UMUC MS in Cybersecurity Policy: The Final Frontier (AKA CSEC 670)

powerfool

Well, some of you have shown interest in UMUC and their programs in cybersecurity. I started the program on a whim in October 2010. At the time, I was looking for a graduate program that wasn't quite as rigorous as a ranked MBA program and was a bit technical. My rationale was that a graduate degree could assist me in moving to a managerial role, and while I wanted some technical aspect, I didn't want it to be purely technical (I can handle technical with certifications). Anyhow, my employer announced a partnership with UMUC to offer cybersecurity graduate certificates (originally just the Cybersecurity Foundations, but eventually Cybersecurity Policy and Cybersecurity Technical) and I hopped on board (I was originally investigating WGU and actually got two of my colleagues in the MSISA program while my mentor/advisor was slow to the punch, for me).

The overall program now has three masters degree programs (the latest being the digital forensics program) that have the graduate certificates as feeders into these; they each are comprised of six six-credit hour courses and share CSEC 610, 620, and 670. The graduate certificates are a subset of these course. I originally signed up for the Cybersecurity Foundations certificate (CSEC 610 and 620) and then switched to the Cybersecurity Policy certificate (CSEC 610, 635, and 645) after completing 610, but I completed 620 anyhow. This was all really a game to get my employer to give me more money, as they would give an extra $5k in tuition reimbursement per year for the graduate certificates; by switching, I was able to get an additional $5k in two different years and I only had to pay for 1.5 courses, myself.

I have expressed some of my frustrations with the program before, and I will briefly share them again. First of all, UMUC has a policy to combat "grade inflation" that is widespread throughout academia; while some of this is merely lip service, the end result is that it is extremely easy to get a B in a course (because graduate students must maintain a 3.0 GPA or be placed on academic probation, and that would be less revenue for the school) and nearly impossible to get an A (because that would make them look like pushovers). The other aspect of their grading policy that compounds all of this is that the only offer straight letter grades, meaning no plus or minus grades. So, if someone puts in a minimal effort in the course, they may end up with a grade between 80-83%, whereas someone that works extremely hard will likely end up with an 87-89%.... but both students earn a B grade. I must state that all of my course grades have been at least an 87%... and that individual professors spin on grading can ruin a student trying to get top scores; I have received an A for a course. Also, this is a distance (online) program that requires group work; for my first four courses, the group assignments had a higher weight than the individual assignments and in all but one course, my individual assignment grades were far higher than my group assignment grades (a minimum of a letter grade higher). In my last semester (fifth course) our individual assignments were weighted higher. If this would have been the policy all along, I would have had four As and one B, instead of the inverse... that is all the swing I would have needed to dramatically increase my GPA (from a 3.2 to a 3..

I have been extremely diligent in offering constructive advice to professors when they solicit it and to the institution in each of our semester surveys. One positive change that has been experience as the result of mine (and several other students that I worked with) was getting assignment material released a week in advance. To mimic face-to-face classroom participation that is present in traditional education, UMUC has many conference assignments where several topics are listed and student must pick a subset for a primary response (a primary response being about one-page with cited references); then students must provide several secondary responses (responses to other students' primary responses). During weeks with conference assignments, students are expected to read several required items (sometimes this includes entire books, ~200-300 pages) and submit primary responses by Wednesday at Midnight... with the course week starting on Monday. That is essentially impossible for a full-time working adult that has a job with any amount of responsibility. Getting the assignment release a week in advance allows students to get required reading done beforehand. My next push is an attempt to get the overall weighting policy changed so that individual assignments are more important.

Anyhow, this all changes in CSEC 670. My syllabus was released today (class starts next week) and group assignments are 55% of the total grade. There four conference activities that are 5% each of the total grade and one individual paper that is 25% of the total grade! This is not going to make me happy. Anyhow, it looks like a great capstone, overall. We will be given a sector for which we must research and define cybersecurity concerns and develop and draft a policy at either an enterprise, national, or international scope. This is part of our group activities that endure seven of the 12 weeks of the course.

I think that this single course is going to be the "pay dirt" of the program. So, I plan on providing at least a weekly synopsis here. While I have had some very negative experiences with group activities in the previous semester (below graduate quality writing that I had to heavily revise), I think that this semester will offer me the ability to practice some of the management skills I will need to make my transition. I have worked in some groups that worked well and some that have been extremely dysfunctional. I am usually reluctant to be a leader in school because I tend to dominate, but I will have to do what is necessary this term to keep things on the rails while allowing others to have good input when they can provide it. What I really don't like is that our semester grades will be largely defined by the end of week 7, with little opportunity to push it upward, as 70% of our grade will be behind us.

