For context, my day job is doing computer security research. Pros: The course covers a wide range of topics. For example, we talked about data privacy and k-anonymity, which I didn't know much about before this class. Cons: Some (maybe half?) stuff felt completely theoretical and irrelevant to the real world. I spent a lot of time memorizing syntax and theoretical frameworks. Some of the mechanisms described were so theoretical I have no idea how they would be implemented in the real world. The choice of things to focus on was bizarre. For example, the Authentication module had no mention of public key cryptography (in fact, the course barely mentioned it at all). The entire Authentication method was about an obscure paper about hardening passwords with keystroke timing. Which is a cute idea I guess, but not commonly used. And since there was no mention of asymmetric crypto, a lot of students probably left that class thinking passwords are the only way. The quizzes and tests were very ambiguous and wanted pretty specific answers. A lot of mind reading involved. (Lots of short answer as well) Lectures were very dry. Projects were tedious.

Ultimately, I still got an A. But this class wasn't worth it. I cannot recommend it to anyone. Either you're already familiar with this stuff, in which case you won't learn much of value. Or you're new to it, and you'll be led down a rabbit hole of irrelevancy.

Not a hard class, but the exam questions try to be tricky, and exams take up the majority of the course's weighted grade. Quizzes are easy, projects can all be completed in less than 10 hours each.

I got an easy B, without spending too much time or effort, since most of my time was focusing on a second class at the same time.

TLDR: This was my first class in the OMSCS program and unfortunately it left me wanting more. When the course is good, it's very good, but when it's bad, it's not very good. Unfortunately, there was more bad than good. If you have an interest in security and not much formal coursework you might enjoy it more than I did, but if you're taken security classes before, you'll likely find too much of it to be a review. The course format is heavily weighted towards exams and makes the weekly work you have to do feel somewhat pointless in comparison.

My background: I have 5 years experience as a cybersecurity engineer and an undergraduate degree in computer science with a concentration in cyber security. I mention this because I have taken many security courses and do security work in my day job; I believe you will likely get more out of the course if you don’t have a ton of security background. I would recommend skipping this class if you do have a security background as the good parts of the class don't make up for the bad.

Pros:

• Modules 3 and 4 ("Protecting TCB from Untrusted Applications" and "Virtualization and Security") along with modules 11 and 12 ("Distributed Systems Security – Basics" and "Distributed Systems Security – Putting it All Together") were the best parts of the class. These lessons are basically platform security 101 and there's a lot of great content here. The readings include chapters from the x86 developers manual, which makes it very applicable to the real world, along with interesting research papers. If you have an interest in operating systems and low level security, you'll love this part of the course.

• Projects 1 and 4 were enjoyable, although they weren’t perfect. Project 1 explores memory protection, while project 4 is building what could be considered a basic zero trust distributed system. Project 4 is the largest one in the course. You’ll create a client and server in python that are fully authenticated using public key cryptography (under the assumption that both booted securely) and use them to build a file secure sharing service. At times project 4 was a bit tedious, especially due to the constraints of the assignment (you can only submit 2 python files so forget about sharing code between the client and the server).

• While you have to read a lot of papers, some of them are quite interesting. The TAs do a good job of telling you which sections of the papers to focus on, because some of them are quite lengthy.

Cons:

• The biggest drawback of the course is the way it is graded. Weekly quizzes (closed note) make up 20% of the grade, two exams make up 60%, and the 4 labs make up the remaining 20%. The quizzes are 10 questions long. 7 or 8 questions are relatively easy if you have read the material and 2 or 3 you will struggle to understand what they are even asking. The exam is also closed note and follows a similarly frustrating pattern. Some of the questions are quite easy, others are oddly specific, and others are poorly worded. I found the exams to be very frustrating, even though I was able to do well on them.

• The labs can be long at times (in particular project 4), but unfortunately a lot of that is due to their tediousness and not because they are challenging. The way the projects are designed also make it hard to test due to you needing to call required functions that aren't suited for writing proper tests.

• Weeks 5, 6, 7, and 9 ("Authentication", "Discretionary Access Control", and "Mandatory Access Control", "Mandatory Access Control in SELinux") will be largely be a review for anyone with a security background. These were the weakest parts of the course in my opinion. Unfortunately, that's 4 weeks of not the best content in the middle of the class.

My averages:

• Quizzes: high 90s
• Projects: high 90s
• Exams: 90
• Final grade: 93% (>84% was an A this semester)

Overall: The highlights of the course, dealing with operating systems and platform security, are the best parts of the course. Even if you have a security background, you'll enjoy this because you get to dive into a lot of details pertaining to processor specifications and such. Unfortunately, the remaining weeks aren't great, and the middle of the course is a slog. The quizzes and exams are frustrating due to having confusing questions. In my opinion, the projects should be worth more. I spend around 20 hours a week on this class, mostly reading the papers for the week and working on the projects. The course has a lot of potential to be good, but unfortunately it just isn’t quite there. If you're interested in learning more about security, this course will definitely cover a lot of interesting topics, but the presentation isn't the best.

The course leaves a lot desired unfortunately. This is my 9th course and I can confidently say it was one of the worst I took throughout my program. I will lay out my pros and cons for the course:

Pros:

• The professor is extremely active, arguably the most active professor out of any of the GATech OMSCS courses I've taken.
• Weekly office hours held by the professor himself which is nice.
• The content is interesting and relevant, sort of like an Operating Systems Security course which is helpful for low level developers.

Cons:

• The course grade distribution is terrible, with 20% for quizzes, 60% for the two exams, and 20% for 4 separate lab projects. The quizzes use vague language to ask questions, so it is often easy to misinterpret the question and choose an answer that is partially correct, but not the most correct.
• The lectures are extremely dull, and the course is very focused on understanding of the large amount of academic papers. The professor is definitely knowledgeable on the subject, but he is very long-winded and the course lectures are extremely difficult to parse relevant information from. I am not usually one to have a limited attention span but I had an insanely difficult time focusing on the lectures.

