Cybersecurity involves thinking about digital systems not in terms of how they might be used, but instead in terms of how they might be misused. Just as a computer scientist must have a firm grasp of data structures and algorithms to keep her programs fast, she must also have a similar understanding of cybersecurity to keep her programs secure.0
Put formally, the objective of these course materials is to provide the domain knowledge necessary to perform effective threat modeling and extensive attack vector identification. Put more colloquially, the purpose is to teach you how to think not only about users and capabilities but abusers and vulnerabilities. Fortunately, these are two sides of the same coin; the negative space left by the other.
The goal is to foster a 'security mindset.' In your computer science education thus far, you've likely spent most of your time thinking about the "light side" of systems: that which is intended. Welcome to the dark side.
?> You may find it odd that the word "cybersecurity" doesn't appear in the objective of a course about cybersecurity. That's because cybersecurity isn't a field of computer science in the same sense as, for example, database engineering. Database engineering is a field in and of itself; cybersecurity, by contrast, is thinking about systems not only in terms of how they can be used, but also how they can be misused. For more information, see Cybersecurity & Hacking.
These course materials are meant to be worked through in the order they are listed in the navigation menu. While you can jump around throughout the topics and still find the enclosed materials helpful, each unit, reading, and project builds on those that came before it. In most cases, you'll be best served by gradually working through these materials from start to finish — or, in terms of the navigation menu, from top to bottom.
Note that this is not a textbook. A textbook is self-contained; these materials are not. Each unit links heavily to readings created by experts in their respected fields. A fundamental idea in cryptography is to never "roll your own crypto," which is to say that you shouldn't implement complex encryption systems yourself. (Unless your name is on this list, in which case, well, why are you here?) Instead, you should use a peer-reviewed implementation written by expert(s).
This course assumes the following technical skills:
- Fluency in Python 3
Perhaps more notable is what the course does not assume knowledge of:
- Cryptography
- The nuances of operating systems
- Network protocols
- Web development
- Social engineering
As discussed in the 'objective' section, the purpose of these materials is to give you the domain knowledge necessary to understand how essential digital systems work at a high level with an eye towards how those systems can be exploited or broken.
Broadly, you'll learn be introduced following topics through the lens of computer security:
- Key cybersecurity concepts
- Cryptography
- Operating systems
- Malware
- Networking
- Telephones
- Authentication and authorization
- Social engineering
Notice how their isn't one-for-one parity between these topics and the five units contained in these materials. That's because they all intersect and build off one another. Each unit is a group of topics, and they will invariably flow into one another.
It's also important to note what you won't necessarily learn from these materials: how to hack.
These materials are designed to teach you to understand computer systems through the lens of security. While this newfound understanding may lend itself to 'hacking' — and that's an imprecise term, as you'll learn in Unit 0 — the purpose of this course is to teach you how to think about computer systems' security (and computer systems themselves). This knowledge will help you understand and minimize risk in your own systems. It won't necessarily help you eliminate — or exploit — it.
In order to succeed using these materials, you'll need to make an honest effort to not only to memorize the given material, but also understand and extrapolate from it. Because computer systems are so heavily interconnected, you can't think about any of the upcoming topics in a vacuum. Instead, you'll need to consider them in the context of everything else.
Put simply: do the readings.
Instructors are advised to read the Note to Teachers page prior to teaching a course based on these materials.
0 This sentence was taken from the IP proposal.
These course materials were developed as part of an Independent Project at Phillips Academy.
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