The schedule:
Week 1 - Conference activity (5%): future cyber threats
Week 2 - Conference activity (5%): analyze the vulnerabilities of a fictional company
Week 3 - Individual assignment (25%): paper on to be defined topic
Week 4 - Conference activity (5%): case study on an organization victim of cyber terror
Week 5 - Conference activity (5%): discuss skill necessary of a manager to implement an effective cyber security program
Week 6 - Team sector briefing (25%): Capstone simulation briefing
Week 7 - Team report (5%): Round 1 Part A, must defend choices from TSB and enter decisions
Week 8 - Team report (5%): Round 1 Part B, outputs from previous week determine new landscape in ongoing simulation
Week 9 - Team report (5%): Round 2, outputs from previous round determine new landscape and new decisions entered
Week 10 - Team report (5%): Round 3, outputs from previous round determine new landscape and new decisions entered
Week 11 - Team report (5%): Round 4, outputs from previous round determine new landscape and new decisions entered
Week 12 - Final team summary (5%): Analyze performance throughout simulation and provide "lesson learned"

Information systems, as some may not be aware, is a business program, so my undergrad had both a IS capstone course and a business capstone course. My IS capstone consisted of a case study that required weekly presentations. But this program reminds my of my business capstone, as we ran a global shoe manufacturer and we had to make weekly decisions determining where we sourced materials, the quality of the materials, where manufacturing occurs, where products are sold, and marketing efforts, including pricing and promotions. In this setup we competed against other teams in our class and first place received an A, second a B, and third a C. We also had other assignments in the course. Hopefully this simulation will be as memorable, in a good way, as the shoe company simulation that I experienced almost five years ago.

My intent for this graduate program was to shift my career in a more managerial direction, eventually, but also a greater emphasis in information security and assurance. As you can see, I already have several certifications that push me in that direction, and I have been responsible for enterprise security as one of my responsible in a previous job, and security is integrated into my current role. In addition, I would like to pursue adjunct teaching in the near future, which should be possible at the conclusion of this program. My academic pursuits are likely far from over. One of my long-term goals has been a ranked MBA program (I have been leaning towards Notre Dame for a long time, as attending the school was a goal of mine since I was ten years old). Also, I have long considered pursuing law school... as I love arguing and researching law (I took a law course in high school, and business law in undergrad), but also a solid understanding of law is a good foundation for executive management... I have no desire to practice law (which is not uncommon among law students... only about 50% intend to practice). I have also considered pursuing a PhD extending my current knowledge in technology, or getting another undergrad or grad degree the is sector specific, like Health Informatics, nursing, or pharmacology. Finally, I would always be interested in becoming an architect, as my plan before life happened was to go to Notre Dame to study architecture.

Immediately following this degree is an academic break. I promised my wife I would take a break. My kids are getting older with my eldest having just started high school. 2013 will be another certification year as I have slacked off for the past 14 months. I need to reassert myself and focus on the PMP (another key piece for my transition to management), as well as finally knocking out the VCP. And... I will likely re-up my Microsoft certs for Windows Server 2012 and do something to keep my Cisco certs active. At that point, I may be at the end of my certification rope... if I make the management transition, I will likely no longer maintain my technical certifications and only maintain my CISSP and yet to be attained PMP via continuing education requirements. If I remain a consultant, then I may push my technical certifications higher up the ladder via either a CCIE, Microsoft Master, and/or CISSP-ISSEP.

Anyhow, enough of this. Feel free to post with general questions on the UMUC graduate cybersecurity program or this course. I will provide at least a weekly synopsis. Thanks!

spiderjericho

I attended UMUC for my undergrad in journalism/communication. My college history is Miami Dade, Florida International University, Copper Mountain College (+ numerous military courses).

For me, I thought the school's grading was fair. I always felt like whatever grade I got, I earned. I graduated with a 3.6 GPA. I think I could've earned a 3.7 or 3.8 if I had applied myself more. But I tend to have a personality where if my enthusiasm or interest in the subject is low, my output/grade suffers.

I only had a few group projects but can see where your frustrations. Teachers should have a little leniency with group projects.

I plan on going for a quick Master's through WGU by taking the MSISA but plan on going for a second in telecommunication or IT at another university like UMUC or another.

I do like the Cybersecurity+MBA UMUC offers.