My overall opinion is that while the content is interesting, but the method of grading is unbalanced and there are better ways to teach the material. In my opinion, project-based courses have been the best courses in the OMSCS program. The lack of weight to the project grades, in addition to the high weight of exams and quizzes (80% of the grade) and the dull content delivery all makes this a recipe for a tough time. The course is very much "memorize the content for the test" but the content itself is not delivered well enough to warrant it. The course definitely needs some work, but again kudos to the professor for at least being present in the classroom.

Personally, I would avoid this class.

The course is weighed 60% on two exams and 20% on weekly quizzes. Thus there is not much actual learning that goes in like there is in other project-focused courses. The professor's lectures are monotone and extremely challenging to listen to. In the context of the weighting, that makes this course a drag. Avoid it if you have a choice - it is one of the worst courses in the OMS-* program.

The class mainly focuses on research papers, and while the topics are interesting, I found the professor's assessment methods to be challenging. The open-ended exam questions were too tough, and the quizzes were like essays that required extensive reading before selecting an answer. The timing was also too short, making it difficult to complete the assessments within the allotted time.

However, I did enjoy the projects, especially the last one, even though they were time-consuming. Overall, I believe that the course could have been much better if the professor had used a different style of examination to assess the students' knowledge.

I ended up really enjoying this course. I sought it out initially as a chance to force myself to read more academic papers while taking a subject that I found very interesting. After the first few weeks, I was a little skeptical if I would enjoy the course. I initially felt like the quizzes were unfairly hard, but I got used to them. I figured out that I wasn't paying enough attention to the lectures, and was focusing a bit too much on the readings. Once I started watching the lectures more intently (and even rewatching some), and rereading my notes from them, then digging into the readings as time permitted, the quizzes got a lot easier and I was able to enjoy the class. The concepts that the papers discuss are also covered in the lectures, the papers just go into more detail. It sounds really silly (and probably obvious to most) looking back, but don't overlook the value of deeply understanding the lectures, and I'd recommend doing that before you get into the readings.

That being said, the projects in this class were really fun. I did P1, P2 and P4 (the lowest of P1/2/3 gets dropped, so you can skip 3 if you're happy with grades on 1 and 2). P1 was pretty straightforward, particularly if you took IIS. I'd say it was medium difficulty. There were a few other C concepts I needed to learn. I'm not a particularly strong C coder and I was able to get through the project without too much difficulty and made an A on it. Python is more my jam, so P2 wasn't too bad for me. Overall all of the concepts taught on the projects (1/2/4) were really interesting.

I do have to take a moment to compliment P4. As other reviews have stated, it's a pretty long project. I started it with only 2 weeks left (even though I had seen plenty of reviews on here advising to start it right away), and it was a pretty busy 2 weeks, but not unbearable, even with pairing another class (also keep in mind again that I'm a strong Python coder). I worked on it everyday for those two weeks, including several hours each weekend day. I could have turned it in with a couple of days to spare and made either a high B or low A, but I came back and made a 100. So definitely don't wait until the last minute for it. Overall though I really really enjoyed the concepts that it taught. It's one of those projects that (IMO) was really rewarding. A lot of work but you look back at the end like dang, that was actually really fun. Like a lot of projects, once you get through the setup and get into a rhythm, it's manageable and fun.

The midterm and final are no cakewalk, and they're over half the grade (30% each I believe). As other reviews have stated, they're open ended questions, so you definitely have to spend a lot of time preparing for them. I felt like they were pretty fair overall. There were definitely some questions that were from the depths of the lectures. Made mid 70s on both the midterm and final, both of which were just above the class avg.

I made a high B in the class, but that seemed appropriate given some of my struggles early on getting adjusted to the quizzes/readings/lectures etc. Overall a challenging and enjoyable class.

I just finished this course and learned a lot. Dr. Ahamad is clearly very knowledgeable and passionate about this topic, and it shows. Lectures are really interesting and he covers both practical and theoretical aspects (although he won't test you on the theory stuff, which is nice). He makes himself available to students via office hours and email, too, which was refreshing (i.e., not relying on the TAs for everything).

I found this class to be challenging, but not unfairly so. It is very exam heavy, with a midterm/final worth 60% of the grade. Questions are open ended and do require good knowledge of the topics. There are weekly quizzes to test your understanding, and I recommend keeping up with them or you will fall behind quickly. The bottom 3 quiz scores are dropped, which is pretty nice.

The projects were awesome, covering programming in C and Python and really do help solidify the concepts. The 4th project is a lot of work and quite challenging if you aren't familiar with coding crypto-related stuff, so I would recommend starting on it ASAP. I wish they were worth a bit more of the overall grade considering the effort (I think projects 1-3 were worth 10% and project 4 was worth 10%, so 20% total).

My class didn't seem to do very well overall, so there was a generous curve; my raw score was an 88.9% which was ~ 4% over what was needed to get an A.

I enjoyed the course. I'm glad that Dr. Ahamad took the time to host weekly office hours to go over weekly quizzes and to answer questions. The TA team was very helpful on Ed Discussions and during their office hours. This is not an easy course though. There is quite a bit of material to learn through lectures and research papers (referred to as "classics"). Weekly quizzes are not open book/open note and try to keep you with the pace of the class. I think my favorite thing about the class were the projects. The final project (Project IV) is the most intensive project, but you have about 4 weeks to complete it. You will likely need most (if not all) of the time for projects, so make sure to start them early. Exams, as of Fall 2022, are worth 60% of your grade and are open ended and are split into multiple parts to allow for partial credit. The lowest 3 quiz grades and the lowest project grade of Projects I-III) are dropped from your grade with the final grade being curved (I'm waiting for my final grade, so I don't know how the curve is, but it sounds like previous curves are a bit better than what Canvas suggests).

