The abridged syllabus you’re looking for has not been entered yet. We’ve provided a similar abridged syllabus as an example. Check back later for that specific abridged syllabus. The complete syllabus will be available in your Canvas course.
Cybersecurity
Fall 2024
Description
This advanced, hands-on course explores both the theory and practical application of threat hunting and intelligence using endpoint detection and response (EDR), security information and event management (SIEM), and threat intelligence platform (TIP) technologies. Students will learn to identify, analyze, and mitigate advanced persistent threat and eCrime activity through realistic scenarios based on real-world threats. They will explore indicator and structured hunting techniques across the network, Windows, Linux, macOS, cloud, and containers. Additionally, students will learn to apply intelligence frameworks like the Diamond Model and structured analytic techniques to correlate and attribute activity. Ideal for those seeking to sharpen their skills in both threat hunting and tactical intelligence analysis, this course prepares students to tackle sophisticated cyber threats head-on.
Instructor
Kimo Bumanglag
Course Structure
The course materials are further divided into modules which can be accessed by clicking Course Modules on the course menu. A module will have several sections including the overview, content, readings, discussions, and assignments. You are encouraged to preview all sections of the module before starting. Most modules run for a period of seven (7) days, exceptions are noted in the Course Outline. You should regularly check the Calendar and Announcements for assignment due dates.
Course Topics
- Threat hunting and intelligence introduction
- Find - the threat landscape and intelligence consumption
- Fix - hunting adversaries using indicators, exploratory analysis, and network and host analytics
- Finish - evicting adversaries from a network
- Exploit - using hunting results to inform intelligence analysis
- Analyze - applying analytical techniques to understand adversary behavior and improve defenses
- Disseminate - producing and reporting on threats
- Cloud hunting - tools and techniques for hunting in modern cloud and containerized environments
Course Goals
To develop an appreciation for how intelligence can drive security operations and how hunting can fulfill intelligence requirements. To develop critical thinking skills required to analyze threat actor activities.
Course Learning Outcomes (CLOs)
- Explain the capabilities and limitations of cyber threat intelligence and hunting programs
- Apply the intelligence lifecycle and analytical techniques to answer priority intelligence requirements
- Conduct threat hunting to develop and validate hypotheses to proactively identify threats
- Communicate key findings from intelligence collection and threat hunting
Textbooks
Not required
Other Materials & Online Resources
- The Threat Intelligence Handbook, 4th Ed.
- Intelligence-Driven Incident Response, 2nd Ed.
Required Software
- A computer capable of running Security Onion 2.4 or roughly 10 hours of cloud compute
Student Coursework Requirements
It is expected that each module will take approximately 7-10 hours per week to complete. Here is an approximate breakdown: reading the assigned sections of the texts (approximately 3-4 hours per week) as well as some outside reading, listening to the audio annotated slide presentations or video recordings (approximately 2-3 hours per week), and writing assignments (approximately 2-3 hours per week). This course will consist of the following basic student requirements:
Preparation and Participation (15% of Final Grade Calculation)
You are responsible for carefully reading all assigned material and being prepared for discussion. Readings are selected published works that will be found in Course Modules.
Post your initial response to the discussion questions by the evening of Wednesday for that module week. Posting a response to the discussion question is part one of your grade for module discussions (i.e., Timeliness).
Part two of your grade for module discussion is your interaction (i.e., responding to classmate postings with thoughtful responses) with at least two classmates (i.e., Critical Thinking). Just posting your response to a discussion question is not sufficient; we want you to interact with your classmates. Be detailed in your postings and in your responses to your classmates' postings. Feel free to agree or disagree with your classmates. Please ensure that your postings are civil and constructive.
I will monitor module discussions and will respond to some of the discussions as discussions are posted. You are responsible for responding to questions asked by myself or your fellow students that are directed to you. In some instances, I will summarize the overall discussions and post the summary for the module.
Evaluation of preparation and participation is based on contribution to discussions.
Preparation and participation is evaluated by the following grading elements:
Timeliness (50%)
Critical Thinking (50%)
Preparation and participation is graded as follows:
- 100–90 = A—Timeliness [regularly participates; all required postings; early in discussion; throughout the discussion]; Critical Thinking [rich in content; full of thoughts, insight, and analysis].
- 89–80 = B—Timeliness [frequently participates; all required postings; some not in time for others to read and respond]; Critical Thinking [substantial information; thought, insight, and analysis has taken place].
- 79–70 = C—Timeliness [infrequently participates; all required postings; most at the last minute without allowing for response time]; Critical Thinking [generally competent; information is thin and commonplace].
- <70 = F—Timeliness [rarely participates; some, or all required postings missing]; Critical Thinking [rudimentary and superficial; no analysis or insight is displayed].
Self-Assessments (5% of Final Grade Calculation)
Self-assessments are designed to ensure you understand the requirements at key points in the course. There are not right or wrong answers to a self-assessment, but you should answer them honestly and use them as a guide.
