Undergraduate Focus Area: Cyber Security
The Cyber Security Focus Area in the Computer Science Major
Department of Computer Science
Last updated by Ming Chow and Susan Landau on July 15, 2019
The crux of Cyber Security is to understand how systems, applications, algorithms, and protocols work and fail. The purpose of this focus area is to provide you with breadth and depth in the broad area of Cyber Security with a strong technical foundation. This focus area applies equally well for Arts and Sciences (A&S) and School of Engineering (SoE) students.
The Computer Science Core
- Introduction to Computer Science (COMP 11)
- Importance for Cyber Security (the “why”): Being proficient in programming is an essential skill to have as a cyber security practitioner or researcher. (1)
- Data Structures (COMP 15)
- Importance for Cyber Security (the “why”): How to organize information and what it costs.
- Machine Structure & Assembly-Language Programming (COMP 40)
- Importance for Cyber Security (the “why”): Bits, bytes, pointers; memory management; basic assembly programming, debugging, and reverse engineering.
- Programming Languages (COMP 105)
- Importance for Cyber Security (the “why”): Your next "n" programming languages --how to use them well; secure and insecure type systems and language design; defensive execution of unsafe languages. (2)
- Algorithms (COMP 160)
- Importance for Cyber Security (the “why”): Provides a way to analyze time and space complexity of attacks and defenses, including cryptographic protocols.
- Theory of Computation (COMP 170)
- Importance for Cyber Security (the “why”): Study of the inherent capabilities and limitations of any computer.
The Cyber Security Core
- Introduction to Computer Security / Computer System Security (COMP 116)
- Importance for Cyber Security (the “why”): Basics of networking, attacking and defending networks, cryptography, vulnerabilities and vulnerability disclosure, web security, malware, static analysis. Caveat: this is broad course where you will learn a little about a lot.
- Operating Systems (COMP 111)
- Importance for Cyber Security (the “why”): How systems work; concurrency, resource management, interfaces, and hiding complexity, system design; no magic. (3)
- Networks (COMP 112)
- Importance for Cyber Security (the “why”): How computers talk to each other; not understanding networks and you will not understand the attribution problem.
- Web Programming (COMP 20)
- The Cyber Security Capstone (see below)
Cyber Security Cluster Electives
Pick at least 2 courses from the following list:
- One of the following, as only one of these courses can be counted towards the CS major: Cyber Security and Cyber Warfare (COMP 50 / PS 188), Cyberlaw and Cyberpolicy (COMP 150), Cyber in the Civil Sector (COMP 150), International Cyber Conflict (DHP P249), or Privacy in the Digital Age (COMP 250). Students can take only one of International Cyber Conflict and Cyber Security and Cyber Warfare for credit as the courses have significant overlap.
- Program Analysis, Verification, and Synthesis (COMP 150)
- Reverse Engineering (COMP 150)
- Cryptography (COMP 165)
- Software Engineering (COMP 180)
Doing the bare minimum coursework is not good enough. To be successful in cyber security, you will need practical hands-on experience. To quote:
"When I joined the Facebook security team last year, it was in large part because of the experience I gained through CTFs. When I was a student at the University of Michigan, the TA for my security class introduced me to CTFs, which exposed me to a fun and practical side of security that I didn't get in class. For example, I learned about RSA encryption in my computer science courses, but CTFs taught me how to break it when it wasn't properly implemented, which happens all the time in the real world. It's a lot of fun to learn this offensive side of security, but at the same time learning about these flaws makes you a better defender as well. Eventually I helped start the CTF club at the University of Michigan and later joined an international CTF team called Samurai, that competes at DEF CON every year." (5)
You can fulfill the capstone de facto requirement in our Cyber Security focus area by one of the following ways:
- Do a year long senior capstone project via COMP 97 and COMP 98
- Doing a thesis in Cybersecurity Policy via COMP 197
- Compete in a national competition:
- MITRE Embedded Capture the Flag Competition (spring semester)
- Booz Allen Hamilton and Maryland Cybersecurity Center Build It Break It Fix It Competition (fall semester)
- National Collegiate Cyber Defense Competition (CCDC, spring semester)
- Atlantic Council Cyber 9/12 Student Competition (fall or spring semester)
- Collegiate Penetration Testing Competition (CPTC, fall semester)
Your experience may vary, but this table represents a typical student's progression through the program based on the School of Engineering degree sheet for Computer Science: (6)