Overall, I felt like I learned quite a bit from this course. It's a difficult, challenging course, but the topics are interesting.

imho projects should be worth more percentage of the final grade. They are time consuming but nice to do. Exams are tough, asking specific little details from research papers / books. In general, its a course that has perspective to become much better.

Doing well on the projects and take-home quizzes is sufficient for a B (70+). The midterm and exam are open-ended.

It's nice that the lowest project and quiz grades are dropped from the final grade calculation.

The is one of the best run classes in the Cybersecurity program. The professor is completely involved and holds weekly QA classes to review quizzes and exams. The TA's are outstanding providing feedback and are very helpful. This is a demanding course and meets the expectation of a graduate course.

It is a hard class for a compressed schedule in the summer. The topics you are going to learn are very interesting, but some of them are really deep on theory, so even cool topics like virtualization security and SELinux can be a challenge.

One important aspect is how much the quizzes are for your final grade. Take them seriously. They are not like IIS where you can just search the book and answer. I don't like how much the quizzes interfere in the final grade, because of the actual mechanism: some students simply build "study groups" and, while I cannot prove it, it looks like they ace a lot of quizzes by oversharing information among themselves. Those who are alone doing the right stuff are in disadvantage. These are the kind of quizzes that are going to:

• check how deep you understood the week lecture
• if you did read the additional papers (yes, there are questions where even if you mastered the lecture you will not be able to answer without understanding the additional papers) Some of the quizzes will also have one partial right answer alternative, so if you overthink or didn't understand the subject in a deep level, you will answer incorrectly. A "all of the above" alternative can be a nightmare here ;-).

Project 4 should be started the day it is released. Others already said that but I will reinforce. Do it as fast as you can, it is not easy like the other 3 and take a lot of time to test and debug corner cases.

One very positive aspect that made the journey easier was that the professor and the TAs are very engaged, they will be with you whenever you face issues or need some extra help to understand the topics.

The grade is curved. I managed to get an A but I really worked hard, many times watching the lectures a second or third time, so expect to dedicate a lot of time and energy if you want to achieve it. Otherwise, a B is not that difficult.

To summarize:

• Take quizzes seriously. Ace the first ones, they are easier
• Start project 4 ASAP
• Don't take it on summer :-)

This has been one of the best courses I've taken thus far at GT. It's the real deal with a handful of practicality. The projects are great for learning different aspects of programming and understanding the concepts being taught during the week's modules. TA's were great. Instructor was great.

The weekly quiz can get tricky. Don't stare a question for too long or you'll end up talking yourself into a wrong answer. Loved the course overall.

I have a B.S. in CS and work as a software engineer. This course covered some concepts I was already familiar with but the majority were new to me. I felt the quizzes waxed and waned in difficulty. If it was a subject I liked and had some previous knowledge it wasn't too bad, but if it was a subject I did not like it was hard for me to get above 7 or 8 out of 10. I see some reviews say there are trick questions on the quizzes and I guess that's somewhat true, but I don't think it's meant to be a gotcha rather it's testing if you understood the concept by presenting a question where you'd end up going full 'well ackchyually' meme.

Projects were okay, first 3 account for 10% of your grade and they drop the lowest, so if you get really good grades on the first 2 you can skip the third. These first 3 projects took me less than 10 hours each (I skipped the third). The fourth they say start early so naturally I started the day before it was due.... I still got max marks but I worked a solid 20-25 hours on it. Fun project, should have probably started a day or 2 earlier to avoid that crunch.

Exams are exams. I did better than the average on both. I thought the final was harder than midterm, but only because some of the topics covered after the midterm I really did not care for. I found as long as you can display some level of understanding the grading is fair.

This is course number 8 for me in the OCY program, and probably in the top 2-3 most challenging I've taken so far. The compacted summer semester didn't help, which saw us compressing a normal 16 week semester (14 lectures and 2 exams) into 11 weeks (9 weeks of lectures and 2 exams), with no course content cut or amended.

Each week consisted of lecture videos - usually 2-4 hours, plus several readings (anywhere from 3-5 readings, and upwards of 50-75 pages some weeks).

Grades were based on projects, quizzes, and exams.

Best 2 of 3 on the first two projects worth 10% total of the grade - topics were Memory Protection, Authentication (including 2FA), and Exploring Set-UID. Final project was also worth 10% of the grade, and involved creation of a secure shared store. Very challenging, but also interesting, especially as pieces started clicking together.

Quizzes were tough, and closed-book. Each quiz covered a learning module, and required thought into what the question was asking. Normally 5-6 "easy" questions, 2-3 that were a little more challenging, and 2 that required much more thought.

Exams were challenging and closed-book, but fair, each worth 25% of the final grade. Final was non-cumulative, though you needed to have an understanding of some topics from the first half. Open-ended questions that required explanation, so partial credit was possible.

In general, .5STD above the mean is an A, and 1STD below is the cutoff between B/C.

Positives:

Professor Ahmed hosted office hours regularly in addition to those held by the TAs. The programming projects are interesting and relevant.

Negatives: Summer session made this course wayyy more challenging. A couple of weeks were 40+ hours of work. In a normal semester, the workload would be much more manageable. If you can't handle some long weeks, it may be better to take during the fall/spring. Content was a bit dry. This is another one of those courses that had moments of interesting content, but a lot of theoretical information that isn't applied. Quizzes and Exams were closed notes, and worth a large percentage (combined for 80%) of the grade.

To start off, taking this course during the summer made it a bit tougher than it would have been during a fall/spring semester. There is no reduction in material other than making Project 3 optional. So there are multiple weeks where they cram in 2 weeks of material and quizzes into a single week. That made the first couple weeks of the course a bit challenging mainly due to the sheer number of papers needed to be read. I didn't think the quizzes were too bad with the wording except for maybe a handful of questions. Project 4 was a lot of work and could have benefited from a better write up, but the instructors warn you to start early and made good use of Piazza to clarify requirements.

