All I can say is Wow! This was probably my most difficult class. Matter of fact, I ended up dropping it the first time that I took it. In the end, I suffered through it and made out with an A.
My instructor was Dr. Paul Petersen: http://www.tecs.ecu.edu/departments/technology_systems/faculty_and_staff/petersen.html
Dr. Petersen was one of the most debated professors in my program so far. Some students loved him and a lot had problems with his methods. What stood Dr. Petersen out in the program was his willingness to record every classroom lecture and post on ECU's Global Classroom site. He taught an undergraduate level course on the same subject which is the lectures that he recorded. What was hilarious was that in the recorded lectures he often spoke of his graduate class with some less than flattering remarks. I can't remember any specifics but they were funny. Some of the students in my class took exception to these comments. I believe these were the students who didn't do so well.
This the text book that we used: Canada, John R., William G. Sullivan, John A. White, and Dennis Kulonda. Capital Investment Analysis for Engineering and Management, 3rd Edition. Pearson Education, 2005. ISBN 0-13-143408-X
Funny thing about this was that John Canada either taught or was a student at NC State. A guy that I used to work with went to classes with Canada. This book was not well received from some of the comments in Amazon. I found the book hard to follow - it was not well written in my opinion. It made the course even more difficult.
We also were required to download case studies from Harvard Business Online: one was Destin Brass Products case study and the other was The Super Project. Each case study counted towards 20% of the final grade.
We also had a few take home exams and a final group project. I was lucky enough to get in with a good group. I had a smart guy who worked in Wilmington for a chemical laboratory. We did a cost analysis of 3 different vendor's mass spectrometer instruments with the goal of recommending one.
Here is a breakdown of the rest of the topics we studied:
1) Costs - incremental versus fixed costs. Direct and indirect costs.
2) Compounding interest - finding out when you will triple your investments, continuous compounding
3) Calculating capital recovery for purchased equipments - MARR
4) Calculating internal rate of return and external rates of return
5) Calculating inflation - speaking in terms of today's dollars versus future dollars
6) Determining how much money you will have to invest to pay for expansions.
7) Activity based costing
This is the class that I will need to review very hard for my comp. exam.
Sunday, January 25, 2009
Tuesday, January 20, 2009
My graduate school experience: 2nd semester - ITEC 6000: Statistical Applications In Industry
The second of the core courses was my statistics class that I took in Spring of 2006. It was a tough class but it was also a great course. My instructor Dr. Paul Kauffman, ECU's department of engineering chair, http://www.tecs.ecu.edu/alumni/TECS_newsletter/nexus/nexusVol2no6.htm#4 was one of the most organized professor. He knew exactly how to conduct a distance education course. What he did was record lectures that had himself explaining the stat subject we were studying at the time. This helped a great deal to understand the tougher concepts. He also created and made available for download good PowerPoint presentations.
Another cool thing is that we used Excel to build alot of our homework submissions. I learned many of the built in Excel functions and the book usually had a section for each chapter that showed you how to build a spreadsheet.
Here is a snapshot of what we studied:
1) Data collection using surveys - Good interesting start to the semester. I actually used this information to help my team create a user survey to get input on how they liked our software.
2) Analyzing large data sets using frequency distributions and displaying histograms.
3) Measures of central tendency (mean, median, quartile ranges).
4) Data variation and shape using box and whisker plots.
5) Coefficient of correlation to measure strength of linear relationship
6) Probability.
There are a few more things that I need to look up. Plus the book, I will post the book title when I get back to work.
Another cool thing is that we used Excel to build alot of our homework submissions. I learned many of the built in Excel functions and the book usually had a section for each chapter that showed you how to build a spreadsheet.
Here is a snapshot of what we studied:
1) Data collection using surveys - Good interesting start to the semester. I actually used this information to help my team create a user survey to get input on how they liked our software.
2) Analyzing large data sets using frequency distributions and displaying histograms.
