Stanford (SCPD) - Certificate of Advanced Computer Security - Overview

MSP-ITMSP-IT Posts: 752Member ■■■□□□□□□□
I was accepted to take the Certificate of Advanced Computer Security at Stanford's Center for Professional Development early this month. This thread is designed to give an overview/review of the process from start to finish.

Application Process
The application process was straight-forward. I created my account on May 8th, submitted the application on the 9th, and was approved by the 13th. I provided them with a detailed job description, detailed academic and professional experience, and an essay. Once my application process was approved, I was then able to enroll on online courses.

Software Security Foundations - XACS101
This was the first recommended course to be taken as a part of the 6 course certificate program. The course is primarily taught by Neil Daswani, co-founder of the program and engineering manager at Twitter. You can tell that this guy is smart (book smart or other), but oral communication is not a great skill. He gets the content across, but at a rather slow pace. I could say more about his communication skills, but I don't really want to be overly critical in the first few lessons. The material itself has so far closely resembled some CISSP/SSCP content, but has touched at a deeper technical level, which I like. Not only are we looking at vulnerabilities such as malware, cross-site scripting, and buffer overflows, but we look at sample code directly that shows how and why such vulnerabilities exist. It's quite technical. I can see why they recommend that students have good hand on an object-orient programming language.

So far I haven't learned too much from the first course, but I am only half way through. The content hasn't been extremely difficult to digest, but I'm really curious to see how the final exams go. I believe a 90% is required for each of the courses in order to receive the certificate.

I'll keep you updated as time/content goes on.
«1

Comments

  • IristheangelIristheangel CCIEx2 (Sec + DC), CCNP RS, CCNA V/S/R/DC, CISSP, CEH, MCSE 2003, A+/L+/N+/S+, and a lot more from m Pasadena, CAPosts: 4,117Mod Mod
    Interesting. Let me know how it goes. I've been really interested in that certificate for years now but just haven't had time to try it out given my other educational and certification goals. It'd be nice to have Stanford on my resume :)
    BS, MS, and CCIE #50931
    Blog: www.network-node.com
  • MSP-ITMSP-IT Posts: 752Member ■■■□□□□□□□
    Interesting. Let me know how it goes. I've been really interested in that certificate for years now but just haven't had time to try it out given my other educational and certification goals. It'd be nice to have Stanford on my resume :)

    I'm also doing it for the name. I don't have quite the experience for my resume, so I'd thought I'd use this as a bit of a cushion. In comparison to a GIAC cert (self-paid), the program is quite affordable. The topics are intriguing as well.
  • emerald_octaneemerald_octane Posts: 613Member
    Thanks for the info. MIT has a 2 day applied security cert that i might fly up and take, but the Stanford one sounds way more in-depth. I wonder though, with all these edX courses and what not floating around, will employers think that the edX classes are equivalent to a graduate certificate, pursued online?
  • cyberguyprcyberguypr Senior Member Posts: 6,843Mod Mod
    I remember Iris mentioning this a while back. Glad to see someone here actually signed up. Subscribing for updates.
  • cgrimaldocgrimaldo Posts: 439Member ■■■■□□□□□□
  • MSP-ITMSP-IT Posts: 752Member ■■■□□□□□□□
    I've finally been able to dedicate more time to the certificate now that I've passed the CISSP exam.

    For some reason I'm unable to edit the first post in this thread, so I'll have to continue my progress report from here on.

    Final Exam (XACS101):
    The exam was a bit of a PITA. The questions were multiple choice but could have been written better. They followed the study guide almost exactly. There were 28 questions on the exam, same as the study guide, which means you could only miss 2 questions before having to take it again. Let's just say I had to play a little game of mental deduction before I actually passed with a 92% as there is no feedback on the missed questions.

    After going through the study guide and being able to answer roughly 80% of the questions, I was a little worried about proceeding with the exam in the case that I failed. Noticing that the exam is located as a separate module of the course itself, I reached out to the SCPD customer service and asked if there was only a single attempt possible for each course exam. To my surprise (and delight), a student can "take the exam as many times as needed to pass during the course access period" as long as each attempt is submitted in full. My initial worry was based out of the required passing grade of 90%.

