Towards the end of my time at the Managed IT Services company, I managed to get a scholarship to study for a Masters degree in Information Security at Royal Holloway, University of London. I originally thought I might be able to complete this is around 2 years part-time. My hope was that doing this MSc might help me get a job in IT Security. About 6 months after starting this course, I got a job in IT Security, at Defiant Inc, where I still am now, nearly 4 years later. I completed the qualification this summer.
I would thoroughly recommend this course to anyone looking to get into the field of Information Security (sometimes referred to as Cyber Security in the media). The modules I studied were:
Security Management – This covered areas like security frameworks, Information Security Management Systems, ISO 27001, Business Continuity and Disaster Recovery, data protection legislation.
Computer Security – Fundamental Design Decisions, different approaches to computer security, time-of-check-to-time-of-use (TOCTTOU) vulnerabilities, security threats posed by mobile code, security models (Bell-LaPadula and Clark-Wilson for example), Unix password protection and management, as well as attacks like SQL injection and buffer overflow.
Network Security – Email Security, S/MIME, PGP, WiFi, IPSEC, Firewalls and Intrusion Detection Systems, Network Layer Models, fundamental threats and enabling threats, Mobile Network Security – UTMS and GSM, Biometrics, Bluetooth security.
Cryptography – Symmetric, Asymmetric and Hybrid cryptography, Key Management and Exchange, The RSA Digital Signature scheme, ATM security, One-Time Pads, Quantum Cryptography and the implications of Quantum computing on cryptography, Cryptography over the past 50 years / Crypto Wars etc.
Digital Forensics – Network analysis and forensics, Passive and Active scanning, Email forensics, Legal and Technical implications on data retention, File system forensics (NTFS, FAT EXTx), Flash storage analysis, magnetic disk forensics, mobile phone forensics, legal and procedural issues relating to digital forensics.
Security Testing – Security Testing Methodologies (ISSAF/OSSTMM), Black/White Box testing, Passive/Active reconnaissance , ARP Poisoning / eavesdropping, TCP and ARP scanning, Cross-Site Scripting (XSS) attacks, CSRF, Salts and password hashes, Time-Memory trade-off, SQL Injection.
I then wrote my Masters dissertation on “The Importance of Responsible Disclosure” which I have serialised in these posts.