Have fun in your Capstone. It should be a fun project. And it sounds like you'll continue to remain busy afterward.

powerfool

There grading policies are quite different for graduate and undergraduate programs. The policy I referenced was explicitly created to address the perception of grade inflation that is prevalent throughout graduate programs, in general. My wife and I were talking the other day and she is trying to convince me to do the MBA at UMUC, as it would only be an additional 3 6-credit hour courses, but I really have no interest in getting an MBA from anywhere other than a ranked school, as there are plenty of MBAs out there from run-of-the-mill-schools that cannot find jobs. I want something that is going to have a major benefit to me throughout my career; a school with an outstanding MBA-alumni network will do that more than something different.

spiderjericho

Well, I guess I'll see this grading policy when I eventually pursue my second Master's Degree. I'm looking at the:

[h=1]Master of Science in Information Technology: Telecommunications Management[/h]And we all have preferences, so if attending a prestigious university will make you happy for your MBA, by all means.

powerfool

Alright, week one is in the bag and week two is underway. We were provided with four conference topics in week one, which I assume will be the norm for the remainder of the semester. I felt that the topics provided for a good refresher of concepts from the entire program and got students back in the swing. Topics included: revolutionary change (related to cyberspace), a discussion on cybersecurity, asymmetric threats, and the Westphalian [Nation-State] Model and its advantages and disadvantages in prosecuting cyber defense. Our reading has included chapters from General Zinni's Leading the Charge and Kramer & Star's Cyberpower and National Security.

I learned this week that if you buy a Kindle text that has an associated Audible recording, you can get the recording at a substantial discount. For instance, the Audible recording of Leading the Charge is $20.95; the Kindle edition of the book is $9.99 and allows one to purchase the Audible recording for $4.95. What is really great about this is that you can use Whispersync to synchronize your progress between the recording and the eBook. So, I can listen during my commute or while I am lying in bed not wishing to disturb the misses, and then I can read on the Kindle (or Kindle app) at other times. Pretty cool.

I must say that I was initially turned off by the Zinni book because his long introduction seemed like a cheer leading piece for the current administration. After getting further in, I am not sure if he is a supporter of the current administration or if he was simply describing the world that led to the enthusiasm for Obama's election. In any event, I agree with the premise of many of his points describing a lack of leadership, globally. I think that if we honestly appraise the situation, there has been a failure in leadership over the past two decades, whether it is related to government officials or business leaders. Where I think the disagreement comes is how to address this. I am a staunch individualist with a strong belief in capitalism... it is essentially how I must be based on my core values. I certainly believe that many CEOs have failed and have been over compensated based on their performance; the answer is not to limit executive pay, however, but it is to hold these executives accountable for the performance of their organizations, which includes firing them without golden parachutes for marked failure. Anyhow, I am really glad that this book has been assigned and I am reading the entire book rather than just the select chapters that are assigned. I think that developing leadership qualities and skills will be a good personal development action and is in line with what my leadership expects of me.

No grades have been posted for week one. This has been normal for the entire program. This is a problem, I believe, because the instructors are supposed to be involved in discussions throughout the week and the system provides all of the metrics that they would need to properly assess beyond the quality of writing. These discussions should be graded within two days of the end of the week. I fully understand papers taking a week to be graded as I cannot imagine many of them being turned in before the last two days of the week. Conference participation is required throughout the week... a B grade on a conference requires at least four days of participation with primary responses being completed by Wednesday (which is why I am on late tonight:)).

dmoore44

powerfool wrote: »

I think that developing leadership qualities and skills will be a good personal development action and is in line with what my leadership expects of me.

This is something that I think gets passed over a lot (outside the military anyway). There's a marked difference between leadership and management, and people often confuse them.

Lately this has been a hot topic of discussion with a few of my peers, and we've come to similar conclusions - that a lot of people in management positions (especially government - i.e. civilian government) fancy themselves as leaders... but in reality they're just poor managers with no leadership skills and little direction.

powerfool

Okay, it has been two weeks. I didn't score as well on my second week because I didn't post one extra day during the week, even though I had met all of the deadlines and posted enough quantity and quality. Kind of a bummer there, but it was still a solid B for that week. I ended up catching bronchitis, which turned into pneumonia, and then got a sinus infection! The thought was that it was viral, so no antibiotics, but I got prescription grade cough suppressant and decongestant that knocked me out... it says no driving or operating heavy machinery. Anyhow, I am doing mostly better now, still a bad cough, but I am awake more often than not, now. Got my one individual paper done, but late because while I was sick and not able to really work or do school stuff, my Internet went out and I was in no shape to sit on the phone with tech support. I was finally up to it a couple days ago and got everything wrapped up.

I finished that entire "Leading the Charge" book. I started feeling good about it, but by the end, I was let down. Basically, the book is cheerleading about leadership and stating that things must adjust for the coming generations and leaders need to be able to make quicker decisions... it doesn't give any guidance on how to do it, though. Bummer.