The material itself isn't too difficult, although there is quite a bit of variation in the depth and amount of theory the different modules go into. There's a good mix of historical context, proof of security theory, and practical implementations that I found pretty interesting. If you're in the OMSCY Infosec track, I think this is a great course and it makes sense as a core course. That said, this is not a course well suited for OMSCS majors, and would not recommend that Computer Science masters students take this course unless they have a very strong interest in Cybersecurity. This course is a good follow up for IIS and it was refreshing to see a professor that was more involved with a course.

"Shamelessly created by an Academic" is what another reviewer said and is the perfect way to summarize this course. I have previously completed HPCA, CN, GIOS, and AI. This class is definitely the worst one I have taken and wish I would have chosen something else. It was mentally exhausting to find the motivation to keep going.

Pros

• The professor and TAs are fantastic and kind.
• The projects were fun and I learned a ton.

Cons

• The material is presented in such a convoluted way that it makes the class difficult. But it turns out if you take the time to Google and rephrase the presented content then it's really not that hard.
• The exams and quizzes are very poorly worded, felt like trick questions, and account for a huge chunk of your grade.

I wasn't a huge fan of the course. TAs and the professor were great but the topic is kind of dry. The weekly quizzes have too many "gotcha" questions that are not very straightforward. I also think the quizzes have too big of a weighting on the grade. The projects were fun and that was my favorite part of the class. First two projects were pretty easy (we used C for 1st project and Python for 2nd). 3rd project was optional so I didn't do it. Final project was pretty difficult but I still enjoyed it. Midterm was pretty hard and the Final is this week which I think will be a similar difficulty to the midterm. Overall, I don't think I would take this class again, particularly because of the quizzes.

This was my fifth course in the OMSCS program, and I must say, it is by far my least favorite course I have taken. In fact, it may be the worst comp-sci class I have ever taken between my undergrad and grad classes. While some of the material was interesting, the fact of reading 1-5 research papers a week, being tested on these readings, and open-end questions on the exams was VERY off-putting and far from enjoyable. The class has a mixture of 13 weekly quizzes, 2 exams, and 4 projects. Dr. Ahamad is very involved with the course from posts in Piazza to being in the weekly office hours. It is stated during the first lecture that the class will be graded on a curve, although you don't know what that will look like until closer to the end of the course.

Coursework

• Project 1 (5%): This project focuses on understanding memory protection. It requires using objective C to modify sections of memory, marking their access levels, testing some options, and answering questions.
• Project 2 (5%): This project deals with implementing 2 Factor Authentication. It requires using Python to get input, generate/validate hashes, and using a local generator to mimic 2FA.
• Project 3 (5%): This project focused on exploring setuid. It involved completing some tasks and submitting a very detailed lab report. If you do well on P1 and P2 (as I did), you could ultimately skip this project.
• Project 4 (10%): This project was by far the most time consuming, confusing, but somewhat interesting. It required using Python to implement a distributed system and using security to handle file modification, sharing, creation, and deletion. It also involved using certificates to validate a client/user with the server.
• Quizzes (30%): There are 13 weekly quizzes. Each quiz is worth 2.5% of your grade. The lowest scoring quiz is discarded, leaving 12 graded quizzes. The material comes from the lectures and weekly research papers you are required to read. Each quiz has 10 questions, you have 20 minutes to complete the quiz, and you are required to use the Respondus Lockdown browser. Many of the questions are application of the material discussed for the week; however, there is typically at least 1 question that requires you to recall information from the lectures or research papers. This question could be from something obvious or from some very minute and fine-grained detail.
• Midterm Exam (25%): This exam has 5 open-ended, essay style questions. You have 120 minutes to take the exam. The exam covers the first half of the class.
• Final Exam (25%): The exam has 5 open-ended, essay style questions. You have 120 minutes to take the exam. The exam covers material since the midterm.

Take-Aways

• Miscellaneous Stuff: The research papers do not do much to give you a leg up on the projects. While the topics are briefly mentioned, there is a lot of learning for the projects, especially if you are not familiar with Objective C and/or Operating Systems concepts. Be prepared to spend a lot of time listening to lectures and even more time reading research papers, websites, handbooks, and textbooks.

• Textbook: There is no textbook for this course. There are normally 1-5 research papers to read each week, which are provided. At times, there is a ton of reading for the week.

• Projects: The projects could be a little better. The languages used are: Objective C and Python. The lowest of the first 3 projects is dropped; however, the last project (Project 4) is required and takes the most amount of time.

• Exams: The exams are challenging in the sense they are open-ended essay style questions instead of multiple choice and True/False, thereby allowing you to get partial credit if you can explain "what you were thinking." They require you to think about the material you covered and provide a defended response to the questions.

• Professor and TAs: Dr. Ahamad and the TAs have a big involvement in the class. Dr. Ahamad is very open to discussing a student's questions on quizzes and exams, as long as you can provide evidence and sound logic to your decision.

• Overall Grade: I feel like I put an acceptable amount of time in this course (over 310 to be exact). In the end, my grade was 78.43, which got me a B. The grade distribution, which changes per semester, was A (100 to 86), B (86 to 70), and C (70 to 50).

• Useless Statistics: I am one who likes numbers, so here are some stats I maintained along the way. Here are some of those statistics. They show numbers for the quizzes and exams.

