In a similar vein, we recently built Umbrella App - which has has tons of simple, easily accessible lessons on digital and physical security issues (from sending a secure email to dealing with a kidnap). It's designed to help make security easier for travellers, journalists, activists on the move. It's open source and available here:
I loved your app when I last checked it on FDroid. What is the angle of the Security First group? Is this a startup? I think the idea is interesting and deal tangetially with digital literacy and thought apps like yours are great for such things, but I fail to see how you can convert this into a business beyond funnelling people into your training and consulting stuff, like your website suggests.
There's lots of elements at work here but essentially the business model is:
a) Always be ethical, open source and build using grants etc to expand Umbrella's feature set, languages, content etc etc.
b) Diversify by building customisations and white-label versions of the app for large NGO's, various international organisations and commercial businesses. We've already had a lot of interest in this. In that context we are a bit less about the app as a learning tool and more about the security management features which don't exist anywhere else (commercially or open source).
c) Expand on the training and consulting stuff, which at present is going quite well but is pretty hard to scale extensively as it's very person intensive.
I read through some of the content on the github and it seems like good content. I think I'll brush off a dead android that I have at home to take full advantage of the app.
Thanks, we made kept it backwards compatible to Android 2.3.6 until about two weeks ago - due to wanting to ensure people in the developing world on cheaper phones could keep using it.
We've since depreciated that to 3.0 but if your looking for an older version, feel free to drop a mail and we can make it available again. Note to self, make all older versions available on Github
Interesting set of materials, and it's great to see these being more readily published and made available to anyone.
I was a bit disappointed with the depth of the introduction course's materials, though. Perhaps the other courses that are scheduled to be available soon will do a better job, but there doesn't appear to be a lot of substance within the available materials and the assignments don't require much thought (or even appear relevant - the question about mnemonic lists doesn't really address anything security related).
It could perhaps simply be because it's an introduction course, but I expected the introduction to cover basics such as password security, the confidentiality/integrity/availability model of aspects of a system that can be compromised, approaches for authenticating users (lattice access control, roles, differences between MAC and DAC etc) and other similar theory. Further courses can delve into the details of cryptography, common security vulnerabilities and such. Some of the linked materials are a bit more useful but I don't think I'd have personally taken this course if I only had the introduction to make a decision from.
When I enter my email and press subscribe I get -
"The information you have entered on this page will be sent over an insecure connection and could be read by a third party.
Hi! I'm Arto, one of the individuals responsible for the course. The first part of the course series is more on the IS side. The latter parts, including the one starting next week are more hands on, and include security and software development -related content as well as more advanced theory things such as cryptography and machine learning methods for log mining. As a CS senior, I would likely take the course as it (depending on my institution) combines topics from multiple CS courses and looks at them through a specific phenomenon -- it might, in the end, be even fun.
I took a (probably) similar business/management-related course on Coursera once and it seemed to me that for the most part it's about knowing the implications and requirements of the blame game and legal consequences beforehand.
Personally I just bought a mid-year textbook on cyber security from the University of Waterloo and I'm making my way through it. It's surprising how bad cyber security is, but so much of it is right there in the pages of this book. It's like finding out you can buy a Patriot missile for $250 and some spare time in the evenings.
edit: And of course this book would be unapproachable had it not been for the work I've done in engineering, software development, and machine learning.
Well the current state of the art in security is using techniques from ML towards intelligent vulnerability detection and intrusion (if you're team red), as well as intelligent detection of intrusion (if you're team blue). These are much easier to understand if you've written a classifier before.
You are correct. This is the one I was referring too, although I misattributed some of the topics (specifically machine learning) which weren't stressed in this textbook, but were stressed in some of the literature that I Googled as I read.
I would love to see OpenBadges integration and push university students and naughty employees when they keep doing dumb stuff on the network to take more useful courses like this instead of the watered down corporate crap I see for punishment, instead of educating people away from hacking attempts.
Not sure, but it might be the celebratory factor. (Given that both UoH and F-secure are involved, it's a good bet that Mikko Hyppönen is involved in this somehow, who is a pretty famous security expert).
The two you linked seem to only have a free trial, whereas this one is completely free. I'm not sure about the Coursera and Udacity ones though.
It says on the page that this course is made in collaboration with F-Secure, a pretty well-known cyber security company. Hopefully they know their stuff :)
Nice. However, my employer is happy to reimburse me some $4k per class at a traditional university, but will not pony up one dime for an online MOOC course.
Hmm. The employers I have encountered have been happy paying for stuff that brings some credibility to the company as well, such as certifications or master thesis grants. MOOC's just don't have the credibility generally speaking yet, so unfortunately it doesn't make sense to spend the effort even thinking about them.
Hello! (I'm one of the instructors) -- If you're currently residing in Finland, you can get them through the University of Helsinki Open University (I know...). We'll post more details on this shortly.
If you're residing elsewhere, contact your local institution and ask if they'd be willing to accept the course as a part of your studies.
In a similar vein, we recently built Umbrella App - which has has tons of simple, easily accessible lessons on digital and physical security issues (from sending a secure email to dealing with a kidnap). It's designed to help make security easier for travellers, journalists, activists on the move. It's open source and available here:
-https://play.google.com/store/apps/details?id=org.secfirst.u...
-https://www.amazon.com/Security-First-Umbrella-made-easy/dp/...
-https://secfirst.org/fdroid/repo
The raw content is CC and available here for reuse: https://github.com/securityfirst
More info: https://www.secfirst.org
Ends total plug on similar topic :)