    Overall Course Impression (XACS101)
    Good:
    The course content, based on the target audience and topics, was great. The technical level that it touched was perfect for the amount of time allotted and intricacy of the topics defined. It gave me just enough to bite and the urge to continue with the other courses offered (and required) for the certificate.
    Bad:
    I struggled a bit with the fact that the material wasn't presented very well (see previous comment on oral communication) by either Dan Boneh or Neil Daswani. Again, you can tell these guys know the material and the topic that they discuss very well, but the presentation of the information and data lacked... something. There were a few terms that I'm familiar with in Information Security that could have been, in my mind, corrected. As an example: the star-property within Bell-Lapadula (as we know from the CISSP) is referred to as the confinement-property within this course. This is one of a few instances that I could find where seemingly old ideas/terms were given a new name that could only be found within the course. What's wrong with the old, predefined terms? In reality, it's not a big deal, but I believe it may have subtracted from the overall applicability and/or relevance of the course to real life. Other than that, the videos provided by the course seemed to end abruptly, like overall cutting/editing was an afterthought, but that's more or less a cosmetic complaint that doesn't weigh on the overall course quality.

    XACS101 Course Review: 75/100, it's good, but could've been better.
  • MSP-ITMSP-IT Posts: 752Member ■■■□□□□□□□
    I've officially completed the first course. I'm hoping to register for both Mobile Security (XACS215) and Emerging Threats and Defenses (XACS301) later today.
  • serene2013serene2013 Posts: 7Member ■□□□□□□□□□
    Thanks for insightful review. how far are you with Mobile Security and emerging threats and defenses courses? kindly update us

    many thanks
  • MSP-ITMSP-IT Posts: 752Member ■■■□□□□□□□
    At this point in time I've registered for all of the courses and completed 3. I'm currently slogging my way through Emerging Threats and Defenses. As the courses have gone on, I've picked up a little bit of criticism for the material. There seems to be a lot of duplication and repetition. So far, in the Crypto, Exploiting and Protecting Web Applications, and Emerging Threats and Defenses, at least 2-3 hours of the material is copied directly from the Software Security Fundamentals; same videos, same slides, etc. This means that there is only 2-3 hours of new, original content in each course.

    Other than that, there is not much else to note. Nothing has really changed in the courses relating to the quality of the material and the professors.

    Hoping to finish this up in the next 3-4 weeks and move on the the OSCP and Linux+ at the same time.
  • tprice5tprice5 Posts: 770Member
    Didn't even know this existed. Pretty cool. +1
    Certification To-Do: CEH [ ], CHFI [ ], NCSA [ ], E10-001 [ ], 70-413 [ ], 70-414 [ ]
    WGU MSISA
    Start Date: 10/01/2014 | Complete Date: ASAP
    All Courses: LOT2, LYT2 , UVC2, ORA1, VUT2, VLT2 , FNV2 , TFT2 , JIT2 , FMV2, FXT2 , LQT2
  • MSP-ITMSP-IT Posts: 752Member ■■■□□□□□□□
    Finished up Emerging Threats and Defenses yesterday. Completed 4/6 courses, but I still need to pass the Crypto exam. Hoping to finish the next two courses and exam in about 3 weeks.

    I'm currently working on the Mobile Security course. There is definitely lots of new information here. They're going into the security framework of operation (though not at too deep of a level) of FDMA/CDMA/GSM/etc. which I've never learned before. This course is probably going to be one of my favorites.
  • IristheangelIristheangel CCIEx2 (Sec + DC), CCNP RS, CCNA V/S/R/DC, CISSP, CEH, MCSE 2003, A+/L+/N+/S+, and a lot more from m Pasadena, CAPosts: 4,117Mod Mod
    Nice! Great job. I'm really seriously thinking about taking this in the future thanks to this thread. Keep up the good work!
    BS, MS, and CCIE #50931
    Blog: www.network-node.com
  • tprice5tprice5 Posts: 770Member
    Here is a link to the course