My paper dealt with emerging technologies, the coming enterprise technology landscape, and policy issues that are currently in play for addressing them. The focus was on virtualization, teleworking, and mobile devices... and then on Bring Your Own Device and policy related to that and how desktop virtualization can be used to still provide a standardized, scalable, and supportable environment to end users that bring their own devices that may be disparate. Good stuff, hopefully. Even though I was sick and have multiple doctors notes, I hope I don't get reamed on my grade... because the paper was late due to the illness. We'll see... they gave me a hard time a couple of semesters ago because of a family emergency; they eventually worked with me on it, but it made pulling teeth look enjoyable.

powerfool

Well, good news. The professor is a rather reasonable person. It is sometimes rather difficult to gauge early on in a course. So, I am good to go on the paper. Now if I can just finish up this week's assignment before my meds fully kick in.

powerfool

It has been a couple of weeks since my last post. We have had two conferences where the topics have been fairly inconsequential. However, I had still been battling off illness and couldn't afford to stay home from work due to project schedule (I have plenty of PTO), so that left me with little time to actually focus on school work and still get the requisite amount of rest. Anyhow, I am doing much better now. The problem is that I let my postings fall behind, not posting early and often... more like late and seldom. As a result, my grades suffered... one moderately and one substantially. These postings are a very small percentage of our overall grade, weekly, so it isn't a big deal, but it is enough that it could put an end to my thoughts of getting an A. One of my week's grades, I will consider appealing, as instead of giving the customary 10% (or letter grade) penalty, I feel I was penalized by about 40%... or about two full percent on my overall grade.

This past week and a half has been focused on a sector briefing, which is a group activity. As always, there are the group dynamics... and some people like to overcommunicate... and there certainly is a such thing as overcommunication, as it takes time away from sincere thought, both during, and outside of, meetings. I reluctantly became my group leader... I don't like it because I tend to get frustrated with people that don't seem to put in the required effort for their capability (meaning people with a lower capability need to put in more effort to match everyone else). Anyhow, we have a few strong people, which is definitely an improvement over me being the only one pulling weight. After posting our assignment, we will be half way through the term.

I am finally getting to read one of our assigned books (we have had a few chapter assigned, but I haven't been keeping up there). In Search of Jefferson's Moose by David G. Post. I have to say that I really like the premise of the work. Post is essentially taking Jefferson's work in compiling Notes on the State of Virginia, and as suggested by the book's subtitle, is applying them to Cyberspace. It is thought provoking and interesting to me as I greatly admire Thomas Jefferson and it is bring together analogs from many diverse subjects to the concepts of cyberspace and cybersecurity. I certainly disagree with some of Post's thoughts, but I am very happy with my decision to dive in... I have read about half of it today.

powerfool

So, we are wrapping up week 7 and our first week in our simulation. I have to say that I think there is going to be a great imbalance between the work performed in our conference activities and our simulation activities, each week being worth 5% of our grade. The conference activities required twp primary responses to two of four available topics and three secondary (and beyond) responses, including two to the topics for which we did not comment during the primary response; overall, these are easy, so long as you have time to work on them that is distributed throughout the week (that is really how you get your best score... 4+ days of activity). These simulations are grueling, as least for my group. We each have a set of decisions to make based on our roles; we have opted to enter our decisions together over WebEx, which I think it a good idea, but it took us two hours to do so on a Tuesday night... then, we each have to write a 5000 character rationale and then we must collaborate on a 10 page paper. To be honest, it would be significantly easier to do by myself. The group does not work well or follow rules. I made a mistake during our initial paper (pre-simulation) based on getting confused between documents being passed around by email attachment and through our collaboration area online... I asked, going forward, that document ONLY be distributed through the collaborative area, and that we could communicate via email and send notifications; still not happening. Everyone feels that they must get a certain amount of "air time" during our meetings, which means that they drag on forever.

In any event, "In Search of Jefferson's Moose..." is great. The basis of the discussion is between centralization and decentralization, something I have contemplated for years.

spiderjericho

Ah, the drawbacks of working in a group, especially online (though traditional isn't that much better). I hope things turn out well. And glad to know you're feeling better.

powerfool

Well, week two of simulation work is done... I took the editor role this week, but had many work items get in the way. UMUC utilizes TurnItIn as a means to prevent plagiarism... our report for this week ended up getting a high similarity score because it matched items from our previous week's report.... like our title page (names, paper title, university), headings (we cover the same topics each week), and a minor amount of our content. It really peeves me off, but I explained it to the professor and it should be a mitigating circumstance. The group thing is just killing me... it is consuming WAY TOO MUCH time each week for these assignments as they are only worth 5% of our total grade... I am to the point where I think that we are spending more time on this assignment than we did our first group assignment that was worth 25% of our grade. Anyhow, we are through 80% of our grade with four week left. I am just going to give up on getting an A... which is upsetting because I could get an 89% in the class, or an 81%, the end result is the same... a B, no pluses or minuses... and that is a vast of amount of difference in the effort to get those percentages... you can get an 81% so long as you complete all of your work on time... getting above 85% takes a significant amount of effort, and 88% is fairly grueling.

cyber_sec

Hi powerfool. I'm a UMUC cybersecurity MS student as well. Do you see any difference between the students coming from the cybersecurity track and the cybersecurity policy track?

