The Ultimate Coursera Guide for the InfoSec Professional

June 29, 2015

If this isn’t your first visit to the blog, you already know that I emphasize reading and learning to help you grow your information security career. Coursera is a great free resource to do that.

I’ve put together the definitive guide for information security professionals. This list has all of the core courses you should consider taking along with some other courses that would interest you. Additionally, I encourage you to go beyond the security courses to expand your technology knowledge.

Core Security Courses:

Software Security (link)

This course we will explore the foundations of software security. We will consider important software vulnerabilities and attacks that exploit them — such as buffer overflows, SQL injection, and session hijacking — and we will consider defenses that prevent or mitigate these attacks, including advanced testing and program analysis techniques. Importantly, we take a “build security in” mentality, considering techniques at each phase of the development cycle that can be used to strengthen the security of software systems.

Computer Security (link)

In this class you will learn how to design secure systems and write secure code. You will learn how to find vulnerabilities in code and how to design software systems that limit the impact of security vulnerabilities. We will focus on principles for building secure systems and give many real world examples.

Usable Security (link)

This course focuses on how to design and build secure systems with a human-centric focus. We will look at basic principles of human-computer interaction, and apply these insights to the design of secure systems with the goal of developing security measures that respect human performance and their goals within a system.

Hardware Security (link)

In this course, we will study security and trust from the hardware perspective. Upon completing the course, students will understand the vulnerabilities in current digital system design flow and the physical attacks to these systems. They will learn that security starts from hardware design and be familiar with the tools and skills to build secure and trusted hardware.

Cryptography 1 (and 2) (link)

Learn about the inner workings of cryptographic primitives and how to apply this knowledge in real-world applications!

Cybersecurity and Its Ten Domains (link)

This course is designed to introduce students, working professionals and the community to the exciting field of cybersecurity. Throughout the MOOC, participants will engage in community discourse and online interaction. Participants will gain knowledge and understanding of cybersecurity and its domains. They will engage with expertly produced videos, gain insight from industry experts, participate in knowledge assessments, practice assessing their environmental awareness, and gain access to materials that address governance and risk management, compliance, business continuity and disaster recovery, cryptography, software development security, access control, network security, security architecture, security operations, and physical and environmental security. Learning will be assessed using strategies aligned to knowledge and understanding.

Designing and Executing Information Security Strategies (link)

This course provides you with opportunities to integrate and apply your information security knowledge. This course provides you with opportunities to integrate and apply your information security knowledge. Following the case-study approach, you will be introduced to current, real-world cases developed and presented by the practitioner community. You will design and execute information assurance strategies to solve these cases.

Building an Information Risk Management Toolkit (link)

In this course, you will explore several structured, risk management approaches that guide information security decision-making. Course topics include: developing and maintaining risk assessments (RA); developing and maintaining risk management plans (RM); regulatory and legal compliance issues affecting risk plans; developing a control framework for mitigating risks; risk transfer; business continuity and disaster recovery planning from the information security perspective.

Information Security and Risk Management in Context (link)

Learn to defend and protect vital company information using the latest technology and defense strategies. Analyze internal and external threats to proactively prevent information attacks. Gain experience by solving real-world problems and leave the class equipped to establish and oversee information security.

Supporting Courses for the InfoSec Professional:

Malicious Software and its Underground Economy (link)

Students will learn how traditional and mobile malware work, how they are analyzed and detected, peering through the underground ecosystem that drives this profitable but illegal business. Understanding how malware operates is of paramount importance to form knowledgeable experts, teachers, researchers, and practitioners able to fight back. Besides, it allows us to gather intimate knowledge of the systems and the threats, which is a necessary step to successfully devise novel, effective, and practical mitigation techniques.

Programming Cloud Services for Android Handheld Systems: Security (link)

This course introduces students to basic issues in mobile cloud security, malware, and secure client/server communication. Students will learn about security risks in Android and cloud services, threat mitigation strategies, secure coding practices, and tools for managing security of devices.

Software Defined Networking (link)

This course introduces software defined networking, an emerging paradigm in computer networking that allows a logically centralized software program to control the behavior of an entire network. Separating a network’s control logic from the underlying physical routers and switches that forward traffic allows network operators to write high-level control programs that specify the behavior of an entire network, in contrast to conventional networks, whereby network operators must codify functionality in terms of low-level device configuration.

Internet History, Technology, and Security (link)

The impact of technology and networks on our lives, culture, and society continues to increase. The very fact that you can take this course from anywhere in the world requires a technological infrastructure that was designed, engineered, and built over the past sixty years. To function in an information-centric world, we need to understand the workings of network technology. This course will open up the Internet and show you how it was created, who created it and how it works. Along the way we will meet many of the innovators who developed the Internet and Web technologies that we use today.

Securing Digital Democracy (link)

Computer technology has transformed how we participate in democracy. The way we cast our votes, the way our votes are counted, and the way we choose who will lead are increasingly controlled by invisible computer software. Most U.S. states have adopted electronic voting, and countries around the world are starting to collect votes over the Internet. However, computerized voting raises startling security risks that are only beginning to be understood outside the research lab, from voting machine viruses that can silently change votes to the possibility that hackers in foreign countries could steal an election. This course will provide the technical background and public policy foundation that 21st century citizens need to understand the electronic voting debate. You’ll learn how electronic voting and Internet voting technologies work, why they’re being introduced, and what problems they aim to solve. You’ll also learn about the computer- and Internet-security risks these systems face and the serious vulnerabilities that recent research has demonstrated. We’ll cover widely used safeguards, checks, and balances — and why they are often inadequate. Finally, we’ll see how computer technology has the potential to improve election security, if it’s applied intelligently. Along the way, you’ll hear stories from the lab and from the trenches on a journey that leads from Mumbai jail cells to the halls of Washington, D.C. You’ll come away from this course understanding why you can be confident your own vote will count — or why you should reasonably be skeptical.

Bonus Class:

The point of the bonus class is something completely unrelated to security but a good skill to have in the toolbox. Negotiation fits the bill.

Successful Negotiation: Essential Strategies and Skills (link)

We all negotiate on a daily basis. On a personal level, we negotiate with friends, family, landlords, car sellers and employers, among others. Negotiation is also the key to business success. No business can survive without profitable contracts. Within a company, negotiation skills can lead to your career advancement.