project 3, this one uses code and exercises to illustrate and teach various points. Beware the autograder, however; points will be removed for things that work perfectly on your machine but fail the autograder. Because a regrade of one of the tests wouldn't have affected my final grade, and this was the last project, my auto-grade request was denied so I don't know what aspect of my submission "failed" the grader (but worked locally) in the provided VM.

It is PAINFULLY obvious that the projects were designed by different people. The style and specificity of questions, the rigor in putting them together, the level of sadism in hiding the inevitable "trick" that if found makes the project trivial, and if not, impossible, etc. was WILDLY different among them.

tests and quizzes

Quizzes were open book, single-attempt, and 1 hour long. (I'm told the single attempt aspect is a change from previous semesters) They took generally way less time than that, and mostly could be looked up easily in the material. One took the class by surprise and got a much lower average score. My suspicion is the TA's were trying to be clever with the questions on this one.

The 2 tests where T/F and MC, and were not overly surprising in content. Test 2 actually took some questions from student-written study guides, which I felt was a nice touch. The questions I got wrong, I felt I got legitimately wrong, with only a few instances of TA's being deliberate in trying to trick the student.

That said, the non-student questions were taken right from the book. Sometimes with a word or 2 changed, to completely reverse the meaning of the phrase. This is just more TA laziness; making the material APPARENTLY "hard" without actually trying to put the work in to test the student's knowledge. It was mentioned in slack several times that this sort of pickyness would not happen, but it did.

That there are only 2 for the entire course is just more laziness, however. A 4 exam semester would have alleviated much of the intense cramming that people had to fall back on. Even 3 would have helped.

Personnel/Interaction

As I've mentioned before, my view of how the TA's operated is on the fence.

I used slack more than Piazza as it was way more interactive, and the TA's were more responsive and candid.

There were 2 TA's that were the bulk of the interaction. One was quite chatty and friendly, the other mostly superior and standoffish, although both were "around" a lot, which is helpful.

My biggest issue with this class, is that it is TA run. That in itself is not a problem, but the TAs that run it are mostly absent (I think one of the Canvas pages showed something like 8-10 TAs, but we only interacted with 2 on a regular basis, and maybe saw another 2 or 3 of them once or twice during the semester), and none of them have actual professional teaching experience.

Here's what this led to.

• No problems with "chatty" (although I get the impression he was asked to tone it down for getting too friendly? Not in any untowards manner, but he got very "professional" later in the semester and mentioned some sort of wrist slap from on-high).
• "surly" was outwardly adversarial and arrogant. He had a script for human interaction.
  1. When asked a question, defer to "google it"
  2. If pushed for more information, fall back on "this is a graduate course, it's supposed to be hard"
  3. If pushed past this, claim superior knowledge of "we spent X hours on this, it's correct"
  4. If shown to be not correct, "If you think this is so easy, you volunteer"
  5. If presented with options, like putting some of this on git and look at pull requests, absolute silence.

I saw this pattern repeated many, many times. (Also, he was proud of mentioning how this is how it is in the real world. Let me tell you, Surly, I have at least 5 years on you, and no, it is not.)

The "us/them" mentality was manifested in other ways as well. One TA thought it absolutely hilarious to answer questions with "implement the function". Once in a while, for an obvious question, sure. But daily, for legitimate things people need help on that they've obviously tried to work out on their own, it's just offensive.

I get this position requires some volunteers to get paid to do, and that we as students can be entitled ****s, but the mindset of not helping got pretty deep later in the semester. Luckily we had some even-tempered and helpful STUDENTS doing much of the TA's work.

They need a LOT more training. They never "taught", and rarely "assisted".

The instructors were completely absent. If I remember correctly, Dr. Lee did one (maybe 2?) office hours.

denouement

This class is required (for OMSCyber, anyway), so there's little point in suggesting you don't take it. And, I did get something out of it.

But don't feel that you're going to get a lot of "information security" information out of it, unless you spend a lot more time in the book than is required. The stuff that tends to "stick" with you will be project based, and they were way too tricky for the sake of it and focused on too specific of a subject for a class like this.

Did I learn something? Sure, but mostly from the book (and arguably, projects 3 and 4).

I really think the instructors ought to be more proactive. Having people go out fishing for information for the entirety of a project is not an efficient learning experience. You should be very familiar with Assembly and GDB before taking this.

The class material is boring to watch and the homework aren't very useful and practical. Most annoying thing is the grade is just unfair. If you miss some score on one of two exams, most likely you wont get a A for this class.

The class was very interesting and covered most of the current security concerns that should be in any developers mind as they write code. The front half of the class and project 1 had a higher time commitment (12 hours / week) for me compared to the second half (4-6 hours / week). The videos are good, but not the best ones I've seen in the OMS CS program. The videos didn't always illustrate complex things such as DES, AES, RSA, and TLS hand-shake clearly, but supplementing with other sources and the book cleared that up. I used the international edition of the book which is less expensive, but sacrifices the on-line material and some additional chapters which would have been helpful in a couple cases. The first assignment in C was more challenging for me, but the other assignments were fairly easy and straight forward. We used C, Python, and JavaScript, but you don't have to have a significant amount of programming experience in those; you can Google your way through most of it. The hardest part of the class is retaining all of the facts about all the different aspects of Info Sec for the tests.

This was my first class in the OMSCS program. My final score was 86.41%. I learned a lot in this class so I'm glad I took it. However, the lectures and book are not exactly exciting. The course work is not too demanding but you must start the projects early and put in at least 12 hours a week if you want to actually learn. I am surprised that some students were able to pass the class with less than 8 hours a week of studying.

The professor and TA warned the class about cheating. Their warnings were very blunt and it offended many students. The warning came after the first exam. I too was surprised by the warnings. I then realized the administration's frustration. Here are some observations.

1. The first project is difficult if you don't have C programming experience or haven't used GDB before.

2. The fourth and last project is difficult if you don't have web development experience (HTML, CSS, JavaScript, SQL). I have over 10+ years web development experience and it still took me a lot of time to complete the project but I did get 96/100. I disagreed with the grading but i did not challenge it.

3. One of the students was frustrated that his question to the TAs was not being answered. The TA informed the student that there was about 1000 students in the class. There were only 33 TAs. It takes time for the TAs to answer all the student inquiries.

4. There were 741 unique Piazza logins on the second to last week of the class.

5. Some students did not get their scores for project 3, project 4, and/or second exam. The instructor posted the following message:

If you have not received your P4, or P3 or you are missing Exam2 Grades its most likely because you committed academic misconduct. At this point, you will receive an incomplete and will have to settle up with OSI once they review your evidence.

6. The last week of class had 701 unique Piazza logins. Keep in mind that there were 33 TAs.

From these observations it looks like the class shrunk from approximately from 1000 to less than 700. A lot of students dropped, withdrew, or got kicked out of the class. These aren't official statistics. They are just my observation. Most of the students were able to pass the class. Unfortunately, a lot of students were not able to get credit for it.

This class felt like a weed out class. I'm sorry that so many of my fellow students were not able to complete the course. Many students did reach out to TAs but were not given additional assistance. This doesn't justify the students cheating but it probably resulted in a lot of dropped or withdrawals. At the same time, I can understand the instructor and TAs' frustration with the cheating. The numbers above gave me a sense of the wide spread cheating.

In summary, you will learn a lot and it is difficult if you

In summary, this class is challenging if you don't cheat but it's definitely doable. You will learn a lot. Expect at LEAST 10 hours of work between watching videos, reading, and doing projects.

This was my third class in the program. I do not have a CS Background but have been working as a software engineer for the last year.

Quizzes (10% weight)

• There are 10 open book quizzes (1 per week). You get two attempts to take the quiz and your score is the score you received on the last attempt. These quizzes are very easy and just a simple ctrl-f in the textbook (you can download a pdf version of the textbook for free). You don't need to watch the lectures to take the quizzes. Allocate about 30-1 hour per week for each quiz.

Exams (20% weight)

• There are two closed exams. The exam questions are poorly written and many of the exam questions come from the book. Review the bold terms in the textbook (don't bother reading - its too dry) and review the lectures for the exam.

Projects (60% weight)

• Don't spend any time before the class trying to learn material. You can pick everything up once the project starts.
• The projects are writing heavy. Very little coding is required for the projects. Spend time understanding the concepts presented in the project. Be detailed in your writeup - the TAs look for specifics.
• Projects 1 and 4 use a VM.
• There are 4 projects in the class. Try to get 100% on the projects. You get about 1 month for each project (slightly less in the summer but the projects overlap so if you finish one early you can start on the next one).
• Project 1: Buffer Overflow in C. Minimal C Code + Written report. The bulk of this project was writing a report about stack memory, heap memory, and buffer overflow. Very little code is written for this project. Spend enough time reading about the subject material and answering the questions in the project prompt to get full marks. The TAs do look for details so mention more than less in your report! The coding part of the project involves using GDB to understand memory addresses. Time Estimate: ~15 hours (+ a bit more if you are new to C and GDB)
• Project 2: Malware Anaylsis using Cuckoo (no coding involved). This was a very easy and straightforward project. Follow the instructions in the project prompt to run some malware. Analyze the results and submit your answers on a website. Time Estimate: 5 hours
• Project 3: RSA Cryptography. Python Coding + Written Report. Implement parts of the RSA algorithm in Python. The coding part is minimal (under 30 lines). If you just google the prompt for each question, you will find a stack overflow post with pseudocode for the task. Convert the psuedocode to Python code. Read about the algorithms on Wikipedia to help answer the questions for the report. Time Estimate: Coding ~5 hours, Report ~10.
• Project 4: Web Security/Vulnerability. HTMl/Javascript + Written Report. This project required some trial and error since I didn't have any experience with html/javascript. I spent the bulk of this project reading online about how to approach each task - how to find each vulnerability and how to fix it. Time Estimate: ~15 hours (8 for figuring out what code to write, 2 for the coding/testing part, 5 for writing the report).

General

• TAs are not very helpful on Slack or Piazza. Some TAs are aggressive and rude on Slack.
• The projects were more at an undergraduate level

This is my first review.

I believe this to be a fair course. You should not miss an opportunity to learn about security.

The TAs are like us. Be fair to them and they will be fair to you. I would approach the interaction with the TAs as your opportunity to extract the most out of them. They have been nothing but fair to me.

The one aspect that will help this course is to inject positivism. Like declaring the best papers on Piazza and why they were best to counter the negative posts.

The second aspect is for the TAs to provide continuous feedback -- perhaps, this will provide an incentive to start early and also an opportunity for students to learn. Some TAs provided continuous feedback and I benefited from such feedback from Project 2 onward.

The third aspect is to publish the question bank to the students. While this may take some work, it will provide consistency, allow students to expect the result and also a finality to the exam.

Path to a good grade: Start early. Connect with TAs and ask for feedback. Complete the coding part in the first week and spend the rest of the time writing the paper -- this is doable. For the paper, do more than what is asked. Prepare for the exams early and pay attention to Slack for tips on performing well. Attend office hours and ask questions -- I was able to solve several aspects of the course with direct help from the TAs. Be positive and enjoy life.

Also, pay attention to Project 3 -- you need to submit with your id; the supplied test cases dont guarantee passing the auto grader.

Really enjoyed this class and learned a lot. TAs were great and very active on Slack at all hours always willing to help out. This class requires self-guided learning in order to get an A, it is a graduate-level course after all, but nothing they ask you to do is impossible. I would recommend this class to anyone, especially first semester students.

Don't worry too much about the programming languages required for the projects. All all of the projects combined I probably wrote 100 lines of code. You need to be able to read code more than you need to be able to write it. Project 3 is the only one where you really write any significant code, and it is in python. So, easy to pick up if needed. Reading and understanding is far more important. I've never written a line of php in my life but made an A on project 4 just by being able to read the php. I thought the projects were enjoyable and good reinforcers of knowledge gained in the course.

Tests were fair but not as fun as the projects. I thought the lectures were enjoyable too.

Another outdated course of the OMSCS.

If English is not your main language and/or if you are not good with memorization be prepared to put more load on Projects.

• Exams are awful. All based on memorization and taught me nothing at the and. Just a pain before and after.
• Projects are kinda fun but they're mostly outdated and won't help you if you are working in the field right now.
• Only good part is projects are released earlier so that you can work on it
• All projects require reflection. So if your English is not your major or native language, then be prepared to proof check your reflection papers. You can do the programming 100% but still get 55% from the project because of the poor written reflection paper.

While I think some of the reviews on here highlight the difficulties of the class, I did not find it as dramatic or drastic as others. TAs can come across rude, but at the same time there were tons of repeat questions on slack and piazza. Piazza also had some very questionable piazza posts where the students were acting very entitled and disrespectful to the class. At one point during the semester students @'d a TA over and over in a channel (I am assuming his phone was blowing up). With that being said, TAs were open to feedback and would open piazza posts specifically to address and accept feedback for projects and exams. If your background is in CS, I think this class is easy to get a B. The way that the grades are weighted and the exams being more memorization than critical thinking -- I would say its very difficult to get an A in this class. The projects are the real core to learning and are the most fun part of the class.

Not my favorite course of my career, but certainly not the worst like others are making it out to be.

While the content is interesting and relevant, the execution is sometimes lacking. Projects are quite fun and very useful, you will learn a lot but the lectures are boring and sometimes inconsistent, quizes are poorly worded and full of mistakes. Overall I recommend this course, it will make you write more secure software.

This was my first class of the program and I think it was a great first course in terms of getting accustomed to the program. I wouldn't consider myself the strongest programmer and this course isn't too intensive on the programming in terms of the assignments so I found them manageable. I did find that the readings were the worst part about this course in terms of studying for the exam in that I found it to be a lot, especially if you fell behind. But other than that it wasn't crazy hard. I would definitely suggest this course as an introduction to the program.

This is the worst course that I have taken in OMSCS, possibly the worst course that I have taken anywhere at any college. There are several reasons why:

1. This is the first course that I have taken where the professor was completely hands off. Not sure if he gave the course even a passing glance, and it showed in what was put out.

