Prof. Greg Kesden
Learned a ton of C and system-level concepts as a whole. Since it was a summer class, I spent probably about 25-35 hours a week combined for both homework and watching lectures. When there was a test I might have spent up to 50 hours the week before studying and watching lectures. Overall, despite the hard work, it was a good class and I learned a lot.
Memorable class quote
"...I informed them that I certainly was not, because, there is no student in the state of... Mississippi... that is possibly going to be qualified to take this course. So, clearly, this was not going to be an issue this semester or anytime in the near future." -- Greg Kesden
Dr. Bill Nace
I hadn't ever taken a networking class before, so this was a great introduction. Nace is a friendly guy, and his class was pretty easy to pay attention to, if you weren't tired thanks to the time that the class is offered. If you saw him present slides at the open house, he lectures pretty much the same way. His homeworks were easy, but practical, and I enjoyed doing them. His tests, however, were waaaaay different than the rest of the class. They asked extremely specific (answer was on 1 slide only) questions, and there was no way to predict what all would show up on the test since all previous material was possible. It was fair though, I just didn't know how to study for it. I still recommend it.
Memorable class quote
"So does anyone know (some networking concept)? <looks around> Yes, Ibrahim." -- Bill Nace
Dr. Virgil Gligor
I don't know if you'll have to take this specific class, because I think the INI changed the requirement, but in essence you'll get the same material just with a different professor (Dr. Nicolas Christin). The material is very abstract, but the reason I said that my learned amount is "still rising" is because the material shows up in almost every class and it makes more sense. The tests were very difficult for me, and I had to study for a long time. I think that's mostly due to the material. Overall, this class was the most work for me in my first semester.
Memorable class quote
"How many pancakes does it take to build a doghouse? None stupid, aligators can't fly!"
Chris May/Dennis Allen
Lots of "best practices" for security, and hardening servers was a fairly regular assignment or in-class deal. There were some fantastic assignments, and we even got to have the instructors break into our hardened servers and monitor how they did it (they intentionally allowed for the machines to not be fully up to date). Nothing was incredibly difficult, but it was all very fun. I always looked forward to this class. If you plan to take the forensics track, you'll take this course, but even if you don't, it's still a good course to take. Highly recommended for sure.
Dr. Nicolas Christin
I think this has been my favorite class overall at CMU. Lots of very excellent material was covered, and the homeworks were practical and enjoyable. Christin is a fantastic professor as well, very easy to understand and his slides are not hard to interpret. There was a class project for the semester, and I think it helped me get an internship for the summer. It's not an easy class, but it's a great class. Some people would rather take just SSS, but this is a great class that I think they miss out on!
The material in this class mainly pertains to disk image analysis. He will tell you that the course is heavy early and lighter later in the semester; this is 100% accurate. The beginning of the semester covers very low level stuff, so you'll be reading a lot of hex to figure out information. However, once you get a little higher up, it becomes so much more enjoyable. Every assignment or test is like solving a new puzzle. It never was boring for me, but that may be because I am interested in forensics. Even if you don't plan to do the forensics track, it's a great class.
Rich Caralli/James Stevens
This is the first Heinz mini you'll have to take. It's... different. At the time when I took the class, I was not enjoying it. However, I will say that it does a half-decent job of covering one aspect of security policy (risk planning). The biggest challenge of the course is figuring out how to properly interpret the questions of the HW and tests. They're not really too hard, but you have to not think too much or you'll actually go further than they want you to when answering. The HW difficulty is a "?" because they often would make mistakes when creating the quizzes on Blackboard, and you wouldn't know which questions were wrong until the next class. Generally though, it's an OK class; I had some conversation about information security risk in a couple of interviews so it's certainly not useless.
Dr. Rahul Telang
By far, this has been my least favorite course at CMU for a wide variety of reasons. This isn't a "I'm doing poorly in this class so I hate it" summary, but I think there are some issues that need to be addressed for this class to be better. Mainly, don't expect your technical knowledge to make any difference in this class. In fact, he often says to "not think about the technical standpoint" when talking in class. You are very welcome to just throw random statements out with no regards to accuracy from both a technical or a policy view. This is the reason the home page of this site is a "buzzword generator." This class doesn't even attempt to incorporate any actual security policy into discussion, not even a little. The best way to describe this course is to take "security" and "management" out of the course title and just call it "Information Policy." You'll be required to take this class, so you will most likely need to learn patience to deal with it. For the record, I had generally good grades in here so this opinion is mostly based on content being delivered.
Dr. Rajeev Gandhi
Probably, as of this semester, my most time-consuming class. The whole class seems to be designed that you will be working on labs for a long period of time. There are even references to the Operating Systems class in the lab documents, so it's almost like they are wanting to pretend they are offered similar rigor to the Operating Systems class. This is not quite true. It is true that you will design a kernel (in ARM), and it's true that almost all your homeworks will build on each other. What is less likely to be true is that you will be able to consistantly receive good help for your homework. The TAs in the previous year's embedded class were constantly talked about as being some of the best, but only one or two TAs were helpful for this course. Piazza posts would be either unanswered or answered very poorly, and assignments were not graded until the end of the semester. The TAs also would grade the tests and would subtract large amounts of points for minor mistakes -- in one question, after seeing Dr. Gandhi, I received 10 points back. It was a nightmare trying to get help from most of the TAs.
