As the next programme director of UCL’s MSc in Information Security, I have quickly realized that showcasing a group’s educational and teaching activities is no trivial task.
As academics, we learn over the years to make our research “accessible” to our funders, media outlets, blogs, and the likes. We are asked by the REF to explain why our research outputs should be considered world-leading and outstanding in their impacts. As security, privacy, and cryptography researchers, we repeatedly test our ability to talk to lawyers, bankers, entrepreneurs, and policy makers.
But how do you do good outreach when it comes to postgraduate education? Well, that’s a long-standing controversy. The Economist recently dedicated a long report on tertiary education and also discussed misaligned incentives in strategic decisions involving admissions, marketing, and rankings. Personally, I am particularly interested in exploring ways one can (attempt to) explain the value and relevance of a specialist masters programme in information security. What outlets can we rely on and how do we effectively engage, at the same time, current undergraduate students, young engineers, experienced professionals, and aspiring researchers? How can we shed light on our vision & mission to educate and train future information security experts?
So, together with my colleagues of UCL’s Information Security Group, I started toying with the idea of organizing events — both in the digital and the analog “world” — that could provide a better understanding of both our research and teaching activities. And I realized that, while difficult at first and certainly time-consuming, this is a noble, crucial, and exciting endeavor that deserves a broad discussion.
Information Security: Trends and Challenges
Thanks to the great work of Steve Marchant, Sean Taylor, and Samantha Webb (now known as the “S3 team” :-)), on March 31st, we held what I hope is the first of many MSc ISec Open Day events. We asked two of our friends in industry — Alec Muffet (Facebook Security Evangelist) and Dr Richard Gold (Lead Security Analyst at Digital Shadows and former Cisco cloud web security expert) — and two of our colleagues — Prof. Angela Sasse and Dr David Clark — to give short, provocative talks about what they believe trends and challenges in Information Security are. In fact, we even gave it a catchy name to the event: Information Security: Trends and Challenges.
Angela told us about why people don’t follow security advice (tl;dr it’s not always their fault!), Alec about the “normalisation of the subversive” and encouraged us to keep doing work that is deemed useless and outright controversial as history will prove us right. Then David explained how sometimes the “good guys are the bad guys” and gave a bird-eye overview of the malware ecosystem. The talks concluded with Richard, who told us how we should reason about security “beyond the perimeter” and never take the eye off the ball as lots of security principles we learn are easily bypassed with improper threat modeling.
There was some very interesting discussion, both during the panel and in the following reception (thanks UCL-CS and S3 for the organization!), and I am very happy about the format, the turnout, and the significance of this experiment, so I am looking forward to more of such events. Thanks again to everyone who organized, talked, and participated.
MSc Information Security Overview
During the event, I also gave a short presentation to overview our programme.
Why study Information Security at UCL?
That’s an easy question! 🙂
UCL (est. 1826) was the first English institution to welcome students of any race, class or religion, and female students on equal terms with men. Today it is a globally leading university with 29 Nobel Prize Winners and 3 Field Medalists. The Computer Science Department hosts 80 faculty and 300+ researchers, is recognized as Academic Centre of Excellence in Cyber Security Research, and hosts the Science of Security Institute, not to mention that it was ranked #1 in the recent REF.
UCL MSc ISec is a pool of renowned academics conducting world-leading, high-impact research on all aspects of information security, ranging from network and computer security to cryptography, human-centered security, privacy, and cyber crime.
Here’s our faculty:
- Earl Barr: research in program analysis, information theory, optimisation; teaches Malware
- David Clark: research in analysis and verification, understanding software and specifications; teaches Malware and Language Based Security
- Nicolas Courtois: research in cryptanalysis, crypto currencies, information security; teaches Applied Cryptography and Cryptanalysis
- George Danezis: research in anonymous communication, privacy technologies, cryptography engineering; teaches Computer Security I, Privacy Technologies
- Emiliano De Cristofaro: research in applied cryptography, privacy technologies, measuring security and privacy issues; teaches Computer Security II and Introduction to Cryptography
- Brad Karp: research in systems security, wireless networks, distributed systems, networking, operating systems; teaches Distributed Systems and Security
- Jens Krinke: research in program analysis, malware analysis, taint analysis, information flow control, bug detection; teaches Malware and Language Based Security
- Granville Moore: research co-ordinator of Institute in Science of Cyber Security (RISCS); teaches Information Security Management
- Steven Murdoch: research in authentication, passwords, banking security, anonymous comms, censorship resistance and covert channels; teaches Research in Information Security
- Angela Sasse: research in human and economic aspects of security, usable security; teaches People and Security
- Gianluca Stringhini: research in social network security, web security, botnet mitigation, and cyber crime; teaches Computer Security II, Cybercrime
Even if they are not teaching in the programme at the moment, the Information Security Group is extremely lucky to include:
- Jens Groth: research in cryptography and zero-knowledge proofs
- Sarah Meiklejohn: research in cryptography and crypto currencies
- David Pym: research in security economics, policy, logic, access control
What do we teach?
The programme has four compulsory modules:
- Introduction to Cryptography
- Computer Security I
- Computer Security II
- Research in Information Security
Then, the students choose four optional modules, typically from the following options:
- Applied Cryptography
- Privacy Technologies
- Language-based Security
- People and Security
- Information Security Management
- Distributed Systems and Security
However, students can choose up to two (out of the four optional) modules from other programs as well (e.g., Requirements Engineering and Software Architecture, Validation and Verification, Understanding Usability and Use, Human Computer Interaction, Communications and Networks, Entrepreneurship, etc.).
The programme also includes a thesis involving an independent piece of research (typically yielding a 50+ report), which can also be complete while working alongside a company.
We also organize:
- Weekly Information Security Seminars
- Weekly Hacking Seminars
- A Bitcoin Research Seminar
- Industry Days
Who can apply?
While you can find more details here, we are typically looking for applicants with a computer science, engineering, or maths background. A successful student will have the ability to understand basic theory, understanding of algorithms and programming, good English language skills, and, most importantly, an interest in Information Security!
More information and Social Media Presence
- Admissions Tutor, Dr George Danezis, firstname.lastname@example.org
- Programme Director, Dr Emiliano De Cristofaro, email@example.com
- Programme Administrator, Sean Taylor, firstname.lastname@example.org
- UCL MSc ISec: http://www.cs.ucl.ac.uk/admissions/msc_isec/
- UCL Information Security Group: http://sec.cs.ucl.ac.uk
- Academic Centre of Excellence in Cyber Security: http://sec.cs.ucl.ac.uk/ace_csr/
- Follow us on Twitter (@uclisec), Facebook, Linkedin