SMS
RSS feeds
Reddit
NewsvineIn a move to provide greater accessibility to instruction on software security, Stanford’s Center for Professional Development began offering its six-course Advanced Computer Security Certificate Program entirely online this fall.
Using VMware technology, the program teaches clients how to construct attacks and test their own defenses in isolation of real systems, according to Neil Daswani M.S. ‘04, Ph.D. ‘05, one of three instructors of the six-course sequence.
“There are some other certification programs available,” Daswani said. “But there hasn’t been a program that focuses as deeply on software certification as Stanford’s program.”
Daswani added that the program is unique because it provides “hands-on software security training and can be taken completely online by geographically distributed engineers and IT staff.”
The set of classes caters to software engineers, corporate CEOs and government affiliates looking to protect their systems and their customers’ security.
“I think for a lot of people, especially in this area [Silicon Valley] since it is very competitive, they are trying to build skill sets because they want to move up in their jobs, and they want to learn skills that are going to put them ahead,” Professional Education Program Manager Evi-Lynn Byer ‘98 said.
She added that a perk for many enrolling in the program is the combination of academics and industry that Daswani and Stanford Computer Science Profs. Dan Boneh and John Mitchell provide through their instruction.
The need for this kind of instruction is great, Daswani said.
“Over the past five to six years, we’ve started to see a string of very, very serious [software] attacks,” he said. “Back in 2005 there was a credit card payment system called Card Systems. They had a database with 43 million credit card numbers in it. The bad guys constructed an attack that would construct a number of database scripts that would email them 1,000 credit card numbers a day.”
The company did not catch the problem for six months, Daswani said.
And it is attacks like these that Daswani and his colleagues are training clients to thwart. Information on guarding against such attacks is scarce in the industry.
“If you look at undergraduate computer science degrees, they are being trained to program but not to secure software. Most universities do have courses on cryptography, but as it turns out, cryptography is a very small component of the overall system,” Daswani added. “Ninety-nine percent or more are attacks where the bad guy has not broken the encryption but has taken advantages of vulnerability in the software.”
In this context, it comes as no surprise that Stanford’s program has attracted students from Cisco, IBM, eBay, Hewlett Packard, National Semiconductor and McAfee.
Clients have also included both domestic and foreign government affiliates.
“When it comes to security in government, cyber security has been a neglected child,” Daswani said. “There is a very clear incentive for them to invest in [a] certification program. It would great for government to step up.”
Indeed, some officials have. Past clients include employees of the U.S. Department of Homeland Security, which has in previous years received failing marks in an annual computer security report card issued by the U.S. House of Representatives Committee on Government Reform. Also on the roster have been officials from China and India who, Byer said, were mostly looking for help with public policy and entrepreneurial ventures. She added that software security course instructors have tailored courses for some government engineers in the past.
The certificate program is composed of three core courses and three electives, each six hours long and available anytime online. Instruction is given through taped lectures of live campus classes, labs and exams, Daswani said. The courses focus on teaching principles, he added, since teaching every possible vector of an attack is impossible.
Online instruction is not unique to the program nor to the Center for Professional Development, which now offers all of its courses online, Byer said.
According to Daswani, MIT has already taken its entire undergraduate computer science program online. Stanford, too, offers numerous undergraduate courses online, including Computer Science 106A this quarter.
Daswani is optimistic about the growing trend to offer courses entirely online but added that there are drawbacks in addition to the benefits of teaching entirely in the cyber realm.
“The one drawback is the lack of interaction with the instructor,” he said. “A lot of learning does take place through interaction.”
In the past, he said, some students have chosen to come to campus even when the courses were entirely online just so they could have the personal interaction with the professor and peers.
However, the benefits of course accessibility at any time or location as well as the reduced cost of online instruction outweigh the lack of interaction for many. The Software Security Foundations course alone boasts 400 online participants. The fledgling Advanced Computer Security Program has had 15 graduates so far and anticipates growth this year with the program going online.
“Given the scale of this problem and given that we need to disseminate information much more widely,” Daswani said, “The online courses allow us to get information out much more quickly and to a much wider geographic distribution of people.”