3) Measures of central tendency (mean, median, quartile ranges).
4) Data variation and shape using box and whisker plots.
5) Coefficient of correlation to measure strength of linear relationship
6) Probability.
There are a few more things that I need to look up. Plus the book, I will post the book title when I get back to work.
Tuesday, January 13, 2009
My graduate school experience so far....(Overview) - First course - A Program Introduction
Currently, I am enrolled in graduate studies at East Carolina University in Greenville for a Master in Information Security. Part of graduate requirements dictate that each student must take and pass a comprehensive exam in order to receive a degree. Part of preparing for this, I'm going back through all of my previous classes and reviewing the information. I thought "This would be a great blog posting" Maybe future students or someone who is thinking of taking this same program would benefit from this information.
So, here is the first part in a series of blog postings "What to expect in Masters of Information Security program at East Carolina University.".
First of all here is a link to the program: http://www.tecs.ecu.edu/departments/technology_systems/graduate_programs/MS_technology_systems/information_security.html
You will see that the program requires 30 hours of classroom instruction broken up into 10 different courses. The first four courses are what is considered "core courses", then a student launches into a "concentration." Since my concentration is Information Security, I go ahead and take those courses. My program coordinator is Kelly Bass and she is terrific! Very helpful.
Looking at the link above, the first of the four core courses is ITEC 6050 - Program Introduction.
ITEC6050 - Program Introduction. Fall 2005.
My professor for my first course was Dr. Charles Coddington: http://www.tecs.ecu.edu/departments/technology_systems/faculty_and_staff/coddington.html
I really like Dr. Coddington personally as he was very fair and organized professor. The first course to me was very easy. It was a program introduction so we went over some of the following:
1) How to use the Internet to do research including using the online library at ECU and how to sign up to IEEE Explore database using your ECU credentials. This has been very useful throughout the rest of my academic career at ECU.
2) Listserv - What are they, where are they and how to sign up and use listservs.
3) Yahoo Groups - How to sign up and use to the full extent Yahoo groups for online collaboration.
4) mIRC - We used mIRC chat to hold weekly class sessions. Dr. Coddington set up a mIRC chat server on one of ECU's servers that we used to interact in class.
5) Group project - our class divided up into groups and were assigned a team project. Our team learned how to use a wiki and built a collaborative wiki that simulated a fictitious medical office. The cool thing about this was that I then brought this knowledge back to my company. We had a series of loosely connected homegrown HTML pages for our project data. I was able to download
the wiki software and build a wiki for our team to use. It was a major hit!
6) Secure FTP - We studied and learned how much safer secure FTP was from a regular FTP server.
7) Midterm and final exams - not too difficult as this was mostly research using the Internet.
8) Required textbook? - no required textbook for this course.
Next - stay tuned for a review of core course: ITEC 6000- Statistics for Business Managers.
So, here is the first part in a series of blog postings "What to expect in Masters of Information Security program at East Carolina University.".
First of all here is a link to the program: http://www.tecs.ecu.edu/departments/technology_systems/graduate_programs/MS_technology_systems/information_security.html
You will see that the program requires 30 hours of classroom instruction broken up into 10 different courses. The first four courses are what is considered "core courses", then a student launches into a "concentration." Since my concentration is Information Security, I go ahead and take those courses. My program coordinator is Kelly Bass and she is terrific! Very helpful.
Looking at the link above, the first of the four core courses is ITEC 6050 - Program Introduction.
ITEC6050 - Program Introduction. Fall 2005.
My professor for my first course was Dr. Charles Coddington: http://www.tecs.ecu.edu/departments/technology_systems/faculty_and_staff/coddington.html
I really like Dr. Coddington personally as he was very fair and organized professor. The first course to me was very easy. It was a program introduction so we went over some of the following:
1) How to use the Internet to do research including using the online library at ECU and how to sign up to IEEE Explore database using your ECU credentials. This has been very useful throughout the rest of my academic career at ECU.