  • | Quiz # | Q 1 | Q 2 | Q 3 | Q 4 | Q 5 | Q 6 | Q 7 | Q 8 | Q 9 | Q 10 | Avg | Low | High | | ------- | ---- | ---- | ---- | ---- | ---- | ---- | ---- | ---- | ---- | ---- | ---- | ---- | ---- | | Quiz 1 | 87 | 97 | 59 | 85 | 63 | 41 | 22 | 82 | 64 | 86 | 7.2 | 3 | 10 | | Quiz 2 | 80 | 78 | 91 | 94 | 98 | 50 | 96 | 86 | 90 | 61 | 9 | 5 | 10 | | Quiz 3 | 90 | 90 | 81 | 68 | 87 | 44 | 84 | 93 | 65 | 88 | 8 | 2 | 10 | | Quiz 4 | 86 | 83 | 89 | 82 | 95 | 66 | 78 | 56 | 84 | 69 | 8 | 1 | 10 | | Quiz 5 | 45 | 91 | 80 | 30 | 65 | 67 | 53 | 68 | 48 | 88 | 6.4 | 2 | 10 | | Quiz 6 | 61 | 87 | 81 | 44 | 90 | 87 | 74 | 80 | 80 | 86 | 7.7 | 3 | 10 | | Quiz 7 | 96 | 89 | 94 | 97 | 86 | 90 | 83 | 89 | 46 | 78 | 8.5 | 3 | 10 | | Quiz 8 | 94 | 94 | 91 | 96 | 89 | 79 | 99 | 96 | 91 | 75 | 9.1 | 5 | 10 | | Quiz 9 | 99 | 93 | 68 | 63 | 65 | 89 | 68 | 73 | 73 | 83 | 7.7 | 4 | 10 | | Quiz 10 | 86 | 87 | 73 | 80 | 45 | 89 | 89 | 71 | 63 | 95 | 7.78 | 4 | 10 | | Quiz 11 | 80 | 84 | 55 | 55 | 94 | 93 | 92 | 82 | 91 | 74 | 8 | 3 | 10 | | Quiz 12 | 88 | 87 | 72 | 90 | 97 | 94 | 86 | 49 | 84 | 79 | 8.24 | 4 | 10 | | Quiz 13 | 83 | 81 | 73 | 72 | 72 | 66 | 85 | 81 | 80 | 87 | 7.79 | 0 | 10 |

  • | Exam | Avg | Low | High | | ------- | ---- | ---- | ---- | | Midterm | 84.2 | 29 | 100 | | Final | 76.7 | 39 | 100 |

TLDR

In short, I feel this class was a little more difficult than OMSCentral reviews led on to be. The material is interesting, but maybe too many research papers and too detailed questions on the weekly quizzes. Be prepared to do a lot of reading. Brush up on Operating System, memory management, Objective C, Python, certificates, and any other material from an undergraduate OS course. There is a curve in the class, but be prepared to work for it. In the end, I learned some things, but it was by far the worst CS class (or maybe any college class) I have ever taken between my undergraduate and graduate courses.

I unlike many of my peers mostly enjoyed the quizzes and exams. I thought they were largely graded fairly and asked fair questions based on the content. A few questions were oddly worded and overly specific for sure; conversely many other questions really make you stop and really think which I think should be the point of a graduate degree (ala, moving to higher levels of bloom's taxonomy). Its not just regurgitation of information. Now all that said, I disagreed with the grading of less than a handful of the questions. Out of, maybe 150 questions in the course thats pretty good in my opinion. A few of the weeks (memory protection, Virtualization, Differential Privacy) exposed me to real world topics that helped me understand things like how modern tools like Microsoft's Credential Guard work or how Rowhammer bypasses fundamental OS design principles.

My critique of this class is twofold: relevance of the content and pedagogy.

Relevance: This class is focused on research ideas spanning the course of half a century, many of which never worked or didn't stand the test of time. You will be doing deep dives on a laundry list of technology that were either never built,, saw limited real world adoption, or protect against a threat landscape that never existed. It is a course on systems and the threat landscape in days of yore. Some of my peers found the dated topics helped them develop and apply a security mindset to today; however I did not share that experience except for maybe a handful of topics. Some of the content like the SUID bit Demystified was really useful to me.

Pedagogy: Pedagogy did not fit my learning style: Mustaque was at his best when he explained something from a diagram, not when he reads a wall of text on a slide or spent a large amount of time on a theoretical framework that no one uses and is an order of magnitude more difficult than the topic itself. Expect plenty of symbolism, theory, set notation, esoteric slides, death by powerpoint, ect. I got through it, but I felt the approach to instruction made this class more time consuming for me than it needed to be. In a number of cases I Ifound content objectively incorrect. "Diffie Hellman key exchange protocol" based on the hardness assumption of factoring large prime numbers (ala RSA) and not based on the discrete logarithm problem comes to mind. I spent a lot of time reading: some of the papers were very interesting. Some were okay. Most were very boring and not at all helpful for me to gain new insights to secure real world production systems. A handful were worth slogging through because they supported the course content very well.

https://www.omscs-notes.com/secure-computer-systems/00-welcome/ is a very good resource if you get lost in the slide deck: one of our peers has provided a sort of translation in his own words.

Overall: I worked hard (15-20 hours a week), got an A, and tried to maximize my educational experience, but this class did not present much value to my career like other Gatech coursework. A few people in the class seem to have really enjoyed it, so you may enjoy this class more than I did. That said, my advice is to avoid SCS if possible.

Shamelessly created by an Academic. Largely a history class mixed with overly abstracted concepts that do not map to reality. Professor presentations are, substandard, lacking appropriate visual aid for largely conceptual materials. Professor’s speech is not clean English, not concise, filled with circular speech, and lost thoughts as he forgets what he is presenting (or is simply confused, it is hard to tell). Grades are heavily weighted (80% = quizzes(30%) + tests(50%) and numerous with respect to weekly quizzes. Quiz time windows are only 20 minutes, question wording was often confusing, and many times aimed at being ‘trick’ questions. Quizzes and exams expected that you would be more than familiar with the boat load of materials with an understanding greater than was taught. Exams are roughly 4-5 free form open ended essay questions giving the professor the ability to curve the grades of the entire class when the vast majority perform poorly, this is indicative of the quality of the teaching that is occurring. Perform well compared to your peers so that the professor can create a nice bell curve average as he swings most of the class from low grades to moderate ones. This course was no more than a time sink based stress test. I hold 2 degrees already and have had many professors. Easily the 2nd worst professor I have ever had.