2. TA’s – (I can only go by Piazza, as I didn’t use slack at all based on the conduct that was displayed on Piazza) a. Rude – Just generally rude to the class as a whole b. Arrogant – They thought they were good, not really sure why? Maybe there just isn’t oversite so they can feel that way. As one small example from the very beginning of the course when referring to grading – “If you are truly frustrated with the pace at which we grade things, you better buckle up because we are one of the fastest in OMSCS”. The reality is all quizzes and exams are auto-graded, the projects are largely auto-graded, and they were still the slowest that I have experienced in OMSCS. Not that grading speed is the be all and end all of a course, just an example of how out of touch they are. c. Threatening – In the beginning of the course all they talked about was cheating, everyone is cheating, we know who is cheating, we’re coming after you! Good, do it, get the cheaters out of the program. I want my degree to mean something so by all means if someone is cheating take action and remove them, discipline them, whatever you can do, but the entire class doesn’t need to hear about it every day. They use some ridiculous metrics for plagiarism where no more than X% can be cited or reused, then use a plagiarism checker that flags the word “the” as plagiarism. Again, if someone cheated, they know it. If the checker shows huge blocks of writing as copied and uncited then that is a problem. There is no need to get everyone fired up with unintelligible plagiarism metrics.

3. Quizzes\Exams – Speaking of unintelligible, wait until you have to sit through one of these. There are two types of questions, questions that are statements copied directly from the book (possibly missing the most important part of the statement), and questions that are copied directly from the book where someone tried to get cute and changed some wording. If they changed the wording, they almost always did it in such a way that they either completely changed the question and their intended answer is now wrong, or that the question is now so vague that it is no longer answerable. The is no testing of any conceptual knowledge on these tests. If you like to memorize the book then these tests and quizzes are for you (at least the directly copied questions, the others will probably drive you insane).

4. Projects – Most see this as the redeeming part of the course, I disagree. Students get frustrated because other students in the course call the projects easy, and they are very easy, if you have a background in what is being covered or used in the project. The subject matter can be somewhat broad, but if you have an ungrad in CS you have probably seen most if not all of it already. What they do attempt to do is throw little “tricks” into the projects to make them feel harder than they really are. If you’ve already seen it then they’re generally no big deal, but if you have not then you are attempting to learn something entirely new with some inane twist thrown in for good measure. The overarching themes to these projects are: a. Basic computer architecture and low level programing languages (“C”) b. Malware analysis c. Cryptography (Math, Python) d. Web Vulnerability’s (HTML, PHP, Javascript)

This course is not difficult, if you can be somewhat diligent with reading the extremely dry textbook and you are somewhat familiar with the project topics it’s a fairly easy A. If you are not familiar with the concepts in one or more of the projects (except for project 2, that one can be picked up fairly quickly) you’re going to have to put a lot more effort in those projects, and probably feel like you’re putting in a lot more effort than everyone else taking the course.

It has been said that TAs are the lifeblood of this program, and I now realize how important they are. I love this program, and up to this point every course that I have taken has better than I would have expected, and I put much of that on the TAs as they are the people that make it possible. With that said someone has to oversee what is going on with this course. I don’t know what happened here, but I think there needs to be a little more oversite provided to improve the course, or at the very leaset make it somewhat coherent.

In short, this course as it stands is a train wreck. It’s not difficult, if you can deal with what I’ve outlined above you’ll get a good grade. If this is your first course and you are thinking about dropping out of the program, take another course it’ll get better from here. If you are thinking about taking this as your first course then I would recommend that you take another one that will give you a more accurate representation of what you can expect from this program.

Pros:

• The course material provided a broad overview and the projects were fun and hands on.

• A lot of time for the projects is given, although I wished they would have reduced the amount of time needed for each project and introduced one or two more.

• Some students on Piazza and Slack were helpful and encouraged discussion for the projects and exams.

Cons:

• The quizzes (10% of the overall grade) were meaningless and did not test you on your understanding of the chapter, but rather how well you can search for the answer using ctrl+f. Aim to get higher than 90% on this as it's easy points.

• The exams (30% of the overall grade) felt like trivia and how well you could memorize the textbook. The questions were ambiguous and poorly worded. If you don't read the book, look over the study guides provided, but know that you'll probably miss out on some points because you didn't memorize or see one small detail that a question is talking about from the textbook. Aim to get higher than 80% on this.

• The autograder isn't provided for the projects, so if it happens to not work when grading, you're out of luck. Multiple students had portions of project 3 fail the autograder despite it working on their machine resulting in them losing a big chunk of the project grade. Fortunately, the other three projects, you can somewhat test to see if they work manually.

• Writing the report for the projects (60% of the overall grade) was a crap shoot. There is no rubric provided, so it is hard to gauge how in-depth the answers should be based on the questions asked. So, write as much as you can and hope that you cover all of the bases that they are asking for. Aim for 100% on the projects (90%+ on project 2).

• Grading for this class is slow. It took almost a month to get back some of the project grades. Going into the final, it is hard to say where your grade stands knowing that it is possible that an issue with the project can tank your grade by a letter.

• The worst part of the class was the communication. A lot of students were left in the dark regarding their grades and regrade requests. Also, despite Slack being an official part of the class with an individual workspace, some of the TAs were unprofessional and outright not helpful. If you had a question, it looked like it was better to just figure it out yourself than ask. They did not encourage discussion for the projects.

Overall, the course seems like an easy B, but a lot more effort is needed to get an A. Note that they changed the weight distribution for the exams and quizzes, so it is harder to get an A compared to previous semesters.

TLDR: Don't take this course if you care about how a course is handled. The only silver lining is that the course content was informative and that the projects were fun.

This class is my first, and was a fantastic introduction to OMSCS. I strongly recommend it, especially if you have an interest in cybersecurity. The projects are hard, and you will want to start them as soon as they're released. The first project in particular tosses you into the deep end, and unless you already know assembly how computer memory architecture works you're going to struggle a bit. Start right away, grind through it, and the class is all smooth sailing from there. The projects are as fun and rewarding as they are challenging. The exception is Project 2, which is the least work but way less engaging.

The exams are pretty dry and mediocre. You memorize the textbook, regurgitate it into proctortrack, and then forget about it. They aren't a huge chunk of the grade, which is nice. They are the low point of the class, but the rest of it makes up for them.

This class...

For background I'm a SWE who came to the role from a security position so this material was not new to me. For some it might be and that would change the difficulty/perception by a good amount.

Pros

• The projects are really fun. You get some high-level experience in crypto, web apps, and systems.
• I felt like the technical level expected was manageable. If you have never programmed in python, taken an architecture/OS class, or have never heard of modular arthimetic this might be a bit rough but if you have a traditional CS background you're more than ready.
• The TA staff is responsive and excited about the material. You'll almost always be able to find TAs on the slack channel and they will actually respond. I've never seen a class with TAs this helpful

Cons

• The quizzes feel a bit like a wasted opportunity. 10 quizzes open book worth 10% of your grad. Get ready the Ctrl+F your way through them.
• The exams were the worst part of the class imo. Many of the questions were very specific and word for word from the book. The idea was to have exams be more concept focused than the quizzes but I felt that they were similar.
• Grading can be a bit slow but isn't too bad when compared to some other courses in the program (ie SDP).
• The malware projects is a bit of a bummer comparatively but isn't too far off from reverse engineering in real life.

Overall take the class if you don't have a good grasp on security or want a class you can put little time in and still get a good grade.

This was my first course in OMSCS and I liked it. The material presented can be a bit bland for some people and the lecture videos can sometimes be boring,so watch them in 2x! There were very few additional readings, only 1 as far as I remember and that was for project 3. There were 4 projects.

1. Understanding and exploiting buffer overflow
2. Malware analysis
3. Cryptography - related to RSA
4. Web security - related to XSS, XSRF and SQLi

Among the projects, Project 2 was the one which I did not like much as it involved understanding and analyzing results generated by a tool (Cuckoo Sandbox) and there was uncertainty in some answers. The other projects were all very interesting.

Coming to exams and quizzes. There were 10 quizzes, all containing multiple choice questions,open book and with 1 hour time limit. There was some discrepancy in the answers but most of them were resolved. The course had 2 exams - Midterm and Final. Both closed-book, multiple choice. They don't require too much depth but you should have a basic understanding of the concepts. Another point about exams was that the students prepared questions and shared them with the class.I think the TAs were involved too. This was very helpful for both the midterms and finals.

Now for the TAs, they were very helpful and the slack channel was a very good resource throughout. Chris, Jeff and others kept things lively and were very approachable. Kudos to the TA team! They did a phenomenal job of managing so many people.

I definitely recommend this class. It will introduce you to basic software vulnerabilities and can prepare you for other courses like Network Security.

Very frustrating class.

Pros:

• Pretty interesting and informative projects, although the write ups were poor and grading included no worthwhile comments, so no idea why points were deducted.

Cons:

• Combative and accusatory TA's. So many warnings and accusations of cheating that I gave up looking for or offering help.
• Quiz and test questions either wrong / ambiguous as to be thrown out, or just ambiguous and confusing enough so the official correct answer is elusive.
• Lectures are not great. There are nonsensical quizes given in the lectures before any pertinent information is given, or just asking about random historical information that is complete guesswork.
• Very little actual help given by TA's, or allowed from fellow students. Most common response "read carefully for a big hint"
• The book is coma inducing.
• No interactions with instructors.

Suggestions:

• Start projects as soon as they come out.
• Search the book pdf and lecture text for the quizes
• Don't bother studying anything other than the practice questions for the tests.

This was my 1st OMSCS course:

Projects: 3 were great, without them I would rate this class a 0, the other one was a waste of time and they refused to explain why parts were wrong or how to figure them out.

Quizzes: can you use ctrl+f? Open-book, waste of time, didn't help the learning process.

Tests: MC/TF questions that were poorly worded (I think on purpose to keep scores down). If you like trying to memorize really dense/boring textbooks, you might like them.

TAs: I think there were like 35 of them, I'm guessing 33 of them were great.

Professor: Recorded lectures a few years ago, MIA now.

I'm sorry that people commented negatively on this course. It has a lot to offer. The Slack community, which had its childishness and puffery, also had some caring students and TAs. They worked to clean things up on Slack, and I think they did a pretty good job.

The projects are challenging if you don't have experience using GDB or web development tools, but there was enough time to learn these things on the fly, if you started early. And as a bonus, you really learn something and feel a sense of pride after completing the projects. How can you complain about that?

The tests were challenging, but there was a lot of effort to help students prepare. They published a study guide ahead of time, students and TAs quizzed each other in Slack using a quiz app (Polly), and a handful of students put together quite a comprehensive study guide which helped immensely on the test.

I worked a lot of hours, and at times I felt that I would not figure out the projects or understand the reading, but I learned how to step back, take care of myself, and work persistently until I succeeded. Others may put in fewer hours, but they are probably also the ones who complain and didn't like the course. You get what you put in, for sure.

Finally, the professor made attempts to reach out to students via Bluejeans. This is the first class I've taken where the professor reached out like this. The TA's were really involved and did a good job directing, guiding, controlling, and having fun with students.

I highly recommend this course!

Also -- regarding the remarks about cheating that I've read in other posts -- there were probes sent out about cheating, but probably rightfully so. If you give too much help, well, you probably shouldn't. TAs are bending over backwards to try to remind people NOT to do that. So no reason to blame them for trying to keep 600-ish students on the up and up. Nowhere near the extreme situation that I see mentioned in other posts. In fact, the most common comment I saw from TAs was "If you didn't cheat, you have nothing to worry about". Amen.

With it having been over 13 years since I finished my BS in Computer Science, I felt this would be a great way to ease back into the college scene. As a first course, it met all my expectations. The material was interesting, the projects were challenging but applicable, the tests covered the material properly, and the pace was very well planned. I really had no direct interactions with the professors, so the TAs were my sole go-to source. The TA's were both knowledgeable and helpful. Not much of the project topics were covered prior to the projects becoming available, but the instructions were very detailed. One of the key things I learned from the projects was to "read the darn instructions." There were 10 quizzes, which covered the material you read and watched in the lectures. If you haven't ran across omscs-notes.com. you should definitely check it out. Matt offers his notes he has taken during his OMSCS progression to everyone. They were extremely helpful when it came quiz and test time. I didn't care much for ProctorTrack, but I see its necessity. All in all, it is a very worthwhile course, especially if this is your first course in the GATech OMSCS program.

This was my fourth course in the program and probably the most difficult so far. (SDP, CN, CPS). You will have to do a lot of the heavy lifting on your own, but the TA staff is active and helpful, without revealing too much of the answer. When it comes to some of the projects, a decent hint would give away the answer. Much more satisfying to trudge through and come up with the solution on your own. One thing that sticks out in my mind was attending office hour with professor and asking him a pretty specific question about the project we were working on and his response was something along the lines of "What does this mean? Are you talking about the project? I don't know what you are talking about." Thanks Wenke.

Pros

• Projects were interesting and challenging.
• Project 1 - Buffer overflow: interesting to learn some C and gdb.
• Project 2 - Using malware analysis software. This project was more of an assignment. Follow directions, hope for the best.
• Project 3 - Cryptography + Python: Challenging but interesting. This was my most favorite project.
• Project 4 - Web Security: XSRF, XSS, SQLi hacking. Code part was simple, but getting the injection point was tough. Pro tip: Do SQLi before XSS
• Quizzes were easy enough with info straight from open book.

Cons

• Tests were half T/F and half multiple choice closed everything.
• Difficult format before content.
• Questions were too specific for a closed everything format.
• Class average on two exams were 80 and <70...
• Proctortrack was used, I am starting to get used to it.

TL;DR

Easy to medium course difficulty with decent learning opportunities available from the projects if you take advantage.

I felt compelled to write a review for this class, since it was my 10th class and by far my least favorite. Generally pretty easy and also extremely frustrating.

Pros:

• I learned from the projects.