Assignments (40% of Final Grade Calculation)
Assignments will include a mix of qualitative assignments (e.g. literature reviews, model summaries), quantitative problem sets, and case study updates.
Include a cover sheet with your name and assignment identifier. Also include your name and a page number indicator (i.e., page x of y) on each page of your submissions. All Figures and Tables should be captioned and labeled appropriately.
All assignments are due according to the dates in the Calendar.
Late submissions will be reduced by 10 points for each day late (no exceptions without prior coordination with the instructors).
If, after submitting a written assignment you are not satisfied with the grade received, you are encouraged to redo the assignment and resubmit it. If the resubmission results in a better grade, that grade will be substituted for the previous grade.
Qualitative assignments are evaluated by the following grading elements:
- Each part of question is answered (20%)
- Writing quality and technical accuracy (30%) (Writing is expected to meet or exceed accepted graduate-level English and scholarship standards. That is, all assignments will be graded on grammar and style as well as content.)
- Rationale for answer is provided (20%)
- Examples are included to illustrate rationale (15%) (If you do not have direct experience related to a particular question, then you are to provide analogies versus examples.)
- Outside references are included (15%)
Qualitative assignments are graded as follows:
- 100–90 = A—All parts of question are addressed; Writing Quality/ Rationale/ Examples/ Outside References [rich in content; full of thought, insight, and analysis].
- 89–80 = B—All parts of the question are addressed; Writing Quality/ Rationale/ Examples/ Outside References [substantial information; thought, insight, and analysis has taken place].
- 79–70=C—Majority of parts of the question are addressed; Writing Quality/ Rationale/ Examples/ Outside References [generally competent; information is thin and commonplace].
- <70=F—Some parts of the question are addressed; Writing Quality/ Rationale/ Examples/ Outside References [rudimentary and superficial; no analysis or insight displayed].
Quantitative assignments are evaluated by the following grading elements:
- Each part of question is answered (20%)
- Assumptions are clearly stated (20%)
- Intermediate derivations and calculations are provided (25%)
- Answer is technically correct and is clearly indicated (25%)
- Answer precision and units are appropriate (10%)
Quantitative assignments are graded as follows:
- 100–90 = A—All parts of question are addressed; All assumptions are clearly stated; All intermediate derivations and calculations are provided; Answer is technically correct and is clearly indicated; Answer precision and units are appropriate.
- 89–80 = B—All parts of question are addressed; All assumptions are clearly stated; Some intermediate derivations and calculations are provided; Answer is technically correct and is indicated; Answer precision and units are appropriate.
- 79–70=C—Most parts of question are addressed; Assumptions are partially stated; Few intermediate derivations and calculations are provided; Answer is not technically correct but is indicated; Answer precision and units are indicated but inappropriate.
- <70=F—Some parts of the question are addressed; Assumptions are not stated; Intermediate derivations and calculations are not provided; The answer is incorrect or missing; The answer precision and units are inappropriate or missing.
Exams (40% of Final Grade Calculation, combined from 15% for Midterm and 25% for Final)
The midterm exam will be available in Module 6 and the final exam will be available in the next-to-last Module. You will have one week to complete the exams and they will be due by 11:59PM exactly one week from their release. You may use the course text and any notes to complete the exams.
The exams are evaluated by the following grading elements:
- Each part of question is answered (20%)
- Writing quality and technical accuracy (30%) (Writing is expected to meet or exceed accepted graduate-level English and scholarship standards. That is, all assignments will be graded on grammar and style as well as content.)
- Rationale for answer is provided (20%)
- Examples are included to illustrate rationale (15%) (If a student does not have direct experience related to a particular question, then the student is to provide analogies versus examples.)
- Outside references are included (15%)
Exams are graded as follows:
- 100–90 = A—All parts of question are addressed; Writing Quality/ Rationale/ Examples/ Outside References [rich in content; full of thought, insight, and analysis].
- 89–80 = B—All parts of the question are addressed; Writing Quality/ Rationale/ Examples/ Outside References [substantial information; thought, insight, and analysis has taken place].
- 79–70 = C—Majority of parts of the question are addressed; Writing Quality/ Rationale/ Examples/ Outside References [generally competent; information is thin and commonplace].
- <70 = F—Some parts of the question are addressed; Writing Quality/ Rationale/ Examples/ Outside References [rudimentary and superficial; no analysis or insight displayed].
Grading Policy
Assignments are due according to the dates posted in the Canvas course site. You may check these due dates in the Course Calendar or the Assignments in the corresponding modules. I/We will post grades one week after assignment due dates.
We generally do not directly grade spelling and grammar. However, egregious violations of the rules of the English language will be noted without comment. Consistently poor performance in either spelling or grammar is taken as an indication of poor written communication ability that may detract from your grade.
A grade of A indicates achievement of consistent excellence and distinction throughout the course—that is, conspicuous excellence in all aspects of assignments and discussion in every week.