I agree on how the grading can be fairly random. My 640 prof was apparently grading everyone too leniently and UMUC slapped his hand saying that everything would get re-graded if he didn't start grading harder. Now, it seems he marks you down for seemingly arbitrary things. My feedback for conferences is "good" and I get 18/20 on them. I don't know what the 2 points taken off are for.

Did you think the quality of the courses went up as you went along or did they remain relatively the same throughout your degree?

autobrey

Hello, powerfool. I recently joined and have enjoyed reading your posts as it takes through your weekly accomplishments in the Cybersecurity Policy Program. I recently finished Csec 610 & 620. I am going to start CSEC 635 in the Spring2013. Can you give me some insight on what that course will entail? Are there any lab assignments or is it mostly conference writing and group assignments? Which professors were helpful while taking this course?

Thanks for your insight.

powerfool

@autobrey

For the Cybersecurity Policy program, labs are (at least they were when I went through the courses) limited to CSEC 610. I am having trouble recalling CSEC 610, but I don't think we had any group activities... you have those going forward. CSEC 635 is a focus on law and regulations.

This one a course that I rarely think of, to be honest... I didn't get much out of it.

EDIT: I was confusing this course with another course and had to revise my statements...

powerfool

@cyber_sec

I am not really sure of the differences between the tracks... I know how they intend to be different, but I know nothing of how it works out. I will see what my current group members think, as I am the only one (of five) that went through the policy path. They now offer the digital forensics path, as well.

Things are extremely arbitrary. I had a rough week in one of my conferences and posted some of my items late. Instead of evaluating them fairly and then deducting a letter grade, they were essentially graded as if they were not done at all. Even though that week is only worth 5% of my grade, that week has single-handedly ruined my possibility of getting an A. I am thinking about bringing it up, because it would change my overall grade by 2%, enough to give me an A by my estimates. For what the school costs, the gamemanship is quite ridiculous.

I think that the quality of courses are directly impacted by the instructors. For instance, my professor for CSEC 610, who was the toughest grader I have had, travels the world and relates experiences with all of his students; he was extremely knowledgeable and provided relevant feedback. The one exception being my CSEC 635 course, where I loved the course for the content, but the professor was pretty miserable because she provided hardly any feedback (certainly not timely) and was horribly inconsistent. My professor this semester is a bit of an enigma... during the first part of the semester, he seemed to be responsive and provide feedback... and this is when we only had individual assignments, so he was doing more work; now, he simply ignores questions about assignments and they are all group work.

I honestly think that for folks that have work responsibilities and that you want more than just a piece of paper, this program is probably not for you. If you want something out it, as with any program, you have to put a lot in... and based on the syllabus and schedule, you really can't do everything that is outlined if you have any significant responsibilities. I have had conference weeks where the reading assignment was an entire book and a couple of chapters from other books... that is all supposed to be read so that you can do your primary responses by Wednesday; that simply isn't going to happen for most people (speed readers and those without a life are the exceptions). I also don't like how we are going through books and reading chapters piecemeal from different books... I would much prefer that if a semester is going to be focused on 2-3 books (at this point, not text books, but early in the program was text books), that we focus on one book for a few weeks, and then another, and so on.

I am going to be taking a break from degree seeking work for a while. I am thinking that I may look into some "skill" courses at my local community college, for fun (welding and machining), or try to find a course in German or a physics course. I am intent on getting an MBA, eventually, and I could easily get one through UMUC, since it would only take 18 credit hours with my current work, but I really think that it would be a waste.

powerfool

Oh, I must further comment on "In Search of Jefferson's Moose...". I haven't been able to read this but in fits and starts. Anyhow, there is a chapter that is discussing control of the Internet and the "DNS crisis" of the late 90s. I think this is one of those topics that is fascinating because I lived it. Let me preface by putting my age out there. I will be 32 in a couple of weeks. I have been online since 1993, whether that is an old dial-up BBS, or early Internet stuff. I didn't really know networking at the time as my focus was all web (HTML and JavaScript). I remember going through this "DNS crisis" and it is funny that even though I was 17-18 years old at the time and didn't have a grasp on the technology underneath, I still believe the same thing should have happened now that I have a expert level understanding of it.

I am sure that there are many folks that remember (perhaps not the details), but likely as many that don't. Network Solutions, Inc (NSI), was the sole arbiter of domain names for the .COM, .NET, and .ORG TLDs as they had a $5mm contract with the National Science Foundation (NSF) to run the root DNS and do name registration from 1992-1998. Originally, they gave names out for free, since they were given money to run the infrastructure. However, domain names started to become synonymous with brands and the value of certain domain because insane and folks would just start registering the names of existing companies for free. NSI realized that it was crazy to continue this for free and started charging $100 for a two-year registration of a name (like $220 in today's cash... Thanks fiat currency!). Plenty of folks wanted to add new TLDs and NSI did not want to because it would create "supply." Effectively, NSI had a government created monopoly (which is redundant... true monopolies always have help from government). So, AlterNIC came around and said that they would provide a DNS infrastructure for these new TLDs and that they would copy the root DNS zone from NSI daily, so everyone would be able to get .COM, .NET, and .ORG name resolution still, and they convinced several ISPs to use them for DNS. At the time, I loved this. In retrospect, I feel the exact same way. It is kind of interesting as I am often introspective on my guiding principles and while I feel that they have changed, they really haven't.

