Well, some of you have shown interest in UMUC and their programs in cybersecurity. I started the program on a whim in October 2010. At the time, I was looking for a graduate program that wasn't quite as rigorous as a ranked MBA program and was a bit technical. My rationale was that a graduate degree could assist me in moving to a managerial role, and while I wanted some technical aspect, I didn't want it to be purely technical (I can handle technical with certifications). Anyhow, my employer announced a partnership with UMUC to offer cybersecurity graduate certificates (originally just the Cybersecurity Foundations, but eventually Cybersecurity Policy and Cybersecurity Technical) and I hopped on board (I was originally investigating WGU and actually got two of my colleagues in the MSISA program while my mentor/advisor was slow to the punch, for me).
The overall program now has three masters degree programs (the latest being the digital forensics program) that have the graduate certificates as feeders into these; they each are comprised of six six-credit hour courses and share CSEC 610, 620, and 670. The graduate certificates are a subset of these course. I originally signed up for the Cybersecurity Foundations certificate (CSEC 610 and 620) and then switched to the Cybersecurity Policy certificate (CSEC 610, 635, and 645) after completing 610, but I completed 620 anyhow. This was all really a game to get my employer to give me more money, as they would give an extra $5k in tuition reimbursement per year for the graduate certificates; by switching, I was able to get an additional $5k in two different years and I only had to pay for 1.5 courses, myself.
I have expressed some of my frustrations with the program before, and I will briefly share them again. First of all, UMUC has a policy to combat "grade inflation" that is widespread throughout academia; while some of this is merely lip service, the end result is that it is extremely easy to get a B in a course (because graduate students must maintain a 3.0 GPA or be placed on academic probation, and that would be less revenue for the school) and nearly impossible to get an A (because that would make them look like pushovers). The other aspect of their grading policy that compounds all of this is that the only offer straight letter grades, meaning no plus or minus grades. So, if someone puts in a minimal effort in the course, they may end up with a grade between 80-83%, whereas someone that works extremely hard will likely end up with an 87-89%.... but both students earn a B grade. I must state that all of my course grades have been at least an 87%... and that individual professors spin on grading can ruin a student trying to get top scores; I have received an A for a course. Also, this is a distance (online) program that requires group work; for my first four courses, the group assignments had a higher weight than the individual assignments and in all but one course, my individual assignment grades were far higher than my group assignment grades (a minimum of a letter grade higher). In my last semester (fifth course) our individual assignments were weighted higher. If this would have been the policy all along, I would have had four As and one B, instead of the inverse... that is all the swing I would have needed to dramatically increase my GPA (from a 3.2 to a 3.
.
I have been extremely diligent in offering constructive advice to professors when they solicit it and to the institution in each of our semester surveys. One positive change that has been experience as the result of mine (and several other students that I worked with) was getting assignment material released a week in advance. To mimic face-to-face classroom participation that is present in traditional education, UMUC has many conference assignments where several topics are listed and student must pick a subset for a primary response (a primary response being about one-page with cited references); then students must provide several secondary responses (responses to other students' primary responses). During weeks with conference assignments, students are expected to read several required items (sometimes this includes entire books, ~200-300 pages) and submit primary responses by Wednesday at Midnight... with the course week starting on Monday. That is essentially impossible for a full-time working adult that has a job with any amount of responsibility. Getting the assignment release a week in advance allows students to get required reading done beforehand. My next push is an attempt to get the overall weighting policy changed so that individual assignments are more important.
Anyhow, this all changes in CSEC 670. My syllabus was released today (class starts next week) and group assignments are 55% of the total grade. There four conference activities that are 5% each of the total grade and one individual paper that is 25% of the total grade! This is not going to make me happy. Anyhow, it looks like a great capstone, overall. We will be given a sector for which we must research and define cybersecurity concerns and develop and draft a policy at either an enterprise, national, or international scope. This is part of our group activities that endure seven of the 12 weeks of the course.