Note that it is not just 'systems': the course covers security issues of individual machines and distributed systems. In my view, this course is advanced, and benefits from taking other classes prior to this one; for example, Intro to Information Security, Network Security, Computer Networks, and OS courses. Otherwise, the educational process may become harder due to absence of familiarity with some basic CS concepts. As such, I would recommend booking for the course in the middle of your studies, thereby reinforcing previously gained academic skills in security field.
Projects are interesting and require Python. The last and biggest one challenges knowledge gained throughout the course , and includes plenty of coding, understanding of various security concepts, conducting security analysis and so on.
Totally disagree that this is a relax course because just watching lectures and solving weekly quizzes needs sufficient diligence, not to mention keeping up with the projects and exam preparation.

The first 3/4s of this class are relatively easy, especially if you have already taken CS 6035 or if you have experience in the field. I really enjoyed the technical deep dives that the course takes into each of the topics covered. The last project in the class, however, has you building out a fairly robust service and the TAs are looking for a pretty high degree of polish. This project is just worth only 10% of your grade overall, so you're much better off focusing on doing well on the final. I got caught up in getting the project done right, so I spent an inordinate amount of time on it. The 3 other projects in the class are much simpler, and are only worth 5% apiece (and only two are counted towards your final grade).

Compared to IIS and Network Security, the course is a lot more relaxed overall. Most of the grading comes down to quizzes and exams rather than projects, so it doesn't give as much coding experience if that's what you're looking for. Found a lot more spare time to do other things as well, although it's likely because some of the course material overlapped with my previous courses. Didn't learn as much coding/technical stuff, but still has a lot of interesting material with certificates and authentication.

Just wanted to say, the TA's in this class are awesome and super helpful. Even if you ask a "dumb"/"obvious" question (which there's no such thing because everyone experiences the world differently), they answer with kindness and respect, and really seemed to enjoy interacting with us.

The quizzes were fine (some were badly worded, but TA's were open to feedback). The tests being short answer really allow for you to tie together everything you've learned, so as long as you understand the subjects at a medium-high level and how they build off of and tie into each other, you'll do fine. There was no need to memorize the smallest facts, and answering the questions to showcase your understanding felt very intuitive.

The 3rd project was optional because the lowest score out of the first 3 would be dropped. Good thing someone mentioned it in Piazza, because I definitely didn't see that part in the syllabus. I was halfway through it and took a calculated risk not to finish it, since project 2's grade wasn't out yet. And it worked out fine. Don't start project 4 late like I did. It's not overly difficult, but can take some time to wrap your mind around.

Speed up those lecture videos. Your patience will thank you.

10/10 would take again.

This course is pretty good. Like some classes there are little things out of date but for the most part it is pretty good. Quizzes every week closed book, Projects are easy 1-3 but fourth project takes a while but is the most realstic and you will learn a lot in that fourht project which ties in nicely with the second half of the class. Exams are not too bad there is a study guide you study off of that and you should be able to get 80's on exams. Otherwise not a bad class. Professor is also active for OH sessions.

This was a fairly challenging class but you’re left with a really good understanding of how to secure computer systems. For me, it required an average of 10 to 15 hours per week, maybe more. Overall, I enjoyed this class and the projects and have learned so much.

There is a multiple choice quiz each week and there were always a few questions on each quiz that were very difficult. Usually the median grade on quizzes was an 8/10 and the lowest quiz (of 13 quizzes) is dropped. Quizzes are worth 30% of your overall grade.

There are four projects with the last/fourth one being considerably more time consuming than the others. I know many people found the fourth project very difficult, but I found it enjoyable and learned a lot from it. Projects make up 20% of your overall grade.

The mid-term and final are each worth 25% of your overall grade. They were both very challenging. The final is more difficult than the mid-term. To do well on these exams, you’ll need a very good understanding of the material.

Professor Ahamad gave us access to him each week during office hours. He goes through the previous week’s quiz and answers whatever questions we have. He has high expectations of us and sincerely wants us to succeed. I believe he’s the grandfather of the Cybersecurity program – the one who set this all up. It was an honor and privilege being in his class and he’s brilliant.

The TA’s were extraordinary. We had tough questions for them and asked too many questions and they definitely delivered. Everything was graded within a reasonable amount of time and they were very generous in their grading. The TA’s for Spring 2020 were Jubin James, Abhineet Deshpande, Harish Nagarajan, and Ranganatha Rao Sridhar.

Good class. Lectures were well done, and cover the material well. The professor speaks slowly, so its easy to listen at 1.5 and not miss anything.

The weekly quizzes cover material from the readings and the lectures and are meant to make sure you keep up with the reading each week. The quizzes are fair if you do the reading.

Office hours each week by the professor and also by each TA, so lots of opportunity to get help and ask questions. Also the TAs are quite active on Piazza.

There is more reading in the first half of the class, then it tapers off somewhat after the midterm.

Projects are not difficult. Project 4 is worth double and make sure you start it early.

This was my first class in OMSCS program and I felt that the workload was just right. Not too hard and not too easy.

This was first online offering for this class, so it had a few minor bumps which will likely get ironed out.

This is a decent course and I enjoyed it. The intent of the course is to introduce the meaning and challenges of securing computer systems. I highly recommend this course if you enjoy cyber security related topics. In Fall 2019, the TA team was very active and responsive. Office hours are held by the instructor as well as by the other teaching assistants. There were four projects, 13 quizzes, 1 midterm, and 1 final. Overall the class workload is pretty light in the beginning and it starts to ramp up towards the end of the course. Advice would be to focus on the lectures. Read the papers until you have a high-level understanding of the content; there is no need to spend extra time cramming every piece of information from every paper to do well on the tests or quizzes. Doing well in this class requires grounded understanding of the concepts presented in the lectures. 80% of the courses grade is comes from quizzes and tests the other 20% comes from the projects. As with most OMSCS courses, achieving a desirable grade requires effort and this course is no exception to that. If you stay on top of the material presented in class, get started on projects early, take every quiz prepared, and study at least two weeks before the midterms and final you will not only get a lot out of the course but you will do well also. All the best!