Food for thought. I love the discussion and the back and forth discussion it has from the perspective of Jeffersonian v. Hamiltonian thought processes. You can relate these to other diametric perspectives on your own.

cyber_sec

I would suspect at the end of the day there is no real tangible difference between the policy and non-policy tracks. The non-policy track seemed billed towards more technology focused studies, but through 640, it seems scant on technology.

I asked about the quality of the courses increasing because I was hoping that by 670 they would have top notch professors. It sounds like I've had a similar experience where there are a few good professors and a few duds. Fortunately though, the 640 and 630 professors have been way better than the 610 and 620 professors.

It strikes me so odd that this program which is targeted at working professionals would assign so much reading. I quickly gave up on trying to keep up with the reading in 610 after I wasted a few days reading about how computers have cd-roms and these new fangled blu-ray drives! It would certainly be one thing to assign a lot of reading and have class discussion or materials that discuss the readings, but that is simply not the case. Don't even get me started on the weekly modules.

I'm still not sure of what I will make of the degree once I complete it. What troubles me is I think the majority of my classmates will believe they have a good, solid understanding of cybersecurity as a result of completing this program and that simply won't be the case. I feel this might be a good start down a career path down cybersecurity, but I get the impression from my classmates that they think they will be able to assume the role of a cybersecurity professional immediately. Judging from the level of discussions that take place during the conferences, this is not the case. I have a much deeper technical understanding of cybersecurity issues than about 95% of my classmates and I know for a fact that I'm still a neophyte and unqualified for most positions. It is true that you get out what you put in for distance education, and I feel like I've put in a ton of effort in to my classes so I feel better about my degree but it still concerns me that most of my classmates will end up with the same credentials as me.

autobrey

O Ok so you are saying CSEC 635 was pretty boring, just national law? Nothing out of the normal except conferences and group papers?

autobrey

@ cyber sec. I spoke to the coordinator at UMUC for the Cyber program. Basically he was saying that the CYbersecurity track is much more technical that the policy option and that the cybersecurity track is more in demand. However, for those in the policy option, they might want to take some thrid party certifications because at the job fairs he found that most employers wanted certs coupled with the cyber policy degree program

powerfool

Well, I have a week and a half left and I am ready for this program to be over. I got to doing a quick analysis of my grades and I could have very easily put myself in a position to fight for an A; extremely frustrating. My biggest hurdle has been work, family, and being sick... I simply haven't had the time some weeks. He did cut my some slack on my paper with being sick, but I was still horribly sick the next week, and nothing.

The simulation seems buggy as can be. We keep getting a poor downtime score even though we have invested in all of the decisions that improve downtime... professor says everyone is and they are investigating. It really is a lot of work every week for this. The flow works about like this:

1) Review previous weeks results.
2) Review upcoming threats.
3) Make new decisions that are altered based on previous results and upcoming threats... we do this on a 1-2 hour WebEx together (as technically we are each free to do our decisions separately, but we all impact the single budget).
4) Draft portion of group paper.
5) Work with team to combine results.
6) Submit to TurnItIn.
7) Revise and resubmit to TurnItIn, if necessary (never has been).
Discuss other groups papers.

It is grueling. This week is the last in our simulation (we are meeting tonight) and then we have some sort of wrap up. It pretty much stinks because I could either half-@$$ these next two assignments, or I could do normal work during this week and not do the assignment at all, next week, and I will still have the same grade for the course. I am actually considering a note to the professor essentially holding my team for ransom... because I am sure a couple of them can get an A in the course if we get an A on our next two assignments. I dunno, because that is the only thing keeping me going is a personal obligation I have to my team. I will be within two points of an A... which has been the case with four previous courses.

These policy courses have little-to-none in regards to technology... it is law... law... and enterprise policy.

I am thinking of what will come next. I still plan on pursuing the PMP come Q1 of 2013. I am getting frustrated at work due to several factors and I am starting to feel that I need to consider moving on... but I still owe them either time or money in regards to school. If I move to another contract, that may be a good option, too. As far as school, it will be a good long break from anything degree-seeking. I am still looking for some German courses and I may do a welding or HVAC course at the local community college, just for fun. The MBA will be on hold until my wife finishes her RN (which she will begin immediately after completing her LPN next month).

powerfool

I thought that I would provide a little better feedback on how the simulations work. So the week starts on a Monday and you have until Wednesday EOD to make your decisions; you are also presented with a set of threats each week that help to shape your decisions, like a new worm, or a natural disaster. Each group selects roles that each member will be assigned and is responsible for decisions for that role, respectively. For instance, there is a Chief Human Resources Officer, Chief Privacy Officer, Chief Information Security Officer, and Chief Technical Officer, and some more. Decisions are independent of each role, but they all work under the same budget. We decided to enter our decisions together over WebEx, which has worked out fairly well, but can be time consuming since people tend to get off of track.