Cons:

• Exams (worth 30%) didn't teach you anything. It seemed like an exercise of rote memorization for no purpose. Questions are vague and tricky (for the sake of being tricky, again no educational purpose). Study guide is useless. It basically just lists all of the topics from book chapters/lectures in a convoluted form.
• No instructor presence at all. Entirely run by TAs, who mostly seemed to also be OMSCS students who had just taken the course.
• Most unprofessional course I've ever taken since high school, which left a bitter taste in my mouth. Some examples include:
• Constant whole-class threats about cheating. It seemed that after every assignment, we would get an email saying "This is the most cheating we've ever seen. If you cheated, reveal yourself or you'll get reported to OSI and get a failing grade, blah blah blah." This led to unnecessary paranoia among honest students. Deal with cheating on an individual basis next time, please.
• Project 2 about Malware. First, the TAs refused to answer any question. Second, and astoundingly, one TA was going through a few select students' autograded assignments and revealing their current score and giving hints to specific students in the slack channel, BEFORE the assignment was due. Favoritism which I've honestly never seen in my educational experience in a long time.
• Project 1 instructions were terribly written -- it had no logical flow. Like the headers literally go from Suggestions/Warnings -> Goals -> Helpful Suggestion -> Helpful Hint -> Information/Hints -> Part 1 etc. How many sections of disjointed hints and suggestions do you need before you actually describe the task at hand?
• TAs response to every question on Slack about the projects basically was: we can't tell you, use Google, this is a graduate class and expectations are higher. Even conceptual questions. And guess what likely happened if you wanted to help someone else out and post a conceptual link from Google? Your comment would probably be removed and you would get reprimanded by a TA. It's hard to understand the pedagogical value of doing this.
• Grades would take a while to get returned. Even stuff that was autograded, like multiple choice exams. The reason for this is apparently showing you the score for the exam (even if the questions/answers aren't revealed) is a cheating risk. Makes little sense. And it makes even less sense given that one TA did allow you to post in a public Slack channel that you wanted your grade, and then that TA would reveal your grade PUBLICLY.
• And so on...

Recommendations:

• Get a head TA who is either a PhD student or adjunct professor or someone with more pedagogical experience to lead the course, if the professor isn't involved. Hopefully this will rid the course of the unprofessional stink.
• Focus more on and add more projects, as these were most useful for learning.

Want to do well on quizzes/tests? Buy the book! Stuff is basically straight from the book, which can be quite dry. Want to do well on projects? Start them the day they come out. And Google is your friend! The TAs aren't going to guide you through the projects, but I thought the guidance in the project write-ups was pretty good. I'm not sure what all the commotion is about TAs being bad, but I did not experience that at all. If you're OMSCS and actually have a computing background, you should have no problem with this course. YMMV if you don't have a computing background because there's definitely some code analysis and programming in the projects.

Overall, I'm glad I took it but probably wouldn't take it again unless they cut down on the rote memorization and added more projects (which were definitely the highlight of the course).

I think this class was good, especially for those that have not taken a CS-level security class before. It sticks to the fundamentals of security which is a good thing. Fundamental security knowledge is something that all developers should know.

Pros:

• Projects are interesting and very "applied"... I love the disclaimer warnings reminding students not to break the law after taking the course. 4 Projects total, start early on them especially the first one (Buffer overflow attacks)!
• Quizzes are open-book
• Good class to pair with a harder one or take it alone for a light semester
• No group projects! Your entire grade is in your hands alone! Can I get an amen?

Cons:

• The video lectures are long. The zooming in and out of the professors head drove me crazy, please for the sanity of future students edit those videos. It made him look like a human bobblehead!
• Obsession with threats to cheaters. I get it, you are warning students not to cheat. But this has been the only class so far (#6 for me) where the TA's/instructors constantly warn the entire class that they will be reported to OSI. It really brings down the morale for the rest of us. By all means go after cheaters, but stop using fear tactics against the whole class, just deal with them in private and be professional
• Exams are closed book and worth 30% of your grade. Fortunately there are only 2 exams

Even with my gripes, I still enjoyed the content in the class and had fun doing the projects. If you already took an undergraduate level CS Security class, you can probably skip this one as it will likely be mostly review for you.

If this was my first experience in the program I would have strongly considered dropping it entirely. I would suggest that if you don't have to take it, don't. There are some good things to learn but in my opinion it's not worth the stress of dealing with the TAs and just the overall unprofessional feel of the course.

I am a cybersecurity major, not a CS major. Whether or not this course is easy or hard for you will depend on whether or not your undergrad was in CS or programming. All but one project required some level of programming knowledge. While an in-depth understanding wasn't needed, an understanding deep enough to read and understand the code, make changes to it, and write some additional code was needed. My background is in electrical engineering, and to succeed in this course I had to spend much more time (mostly on the projects) than people with a CS background. The slack channel was both a lifesaver and a super big morale sucker. Some people were happy to help and encourage, but there were a few people eager to share how easy this all was for them... not helpful when you've already spent 60+ hours on a project.

This is a pretty basic class... less the projects. If you don't already know them — get ready to learn C, Python, Javascript, ajax, jquery, HTML, debugging and machine code reading all on top of the class workload. For the cyber major, the suggested prerequisites to prepare you for the curriculum was a python course and a discrete math course. I took both before beginning and was not prepared. Don't expect any help from the TA's or instructors — this is very much an on your own class.

I would have really loved this class had there been any teaching or guidance along with the projects. It seems pretty clear to me that this class was originally created for those enrolled in a CS masters program, not a Cyber program. While it is applicable to both programs, the class assumes a level of CS knowledge beyond what I have ever seen in any cyber program.

As others have said:

1. Grades come out super slow, which makes it hard to adjust accordingly;
2. Some TAs are fine but some are kind of awful, you'll need to figure out which ones are worth discussing things with;
3. Exams - feels like memorizing lots of oddly specific things that just aren't that useful for anything;
4. Projects are alright - but they will try to accuse everyone of cheating, and in the end I'm not sure what is allowed and what is not, making the learning experience much more awful than it needed to be - should I derive the extended Euclidean algorithm from scratch without any reference for you? Plagiarism and cheating should not be allowed for sure, but things could have been handled A LOT better.
5. Projects, lectures and exams are kind of 3 separate things, could have integrate the components a bit better.

All in all, a fairly easy B, learned some stuff, but it could've been a lot better.

EDIT: The polarization of views on TAs just showcases the fact that if you are able to get along with the active ones, and have the time to keep up with the hundreds of daily Slack messages chatting about random things so you can be buddy-buddy with them, it does help a lot - but it's a risky thing, since it's quite obvious many don't approve how the TAs are running the show and had undeniably experienced a ton of unnecessary stress over the course of the semester.

This is --by far-- the worst class I have taken. Quizzes, lectures, reading, and exams were boring. Quizzes and exams uses ambiguous wording and taken directly from sections from the text book. This makes the class feel like little effort or caring went into the class by the professors. The first project demonstrates techniques which have been largely eradicated by modern operating systems. In fact, the VM that is distributed has been altered to disable the safeguards the OS provides. The second project uses tools which teaches the users absolutely nothing about Malware Analysis. This project is purely an academic exercise. The third and fourth projects are better in terms of the approach taken to convey the material.

Another major complaint is during the entire class I have not known where my grade stands. We have two week in the class left with the final exam due this week, and the final project due next. I still don't know my grades from the last project which was turned in 3 weeks ago.

The piazza message board used in the class is awful. They also have a slack channel that is equally awful.

This is the first class I have taken in the program and I am deeply disappointed in both the content, presentation, and lack of effort it seems that went into creating the class. Hopefully the program courses from this point forward are better.

This is easily, by far, the worst and most painful class I've have ever taken in my 20 years of education.

This was a fair course. Unlike most, the book is very useful and I recommend getting it. The projects were challenging, but they are fairly standard security assignments. You can search for help on Google and there was lots of help to be found on Piazza.

The course material was presented really well. Although you still had to study for the tests, they are open book so that made it more manageable.

what a joke of a class, it would be insulting to say this is like a high school class because i had some well organized and informative classes. the quizzes are word for word lifted out of the textbook so all you needed to do was ctrl-f and you could get 100%. I made the mistake of actually trying to watch the lectures and read the materials before I did the quizzes(which meant not getting 100%). The exam questions were even worse than the quizzes, such oddly specific knowledge that wasn't even relevant at times. It was absolutely not testing for understanding of material, but random things that you can ask google and it would easily return the answer.

since i'm totally new to the concepts i got a somewhat ok overview of info security from the textbook, definitely don't bother with the lectures at all. the projects were so so, the last one was painful as i didn't know any javascript or html.

Lectures and lecture notes are useless. All the content for the quizzes (open book) are in the textbook. Projects will require a lot of googling if you don't have any prior experience in it because, like the quizzes, the lectures and lecture notes are useless.

tl;dr: good course about security, useful for non-CS undergrads

The lectures are presented by two professors who effectively cover the material using an entertaining approach. The textbook has around 700 pages and the course covers nearly the entire book. Read the textbook and view the lectures and you will have a good grasp of the material (plan about 50 pages/week). There are a few papers and web pages provided for reference. These illuminate the material, and a few of the papers are important.

There were ten (10) quizzes (20% of grade). Set an alarm, take them, they are easy points. Open book, open internet, low stress, good review/highlight of material.

There were four projects (60% of grade) that explore a variety of security topics.

• One project is a C program to exploit a stack buffer overflow, and requires student understand how to overflow a stack buffer and corrupt the return address. An interesting challenge that does not require much programming, but does require understanding stack layout and how to place the desired values.
• Another project is running malware in a VM, and observing malware symptoms. Interesting, and a bit of research was needed to understand certain Windows behaviors.
• My favorite project was the RSA cryptography project, where you learn about how RSA works, how to calculate public&private keypairs, how to exploit RSA attacks.
• The last project was learning about XSS, CSRF, and SQL injection attacks.

There were two exams (midterm, final) (20% of grade) that covered the lecture & textbook material. Exams were proctored, closed book, non-cumulative. Best to read the text and view the lectures during the course (closer to the exam). Material is not hard to comprehend, but tons of detail and facts. Many students found questions confusing or tricky. The exams were easy, but the averages were surprisingly low.

The biggest problem is the students who complain on piazza.

I didn't like the course. Many of the covered subjects are old and not interesting at all. The classes are poorly dictated. Exams are strange and at some point seem to be random. Didn't need to interact with TAs since the classes and the projects were easy enough. Projects were the best part of the class, almost acceptable.

tl;dr: Boring, easy. Wouldn't recommend.

Misc

This is my third course, and least favourite so far. Pretty boring lectures, largely ripped directly out of the textbook, which is very dull.

I felt like I learned very little, and what I did learn could've been learned on my own in 2-3 days. That said, my background is full-stack development, so I know a fair bit about securing applications and servers.

The professors (there's 2) were almost entirely absent from Piazza. I felt there was almost 0 engagement. I've had previous courses with shared lecture viewing, BlueJeans for just asking questions or hearing extra details, active instructors on Piazza... None of that here. This left the TAs to pick up all communication, and when questions were directly targeted at the professors, or above the TAs call, they often went unanswered.

Quizzes

Quizzes were awful. They're open-book, no time-limit, questions directly out of the textbook. You can take it twice, but you can't see your answers (correct or incorrect). I think they're changing this to just one attempt though. I never felt motivated to try again, even when I got as low as a 70. Most of the time people were missing questions to bad wording or just plain wrong given other evidence in the textbook. But they gave credit back if 60% of the class got a question wrong, which happened more than it should have.

Projects

Most of the grade (60%) comes from projects. They were decent, none took more than a few hours for me. Some people had a lot of trouble on projects 3 and 4. The reports, write-ups, and submissions are incredibly inconsistent between each project. Some different TA must have written each project and the instructor never standardized them. So you'll have 1 project do things one way, and another project be different for some reason. Projects 1, 3, and 4 were programming, with a detailed write-up as well.

1. Had to exploit a simple C program with a memory overflow.

• Decent, be prepared to really get in the weeds of GDB. I don't work with C much, so I learned a bit there. Not useful if you plan to only ever work with languages that handle your memory management.

2. Malware analysis with Cuckoo

• Terrible and pointless project. You just run an open source scanning tool within a VM and CTRL+F through tens of thousands of lines generated in the reports to answer some T/F questions. Learned nothing.

3. Exploiting cryptography

• This was probably my favourite project. Using Python, cracked some private keys with various vulnerabilities.

4. Exploiting a website (CSRF, XSS, SQL Injection)

• Attack a fake website with the three main web attack. Also pretty fun, but as a full-stack dev I found it pretty easy.

Exams

~35 multiple choice questions on ProctoTrack/Canvas. Not a good assessment of knowledge. Not too hard though, pretty easy B with some light studying.

Piazza Management

Piazza was awful and not managed at all. People asking the same question 10 times, complaining about the TAs, or just asking for re-grades on poorly worded quiz questions. Instructor/pinned posts and announcements were inconsistent and easily missed in the spam from students complaining about the course. TAs apparently cracked down on people stealing code without citing, which is good, but felt like it was handled really menacingly with just threatening language on Piazza to turn yourself in before it gets worse.

We were told there would be extra credit. A month later, when a student asked about, the instructors said they'd changed their mind. I don't think we're entitled to extra credit or a curve, but a class announcement like that taken back reeks of poor management.

Ease

That said, it's a pretty easy A if you try. You could get a B with minimal effort. There were 2 weeks where a quiz, a project, and an exam were due in the same week, which may hurt if you're not staying ahead on the project and need to study.

Overall

Overall, I had a decent experience in this course. I would call it somewhere between Easy and Medium, but would lean towards Medium if taken in the Summer semester since you are condensing 16 weeks of material into 12 weeks. The topics were interesting and eye-opening. Gave me a greater appreciation of security (or lack thereof!) in today's cyberworld.

Here is a link to the breakdown of my time spent on course activities: https://drive.google.com/open?id=15Ll6j4fTIpe9GNzM-MH1rCyxRzHv49nV. I averaged 12.65 hours per week.

