A few months ago, I finished the Advanced Cybersecurity Program at Stanford University online, and I thought I would share my thoughts on it.
For a while, I had been meaning to learn the basics of cybersecurity from a developer’s perspective. When looking at courses, many were either very risk-focused or highly technical in the sense of writing exploits. I wanted to find something broader that focused on the development aspect. The Stanford course ticked that box for me.
Let’s address the elephant in the room first: it is expensive—$3,250 USD. I was lucky enough to have my company pay half of this course for me, and the rest is tax-deductible in Australia. If my company hadn’t covered half of the cost, I wouldn’t have taken the course. So, I would not recommend this course unless it is being funded, as there are many great, cheaper resources that will also provide you with a certificate. Now that that’s out of the way, onto the course itself…
The course is self-paced and allows you to complete it within a year from registration. You are required to complete 5 out of 6 elective courses; I completed all of them.
Foundations of Information Security: A decent introduction to the different parts of the course.
Using Cryptography Correctly: Very math-heavy, but I learned quite a bit about cryptography. I didn’t expect to enjoy this one, but I did.
Writing Secure Code: This was mostly revision, but I did learn about some program analysis tools. This was the type of course I was most anticipating, and it proved quite useful as a developer.
Exploiting and Protecting Web Applications: Although the assignments were very outdated, the practical aspect of writing exploits and then fixing them was great. Probably my favorite course in the program.
Mobile Security: I didn’t know much about mobile security going into this course, but I ended up learning a lot about the fundamentals.
Network Security: The refresher on how the internet and networks work was useful, though I had covered it before. Much of the security-specific content was new to me; I’m not sure if I’ll ever use it, but I’m glad I got my feet wet.
Cybersecurity and Executive Strategy: As I mentioned before, I only needed to complete 5 elective courses to earn the certificate, and this was the one I originally didn’t plan to do. I didn’t expect to like this course, but I ended up learning a lot about cybersecurity from an executive perspective.
One of the highlights of the course was the guest interviews with industry leaders. They were a nice addition, but not necessarily a significant selling point.
One downside that stood out was the LMS (Learning Management System), which feels quite outdated but did the job.
Overall, I got a lot out of the course, and most importantly, I got what I wanted from it. After completing the course, I’ve noticed a few changes in my approach:
- When coding or conducting reviews, I am more cognizant of security implications.
- Architecture-wise, I now think more about egress/ingress points and their security implications.
- I have a better understanding of security during conversations.
- I can better understand and appreciate existing security decisions.
TL;DR: To reiterate, I probably would not have done this course if my company hadn’t paid half, and I definitely would not have done it if it weren’t tax-deductible as an education expense.