2) Listserv - What are they, where are they and how to sign up and use listservs.
3) Yahoo Groups - How to sign up and use to the full extent Yahoo groups for online collaboration.
4) mIRC - We used mIRC chat to hold weekly class sessions. Dr. Coddington set up a mIRC chat server on one of ECU's servers that we used to interact in class.
5) Group project - our class divided up into groups and were assigned a team project. Our team learned how to use a wiki and built a collaborative wiki that simulated a fictitious medical office. The cool thing about this was that I then brought this knowledge back to my company. We had a series of loosely connected homegrown HTML pages for our project data. I was able to download
the wiki software and build a wiki for our team to use. It was a major hit!
6) Secure FTP - We studied and learned how much safer secure FTP was from a regular FTP server.
7) Midterm and final exams - not too difficult as this was mostly research using the Internet.
8) Required textbook? - no required textbook for this course.
Next - stay tuned for a review of core course: ITEC 6000- Statistics for Business Managers.
Saturday, January 10, 2009
Web application security.
I'm in the middle of two technologies - software development and information security. In my grad school classes, my professors usually require us to write a term paper relating to security on each semester. My first paper dealt with creating an web application security plan for a software team. Looking back, I'm not sure if it was written with the best of knowledge - I went over things such as cross site scripting, buffer overflows, etc. but I really didn't know how to stop them - I was just listing common attacks.
So, when I found a video on www.csoonline.com that details Application Security from the experts at Gartner group, I decided to sign up to view the video.
Here are some highlights:
1) Even if your manager decides that security for your application is important, with the crappy economy for 2009, don't expect to receive any additional funding. Do with what you have.
2) Who's responsibility is it to do the application security testing? The development staff, outside security team? Then, where do you start? From the outside going in or starting on the inside of the application?
3) Should you be trying to break your application's security by testing against your production applications? Most organizations are scared to do this because customers are using the application and if you manage to break it, customers are affected. Using virtualization could be the answer to this problem: use virtualization to take a snapshot of your production application and test against that copy - not your actual production application.
4) Are there any automated testing tools, like JUnit, that is geared toward automating security tests?
5) How can you find an expert in the field of application security that will help you identify and isolate vulnerabilities? Over 150 new vulnerabilities are discovered each week so you need someone that knows how to be on top of these.
6) Trends include certifications from websites that they are secure - for example, PCI certifications from credit card companies.
7) White box or source code scanning for security issues only can catch about 5% of known attacks. It's good to do but don't rely on just this method.
8) Security software as a service - finally, companies trying to save money can use security testing and other software from the services cloud. Of course, you also have to worry about their security.
So, when I found a video on www.csoonline.com that details Application Security from the experts at Gartner group, I decided to sign up to view the video.
Here are some highlights:
1) Even if your manager decides that security for your application is important, with the crappy economy for 2009, don't expect to receive any additional funding. Do with what you have.
2) Who's responsibility is it to do the application security testing? The development staff, outside security team? Then, where do you start? From the outside going in or starting on the inside of the application?
3) Should you be trying to break your application's security by testing against your production applications? Most organizations are scared to do this because customers are using the application and if you manage to break it, customers are affected. Using virtualization could be the answer to this problem: use virtualization to take a snapshot of your production application and test against that copy - not your actual production application.
4) Are there any automated testing tools, like JUnit, that is geared toward automating security tests?
5) How can you find an expert in the field of application security that will help you identify and isolate vulnerabilities? Over 150 new vulnerabilities are discovered each week so you need someone that knows how to be on top of these.
6) Trends include certifications from websites that they are secure - for example, PCI certifications from credit card companies.
7) White box or source code scanning for security issues only can catch about 5% of known attacks. It's good to do but don't rely on just this method.
8) Security software as a service - finally, companies trying to save money can use security testing and other software from the services cloud. Of course, you also have to worry about their security.
Subscribe to:
Posts (Atom)