Quizzes

They re-made the quizzes this semester since all the old quizzes were available on Quizlet and it was a joke. So that was good... it increases the value of our degree. That said... there were NUMEROUS issues with the quizzes. Every single one of the 10 quizzes had a problem, whether it was the wrong answer in the answer key or a question that was worded VERY AMBIGUOUSLY. This was very frustrating... but I concluded that hey, quizzes were only worth 20% so losing 1% of my total grade was probably not worth the stress/effort/emotions involved in complaining/whining/being a spectacle on Piazza.

Overall, quizzes were mostly Ctrl-F in the eBook to find the answer. Very little cognitive effort required. I did actually read through the assigned textbook chapters, so this helped me rip through the quizzes quickly since I had an idea of which section the answer was located in. I took about an hour on each quiz so that I could write additional notes on topics that the questions were on.

Projects

4 projects worth 15% each. Won't bother including many details here since everyone else's reviews have plenty of details.

• P1: Stack overflow (make a text file with input that will execute a return to libc attack). 19 hours.
• P2: Run Cuckoo in a VM to figure out what actions malware ran (least favorite project... it was very ambiguous, little direction from TA's, just busy work without need for ingenuity). 11 hours.
• P3: 2nd favorite project, Python coding to perform RSA and other crypto attacks. 19 hours.
• P4: web security (favorite project!), CSRF, XSS, and SQL injection attack. 6 hours (I have web dev experience, YMMV heavily here)

Projects were fun overall. P1 and P2 did not take much brainpower. P1, P3, and P4 required writeups, no limits, just answer prompts. P3 and P4 were my favorites since I was actually required to use my brain.

Exams

I watched all the lectures and read through the assigned textbook chapters once. For exam study, I read through my notes (3.5 hours per exam). 88% on Exam 1, 82% on Exam 2.

IIS was my first course in the OMSCS, and I learned a lot from the book, the lectures, and the projects. I am already applying many of the things I learned at my work and my day-to-day.

The quizzes help you study, but read the book, and take notes, because the exams count on you memorizing the concepts in the book, so, don’t wait until the last minute because there is a lot of material to remember.

The projects are fun, but they can be hard if you don’t have any programming experience, especially because you will use different languages in different environments. There is also some cool Math involved.

The TAs are very helpful, don’t be afraid to ask the questions after you’ve done the research.

Start early! Keep organized, mind the office hours, pay attention to the deadlines.

Quizzes and tests are kind of BS, really specific multiple choice. Projects are fun and engaging. TAs are kind of... mean?

Overall meh course

Easily the worst class I've taken so far.

The quizzes and exams were awful. Many questions had ambiguous answers and they occasionally conflicted with the textbook. The quiz questions themselves aren't thought provoking at all, almost all of them can be answered by searching for a specific sentence in the textbook.

Piazza is pretty much useless but that's mostly due to the students and not the TAs or professor. The class seems to attract toxic students.

Projects were fun and interesting but the written reports were odd. It seems like the requirements for the reports were different for every project, they didn't feel consistent at all.

Only the projects seem to teach you anything about the material. I got an A in the class and feel like I didn't learn anything, mostly due to quizzes and exams having poor questions. The lectures are quite boring and aren't even that useful.

If this was my first class I would have likely left this program. The course material was fine, but the behavior of the instructors and TAs was highly unprofessional. The quizzes were filled with "gotcha" questions and in many instances were wrong/poorly phrased. Students had to fight with instructors and TAs to get grade adjustments on almost every quiz. Similar issues were seen on the tests, which were multiple-choice and true-false style. The tests and quizzes were similar, but the detail level of the test questions seemed far too demanding for a closed book/notes test. The real issue with the regrade requests was that many student concerns weren't responded to and course policy was ultimately changed to privatize regrade concerns. I think a lot of students felt there was a lack of transparency in the class. There were also some issues with TAs making inappropriate/threatening comments, which I have never seen before. Fortunatley instructors did step in and remove those TAs. The professors also backtracked on promised extra credit.

The projects were not too difficult, but a lot of the tools and techniques used weren't explicitly covered in the class and required students to do extensive research to complete. I think the projects also were a little vague in some of the descriptions, but overall they were well thought out.

I learned a good amount from this course, but the attitude/response from faculty was disappointing. I think as a semester long course it would have been much easier.

Summer 2019.

Not much to add to the other reviews. The quizzes were annoying because of question wording. Probably the same with the exams, not much feedback. Suggest the TAs make a question bank of 400-500 approved and vetted questions and pick from those.

Rote memorization of the relevant chapters and lecture transcripts/slides is the name of the game for the quizzes and exams. Not really my thing, I prefer concepts and theory (this is Computer Science after all), but it's a valid approach at the end of the day.

The projects were a real high point, and they made us think about how things could be purposefully structured to exploit weaknesses.

You could probably get a "B" out of this class relatively easily by going through the motions. It's on you to put in the extra brain-cycles and understand how to translate the text to the projects. I put "Medium" difficulty because we should be self-motivated enough to understand we need to put in those extra 4 hours to integrate the concepts every week. :)

Pretty Good course to start with. The topic was interesting. XSS and SQL injection, once you get them to work, you get that a'ha moment. Workload was average for me.

Quizzes and exams were a bit frustrating for having wrong or ambiguous answers, but they usually gave back the points for their mistakes.

Pros:

• The projects are good learning and were fun
• Content provides a good learning
• TAs are mostly responsive

Cons

• Grading of project 2 was weird. It asked to analyze malware and search for around 20 activities. Grades were awarded only for the activities the malware performed. No credit awarded for correctly identifying activities the malware did not perform.
• The course instructor Prof Lee is completely missing. The class is completely run by TAs
• We had issues with quizzes and tests.
• Project feedback could have been more detailed.

This was not the best class I had taken in OMSCS. Yes, there were many problems with answer keys of quizzes and tests. But the concerns were addressed.

This was probably the easiest class I have taken which made it a great summer class. Even with the condescend schedule and weekly quizzes I often felt I was on auto pilot and often forgot I was in school this semester. I found the projects pretty fun and stimulating while the text book and lectures I didn't finish due to how dry the content was. The TA staff got a lot of flack in my semester which I didn't think was warranted because if anything they were exceptionally dedicated to improving the class.

Overall, if looking for easy class for summer or to double up with IIS is probably right for you. As for basics of information security I think this class is alright even though many loud people on Slack/Piazza will constantly remind you the material is "out of date".

I really enjoyed the projects in this course and that's about it. To say the quizzes were a hot mess is an understatement. The quizzes were riddled with errors and turned into an exercise in sentence structure interpretation rather than understanding the concepts. The general response from the TAs was "we discussed it among ourselves and Dr. Lee and felt that the wording was confusing but not confusing enough to matter"....great. The midterms were an exercise in brute force memorization of the chapters in the book. In conclusion: This course, in its current state, is an disgrace to the GT OMSCS program. But if you take it, do well in the project and do ok-ish in the midterms and you should be able to get an A.

I took the course in Summer 2019 but chose Summer 2018 as the option was not available.

I wanted to take an easy course for the summer after a difficult Fall & Spring semester and I was not disappointed. This is not a very exciting course but does offer great insightsand learnings about security. If you want to learn about Buffer Overflows, Security Software (Cuckoo), RSA and Web Security - the projects are fun and rewarding.

I wouldn't say this course is an easy A - Though I know I have done well throughout the course, I have a B. Just goofing up in one of the projects brought down my overall score drastically.

Stay active on Piazza and Slack - The TAs are very active and helpful: To name a few: Chris Taylor, Cecil Bowe, Brent (Thank you!) . I experienced strange behavior from students in this semester. Students were unusually combative and accusative during this course, which dampened the overall learning experience.

Students were mostly unhappy about the grading on the Quizzes. And rightfully so: Many questions were wrongly worded & also graded and there were many retracted questions. This lead to multiple arguments on Piazza and on Slack. I hope this will be corrected in the future.

This is an ideal summer course/ first course and yes, I would recommend it

Agree with most of the feedback below, so the only thing of value I can think to add: seeing as the quizzes are pulled verbatim from the text, it pays to get exactly the edition quoted, even if they say that others are equivalent.

Also worth noting, just as a head’s up: we were told before the withdrawal date that extra credit would be offered, and were then told after it that it wouldn’t, so don’t base your decision on that possibility.

There were one or two TA’s this term who seem to believe that the price we have to pay for access to their help is that they get to act like 4chan trolls on our class Slack channel. (Or maybe it was just one TA propped up, like most bullies, by a gang of sycophantic yes men -- alumni he had invited on for that purpose who had no other business in our class.) I pray that either they grow up, or that GT declines to inflict them on any future OMS classes, as the tradeoff is far from worth it.

This was my second class in the program after IOS. I enjoyed the material and was able to take away a lot from the course. There were some logistical issues at the beginning of the term such as incorrect dates on the syllabus, misunderstandings between students and TAs, etc. However these were (from my point of view) mostly fixed by the middle point of the term. I would recommend the class for anyone looking to get a solid foundation about computer and network security.

IIS was a good course. It was my 4th of the program and I took it in summer of 2019. It was fairly well organized and run. There were some issues with poorly worded quizzes that became an issue in the course, but they were each a fairly small percentage of your grade and the TAs did a reasonable job of trying to resolve the issues.

The class had 4 projects. I didn't find any of them particularly difficult, but most did require a solid effort. The course also had two exams. The exams somewhat reflected the major topics in the course, but many questions were also kind of specific details about concepts that I didn't feel were very important nor were they really stressed throughout the course.

The textbook is used a lot in the course. I didn't watch very much of the lecture videos, as most of the content I needed to know was found in the textbook. The videos may have covered some of the same topics, but the videos for this course just seemed kind of dry.

Overall it was a really interesting course where I learned a lot. It's not a cakewalk like I thought it would be going in, but it's not too difficult of a course.

This course wasn't well taught or well managed. The lectures were often slow but very shallow. The tests and quizzes were riddled with mistakes. Opinions of the TAs vary, but I wasn't a fan. They got more helpful as time went on, but that was mainly because they were basically forced to act more mature by the professor. I'll agree with others that some students acted entitled and annoying on Piazza, but I'll also argue that the TAs and professors reaped what they sowed.

The projects were pretty good. For future students, I'll say start Project 1 early. I wasn't too familiar with GDB, and that was stressful getting that done on the last day. The instructions, as was the case on all of the other projects, were clear though, so the stress was entirely my fault.

The exams were odd. They had errors like all of the other quizzes, but they were basically hidden away from us which caused some uncertainly and unneeded chaos on Piazza. Some of the questions were also way too specific. Specific questions were fine on quizzes, where you could just Ctrl-F to find the answer, but needed specific facts out of a dry, 800+ page book was a little much. It's a graduate level course though, and the exams aren't worth much, so whatever.

Like others have said, if you do well on the quizzes and projects, this class can be a pretty easy A.

Pros:

• Really interesting projects
• Extremely helpful TA staff
• Quizzes were word for word out of the book. They were basically a free 18-20 points if you have half a brain and actually answer the questions rather than worry about the wording
• Video lectures were very well produced

Cons:

• Some of the lectures are pretty boring
• The 2 exams covered a lot of material and probably wasn't the best format for evaluating comprehension
• The Prof. should have cracked down on the entitled students trying to ruin the class (more on this below)

Overall the class was interesting and the TA's were fair and helpful. The only issue was with several very annoying students in the class. From the beginning these students actively tried to foment insurrection in order to get points back on any and everything. It got so bad that they started conspiracies about piazza posts getting deleted and accused the teaching staff of plagiarizing material from another university (despite the fact that it is common practice for professors from different universities to share material in order to ensure that people are evaluated consistently).

All of this is to say that it's too bad we can't review our fellow students, and if you want a fair picture of the course don't put too much weight on the negative reviews from this summer. Also, if you are one of those students, learn to take a breath. The world isn't gaslighting you.

This class isn't good, and this particular semester was an embarrassment to the program.

The good:

• The projects were pretty fun. Luckily they account for most of your grade.

The bad:

• The lectures. Incredibly dull, but maybe I'm spoiled by how good they were in ML.
• The textbook. Just do yourself a favor and never read it.
• The material. It's just too broad of a course.
• The professor. Absent.

The ugly:

• The quizzes and exams. I just don't understand how mistakes kept happening. Almost every quiz would have mistakes in the questions, the answers, or the keys. Coupling this with a two-attempt policy made everything worse, because students then went back thinking that they were fixing their answers when instead they had nothing wrong in the first place. We were assured these issues would not be present on the first exam. Unsurprisingly, around 6 of the 34 questions had issues and ended up being regraded. I'm not confident that the second exam didn't have issues either, but we'll probably get our grades too late to make a difference anyways.
• The TAs. The class has its own Slack workspace to ask students and TAs questions, host office hours, etc. This isn't unusual. However, some TAs thought it was appropriate to use the workspace like their own private Discord server, posting vulgar messages and whatnot. While I'm not personally offended by any of that, you can imagine why that creates an issue when you're supposed to be acting like a professional adult whose being hired to help teach a graduate-level course, not telling students to "Read the fucking manual." Shockingly, some students (myself not included, by the way) complained and Slack usage was restricted. They then proceeded to whine and complain instead of taking responsibility and performing a little introspection. One excuse was that Slack wasn't an official platform and shouldn't be treated as such. Yeah, that's just BS. Every student in the course was emailed an invite link. Almost all TA's hosted their office hours there. The workspace itself is on the Slack Plus plan for god's sake. That's more than $10 a month per user, which isn't cheap. So yeah, it's an official part of the course.
• Piazza. This is really a culmination of the above. Once mistakes kept appearing, some students obviously lost faith in the course and the teaching staff. Some posts got pretty combative, and while some were over the top, I mostly agreed with the sentiment.

Overall, would I take this again as a Summer course? Maybe. Even after all that, getting an A wasn't all that hard. It's just that the teaching staff made it way harder to get through than it needed to be.

I took this class because I had some gaps in my security knowledge since I come from an engineering background. I can say that I definitely learned a few things, but I did not enjoy this class.