I think that this single course is going to be the "pay dirt" of the program. So, I plan on providing at least a weekly synopsis here. While I have had some very negative experiences with group activities in the previous semester (below graduate quality writing that I had to heavily revise), I think that this semester will offer me the ability to practice some of the management skills I will need to make my transition. I have worked in some groups that worked well and some that have been extremely dysfunctional. I am usually reluctant to be a leader in school because I tend to dominate, but I will have to do what is necessary this term to keep things on the rails while allowing others to have good input when they can provide it. What I really don't like is that our semester grades will be largely defined by the end of week 7, with little opportunity to push it upward, as 70% of our grade will be behind us.
The schedule:
Week 1 - Conference activity (5%): future cyber threats
Week 2 - Conference activity (5%): analyze the vulnerabilities of a fictional company
Week 3 - Individual assignment (25%): paper on to be defined topic
Week 4 - Conference activity (5%): case study on an organization victim of cyber terror
Week 5 - Conference activity (5%): discuss skill necessary of a manager to implement an effective cyber security program
Week 6 - Team sector briefing (25%): Capstone simulation briefing
Week 7 - Team report (5%): Round 1 Part A, must defend choices from TSB and enter decisions
Week 8 - Team report (5%): Round 1 Part B, outputs from previous week determine new landscape in ongoing simulation
Week 9 - Team report (5%): Round 2, outputs from previous round determine new landscape and new decisions entered
Week 10 - Team report (5%): Round 3, outputs from previous round determine new landscape and new decisions entered
Week 11 - Team report (5%): Round 4, outputs from previous round determine new landscape and new decisions entered
Week 12 - Final team summary (5%): Analyze performance throughout simulation and provide "lesson learned"
Information systems, as some may not be aware, is a business program, so my undergrad had both a IS capstone course and a business capstone course. My IS capstone consisted of a case study that required weekly presentations. But this program reminds my of my business capstone, as we ran a global shoe manufacturer and we had to make weekly decisions determining where we sourced materials, the quality of the materials, where manufacturing occurs, where products are sold, and marketing efforts, including pricing and promotions. In this setup we competed against other teams in our class and first place received an A, second a B, and third a C. We also had other assignments in the course. Hopefully this simulation will be as memorable, in a good way, as the shoe company simulation that I experienced almost five years ago.
My intent for this graduate program was to shift my career in a more managerial direction, eventually, but also a greater emphasis in information security and assurance. As you can see, I already have several certifications that push me in that direction, and I have been responsible for enterprise security as one of my responsible in a previous job, and security is integrated into my current role. In addition, I would like to pursue adjunct teaching in the near future, which should be possible at the conclusion of this program. My academic pursuits are likely far from over. One of my long-term goals has been a ranked MBA program (I have been leaning towards Notre Dame for a long time, as attending the school was a goal of mine since I was ten years old). Also, I have long considered pursuing law school... as I love arguing and researching law (I took a law course in high school, and business law in undergrad), but also a solid understanding of law is a good foundation for executive management... I have no desire to practice law (which is not uncommon among law students... only about 50% intend to practice). I have also considered pursuing a PhD extending my current knowledge in technology, or getting another undergrad or grad degree the is sector specific, like Health Informatics, nursing, or pharmacology. Finally, I would always be interested in becoming an architect, as my plan before life happened was to go to Notre Dame to study architecture.
Immediately following this degree is an academic break. I promised my wife I would take a break. My kids are getting older with my eldest having just started high school. 2013 will be another certification year as I have slacked off for the past 14 months. I need to reassert myself and focus on the PMP (another key piece for my transition to management), as well as finally knocking out the VCP. And... I will likely re-up my Microsoft certs for Windows Server 2012 and do something to keep my Cisco certs active. At that point, I may be at the end of my certification rope... if I make the management transition, I will likely no longer maintain my technical certifications and only maintain my CISSP and yet to be attained PMP via continuing education requirements. If I remain a consultant, then I may push my technical certifications higher up the ladder via either a CCIE, Microsoft Master, and/or CISSP-ISSEP.
Anyhow, enough of this. Feel free to post with general questions on the UMUC graduate cybersecurity program or this course. I will provide at least a weekly synopsis. Thanks!