This was an ok class, it was the only one I could get into at the moment after forgetting to register during my time slot :(.

A was 82, B 68, 4 projects, 2 exams.

Projects ok, Exams ok. Nothing much to like, I learnt my lesson and will set up more alarms as reminders in the future.

Not much to talk about, but here's my quick .02

I came into this class with an ok background, having taken IIS beforehand. It is only my 3rd class in the program so I do not have much to compare it against. This being said, I did not like the class materials and specifically the TA grading in particular. However, I understand where there's a lack of autograder as in other classes the human bias will always get in the way.

The exams were OK, and unlike the other reviewers I found the quizzes to be alright.

I do not recommend this class.

In this class projects were worth 20% (3 4%, and a final one worth 8%), quizzes 30%, midterm 25%, and the final 25%.

The curve was 68% for a B, and 82% for an A, everything below got a C. So, if you do not want hard work but would rather cruise this might be of interest to you. Material is not hard at all, just dense and boring. Every week doing those lectures felt like a huge chore.

The projects were easy, the 1st three in particular were a joke, think 2-3 hours each (not hard enough even for the measly 4%). The fourth one required more effort. They forgot a half baked autograder in the Downloads folder for project 4 which was interesting, thank you for that BTW.

The lecture content was incredibly boring, and the professor talked really really slow, you could have easily done x2 speed on the lectures. Quizzes were a bit ambiguous, and asked some weird detailed questions which did not measure understanding well, I am assuming professor got this from IIS which has similarly unintelligent quizzes.

Exams were OK, the essay type questions were welcomed, but it was harder to grasp what full credit answer was and had to rely on the TAs who graded these (not the professor like in other classes).

The professor was present in every OH and that is the only thing I loved about this class.

Grades were returned very slow for the 1st 3 projects, 4th one was returned fast indeed.

Overall a half baked class which will only improve more on consequent iterations I am sure, you can't really go anywhere but up when you're at the bottom.

For the first offering of this course, all things considered, it was decent. What keeps me from giving a more positive rating are the weekly quizzes. Yes, they keep students on track of the lectures and reading, but the questions are sometimes ambiguous and the whole experience is frustrating. It wouldn't be so anxiety inducing if they were worth less of the grade, but at 30%, you have to take them seriously and missing a few questions in each one has a huge impact on the overall grade. Oh, and you have to use a Lockdown browser when taking the quizzes, which also is mildly annoying.

There are two proctored, non-cumulative exams (midterm and final) that are closed notes, closed internet, no scratch paper, no calculator. Just you and the test. The amount of time you have to complete each test is fine, and there isn't anything inherently difficult about the tests, but the professor expects a fairly deep understanding of the course concepts. This is where I'll mention the lecture quality. The lectures are not good. Learning from just the lectures I don't think is enough to get an A. You either need to have some kind of background knowledge, read the course papers, or have a good study group. The exams are worth 50% of the overall grade, so they will make or break your grade. Fortunately, the grading seems fairly generous, and there is a substantial course curve.

Finally, the projects. There are 4 of them, but the first 3 are each worth 4% of the overall grade and the last one is worth 8%. The last project is the most amount of work, but also the most rewarding. An informal poll of students in the course estimates that 61% of the class spent 25+ hours, but you have almost a month to finish it and the TAs are super involved in answering questions. I really liked the project and put more effort into that than the previous 3 projects combined. Overall, I enjoyed the projects and learned more than I expected.

I've taken GIOS, AOS, and IIS, which helped me prepare. I can't say that I recommend this course, but I liked it so much more than IIS, which I thought was kind of a waste of time. I expected, maybe hoped, that this class would be as good as AOS and GIOS, but it needs some adjustments to get there. The professor is quite involved in the course. He posts on Piazza and holds weekly OH. Each TA also holds weekly OH. There is some potential here, and maybe it will improve after a few offerings.

This course has potential, it could be made interesting with some tweaks though. The course grading is as follows: Quizzes: 30% ( weekly, out of 13, lowest score gets dropped) Projects: P1-P3: 4% each, P4 - 8% Exams: Midterm - 25%, Final - 25%

The quiz had some questions that were tricky - but I understand that this is the first run of the class - probably in the next run of this class, they might get tweaked. It's a closed book single attempt weekly quiz, that we took using LockDown browser. The professor was quite open to taking inputs about everything. I appreciate that. He makes an effort to understand why some questions were tricky - and in many instances he accepted students' interpretations - and the answers - if they were convincing enough. Currently the quizzes are worth 30%. If there are changes such that either they are made multiple attempts or if they are worth 10% or 15% of the grades, it would be fair. The professor seems to care about his class and holds OHs every week.

The projects - especially project 3 and project 4 - helped me learn concepts that I did not completely notice or understand. Project4 needs a lot of time and we got around 4 weeks to work on it. These projects were good. The other projects - project1, project2 were a bit trivial, and were very introductory and basic - if they were a bit tweaked - they could have been interesting. The topics they explored were interesting and hence projects too definitely have potential to turn interesting if tweaked a bit.

The lectures are longish. The professor tries to talk mostly about abstractions and generalizations. The exams are where we were made to trigger the thinking process about where these abstract concepts are applied. I appreciate the application process, but feel it should have been included in the lectures too, to capture our interest better and make us explore things - like we would want to - but that happens during the exams. The students might have found it better if the professor talked about/ gave pointers/questions - say "how is this applicable and said refer these papers or find out the applications and we could discuss on piazza". It would have been a superb course in that case.

The exam by far had fair questions - nothing word to word from the lectures - but the questions here kind of focused on the gist of the learning and on how it could be applied, unlike the trivial specifics that quizzes focus on.