    Also, total cost of this course is about $3k. Ouch!
    Certification To-Do: CEH [ ], CHFI [ ], NCSA [ ], E10-001 [ ], 70-413 [ ], 70-414 [ ]
    WGU MSISA
    Start Date: 10/01/2014 | Complete Date: ASAP
    All Courses: LOT2, LYT2 , UVC2, ORA1, VUT2, VLT2 , FNV2 , TFT2 , JIT2 , FMV2, FXT2 , LQT2
  • MSP-ITMSP-IT Posts: 752Member ■■■□□□□□□□
    I definitely think it's worth the money though, especially if you're a cert-wh*re like most of us and don't want just another checkmark under the "certifications" section of your resume. This would sit nicely on top of a degree like WGU that doesn't have much recognition.
  • MSP-ITMSP-IT Posts: 752Member ■■■□□□□□□□
    I just finished the last course required for the certificate. It also looks like I saved the best for last (sarcasm).

    This last course (Writing Secure Code) was probably the worst of them all. The lack of refined material was maddening. This had to retest the final exam roughly 10 times before I could pass. In the end, the questions I had wrong were due to semantics. There was some more cross-over on material, again, and made me realize how much the learning process is deflated when the people doing the teaching lack enthusiasm and oral communication.

    Overall, I'd recommend the program. Despite the lack-luster refinement of the courses, you are getting a certificate from Stanford and an official transcript. I did learn quite a bit too, so that's a plus.

    They would do well to redo the material provided with the courses, add HTML5 streaming, re-write the exams. If they spent just a little more time on it, I'd give it a solid 9/10.
  • tprice5tprice5 Posts: 770Member
    MSP-IT wrote: »
    you are getting a certificate from Stanford and an official transcript.

    Whats the significance of the transcript?
    Certification To-Do: CEH [ ], CHFI [ ], NCSA [ ], E10-001 [ ], 70-413 [ ], 70-414 [ ]
    WGU MSISA
    Start Date: 10/01/2014 | Complete Date: ASAP
    All Courses: LOT2, LYT2 , UVC2, ORA1, VUT2, VLT2 , FNV2 , TFT2 , JIT2 , FMV2, FXT2 , LQT2
  • MSP-ITMSP-IT Posts: 752Member ■■■□□□□□□□
    CPEs and maybe education substitution for experience in the government sector? It provides you with a little more credibility, IMO.
  • stryder144stryder144 Posts: 1,592Member ■■■■■■■■□□
    Some companies request transcripts for education verification. As such, getting an official transcript from a well regarded university like Stanford would potentially impress the hiring manager.
    The easiest thing to be in the world is you. The most difficult thing to be is what other people want you to be. Don't let them put you in that position. ~ Leo Buscaglia

    Connect With Me || My Blog Site || Follow Me
  • N2ITN2IT Posts: 7,483Inactive Imported Users
    MSP-IT great post, I have been following even though I am not in security.

    I just wanted to add, that a close friend of mine who has been a network engineer for ~20 years for AT&T, had nothing but good things to stay about Stanford's security training. I know he finished Crypto 1 and 2.

    This gentleman holds a BS from Rice University in CS (One of the top CS programs in the world) and has a ton of Cisco certifications.

    Not saying you should do it because of this testimonial. But the guy is about a legit as you can get into IT Infrastructure and Networking and he thought it was awesome.
  • DonDealDonDeal Posts: 33Member ■■□□□□□□□□
    @MSP-IT

    I was reading the website. It says most courses can be completed in 6-8 hours? The only assignment is the final at the end of the course? How many attempts at the final do you get? It looks like a good resume enhancer.
    Master of Public Administration - 50% complete
    Master of Science: Information Security and Assurance
  • N2ITN2IT Posts: 7,483Inactive Imported Users
    DonDeal wrote: »
    I was reading the website. It says most courses can be completed in 6-8 hours? It looks like a good resume enhancer, though.

    Maybe I am thinking of something different, but Coursera offers some training courses like Crypto 1 and 2 and there is no way you could finishes these in 6 - 8 hours icon_lol.gif

    The assignments alone are distributed at different weeks. I believe the duration of the courses I am talking about is either 6 - 8 weeks or 8 - 12.