The simulation is ran for the week on Thursday and you can see the results right away. The results are of two varieties: 1) did you mitigate the specifically called out threat(s), and 2) how did you score on various indices (employee morale, system/network resiliency, national security, internal security, downtime, disaster preparedness, and so on. The indices all start out at 100 and go up based on better performance and down on poor performance, with the exception of downtime which goes down for better performance and up for poor performance.

By Sunday EOD, the group must also draft a 10-12 page report outlining our decisions and our rationale. The length is actually an issue, especially for the first week since all decisions are new. We were somewhere around 24 pages on our first week. From an editing perspective, it is more difficult to write 1-2 pages and then work in everyone else's work for 10-12 pages than it is to write 10-12 pages on your own, in my opinion. The end paper is submitted to TurnItIn, just like normal papers, every week and is submitted to Web Tycho. It is also submitted to the next week's conference where the entire class can comment on others' papers. I have not commented once... we have had grades of 88%, 90%, 92%, and 93%, so far... maybe if I commented I would get a small bump in score... but I don't think that the professor is even considering that.

In addition, each group member must submit a peer and self-evaluation by Sunday EOD.

There are four rounds in the simulation, but the first round has a part A and B. After the four rounds, there is a final week where the group writes a summary paper.

Each of these six weeks is only worth 5% of your total grade.

The week before the simulation the group also writes a technology sector brief for your organization that is 20-24 pages and is worth 25% of your grade.

Each group is assigned a specific sector and an organization that is in that sector (fictional organization). The sectors are telecommunications, financial, energy, and transportation... there may be more if there are more groups.

So, for this course, group work accounts for 55% of your grade, which is a huge departure from previous weeks where you may have two group papers worth 10-15% of your grade, each.

From my perspective, the simulation round weeks are about 5x as much work as the individual conference weeks, but they are each worth 5% grade for each week.

powerfool

Half a week left... my grade is essentially set in stone, now, and it really doesn't matter if I do this last assignment. Simulation is over, we just work on this final summary of our experience in the simulation. I am ready for this to be over. I am not sure what I am going to do long term, but I figure I will probably start picking up some side work with my new free time. One consideration was always to teach a course at my alma mater or a local community college now that I have the graduate school tick mark.

nethacker

I am waiting on your overall review of how your semester went. Considering your first post about UMUC.

powerfool

Well, today is the last day. We turned in our last team paper. Rather unremarkable, really. I think it was rather anti-climactic for me because our last assignment was worth so little of our overall grade... they should have changed things up. I was disengaged this week... I did not attend our weekly WebEx because I knew it didn't really matter much, for me personally or for the assignment itself. I wrote up about two pages summarizing trends in our simulation based on the decisions for which I was responsible. Seems like it worked. We did fairly well (received an A) on our first team assignment, which was worth 25% of our grade. We didn't do as well (a high on our first simulation week, but we were back in our second simulation week after I changed up the formatting of our paper... the professor really liked it and it became our framework moving forward. Things have been extremely predictable and I have just been counting down the days.

There appears to be a glitch in the simulation related to downtime. No matter our decisions, our downtime scores keep getting worse; this is despite investing in everything resiliency and redundant, including server hardware level, WAN links, and datacenters. We also were not impacted by ANY of our technical threats, so no downtime caused by outside forces. It appears that all of the teams had this issue. If we were able to get past it and had good feedback, weekly or more, from the professor, the simulation may have offered more. There was very little communication from the professor.

I am glad it is over. One chapter closed. Break for me. My wife has another week in her program and I am ready for her to be done, as well, as I think it is causing the greatest stress for me.

I am providing as much feedback as I can to UMUC, so hopefully they use it constructively. If anyone has any questions, feel free to ask.

Ivanjam

Congratulations, powerfool, on a job well done!

Pekingese Cobra Rose

Thank you very much for the preview, powerfool. I am currently enrolled in the program and will be taking CSEC 670 in 2013 and it's nice to have some insight into the capstone project, which to this point has been somewhat mysterious.

The emphasis on group work is not uncommon for graduate programs but that doesn't mean it's useful. It seems to be a sacred cow even though practically no one gets anything out of it or seems to particularly like it. Having 30% to 50% of my grade depend on luck of the draw is tough, and I've had to shoulder more than my fair share of group projects in several of the courses. I guess experiential learning by having to deal with other people is good experience for the working world, but for working professionals with a lot of money invested in the course it basically feels like a way to throw an element of uncertainty and chance into the mix. Will I pass this course? Yes, if it's graded on my own actions... Maybe, if a large portion of my grade depends on whether several random classmates happen to have a work ethic.