The biggest problem with the class was the quizzes. There are weekly quizzes which are open note and you are allowed two attempts, which sounds super reasonable and great. However, there were constantly errors in the grading which made the quizzes super frustrating. The response from the TA was usually something along the lines of "these errors in quizzes are just inevitable", but this is my 6th class and first one where I've experienced this at all. I usually think people are way too critical of the TAs in OMSCS classes, but IDK this one was rough. Seems like they could've done much better.

The exams were OK. I don't think they really tested anything other than ability to memorize small details.

Some pros: I did think the projects were fun. None of them took me more than one day to complete.

This course is very unorganized. There are 10 quiz, 2 exams, and 4 projects. Workload is a few hours a week. The Udacity video is unbearably boring. It's basically an introduction to everything security related. The video is so long and covers so many items. You will not be able to prepare for the exams. The quiz are all filled with ambiguous questions and answers. All you need to do is to download the pdf book, crtl-f to find the keyword, and try to figure out what trap they put in the questions. The TA loves playing with words and pretty much every quiz is a fight on Piazza with students complaining about ambiguity. It's the same non-sense with exam. Project is mostly auto-graded, so there is no depth in these projects. They are not difficult, but TA pretty much won't allow any kind of real discussion on slack or piazza. So you are pretty much on your own to try to figure it out. This course is easy to get a B, but difficult to get an A. There is no curving and TA acts like it hurts their feelings when you say this course is easy on omscentral. If you want to learn about buffer overflow, RSA, cryptography, SQL injection, XSS, CSRF, you are better off going to youtube and watch some videos. This course would be perfect if you don't care about B and you want to pair with another course so you can graduate. Piazza is constant battleground, and TA started their own slack to stop you from having any real discussion. Towards the end of the semester, TA was being combative and blasted about plagiarism to the whole class on Piazza and emails. This is the first course I feel like this OMSCS program is deteriorating in quality because of too many students. Nothing is worse than taking a useless boring course that you don't learn anything and end up getting a B.

The only thing you will get out of this course are the interesting projects : I started out doing the reading and stuff but i gave up after two chapters or so, reading the textbook was just taking so much time and i didn't see the point since i wasn't going to retain much of what i was reading anyways, according to me, the textbook is adapted to be a quick reference more than a cover to cover read . the textbook is only useful to get the few extra points in the exam so i didn't see the point. Quizzes were a joke, too many mistakes and were absolutely useless in understanding the material. most of the questions on the quizzes were copy pastes from the textbook and could be easily Ctrl-F'd, Projects are interesting and easy to medium on the difficulty scale depending on your skill set. I don't know my grade yet but it will probably be an A, here is a recipe to get an A with least effort:

• Ace the projects, start as soon as possible, ask a lot of questions if stuff is unclear
• skip the textbook , Ace the quizzes, they can be solved with Ctrl-f in the textbook
• master the concepts for the exam, skip the details you wont be able to remember

This should keep you in the 91-93% range , if you get high 90's in the projects

Good course, but the term was marred with few back and forth issues between students and TAs. Primary issue was quizzes, my personal opinion was this could have been managed better. Well again the quizzes count towards 20% of your grade so significant if the experience isn't right.

The projects were fun, but mind you they can take up time. So start early once the project window starts. Be careful of plagiarism. I screwed up one of my projects - Summer is tough at times, with a full time job. But not trying get over with a reason - completely own it.

Overall fun, but in could have been better.

Pros: The projects are varied and interesting, and even if you have no knowledge about information security or the tools involved, you can complete them with some grit. TAs in my semester were willing to give ample hints via Slack.

Cons: I am not exaggerating here, over half of the assignments in this course had errors that required regrades or modification by TAs to return points. I don't know how this could be since I don't think this is a new course. We're talking 7/10 of the quizzes, both exams, and a few minor issues with projects. You have very little confidence in the veracity of your instruction, and you never know what your grade will be even if you're confident you did well. In addition to that, the book is very boring, with long chapters that take hours to get through if you're taking notes, and you have to read 2-3 every week. Half of the lectures are from Dr. Ahamad and are very long and inefficient, and half are from Dr. Lee and are to the point.

I didn't have much interest in security before taking this course, so with all of the issues, I didn't enjoy it at all. It's too bad because the projects actually did gather a little bit of interest from me. I took the course because I wanted a less time-intensive course over the summer, but it ended up taking me as long as KBAI. I would strongly recommend against taking this course until they work out the issues unless you have lots of time to police the posted answers and submit regrade requests.

I don't recommend this course.

PROS:

• Fit in my 2 week long vacation. The workload was nice if you will settle for a B or C. For once it was not one of those breakneck stressful classes requiring 25-40 hours of work even for the smarty pants among us.

• Projects are nice and account for 60% of the grade and most of the learning. If it was not for the projects, I would review this class as "Strongly Disliked".

CONS:

• TAs were disorganized and combative. Instructor was 100% not present. Many quiz and exam questions are ambiguously worded, causing a lot of Piazza arguments.

• I did not cheat. Regardless, all students were bombarded with anxiety-inducing honor code violation threats which make you question everything you did. There is no way my solutions were totally unique in the entire world. I'm 50% done with the degree and this made me wonder if I should continue with this garbage.

• Unfair - some people could see the correct quiz answers after attempt 1 and get 100% on their 2nd attempt (not me of course), but that is really not fair. Quizzes were easy points. Mildly educational.

• Canvas quiz rubrics were always messed up, causing confusion and regrades for basically every single quiz.

• Lectures can (and should) be totally ignored. The book is awful.

• 2 proctored exams were truly HORRIBLE. Just way too much undigestible book content to hammer down. Don't study - just guess and take the B. Workload to get a B is 4 hours a week. To get an A is a whole lot more hours just because of the exams.

This has been my least favorite OMSCS course.

• Lectures: Dull.
• Textbook: Dull and disorganized.
• Quizzes and exams: Riddled with errors that will make you pull your hair out.
• TAs: Combative.
• Piazza: Toxic. A battleground between students and TAs.
• Homework projects: Very nice. Interesting and challenging.

It's an easy course, materials are like undergrads

This course was fun and easy. I enjoyed the projects (except for one of them). It was fun learning how to exploit software. I have at least 6 years of programming experience, so learning the concepts and writing the code was quite easy for me. The quizzes were easy to do if you have a digital version of the textbook, since the questions were worded similar to the textbook. The only thing I didn't do well on were the exams, which were mostly based on the questions similar to the quizzes, but with some additional question that you'd have to read the book to know.

This was my first course in the OMSCS program, and I enjoyed it.

Thoughts:

• The projects are the highlight of the course. They're interesting and well put together, and they require you to do a lot of independent learning.
• Exams are frustrating. They're closed book, and some questions are confusing/have grammar mistakes that make them easy to get wrong. TAs and the instructor aren't responsive to requests to explain/correct the questions.
• I wouldn't recommend the 'required' textbook. It goes into much more detail than the lectures, and I didn't find it particularly well written. For the first exam I did all the recommended textbook readings, and was massively over prepared. For the second exam I skimmed a couple of chapters, but mostly focused on the lectures and quizzes. I got a score in the high 80s and didn't waste hours of my life.

As the title mentioned, it is introduction to information security. Students with Computer Science background, will find it to be a good refresher. A little bit of programming experience will make life easy.

20% - 2 Exams (Proctored - Closed - multiple choice - Require lot of reading) 60% - 4 Projects (Individual - Medium Hard) 20% - 10 Quizzes (Open book)

Take your projects seriously because of weightage, start early and do not miss deadline. In this semester, TAs, released few projects little early. Those who took advantage of this, completed projects on-time.

Piazza is a good place to share knowledge and seek information. I found answers to my questions in Piazza before posting questions to TAs.

The book recommended for this course is a very good one. It gives many insights on Computer Security, Security incidents, security design, ethical hacking. I enjoyed the RSA segment of the course where I learnt about modular arithmetic, encryption and decryption.

Overall is a good course.
Tip: Add this course, along with a tough course for your Spring and Fall Sems.

This was a challenging course and it b**tched slapped me in a way that I did not anticipate. It was also my first course in the program so if this is what an easy class looks like, I will probably have to drop. I found balancing the workload with a full-time job and a family a little over the top. Also, I had no desire to take this course to begin with, but it was the only class I was able to get into. I ended up with a C (I got a 77.2 and a B was 78. So close, but yet so far). This is a review from someone that is not a Ga Tech genius and had to spend more than 3 hours a week on the course. So not sure how applicable this will be to others.

Here is the skinny: The labs are pretty much everything - 60% of the grade. The quizzes are easy and you can take them twice. Just watch the videos and that should be good enough. I got a 95% average on them and as I already stated, I 'ain't no genius'. The tests are tricky with a fair amount of sneaky and even bad (some seemingly incorrect correct answers) questions. For the first exam I read the chapters and used the book mostly. Big mistake. The book is worthless, unless you need it for a lab or to go deeper into a topic of interest. Just stick with the course notes - which are excellent. I just used the course notes for the second exam and crushed it even with the average being a 71%. My problem came with the projects.

Project 1: Stack/Buffer overflow exploit This one killed me. I had no idea what I was getting into. Started late but still spent a lot of time trying to figure it out. Could not, got a big fat zero. The auto-grader is merciless. I lost 50% of the points on the lab, but ironically got a perfect on the report. Grade was 50%, which was an F. I started out with an F. No partial credit. I should have dropped here, but stuck with it. For the rest of the class I had to pull myself out from a huge chasm. I never really did.

Project 2: This was a weird one. This project was running and analyzing malware in a sand-boxed environment. It was difficult to know if you were correct or not. Honestly, even if I spent another 6 months on this project not sure I could do any better. And the grading was kind of secretive. Not really sure why I got stuff wrong that I did. I hit the median on this one, but left me scratching my head as to why I missed what I did.

Project 3: Cryptography This was my favorite and honestly the only topic I really had an interest in going into the class. I enjoyed the topic and did well on everything cryptography related in the course. I think I got every single quiz and exam question correct on it. However, I only got a 90 on the lab. They provided a test bed to verify your algorithms were correct. For some reason, depending if your key was positive or negative your unit tests would pass while the actual grading by the TAs could still fail. Kind of a tricky gotcha. They accepted regrade requests for this and provided half credit. I got 10/20 (half).. To me this was a bit unfair...they should have given us a warning or a note in the instructions and provided full credit if the test bed passed. But hey - that is just me complaining. In the end, a 90 was the best lab I had so can't really complain.

Project 4: Web Exploits - XSS, CSFR, and SQL Injection This was a cool lab and probably the most relevant for the typical software developer working in a standard IT environment. I actually liked this lab and learned a lot. I also screwed it up big time. But that was totally my fault. I knew going in I had to get a B or better to get a B in the class and I totally blew it. For the XSS explot (which was 30%) I added a print/debug statement in the server code that I completely forgot about. This ended up allowing my injection to work. I finished a week early, but did not realize that I left this debug statement in the code!!! So of course, the grader could not get my exploit to work. and failed me. I got a 67% on the lab and a D.

That last lab brought my grade down to a 77.2%. A B was 78%. What a freakin bummer. I chalk this up to bad luck, but also a learning experience. Start the projects early and make sure you double check them. By doing well on the labs and the quizzes you should be able to easily get a B. Screw up the labs and you are doomed.

Now I have to get an A in my next class or I will be kicked out of the program.

In summary: The labs are very instructive if you can get them to work. The course notes and lecture are very well organized. If you are interested in security you will get a really good introduction to all things security and this is really an excellent class. Grading wise - make sure you do well on the labs, start them early. Don't read the book unless you want to, and focus on the course notes.

A few things they can do in my opinion to improve this course: More opportunities for partial credit. Losing 50 points on a buffer overflow problem is a killer. Losing 30 on the XSS is also not great. They should be able grant more partial credit for people that are close, but no cigar. Maybe extra credit would be good for those that are borderline between grades.

One last thing...I found the slack and piazza channels a bit noisy. The TAs will remove any post that actually helps you solve the labs. So if you mentioned how you approached something or what algorithm you used, you would be threatened with academic misconduct. So in the end, there was nothing to really say for fear of revealing too much. The only use I got out of Piazza was clarifying the requirements and/or assignment. Other than that, I did not find it very useful. I posted a number of direct questions to instructors, but they never responded. The slack channel was more of the same, with a lot more social talk. People hang out on it, but same rules applied.

The grading was slow and took forever and I thought it was tough to get time from the TAs and Instructors, even though they did check Piazza regularly, they easily fell behind since there were so few of them and so many students.

TLDR; Good for a first course: easy A, with a broad overview of infosec. Grade breakdown: Projects- 60% Midterm- 10% Final- 10% Quizzes- 20%

Projects require a very shallow knowledge of coding- you can learn all you need to know on the fly, provided you start projects early (ie 1-2 weeks before the due date): Project 1 (easy): Buffer Overflow; C. Project 2 (easy): Identifying malware; no coding required. Project 3 (medium): RSA; Python. Project 4 (medium): XSRF, SQL Injection; HTML, Javascript.

The midterm and final are both closed-book, ~30 multiple choice questions, taken with Proctortrack. The largest challenge with these tests is how poorly the questions are worded. You can easily get a B by just watching the lectures and taking notes. A couple questions are taken from the assigned reading, as well.

The quizzes (10) are open-book, non-proctored, and you get 2 attempts on each quiz with feedback about which questions you got wrong on each attempt. Essentially, these are a free 20 points.

The Slack channel is very active and can be helpful for the projects. However, it is also has a very strong brogrammer attitude and can be abrasive at times (aka multiple students have reported the TA(s) for their behavior on Slack and Piazza). Hopefully these behavioral issues will be addressed in future semesters, so all students can feel comfortable engaging in Piazza and Slack.

I came into the class with an interest in cybersecurity, although having taken some intro classes during my undergrad, a lot of the material presented in lectures wasn't new to me. I found the lectures well written, nonetheless, though having different lecturers with different lecture styles was hard to adjust. One took his time with explaining each slide, while the other read the bullet points and went to the next slide within seconds.

I really enjoyed the hands on projects, especially the one where you "break" a simplified RSA key. Each project supplemented the lectures very well.