The quizzes/exams need the weekly readings. (42 papers totally from my count - some weeks had upto 5 papers).

This is a curved class, the grade distribution that was shared, specified cutoffs as 82, 68 for an A and a B respectively.

The TAs also hold OHs every week and run the projects well. They were very responsive on piazza too.

There was no extra credit.

This is a decent class, and I am taking it on its first offering. The professor seems to actually care about student success, and the TAs are generally helpful. I cannot strongly recommend this class, but it's not bad either. If you are looking for a class that will give you an overview of security from a very high level, this is a good choice.

Twelve weeks into the current semester, I find myself with some solid design principles learned, a mindset geared more towards security, and a generally good understanding of security principles from the OS to distributed systems. However, I can't say that the projects were very instructional (have not done project 4 yet). After so many weeks, I'm not sure I'd say the class is "worth it" -- I wanted to like it, and I do, to a degree, but I do not feel I am leaving the class with a lot more than I brought into it, except perhaps a more solid understanding of principles.

Last note: the quizzes are not hard, and listening to the lectures and understanding the papers alone has given me a score of 8/10 or higher on all but one quiz so far (there are 13 total). Another reviewer complained that the "entire class" is up in arms, and it just isn't so. Some people just don't want to earn their grade, like it or not. Grading on the midterm was fair. This is a class where an 80 tends to get you an A. There's no secret here--do the work and you will likely get at least a B.

A few things to note:

1. The other review for this class is for the wrong class. That review looks like it's for Network Security.
2. Fall 2019 is the first time the class was offered for Online.
3. I have not finished the class yet, but I think it's good to give a mid semester review so people have an idea what this class is like with registration coming up.

Good points:

• Professor shows up to OH
• TAs are responsive and answers questions on piazza quickly.
• Topics are interesting and lectures are okay.
• Projects are different than what I've seen before.

Bad points:

• Quizzes are terrible.
• Projects are worth very little.
• Not a fun class.

First, if you are OCY and Information Security Track, you're taking this class.

For everyone else, I'd avoid this class. It's not a terrible class in terms of topics, lectures, professor, or TAs. But the way everything comes together just feels terrible.

The grade is broken down to Projects (20%), Quizzes (30%), Midterm (25%), Final (25%). I don't think there will be extra credit.

Projects: So far I've done 3 of the 4 projects. They range from okay to interesting and offer a tiny bit of coding, and some writing. Again not hard, but the first 3 projects are each only worth 4% of your grade each. The last project, which I haven't seen is worth 8% for a total project grade of 20%. This is one of the lowest you will see at Tech. So all that effort you put into the projects (whether you feel like it's a lot or not) is not well rewarded. They're interesting in that they cover parts of security that you don't always talk about. Memory protection, Passwords, and Setuid are the first 3. Distributed Systems Security is the 4th one.

Quizzes: The quizzes are really, really, frustrating. It's 10 questions T/F or MC with 20 minutes. You get 13 of them with the lowest dropped. They are worth 2.5% each so a total of 30%. The questions make you apply what you have learned, but not at all in a manner that you can confirm. So you're given material to learn in the form of lectures and reading. The questions are then given in sort of a "using the information you have learned, what about scenario X". This would be all fine if it was an open response question where you had a chance to defend your answers. But it's just the wrong format for this. You have to choose the answer you think it is, and hope that's the answer the professor was feeling when he wrote it. Sometimes you get lucky, other times not so much. And the questions feel like they can have multiple answers, at least according to the student answers breakdown. So if 40% choose A and 40% choose B, then the right answer could be C where only 10% of the students selected it. If you bring this up as a critique of how divisive the answer is, the professor will say "that's a good point you bring up, but the answer is C". End of discussion. Wouldn't be nearly as big an issue if they weren't worth a whopping 30% of your overall grade.

It's gotten to a point where if a quiz didn't have some wild swings in one of the questions, the class rejoices and decides it was a good week. The students are pretty much just celebrating decently fair questions on quizzes from week to week. Even if you get 9 out of 10, you'll feel you got robbed on one and have no idea how you guessed the answer to one or two of them. You just feel powerless.

The exam (midterm anyways) was fair and offered a good opportunity for students to defend their answers. Lots of partial credit was given if you chose the wrong answer but provided a decent reason for it. The midterm and final are worth 25% each, non cumulative. Although he really likes referring to old material to teach the new stuff, so I wouldn't be surprised if first half concepts make it's way into the final in a way.

There will be a curve, and based on the mid way cutoffs released, it will be a big one. So it's not a hard class to get an A or B in. The class just feels terrible to be in. You go week to week feeling like you really grasped the material before opening up the quiz, and sometimes you get a 10 and sometimes you get a 5. Not because you slacked off the second week but because you failed to follow the thought process of the professor.

Edit: Reviewer claiming "Some people just don't want to earn their grade, like it or not." That's pretty condescending of you to assume that other reviewers only dislike the class because they won't get an A. Pretty sure both negative reviewers (including myself) will end up with an A. You thinking that other reviewers must be doing poorly to dislike a class is more revealing about you than anything else.

The class is heavily weighted toward projects.

Since quizzes are open everything and worth very little of the overall grade I found it more efficient to not do any of the lectures and instead just open all the lecture slides and readings and just search for the answers as I'm doing the quiz for the week. If you try to complete all the lectures you'll find it difficult to keep up and you won't be any better off for the quizzes.

Lectures and quizzes are mostly useless for the projects.

2 of the 5 projects are unnecessarily difficult due to very poor instruction. The project write-ups are often just so bad that you spend the majority of your time just trying to figure out what you're supposed to do rather than taking the time to code to do it.

I HIGHLY recommend starting all projects on day 1.

If you are unfamiliar with javascript, HTML, DOM, then get yourself familiar because one of the projects leans on it heavily.

I liked the ideas of the projects but hated their instructions.