    ****Follow up

    https://www.coursera.org/course/crypto

    https://www.coursera.org/course/crypto2

    These are the two courses I was referring to. After review they are scheduled for 6 weeks each, so in 3 months you could complete these.

    My friend received a formal certification of completion for both 1 and 2 and made good friends with the professors. In fact last week I believe their was a security convention is Las Vegas and he was going to meet the professor there I believe or maybe another student.

    Either way seems like a good deal for free.
  • MSP-ITMSP-IT Posts: 752Member ■■■□□□□□□□
    This professor you're talking about is Dan Boneh. I'd love to meet the guy. He was definitely my favorite out of the 3.

    The courses, like you mentioned, had 6-8 and one course had more like 12. That being said, the material is pretty in-depth, and like any college level course, even though you could cover everything in just a few days, you really need to understand the concepts and context. I'd say a healthy pace is 1-2 weeks per course. The final is roughly 30 questions per course and you are allowed to attempt them as many times as you need to pass; and although that sounds easy-peasy, I only passed one on my first try.

    I took the program for the resume cushion and name recognition purposes, but I still learned quite a bit in the end.
    stryder144 wrote: »
    Some companies request transcripts for education verification. As such, getting an official transcript from a well regarded university like Stanford would potentially impress the hiring manager.

    Good point.
  • the_Grinchthe_Grinch Posts: 4,160Member ■■■■■■■■■■
    While I think the program looks interesting they are charging a ton considering it is just a certificate. Thanks for the review!!
    WIP:
    PHP
    Kotlin
    Intro to Discrete Math
    Programming Languages
    Work stuff
  • colemiccolemic Posts: 1,568Member ■■■■■■■□□□
    @MSP, are there other assignments in the coursework, outside of the final? (projects, quizzes, etc.)
    Working on: CCSP, definitely, maybe. On the twitters: @mcole1008
  • iBrokeITiBrokeIT GXPN GPEN GWAPT GCIH GCFE GICSP GSEC eJPT Sec+ Posts: 1,260Member ■■■■■■■■■□
    the_Grinch wrote: »
    While I think the program looks interesting they are charging a ton considering it is just a certificate. Thanks for the review!!

    $3000 for a semester of technical classes at Stanford is extremely cheap!
  • MSP-ITMSP-IT Posts: 752Member ■■■□□□□□□□
    colemic wrote: »
    @MSP, are there other assignments in the coursework, outside of the final? (projects, quizzes, etc.)

    There are some optional projects, but the exams are the only requirement.
  • Danielm7Danielm7 Posts: 2,268Member ■■■■■■■■□□
    With the idea that you could take the exams as many times as you wanted, did you find that it changed the way you prepared for them? I can see some people just throwing themselves at the test 20 times until they are familiar enough.
  • MSP-ITMSP-IT Posts: 752Member ■■■□□□□□□□
    The questions were specific enough (almost annoyingly so) to keep you from taking the exams before you were ready. You'd have a very hard time passing them without having a good understanding of the material. They require that the exam form be complete before you can submit it, so even through simple deduction methods it would take you a good while to finish the exam even if you completed only 75% of the questions correctly. You get no feedback on the incorrect questions, only the total percentage correct.
  • MSP-ITMSP-IT Posts: 752Member ■■■□□□□□□□
    And 12 days later, I get this:

  • JoJoCal19JoJoCal19 California Kid Posts: 2,801Mod Mod
    Congrats! A nice achievement to add to the resume.
    Have: CISSP, CISM, CISA, CRISC, eJPT, GCIA, GSEC, CCSP, CCSK, AWS CSAA, AWS CCP, CEHv8, CHFIv8, ITIL-F, MS Cyber Security - USF, BSBA - UF, MSISA - WGU
    Currently Working On: Python, OSCP Prep
    Next Up:​ OSCP
    Studying:​ Code Academy (Python), Bash Scripting, Virtual Hacking Lab Coursework
Sign In or Register to comment.