There were also 10 reading quizzes that were very easy and had a max of 2 attempts - no proctortrack required. Proctortrack was used for the 2 exams that were given.

I took this course alongside CS 6300 and found both classes very manageable for my first semester at OMSCS. I highly recommend this course to anyone interested in cybersecurity (who hasn't already taken an intro class), as well as anyone looking for an easy foundational course to start off their degree.

IIS was a good first class to take as a new student of the program. The projects were very interesting and this is where I learned the most. Most of the test and quizzes is just memorization.

It's hard for me to estimate my hours for this course. There were several weeks where I barely did any work, and then others where I was putting in 20-30 hours on the projects. I'm coming from a non-CS background however, so my time is probably inflated.

This is my second course and I don't know if I would suggest it as a first class for a non-CS person. It goes from C to Python to Javascript/HTML/PHP/SQL, so if those are all new to you it's going to require more work to switch gears every 3-4 weeks. It's definitely doable, but it might be a bit much for the first semester back in school if you don't have a strong CS background.

I enjoyed this course, and I would definitely recommend it. The buffer overflow, RSA, and web security projects were very interesting and I learned a lot. The second project on malware was an interesting topic as well, but it was plagued with technical problems and needs to be reworked, specifically Phase I. You can run into some frustrating (out of scope) network issues on Phase I that make it so you cannot successfully complete Phase II. The issue is that SOME of the malware behavior in Phase II will be missing, but you won't realize it until grade time, and there's no way to check beforehand. That makes Project 2 really feel more like an open book exam than a project.

That said, the TAs in this class are amazing! Chris and Jeff are constantly in the slack channel and go well beyond their duties as TAs. This course has office hours, but you can basically go to slack and get help at any time.

JOIN THE SLACK CHANNEL AND USE IT! This course would have been significantly harder without Slack and you are handicapping yourself by not checking it. I read it daily.

Professor Lee appears to be active behind the scenes, but was completely absent from a student's perspective. I do think some of the "easy" ratings from a few years ago should be taken with a grain of salt. It appeared that the projects get updated each semester to have more content, which means the class is harder (and higher quality) than it was in the past.

This was my first foray into any type of programming contained in a course. I have a MS in Management and Systems, which was not programming intensive at all. Coming to the course, we were encouraged to get or have an understanding of programming (Python, Java, etc.) and to have a grasp of discrete mathematics. So I was warned. However.

The online lectures were GREAT. Loved them. Short; easy to understand, and they complimented the required text. Someone took all the lectures and made pdf of each as well as a ppt slide deck. Totally useful material to have to study from.

Quizzes were open book, and relatively straightforward. Exams (2) were proctortrack, and more difficult, even though they were multi-choice and T/F.

Projects. There were four (4) and we had 3-4 weeks each to complete them. Ughh. So, while the directions were mostly clear, and google was my friend, I still struggled to even complete some of the tasks as I lacked any programming foundation whatsoever. The projects were involved and required a significant time commitment to execute them well. #FailForMe on those.

The balance of the weight on all items was fair--if you were not a great exam taker but excelled on the projects you were probably fine. If you could not get 95-100 on all the quizzes, well, that's totally on you, as they were open book.

Overall, the instructors were great--nice bit at the end of the course lectures bringing in an alum to chat with us; I really appreciated that bit of tape. Others have commented on the TAs, but I never really interacted with them, as my questions were foundational, and a silly ask, sa I should already have known the basics.

What would be helpful for folks like myself, would be a pass-fail or NC intro to programming course offered as a pre-req. Not that I am looking for more work, but obviously I failed in this class to meet the expectations of a student entering the program.

So, looks like, unless there is a MASSIVE curve, I'll be taking the class again in the Fall. Time to learn programming....

This course has a reputation for being on the easy side, but I found the projects to be enjoyably challenging. (For context, I have a CS background but not much that is related to security.) The projects were the highlight of the course. They were each very different and stretched my knowledge across multiple areas. You have 3-4 weeks per project, so plenty of time to learn and to get them correct. This is a class you can definitely pair with another course since you have plenty of time to complete everything. The one exception to this was the final week, where we had the second exam and a project due on the same day. Kudos to the TAs for agreeing to move the exam back a day, but honestly I think the exam could have been moved back a few days since there was still over a full week before grades were due.

I recommend renting an electronic copy of the textbook. That is crucial for studying for quizzes and the tests. It's also a lot cheaper than buying a new or even used version.

The usual advice of 'start the projects early' definitely applies. Slack was active and helpful. Some of the TA posts early in the semester were somewhat defensive and condescending. I did see a change in tone the second half of the semester, which was good. The TAs seemed overwhelmed at times because of the large class size, which is understandable, but I hope the instructors are able to maintain a positive tone for future semesters. It really does make a difference for a lot of students (especially those in their first course). The professor did one office hours I think, otherwise he was completely absent. It would have been nice to have more involvement from him.

Decent introductory course. Not engaging unless you get on the Slack Channel, which was extremely helpful. Quizzes are super easy and are a grade boost. Exams are only worth 20% of your grade (same as all quizzes combined), and not worth studying for if you do well on the projects. The four projects are worth 60% of your final grade, so focus on those above all else. They were very challenging for me, given my entire CS experience before the program was 2 undergraduate freshmen courses, but the workload of the projects are likely quite light for folks with coding experience. Overall, I recommend this course.

Took IIS as my first course. I came from a background of 2 years undergrad CS, 1.5 years industry experience.

The four projects are very interesting and provide a good breadth of practical subject matter. Unless you have already done projects similar to the four (overflow exploits, malware analysis, public key encryption, web security) you will probably have to at least put a weekend into any of the projects and will learn something new. If you know C, Python, basic BASH/linux CLI, PHP, JS, and SQL, it will help you on the projects a lot. The projects require you to run an Ubuntu VM, so make sure you have enough RAM or the experience will be miserable.

There were weekly quizzes. While I found them kind of silly since they were open book (and in many cases taken verbatim from the textbook), I did appreciate that they at least got me to open the textbook on a weekly basis, since I have generally bad study habits.

The 2 exams were mostly about having read the textbook and watched the lectures. The second exam was way harder than the first as it covered a lot more material.

Transcriptions of the lectures are provided, which I was very thankful for.

Success in this course depends pretty heavily on doing the four projects well and scoring decently on the exams. The quizzes are basically free points. The exams matter but you can afford to bomb one of them if you ace the projects and do the quizzes.

TAs were very active and helpful on Slack - I'd highly recommend at least lurking the #cs6035 Slack channel. They also respond to Piazza posts. I only ever felt the need to contact a TA for clarification once, and I ultimately would not have needed to if I had just lurked the Slack channel a little bit more, or read to the very end of the project instructions before beginning.

Overall I'd say the course was relatively easy and fun, with the workload spiking when each project was released/due (unless you're a good student and read the textbook/supplementary readings, then there's a decent amount to read). It's a good first course for a well-rounded student with a good programming background.

This was my 6th course in the program. Overall, I felt this course was really organized and well paced. There was never a moment where I felt I didn't have enough time to complete the projects or other assignments .

The TAs are some of the most engaged I've seen throughout the program. The slack channel ran by the TAs was extremely helpful. However, I do feel they can be a bit too sarcastic and snarky at times. This upset several students throughout the semester. However, if you don't take yourself too seriously then this is not an issue. I learned a lot in this course and really enjoyed it.

Be aware that although this is one of the easier courses in the program. You should not approach this course as if the grade will be handed to you. The projects are not trivial and require a lot of time. The tests are fair, as long as you read the book, you will do well on them. I definitely recommend taking this course if you're new to security, you will learn a lot.

This was my first semester, and I have to say I really enjoyed this class. I was pleasantly surprised that for being a survey class, the materials seemed relevant and up to date. I would very much recommend this course as a starter course for new students in the program. Because of the overall size of the class, information in Piazza is only moderately helpful, as this class is a starter course for many students matriculating into the program, and those students do not often at times know what to expect or what is expected of them coming into the program. Therefore, an inordinate amount of noise, repeat communications, and redundant questions are generated from these facts. Can I say, the Slack channel to rescue!? The Slack channel was absolutely a godsend to the class. A few of the TAs in there were teaching gold. If you learn the material and ask good questions, they will be tons of great help on the projects. DISCLAIMER: TAs and students are not in Slack to give you the answers to challenging components of the project and will not assist you in this way. You need to learn the material do your due diligence in research before approaching for help and demonstrate a knowledge of the material, they are not there to help you cheat.

Tips:

Quizzes are open book, and you get two tries. Use the quizzes as a guide to target the main concepts it tests upon, your Exam scores will thank you.

There is a BOAT LOAD of material surveyed by this course, the Exams are more difficult than the Quizzes and test a relatively small fraction of the overall material. I recommend starting with the quizzes, then study and take notes on all lecture materials, and supplement the lecture materials with embellishments from the textbook on top-level topics presented in the lectures when preparing for the Exams. Memorizing the textbook is not necessarily going to improve your exam grades, as the Exams test more your ability to understand the concepts rather than just general memorization of the terms and definitions. One of the reasons for this, out of the two exams, about 30% of the material was on the first one, and 70% on the second one... two weeks from the end of the course, I found myself 13 lectures and 14 chapters behind in the reading. I basically just studied the quizzes and caught up on the lectures and did reasonably well on Exam 2. The grades are balanced toward the projects anyway...

The projects are the best elements of the course, they are very well put together. For students with limited CS exposure (OMSA/OMSCY), this class maybe more on the difficult side. Although overall the coding and coding knowledge required is minimal, basic knowledge of a wide variety of topics are required to master the projects. C, GNU Debugger (GDB), Python3, PHP/JavaScript/HTML/SQL are all required at the basic-level, and are still doable with limited/partial knowledge. The instructors where very generous, particularly with opening projects early, in some cases an entire week early. For those that didn't procrastinate, it seems that most students were successful in their endeavors. Let me reiterate, and the TAs seem to have to have do this too often for a graduate-level class: DO NOT PROCRASTINATE AND WAIT UNTIL THE LAST MINUTE TO WORK ON THE PROJECTS. Just because this class is known for being one of the easier CS classes in the program, there can be gotchas in these projects, especially for those with limited CS exposure. Start on the projects as early as you can, and get to work. Students that wait until the last minute almost always freak out, as evidenced by the exponential increase in frantic Piazza posts and Slack meltdowns.

In my opinion, this was a great first course. Don't let the term "Introduction" fool you. I came in without any real programming/development in my background and I found most of the projects pretty challenging. I've done scripting, but no real software development. This course and the projects seemed quite a bit easier for the students that have managed software for web, DB, and/or OS. If you do not have this in your background, you can still get full credit on all of the projects as long as you put the work in.

The good: The projects were fun, interesting, and challenging. The TA's were very responsive and helpful on Slack. You were given more than enough time to complete the projects and assignments. The grading on the projects was very fair.

The bad: There was a bit of ambiguity which led to confusion around some of the requirements. I struggled with this because I tend to overthink things, specifically with P2 and the exams. Overall, it wasn't enough to impact my overall grade in the course.

A couple of recommendations. Do not wait to start the projects. Start them the day they are assigned, or the first week if you can't start them the day of. If you get stuck, the TA's are very willing to help. From what I could tell, most of the students that felt like they weren't getting the support they needed were the one's procrastinating and wanted somebody to give them the answer the day before the project was due. The TA's won't give you an answer (nobody should), but they were very willing to help correct the path you are on when it's obvious you are putting the work in.

This is a great choice for a first class. A few thoughts off the top of my head:

• Join Slack! As the semester progresses, the signal-to-noise ratio on Piazza approaches zero. In contrast, the TAs on the Slack channel (particularly two or three of them -- they know who they are) are incredibly helpful and seem to spend a curiously high percentage of their lives tethered to it. And sure, there's noise on the Slack channel, but it's fun noise.

• Projects! Projects are worth 60% of the grade, but will take 80% of your time and will constitute 90% of what you actually learn. They are also 95% of the fun (the other 5% being the Slack channel). Start early. Read the directions. This is a graduate-level course, so the instructions will of course not be intuitive like, say, your sixth-grade spelling tests. And keep your essays succinct; don't write a dissertation when they tell you not to (see: reading instructions, supra).

• Test and Quizzes. Yeah, there were some of those, if I recall correctly. They don't count for much. You can take quizzes twice, so there's no excuse for getting lower than a 99%. The two Exams are difficult, particularly the second one, but don't worry if you get C's on these as long as you ace the projects and quizzes.

• Prep. If you want to prepare for the projects early (and why wouldn't you), here's what I suggest. Project 1: set up Virtual Box, buy and install 2 more GB of memory, learn to analyze a stack with ADB, read the wiki articles on stack and heap overflows, learn to read C, learn how to write complete sentences. Project 2: Look at some sample Cuckoo malware reports, familiarize yourself with the online docs for Windows registry keys, buy and install 2 more GB of memory, pray that your many guesses were correct. Project 3: install an IDE for Python 3.x, uninstall the IDE and just use notepad++ and command line, read up on RSA and the various ways it can be exploited, try to grok modulo math. Project 4: Read up on common website vulnerabilities, such as xss, sql-injection, csrf, etc. Review basics of php, javascript, and html -- particularly form submission.

• Pace. There is a lot of waiting around, frankly, for assignments to open up. If this is your only class, and you like to work ahead, it will be aggravating.

• Lectures. The videos were pretty good, and the instructors appeared to be very much into the subject matter. You'll have to adjust the playback rate for each professor. You'll see what I mean.

There are 4 projects, 2 Exams and 10 quiz in it. Project-1 (Hard) You have to have good understanding of C language. Write a .txt (which is your malicious code) to read the encrypted data/ to insert the malicious code.

Project-2 (Easy) You have to analyze the report generated by the tool.

Project-3 (Moderate to Hard) Using the python scripting(which is your malicious code) try to get the information from the files.

Project-4 (Hard) use of Javascript, HTML and SQL Write a HTML code (which is your malicious code) and try to steal the data from a website.

10-Quiz: These Quiz represent different lectures of Udacity and based on those lectures these Quiz are made. some questions are easy while some are tough.