Thank you for making the recommendation on releasing assignments a week ahead of time -- that change has saved my butt on a number of occasions where I had busy weeks at work but was able to read ahead and bank time.

In general this is a good program. In my case I have been working in cybersecurity for more than ten years, currently as a technical lead with management duties, so this program is not challenging with regard to content but is very useful in helping me hone my time management skills, and in looking at issues from a fresh perspective. This is about getting a graduate degree. I know I need a masters and it might as well be in something interesting, and once it's done I don't plan on doing any more academic work. It'll be a box checked.

The "technical" track I'm on isn't particularly technical, but I believe it's more interesting than the policy track if 620 is any indication. 620, human factors/law/policy/psychology, was the only course that felt overly tedious and boring to me (not to mention having what felt like double the workload of the other courses due to no labs/extra papers) and I expect there would be more of the same in the policy track.

The quality of instructors for this program is inconsistent. After a bad experience with an adjunct instructor last year, I decided to try very hard to register only for courses taught by professors listed on the program's web page. This has worked very well so far. The core professors are intelligent, tough, fair, open minded, and engaging. In contrast, the adjunct instructor for one of the early courses nearly made me quit the program -- he was so stuck in his ways that the conferences were not about discussing ideas, but instead were about regurgitating the "right" or "safe" answer or position. It felt like high school and it left a bad taste in my mouth.

In short, thank you for the information. For anyone on the fence, this is a good program.

Nighthawk700

I've been going back and forth between the Cybersecurity program at UMUC and UMBC (I'm actually in MD, so can look at the brick and mortar schools here as well). I just wanted to say thanks to Powerfool for all of your posts. While I was Googling to find out information about the various programs, your posts were pretty much the only ones I've been able to find that casts UMUC and the program there in a positive light. Most made UMUC and the program sound more like a diploma mill to be avoided at any cost. I even went to a UMUC open house to find out more in person; the adviser they set me up with was giving me information that I already knew was wrong, (e.g. that there were some Cybersecurity courses that met in person every other week) and addressed my other concerns with a simple "We can work that out" (without any detail of how) which didn't help to improve my confidence in them. Like you, I'm looking at the Policy track because I'd like to get more into the management side of things. I'm still trying to get in to talk to my upper management first; they've already shown that they are biased against schools such as Strayer, so I'm not even sure if UMUC will fly with them. Without their support, this path will have a quick dead end.

Unfortunately I haven't yet found write ups from graduates or current students in the UMBC program to read how things are over there. I have been able to find some of the course syllabi which helps give some information. Do you know of any place where the syllabi for UMUC Cybersecurity courses may be found?

Actually, since I'm writing now, two other questions, if you don't mind:

When you work in groups in the various courses, is it all on line (text based) or are you supposed to be calling each other or using other verbal communication as well? The reason I ask is I'm deaf, so phone/voice communication, while doable, isn't my strong suit.

And the other question - All the courses in the Cyber programs are 6 credit courses. Do you feel that you are getting the knowledge and value of two 3 credit courses in these 6 credit ones?

Thank you for any further information, and thank you again for detailing your experiences in this program.

Pekingese Cobra Rose

Part of your grade for team projects involves participation in the group "study area" which is an online forum, chat system, and file repository. You are basically discouraged from using phone conferences, email, and other forms of communication that are not contained within the system. While I've had groups that held phone conferences, it was done unofficially and on an ad hoc basis. I've never met another class member in person for anything related to class. They are truly 6 credit classes in my opinion. There is a ton of work involved in each course and I am always glad to see them conclude. I don't think it's anything like a diploma mill - good content, but it's what you make of it, and the program will work you hard. This is especially true if you're working full time+

powerfool

We used phone conferences and WebEx every week of my last class. In my other classes, we actually had a few phone conferences. For the last assignment of my first course, we all actually met; everyone was in the DC metro area besides me and I had a work sponsored activity in the area, so we all met.

The solution to the "participation" is to create meeting minutes and post them in the study area.

Ammokeith

powerfool,

Congrats on your achievement, I have just finished my BS in Cybersecurity and started my MSIT in Cybersecurity Policy. My CSEC620 class starts in Feb, and I have the course materials, but I cannot find the syllabus anywhere.

Can you help me out with a copy of the MSIT Cybersecurity Policy syllabi for the CSEC classes...I like to start early on reading, but in the past have read chapters that weren't required for the course, or I read them in the wrong order...

Thanks for any and all help, and thanks for the very detailed post regarding this class and the capstone...it will be very handy as a reference for me over the next 1.5 years...

ammokeith