Tests were also made in such a way that everyone was going to fail. The stats on the final exam:
Minimum Value 4.00
Maximum Value 51.50
Standard Deviation 9.33
Yes, that is a 4 out of 100 on the final exam. No one in the class passed that exam. This was an open-book, open-notes test. In general, the goal of these tests is to beat the average. The only reason most people take this class is to fill a mostly unhelpful prerequisite for Distributed Systems. It's hard to be positive about this class when everything is designed for you to bang your head against a wall while working.
"F***, man..." -- everyone in the class
"If I encounter a doubt, I shall send sir a mail."
Jay McCallister/Melissa Ludwick
At the time I took this course, it was a pilot class for the INI taught by my summer internship employers, the Emerging Technology Center. This comes as both a good and bad thing. The good thing is that they were not like typical instructors and were actively focused on improving the class before it even ended. You may be requested to give feedback multiple times a semester. I really like this, I think that it helps a lot for making sure the class is on track. However, if you're an INI students (or someone particularly technical), you will most likely not enjoy this class. The assignments are subjective at best, and it seems that you're required to follow a a template for presentations/papers no matter what the outcome. As "flexible" as it's supposed to be, the assignments are not. There's a lot of ambiguity in the assignment, which is part of the course, but there's ambiguity in dealing with the assignment ambiguity too. In other words, sometimes they don't give you a clear explanation of their requirements.
It is worth noting, though, that this class is an incredible resume booster. Myself and many classmates were asked specifically about this class on our resumes when we were interviewing. This isn't just government sector, it's private sector too. So if you can bear with it, it may be a very good career choice. Just don't expect to enjoy it too much if you want something technically in-depth.
"Is that guy in Heinz College with you guys?"
"No way! We thought he was in the INI..."
"Who the hell is he?"
"I don't know, but he needs to learn to use the damn mic."
This was probably my least favorite of all the forensics classes, but that doesn't mean that I didn't learn anything. In fact, I got a lot more paranoid about what goes on in my own network. If there's anything that you should get out of this class, it's how easy it is to analyze "metadata." However, don't expect a lot of help in learning anything. You're going to be on your own. Keep up with the homeworks, even if he doesn't grade them sometimes. You will screw yourself on the test otherwise. This class will teach you however much you want to get out of it.
A great ending to the cyber forensics track. You really brush up on the material from previous courses and put it all together in a much more advanced way. It's surprising how much I remembered, as well as how much I didn't. The lectures, like most CERT classes, just feel like they take a long time (because they actually do), but other than that, they are really good. Very detailed and clear content with professionals teaching, not academics.
The very best part of the class is the final project, which is broken into multiple stages to balance out the workload. Not only do I appreciate them properly staging the assignment so that you can't procrastinate, I like that they don't overload on the work. Plus, it's challenging stuff. You will not find everything. I still found it to be one of the best assignments I ever have done.
The second easiest class I had at CMU. Twice a week, I would get up and just go to class. Rarely was there anything I had to prepare (except at the end). I could just go and relax. I didn't even have to bring my backpack if I felt like it. This class was mostly an exercise in learning to confident in speaking publicly and less about communicating a point. This was valuable to some people in this class for sure, though I think I got less out of it. I did get to act out a scene from Step Brothers though... that was fun!
Dr. Bill Nace
This class is likely the hardest for me to review. I say that because I could easily go on a very long rant about it (which I did a lot during the semester). I'll do my best to focus for this review though
First, this class is not designed for you to have any control over the assignments. You don't get to pick your partner for the homework, and you are also randomly assigned members to your project team. If you get stuck with someone who doesn't do anything, well, tough luck. There are no consequences for them. This class promotes coasting. It's possible to put in minimal effort until the final comes.
Second, this course needs to be vastly improved in terms of logistics and quality. Everything is done via pre-recorded videos. These videos aren't even updated between semesters, and there is content that needs to be redone because the field has changed. There are tons of readings, some reaching over 100 pages, and at least 2 and 1/2 hours (can be upwards of 3 and 1/2) of lectures to watch per week. It's not enjoyable, there's no real interaction. It's very easy for the course staff this way, but it's really not that good for the students.
Finally, I don't like the way that things are just arbitrarily done in this class. Labs? Random partner. Project? More random partners. Final? Have to make a 50 or greater to pass the class. You think, "What is the point of all this? This doesn't do anything to help me enjoy the class?" There will never be an answer to this question. You can ask it, but there will not be something that properly addresses it. Things are done this way because Bill Nace wants them done that way. You have to accept that, or you will hate this class (you may still hate it regardless).
I do have to give credit to Prof. Nace on one really big thing. He is very timely in getting back on emails, at least from my experience. He also is happy to make time to meet with you on your schedule if you can't make his office hours. He is genuinely interested in you learning the material, for sure. However, his methods to teach you this material are not that amazing. I think this course needs a lot of improvement. Overall, improving a professor's teaching methods is much easier than creating a desire for him/her to teach. Prof. Nace has the motivation, but needs some work in the execution department.
This is the one -- the ultimate do-nothing class. If you've done even the slightest bit of work in Linux, this class will be a breeze for you. During the semester, I did every homework but one in the first half of the class. Rarely did I ever need to do anything outside of class. And you didn't even have to go! He doesn't take attendance, but there is a participation grade. Even if you don't go, you can still contribute on the discussion board and get your points that way. As a whole... this will balance your schedule out a lot, especially when projects come around. 1 hour of studying for the final turned into a 100 on the test, which I did in 10 minutes. So yeah... take this class if you want to ease up your workload.