Exam-1 and Exam-2 Most of the questions are from the 10-Quiz and Udacity Quiz, And some are knowledge base. If you have understood the lectures only then you will be able to answer these. But 20/34 question are from Quiz.

Overall suggestion: It's hard course if you don't know C/Python/HTML. If you know these three then it's easy.

I'm following the lead of another fellow OCY student; since OCY isn't a program option for the review, I selected OMSA to differentiate my perspective from the OMSCS students for whom this was unlikely their first GA Tech grad course and who likely have a much stronger technical/coding background than I.

Pros: The quizzes are like built-in grade enhancers. There are 10 quizzes covering the course material in phases, and they are open book/open material, with 2 takes per quiz, making it virtually impossible to do poorly unless you just fail to take them. They do a good job of enhancing the course material learning while providing some insight as to what sort of material to focus on for the exams. As such, I found the quizzes very helpful. The projects were, to me, the stars of the show. I learned more than I ever imagined, they were well designed and I found them very enjoyable (I love learning new things!) I had a bit of coding experience some time back which certainly helped, but there is plenty of time to complete the projects (unless you procrastinate! Don't.) and the coding was minimal and rather simplistic, so it shouldn't be much of a challenge even for a beginner. The best thing about this course was the TA involvment, particularly in the Slack channel (if you take this course, you simply HAVE to join the Slack channel!) The TAs were knowledeable, helpful, and I found them to be quite empathetic and fair. I would have graded this course much lower without the amazing TAs.

Cons: You need to understand code. For OMSCS students this is probably a no-brainer, but for non-CS types (such as many of the OCY students I worked with) it may be a bit of a challenge. There is a wealth of resources available, and the TAs and classmates are always willing to provide pointers to help you find the right resources, but don't expect to get away from this class without being able to understand at least the basics of reading simple C, Python, javascript and PHP (and by basics, I mean things you could pick up in a couple hours or so). Not really a con, but something to be aware of: there are 2 closed-book exams that use Proctortrack. PT can be a little finicky, so be ready to jump through a few hoops to get it working. Just keep in mind, PT is there to deter cheating and thus maintain the integrity of the degree we're all working for, so embrace the pain and deal with the false positives. Also, though I didn't have any problems, some students had issues with uploading their projects in Canvas. Just be sure to follow the directions to a "t" and all should go smoothly.

This is a bit long, but if you are considering whether or not to take this course (well, if you're OCY, you don't really have a choice of "if" but you can technically decide "when") I highly recommend it. It is probably on the lighter side as far as difficulty, and since many of the OCY courses build on concepts learned here, I suggest taking it early if you're OCY, and perhaps during the summer or coupled with another lighter course during fall or spring for OMSCS students. All-in-all, this has been my favorite college course (and I've taken quite a few!).

I personally loved the class. I learned a lot of security aspects that I did not know before.

The 4 projects were the best part of the class. I learned from the projects the most and I think that is what I will retain from the class .... maybe because there was lot of suffering in doing them.

The rest of the class was lot of literature about security and I am not sure I will remember much. :-( .

The quizzes were a good practice of the lessons concepts, the quizzes are open book and you can take them twice, looking at your first try.

The exams can be tricky on the understanding of the questions. I did not score good there!

I will definitely recommend this class as a foundation for everyone security knowledge.

This was a very interesting intro into a broad range of topics ranging from how code works at an assembly level to how to hack (for good not evil) in the form of cross-site-scripting attacks, sql injection attacks, and the like.

I am OMS Cyber, which currently wasn't a choice while doing the review. I did not have any professional experience coding. The course was doable, but the challenge was learning things that the CS students take for granted.

If you want to get ahead, you can watch the course videos ahead of time on EDx or Udacity and read the book. For the first half I did all of the readings and watched the videos. After taking the first exam, I stopped doing the readings. Most of the questions seemed to come from the videos.

There were 2 TAs that were amazing and actively participated in Slack. In fact, it almost seemed like they were never off of Slack. The Slack channel played a large role in getting the most of the class. There were always discussions or tips being given if you were stuck.

This was my first introductory course to the OMSCS program. It is a great introductory course because the syllabus is pretty much set and the projects are well organized. As explained previously by other reviewers - there are 4 projects, 2 exams and 10 quizzes. Quizzes are due each week, 2 separate exams splitting the course in two and 4 monthly projects basically. Each project is due in about a month which is a good amount of time. Stay in the slack channel (at least with this semester). The TAs are great on slack and will give out hints and good advice for those working on the projects. Other students will also help.

I felt this was a good amount of work for a first course. Eventually, the classes will get harder and more rigorous, however, the hardest courses fill up fast during registration. If you watch the lectures, and read the chapters, you will do fine on the quizzes. Quizzes are open book so get etext to make it easier to search.

Exams are difficult. Covers chapters and lectures and projects and quizzes. However, it is not cumulative so at least there is that.

As others have mentioned, if you have a background in CS with C/C++, Python, JS/HTML/PHP then you will be fine. Others may need to learn it for each project which will add hours to the workload. With my current full time job, this class took up a few hours each week and the projects took more time. With all projects (for any class), start early and you will have enough time. This is the one thing I learned from undergrad projects, the earlier you start, the more time you have to mull over the solutions and approach.

Many thanks to the TAs and other students in the slack channel. It was fun. Although I did not think this class would be interesting, there were some parts that piqued my interest and I actually learned some things like RSA, etc.

The highlight of the course are four insightful projects that, as someone with relatively little experience with a few core CS areas, helped me tie together some important concepts, including:

• how buffer overflows work and how this relates to the memory address space
• how cryptographic algorithms really work
• a bit about how webpages work and computer networks work (I have no computer networking background)

These projects in my mind are the highlights of the class. Getting through the projects was non-trivial for me. Many of the projects felt like picking locks or solving a riddle or a puzzle. The projects do not require many lines of code to solve, but I found myself chasing my tail for a few of them due to lack of sufficient CS background. Completing the projects felt mostly satisfying and helpful for reinforcing some fundamental concepts.

The rest of the class - including the exams and quizzes - were not memorable, with content that felt too dry and general. The lectures were particularly rote and full of terminology.

Overall, a good decent course to the OMSCS curriculum, with some elements that I liked and some that I didn't.

It would be great if we could front load the work. They did release some items early. I felt like I was drinking from a firehose for the exams. Some of the TA's were angry because people weren't reading instructions. But to be fair, people never read instructions, you should just make it intuitive.

Had a quiz, an exam, and a project all due in the same weekend. No thanks. The first exam was mostly drawn from quizzes and problems we've seen before. The second exam required you to have a deeper understanding of the material. But when there is a project due at the same time, that required an honest 3-4 weeks of preparation. I didn't come here to write a dissertation on Encapsulated Security Packets guys. It's an introductory course, so you should have introductory level material reviews.

The staff had this mantra of saying "This is a graduate level course". No, calm down.

Course was fun and moderately challenging. However I would not recommend the course for the Summer. There are 4 project that during that during fall/spring would be broke up 4x4 weeks. however during the summer projects 1&2 were 4 weeks and 3 was 3 weeks (it took one evening to complete). project 4 was released with 1 week left in the course and due the same day as the final. Project 4 was the hardest to do and near impossible in 1 week while also trying to study for the final. An easy A dropped to a mid B in the last week of class.

It is a good starting course. The lectures are great, the projects are fun.

Good first class.Tests are directly out of the book

This was a very interesting intro into a broad range of topics ranging from how code works at an assembly level to how to hack (for good not evil) in the form of cross-site-scripting attacks, sql injection attacks, and the like.

With no prior computer security training, this was a great introduction to the field and concepts. Not the hardest class since there's a descent amount of busy work with quizzes and writing papers but 4 projects delve into some very interesting, if basic, computer security concepts. You'll be by no means a l33t hacker but you'll definitely feel like you're seeing the "under-hood of the car" if you don't normally program using assembly or command line tools. Some neat tricks, relatively low workload, and fairly good lectures (say no to Isbell!) make it a shoe-in for people new to the field with an elective to spare.

This was a fun course. The videos are semi-terrible (sorry Prof's, I know you tried... but the point of a tablet and pen is to USE them, not just hold them and basically have a powerpoint). There is information in the videos you need for the tests, which are sorta tricky and had memorization required. So watch them (2x speed for Ashok and 1.5x for Wenke). The quizzes are sort of a joke, you can answer all the questions with the book. Really the best (and perhaps only truly good) part of the course, are the 4 projects. I feel like I know what stack overflow is, how to examine malware, I have some idea what crypto is and how to attack it, and I know the general concepts of XSS, and javascript attacks.

I would not take this course to become a hacker or learn to defend against them -- IF you know anything about the field. You will be bored to tears probably. If you don't know anything about security and want to find out -- it's great.

The projects are actually somewhat hard, #1 and #4 were hardest for me, it really depends what your skill set is. I'm good in python so #3 was easy.

Also, very important. The TA's were incredible. They were EXTREMELY active and, more importantly -- very kind. It was the kind of professional attitude / human compassion that really brought a lot of life and warmth into the course.

Fellow students were also amazing, I know for a fact I would not have been able to complete the 4th project without the tips, advice and help from others, so thanks to everyone.

Course content and quizzes/tests were pretty easy. Projects were of medium difficulty. There were around 20 video lectures, 10 quizzes, 2 exams, and 4 projects. Wish I had more feedback on projects/tests in terms of what I got wrong.

This is an introductory course on information security. It is one of the easier courses which doesn't need not more than 9 hrs per week. I learnt a lot of things which I didn't learn in undergraduate course of mine.

Lectures are not worth it at all. They give a primer on what is on the exams, but to be ready for that you need to really to read the book imo. And as a slow reader, that is what took me the most time with this course. Professor is MIA. TAs were good.

Imagine creating a (non-phishing) mirror website that looks exactly like the original but sends an email with the username and password you enter.

Imagine making a sorting program open a new shell purely by manipulating the data input you give it.

If these sound exciting and cool, you will love this course!

"Go ahead, make my day!" The course consists of:

• Lectures: Cover the material well, and very manageable difficulty level (legalese for "it was easy, folks!"). Got away with watching them semi-regularly.
• Readings: All the "required" readings are from one textbook. You do not need them for the exams, but I recommend reading them for fun if you are into that sorta thing. I did not ever read any of the "recommended" readings, though some of them looked fun too. Some day.. some day..
• Quizzes: There was a quiz every week (10 in total)- all open book, limited attempts. You definitely need the textbook for these and I recommend getting the ebook because a lot of the quizzes were simply testing your ctrl+f skills. That said, by the end of the term I realized they did cover a good breadth of topics and helped you learn something. Each quiz takes about an hour to do (with ctrl+f and literally no reading or even lecture-watching)
• Exams: There were 2 exams, non-cumulative. You only had to watch the lectures (Tip: 2x them with subtitles) and review the quizzes to do really well. There were a few questions from the readings, but some of them were mentioned in passing in the lectures and even if you missed those, you'd get a pretty good score. I spent about 20 hours studying for each exam, not counting the time I watched the lectures before.
• Projects: Saved the best for the last. 4 projects. 3 of them different degrees of fun. Project 2 was dull, but guess you can't have everything. This is the real deal, and everything you'd learn from this class.
  The first took me ~12 hrs (I know C, gdb and some systems stuff already), the second took me like 10 but I spent at least 3 hours checking and re-checking answers (no coding in this one). The 3rd took me about 8 hrs (just requires basic Python) but I already heard some algorithms mentioned on Slack, so first timers probably took longer. The last project took me 20 hours since I had no javascript background, but just pushing on helped.

In total, I spent about 35 hrs on lecture watching and 100 hrs on everything else (Reading for fun, Slack and Piazza activity not included).

That reminds me- I would be remiss not to mention the awesome Slack channel and the great TAs who basically ran the class and were super helpful and without whom this class would be a real drag. Special mentions for Jeff, David and Brent- you guys were great!

Seriously, without the TAs (and the projects), you could simply strike out this section and write off this course as a failure.

"It's time to call bullshit. On what? Every thing" If you are like me you'd think this sounds like an ad for this class so far, so let me balance it out with the minuses.

1. The lectures are not great. Would you rather listen to someone who is clearly passionate about the material but rambles unto eternity or someone who delivers content in a crisp fashion but speaks in a robotic monotone such that the coolest topics sound like he is reading the draft of his user license agreement, only at at 2x the speed of sound? I personally preferred the former because the rambling gave me a ton of time to write real notes but honestly, I can't believe somebody can talk about cryptography like the walking dead.
2. The professor (the second guy from above) is entirely absent in the course. If not for the lecture videos, I'd think he were mythical.
3. The course could include a lot more fun topics and/or projects- it seemed like watching a teaser to a good movie, but never getting to see the real movie. if they ever change it I hope they add extra credit assignments with more advanced exploits. On that note, I'd also welcome a discussion after each project on what people did and what else they could have done.
4. They do not change the graders across projects. I happened to get stuck with the worst grader for mine and he literally lopped off points on the report while others who wrote much less specifics got a 100. Thankfully, he seemed like the black sheep, but I wish they had rotated graders for different projects.

"Is it safe?" Take it if you want a light (or semi-light depending on your programming skills) course to pair with something else. Definitely take it if this is your first semester and you are not sure of what to take.

You can easily get an A in this course if you complete everything (exams, quizzes, projects). One piece of advice is - don't take it too easy and end up with an 88 or 89- there may not be a curve most of the time!

Hasta la vista , baby!

Great course, really enjoyed the projects

I took this course in Fall 2018. It was a great course to take as your first course. I liked all project, except the 2nd one.

The second easiest course I have taken in this program. I like security staff but the knowledge learned in this course basically is just a "introduction". Don't expect you can become a geek after taking this course. You cannot even learn how to write a single virus detection tool from this class. The first and last project are interesting, other projects are just some tedious work.