A grade of B indicates work that meets all course requirements on a level appropriate for graduate academic work. These criteria apply to both undergraduates and graduate students taking the course.
EP uses a +/- grading system (see “Grading System”, Graduate Programs catalog, p. 10).
100-98 = A+97-94 = A93-90 = A−89-87 = B+86-83 = B82-80 = B−79-77 = C+76-73 = C72-70 = C−69-67 = D+66-63 = D<63 = F
Final grades will be determined by the following weighting:
Item | % of Grade |
Preparation and Participation | 15% |
Self-Assessments | 5% |
Assignments | 40% |
Exams (Midterm + Final) | 40% (15% + 25%) |
Course Evaluation
I love feedback! Let me know what you think worked well and what fell flat. You can leave informal feedback at any time. I will have a structured course survey at the end where you can leave anonymous feedback. JHU will also collect feedback.
Course Policies
Generative AI: Students are encouraged to explore and experiment with generative AI tools for learning purposes, but any use in assessments must be clearly indicated and appropriately attributed. If you choose to use generative AI, proofread it and verify what was generated. Also, I read enough generated text in my day job - I'd prefer you ask any GenAI tools to avoid superlatives. Finally - you are responsible for what you submit.Course Services: This course uses privately host services to enrich your exposure to some common threat hunting and intelligence tools. Please be mindful of this and do not hack or attack these services. Do not provide access to these services to anyone not in the class. Do not submit any class files to sharing services such as VirusTotal.
Academic Policies
Deadlines for Adding, Dropping and Withdrawing from Courses
Students may add a course up to one week after the start of the term for that particular course. Students may drop courses according to the drop deadlines outlined in the EP academic calendar (https://ep.jhu.edu/student-services/academic-calendar/). Between the 6th week of the class and prior to the final withdrawal deadline, a student may withdraw from a course with a W on their academic record. A record of the course will remain on the academic record with a W appearing in the grade column to indicate that the student registered and withdrew from the course.
Academic Misconduct Policy
All students are required to read, know, and comply with the Johns Hopkins University Krieger School of Arts and Sciences (KSAS) / Whiting School of Engineering (WSE) Procedures for Handling Allegations of Misconduct by Full-Time and Part-Time Graduate Students.
This policy prohibits academic misconduct, including but not limited to the following: cheating or facilitating cheating; plagiarism; reuse of assignments; unauthorized collaboration; alteration of graded assignments; and unfair competition. Course materials (old assignments, texts, or examinations, etc.) should not be shared unless authorized by the course instructor. Any questions related to this policy should be directed to EP’s academic integrity officer at ep-academic-integrity@jhu.edu.
Students with Disabilities - Accommodations and Accessibility
Johns Hopkins University values diversity and inclusion. We are committed to providing welcoming, equitable, and accessible educational experiences for all students. Students with disabilities (including those with psychological conditions, medical conditions and temporary disabilities) can request accommodations for this course by providing an Accommodation Letter issued by Student Disability Services (SDS). Please request accommodations for this course as early as possible to provide time for effective communication and arrangements.
For further information or to start the process of requesting accommodations, please contact Student Disability Services at Engineering for Professionals, ep-disability-svcs@jhu.edu.
Student Conduct Code
The fundamental purpose of the JHU regulation of student conduct is to promote and to protect the health, safety, welfare, property, and rights of all members of the University community as well as to promote the orderly operation of the University and to safeguard its property and facilities. As members of the University community, students accept certain responsibilities which support the educational mission and create an environment in which all students are afforded the same opportunity to succeed academically.
For a fulldescription of the code please visit the following website:https://studentaffairs.jhu.edu/policies-guidelines/student-code/
Classroom Climate
JHU is committed to creating a classroom environment that values the diversity of experiences and perspectives that all students bring. Everyone has the right to be treated with dignity and respect. Fostering an inclusive climate is important. Research and experience show that students who interact with peers who are different from themselves learn new things and experience tangible educational outcomes. At no time in this learning process should someone be singled out or treated unequally on the basis of any seen or unseen part of their identity.
If you have concerns in this course about harassment, discrimination, or any unequal treatment, or if you seek accommodations or resources, please reach out to the course instructor directly.Reporting will never impact your course grade.You may also share concerns with your program chair, the Assistant Dean for Diversity and Inclusion, or the Office of Institutional Equity.In handling reports, people will protect your privacy as much as possible, but faculty and staff are required to officially report information for some cases (e.g. sexual harassment).
Course Auditing
When a student enrolls in an EP course with “audit” status, the student must reach an understanding with the instructor as to what is required to earn the “audit.” If the student does not meet those expectations, the instructor must notify the EP Registration Team [EP-Registration@exchange.johnshopkins.edu] in order for the student to be retroactively dropped or withdrawn from the course (depending on when the "audit" was requested and in accordance with EP registration deadlines). All lecture content will remain accessible to auditing students, but access to all other course material is left to the discretion of the instructor.
