A few months ago, I finished the Advanced Cybersecurity Program at Stanford University online, and I thought I would share my thoughts on it.
For a while, I had been meaning to learn the basics of cybersecurity from a developer’s perspective. When looking at courses, many were either very risk-focused or highly technical, in the sense of writing exploits. I wanted to find something a bit more broad that focused on the development aspect. The Stanford course ticked that box for me.
Let’s address the elephant in the room first: it is expensive… $3,250 USD. I was lucky enough to have my company pay half of this course for me, and the rest is claimable on tax in Australia. If my company hadn’t covered half of the cost, I wouldn’t have taken the course. So, I would not suggest this course unless it is being funded, as there are a lot of great, cheaper resources that will also give you a nice piece of paper. Now that is out of the way, onto the course itself…
The course is self-paced and allows you to complete it over the course of a year from registration. You are required to complete 5 out of 6 elective courses; I completed all of them.
Foundations of Information Security: A decent introduction to the different parts of the course.
Using Cryptography Correctly: Very math-heavy. I learned quite a bit about cryptography. I didn’t expect to enjoy this one, but I did.
Writing Secure Code: This was mostly revision, but I did learn about some of the program analysis tools. This was the type of course I was most anticipating, and it is quite useful as a developer.
Exploiting and Protecting Web Applications: Although the assignments were very outdated, the practical aspect of writing exploits and then fixing them was great. Probably my favorite course in the program.
Mobile Security: I didn’t know much about mobile security going into this course. I ended up learning a lot of the basics of mobile security.
Network Security: The refresher on how the internet/networks work was useful, though I had covered it before. A lot of the security-specific content was new to me; I’m not sure if I will ever use it, but I’m glad I got my feet wet.
Cybersecurity and Executive Strategy: As I mentioned before, I only needed to complete 5 elective courses to earn the certificate and this was the one originally didn’t plan to do. I didn’t expect to like this course, but I ended up learning a lot about cybersecurity from an executive perspective.
One of the highlights of the course was the guest interviews with industry leaders. They were a nice addition, but not necessarily a significant selling point.
One of the downsides that stuck out was the LMS (Learning Management System), it feels quite out of date but did the job.
Overall, I got a lot out of the course, and most importantly, I got what I wanted from it. After completing the course, I’ve noticed a few changes in my approach:
- When coding or conducting reviews, I am more cognizant of security implications.
- Architecture-wise, I now think more about egress/ingress points and their security implications.
- I have a better understanding of security during conversations.
- I can better understand and appreciate existing security decisions.
TL;DR: To reiterate, I probably would not have done this course if my company hadn’t paid half, and I definitely would not have if it wasn’t something I could claim as an education expense on my taxes.