Paired this with CN as my first semester in OMSCS. The class was very well run and quite fun. TAs are always there to help and you should have no problems at all when it comes to course management. Projects usually get 3-4 weeks each and first one is the toughest but that has plenty of time for you to figure out, which is C and learning to use GDB. I had prior knowledge of C and had some idea about GDB but took more than 20 hours to complete. Thereafter the course gets easier. Tests are based on textbook and some udacity lectures but nothing out of the ordinary. If you have understood the material well during the lectures and textbook reading you will be fine. Quizzes are similar.

10 quizzes 2% each should give you full grade. (Note only 2 attempts allowed unlike previously unlimited attempts though open book quizzes). 2 exams 10% each. You shouldn't lose a lot here if you study well. 4 projects 15% each. Auto graded portion should get you full grade if you get everything right which is about 70-80% of the projects. Write ups for the projects is the only place where you should lose a lot of points since even getting 90/100 will mean you lose 1.5% on each project which adds up quickly to 6% total for 4 leaving little room for the tests to go wrong.

If you need fairly relaxed but fun semester go for this class. I got to learn a lot related to Security in general so I enjoyed the class. If you already work in this field (Computer Security) then you may not learn much.

This was my 8th course in the OMSCS program. I've been disappointed in the program as a whole, and just want to finish up as quickly as possible with easy courses, so I was pleasantly surprised to find this course quite engaging. This was is no small part due to the TAs, who were extraordinarily active on slack and piazza, and very quick with grading.

Pros:

• TAs were great. This will vary between semesters, so I guess Fall 2018 people were just lucky.
• Projects were engaging. In the first project you get to put on your hacker hat and do a buffer overflow attack (minimal C required), which was awesome (around 10 hours, including writeup). The second project involves some malware analysis (about 4 hours). Third project is hacking RSA encryption, which was way more fun than expected (around 10 hours), and the fourth project was hacking a webpage (8 hours or so if you have javascript experience, but if you don't know JS you could potentially spend way more time on it).
• You have regular open book quizzes. These are great from a pedagogical perspective - regular checks on understanding help you study more frequently, and make you engage with the material more.

Cons:

• The lectures are a little boring. The first half are kind of common sense, while the second half are very dry and mathematical.

Overall, this was one of my favorite courses I've taken at GT. It's a very light workload, but the projects will make you think, and I feel great now that I finally understand RSA. I paired it with computer networks, and feel that I could have taken a 3rd easy course at the same time.

This was my first course at Gatech. Coming from electrical engineering background with limited programming experience, I must say this was a fun class. Lecture videos are boring but need to pay attention for exams. Quizzes are open book and easy. Two exams in total but tricky. 4 projects in total through out the course. You better want to start working on projects as soon as you receive them. Very well written projects and knowledgeable. Prof is not much active on piazza but TAs are really helpful and much more active.

I found 2 of the 4 of the projects to be rather difficult but doable if you start early. As for the tests, they are medium in difficulty. They are difficult enough that getting an A is very hard but not so hard that you couldn't get a B if you simply watched the lectures and took notes. This is only my second course. Compared to computer networks, the quality and difficulty of the class is comparable. You do learn a lot, and some of the topics are truly fascinating.

This course has been unfairly maligned by many as a "slacker" course - perfect for something to pair up because there's very little effort needed. This may be true if you already know all the skillsets in the course - malware analysis, C, GDB, web dev, python, RSA, etc. If you do not already know at least half of these things, some of these items will make you struggle on at least one or two of the 4 projects.

With that said, I went into this course with low expectations in terms of content and what I'll gain out of it - and I was wrong. There was a lot of material and knowledge that I had gained from this class. The TAs were extremely caring and helpful. (The prof was absent which is par for the course for OMSCS).

The course materials were well done and makes understanding of new concepts very easy. I went into the course without knowing much of the security-related aspects and did not have too much trouble with them.

Rumors are the course contents will undergo some non-trivial revisions for the next semester.

Solid class.

The projects require you to apply mindset of an hacker to attack/analyze different vulnerabilities, which is different from traditional programming. You don't have to write much code really, but the code could be tricky.

Personally, I don't do well on exams, so I spent more time on projects and quizzes which I almost got full points. Didn't read the book and got a 62 on the first exam.

This is my first course in the OMSCS program. I have a background in Java from undergrad and write C/C++ code daily for work. This review will be based on that experience.

This class has 4 projects, 10 quizzes, and 2 tests. The quizzes are easy, and the tests are pretty hard.

Project 1 - PR 1 was on a VM using C code. Some say that this project was the hardest, but for me this project was pretty simple. It was asking about buffer overflow exploiting and concepts similar to this. The write up for this project is tough. Make sure you leave out no details and truly explain what is going on.

Project 2 - PR2 was a little different. For PR2 you opened up a VM and ran some malware that was given to you. You then have to read through the execution of it and figure out which malware was triggered and which wasn't. Sounds easy enough? Wrong, many of the people in this Fall 2018 class did terribly on this assignment because the criteria for executing or not executing is not very clear. My advice, work with some classmates and talk about each exploit 1 by 1.

Project 3 - PR 3 was pretty cool. You got to play with some RSA cryptography stuff. This project is written 100% in Python 3. This project does take some time and have some major GOTCHA's but with some due diligence, this project can be finished quickly and you will actually enjoy it.

Project 4 - PR4 for me was the toughest. You were doing things like XSRF attacks, sql injection, and things similar to phishing. Have 0 experience in HTML, PHP, or JS, I found this project to be extremely difficult. Others did not.

Test 1 & 2 - I HATE reading text books, but for these tests, I highly suggest that you at least follow along in the text book while the lecture is going on. I took test 1 using ONLY the lecture and got less than a 70. STUDY THE BOOK FOR THE EXAMS.

Quizzes - If you read the lecture notes or even studied the book a little bit the quizzes will be a breeze.

The TA's for this semester were FREAKING AWESOME. They are absolutely helpful if you ask the right questions. The teacher was not around much, but the TA's for this class this semester from what I heard were the best anyone has had in any class so far. Kudos to them.

OVERALL: I would definitely say this was a semi-good opener for the OMSCS program. I HIGHLY suggest that you start working on the projects soon after they are released. This will keep you up to date with all the people in the slack channel. OH, JOIN THE SLACK CHANNEL. It will make life so much easier. There were discussions on the daily about the projects and the best plan of attack. Once in a while you will even see someone slip and release a bit of information that wasn't supposed to be released. JOIN THE SLACK CHANNEL.

Bit of advice: As stated at the top, C/C++ are my strong suit so I helped a lot of my fellow students with Project 1. When it came time for project 2, it was nice to have people to compare thoughts with about the Malware. Helped me get a high grade on the project. Then those same people when project 3 came around were there to bounce ideas and strategies off as well. Finally in project 4 where I struggled the hardest, I had people willing to help me understand because I had made friends with them and helped them along the way.

The class is about four projects and two exams that cover different material. There are ~20 lectures, some of which cover useful detail on attacks, defenses and crypto algos, many cover fluffier aspects. The book is full of detail, very dense and completely optional except for looking up quiz answers.

• Three projects are about solving a security or cryptography-related challenge and writing a brief report. One is about monitoring malware activity and a lot less interesting from my perspective (but comes with surprisingly harsh grading). Projects require some thinking and for me succeeded in illustrating important concepts, but are not difficult. I don't have a CS background and spent no more than 1-2 days on each. Clearer expectations on reports would further streamline that.
• Exams require another 1-2 days review of lecture materials each and are pretty fair.

Overall, I got some 10 days of partly hands-on exposure to some info sec topics, not more and not less. Felt like a good class to get started with; paired with the 'new DVA' that was a lot less useful.

This was my first class in the OMSCS program and I thought it was a good introductory course. It wasn't too intense and touched on a broad range of topics that are all great to understand.

This course is not hard.

Easy course with interesting projects. The reading material is a lot however the relevant sections are quite minimal. You would need to read the material to do well in the exams, or else go through all the flash cards. Projects mandatorily need to have good reports.

This course is an easy A as along as you see the lectures and do the projects. You do not need any programming skills the projects are pretty simple. If you took CS6262: Network Security this class will be a breeze and I highly recommend it.

The only project that is kinda hard is the stack overflow project because debugging is kinda hard and you need to know enough about C and Stacks to figure out how to break the application.

The exam is rote learning, pretty much watch the lectures, take a few notes and take the exam. There is nothing special here.

4 projects: one with C on buffer overflows, one without coding on Malware (no coding), one with Python on public-encryption (RSA), and one with JavaScript, PHP, and HTML on web vulnerabilities.

10 quizzes which were all straight forward. Watch the videos and read the textbook. Questions are often lifted directly from the reading.

Most of the exam questions come straight from the lecture slides or the book reading. The lectures will get you most of the way there (70%) but the readings will get you the rest of the way. Use Quizlet to review concepts.

Lots of content in this course. It's definitely an overview. I found the cryptography and encryption Chapters to be the most interesting since I have a background in maths. The last projects was pretty easy for since I do web development for a living. Your mileage may vary. I didn't think the first project was all that hard.

It helps to work with a group of students through the course to chat about content and questions you have about the project. There's opportunity to verify your work (i.e. your exploits work) on Project 1, Project 3 and Project 4 so you generally know how well you will do.

The exams and quizzes are straight memorization and lookup (for quizzes only.) The projects were fun. This class is a nice introduction into info sec if you know nothing about it. Would recommend taking it in this course as it helps dive into an aspect many developers ignore.

** Choose this for your summer class **

There are four projects with distinct language requirements. The first one needs C programming, second one needs pure reading of documentation and searching on the web for matches and the last one was mainly web programming with PHP and SQL. The most lines of code you would need to write would be less than 100 lines.

The projects are clearly defined, though the C one was the toughest for me.

This was my first Summer class and it felt well suited for the short time span or as an additional course for Spring or Fall.

This was a fun class. I had some infosec experience going in, so it might have been easier for me than it otherwise would have been. That said, I still learned a fair amount and the projects were interesting.

Initial part of course was more difficult than later on. I took this as my first OMSCS class, and I almost forgot I was in school at times :)

Professor Lee is both absent with respect to course involvement and completely unenthusiastic in presentation of the lecture materials. Other than that, this was a fairly straightforward course. The biggest problem is that the projects often rely on gotcha-style insights orthogonal to the material being implemented, so you end up looking through dozens of examples of people doing similar hacks online, but since they aren't affiliated with the course, it's not dishonorable the way that asking someone to look at your code and point out what you're doing wrong would be. Because reasons.

In any case, it's conceptually very easy with moderate amounts of banging your head against the wall.

This class helped me get a job in InfoSec

This course was complete rote definition memorization straight out of the book for quizzes/exams. Just use the existing quizzes on Quizlet and you can get at least 70-75% on the exams just from that. (I didn't do the readings.)

The lectures are okay- they pretty much just summarize the content of the book.

The projects for the most part are worthwhile, but I feel like the grading is overly slanted towards getting very specific points correct. Project 3 in particular had an auto-graded section that I just bombed because multiple answers were dependent on getting certain hashed values correct. Came out with a B solely because of that project. I've heard other semesters had extra credit offered, and it would be nice to have had that opportunity.

Overall I would say this course is below-average. When you get things incorrect for the project, the grading isn't helpful about specifying what you should have done differently, which means that the course doesn't offer much as a learning experience beyond what is already accessible in any security textbook.

Overall, I thought this was a great class to take over the summer. It wasn't too hard especially towards the end. The subject was very entertaining even if the textbook and lectures could come off dry sometimes. The lecturer for most of the second half was much better than the first lecturer. TAs were very responsive to any concerns we had. The best part of this class by far was the projects. The projects really help you learn the material.

This was a very interesting course. The projects were cool and the lectures gave good information. It was overall pretty easy so I would recommend it as a first course or over the summer.

I don't think the structure of this course has changed since it was created – 10 quizzes (20% of grade), 4 projects (60% of grade), 2 exams (20% of grade) – but I still enjoyed it. The book is quite dull, and has some repetitive content, but reading it is important for the quizzes and exams. Getting 100% of quiz points is easy but tedious, and I would argue that it's worth it for pushing your grade to an A. The exams don't do much to reinforce the content since it means drilling T/F and multiple choice questions, and some of the questions seemed out of left field. The head TA mentioned they are changing the exams for future offerings of the course, but I don't know what this means. The lecture videos are mixed - some interesting, and some just regurgitate the book. The projects are the most engaging part of the course, and do a good job of reinforcing some of the topics. There is so much time to complete each project, and I was able to do the work in a handful of days. I wished there were more of these practical exercises. Grading and feedback is fair, and the TAs are pretty active on Piazza, though the professor is not visible at all on the forums. The peer feedback for this semester was amazing, and anytime I was stuck on a project issue, my fellow students came to the rescue. There are office hours held by TAs, but these are not recorded, and I didn't attend any of them due to my time difference from the US.

Not too difficult a class. There was a bit of tedium in the exams, but actually reading the book made this course an easy A. The projects were really fun and interesting. The only one I found challenging was the first one - a C-based project on stack overflows. The rest were definitely more interesting than difficult, although starting early always helped. If you have any interest in information security and don't know a lot about it, this is a great introduction. Also, probably a good class to pair with another if you're taking two.

This was my third class and my first one during summer. Overall I enjoyed the topics and the projects. The schedule felt a little rushed however the subject was very interesting and well worth my time.

** Structure **

• 10 quizzes = 20% of grade
  • Open book and can be taken many times while open.
• 2 exams = 20% grade
  • Closed book and proctored.
• 4 projects = 60% grade
  • Stack overflow attacks, malware analysis, cryptography, and web vulnerabilities.

** Pros **

• Covers plenty of topics in Information Security.
• Information is up-to-date and relevant to the current market.
• Projects are very interesting and provide hands-on experience.
• Overall, the TAs did a very good job at managing the class. Questions and grades were answered/returned promptly.

** Cons **

• Quizzes feel like busy work as they are literally taken straight out of the book. It is highly recommended to purchase the suggested book.
• Professors were completely absent from the class. Maybe they were on vacation?
• The coverage of each topic can feel a little shallow, but given the amount of information that is covered I can understand why.

** Conclusion **

This was a good summer course that complements Network Security (both classes are taught by professor Wenke Lee). Recommended as a summer course or introduction into OMSCS.