Home > Teaching > CS 668A: Practical Cyber Security for Cyber Practitioners

CS 668A: Practical Cyber Security for Cyber Practitioners

Credits:   3-0-0-0- [9]



CS 628A or equivalent exposure to an introductory cyber security course and experience with hands-on project development, familiarity with experience with contents of CS 631A or equivalent course on cyber physical systems security would be essential for this course. Exposure to CS 658A or equivalent course on intrusion detection and malware analysis would also be very helpful. Some exposure to practical machine learning or data analytics will be helpful.


Who can take the course: PhD, Masters, 3rd and 4th year UG Students


Proposer: Prof. Sandeep Kumar Shukla


Departments that may be interested: CSE, EE


Course Rationale

As we interact with various industry and their needs for cyber security, they often complain that the courses at academic institutions provide students with the fundamentals of cyber security, but the students are often not familiar with the practical issues associated with running a cyber security operation in a real organization. Also, while a lot of the theses at master’s level or dissertation at the PhD level are based on theoretical exploration of techniques, algorithms, or mathematical modeling of cyber security problems, there is a dearth of dissertation and thesis on the practical aspects of running cyber security operations. Having worked very closely with industry, we appreciate such concerns because there are very interesting problems to be solved for practical cyber security which also requires a great deal of fundamental thinking, reasoning, and concerns about human cognition of the inputs the operators and leaders receive from cyber security tools, dashboards, policy formulations but then in the crowd of details, fundamentals are lost, reasoning is replaced by ad hoc decisions. To change that, we need workforce, as well as academics who can abstract out the fundamentals from such practical problems are develop various practically oriented methods, methodologies, policy frameworks, and decision processes which would simplify cyber operations. This course is meant to be a first step towards that line of thinking, modeling, and methodology development.


Course Objectives

On completion of this course, a student should be able to: (i) articulate how various aspects of computer science (machine learning, vulnerability assessment and penetration testing, mathematical modeling, cyber security and cyber defense) come together to develop a wholesome cyber operations methodology and practice; (ii) articulate cyber security policy framework and the effect of fine tuning policies on the cyber operations; (iii) develop cyber security risk models and risk driven cyber security control paradigms; (iv) model the effect of cyber security tooling and features on the cognition of cyber threats of cyber operators; (v) advise or articulate how a tool interface, dashboard for operators be better designed for more impact on the operations; (vi) model end-to-end cyber security operation in an organization.


Course Content



No. of 1 hour Lectures


Cyber Security Operations (CyOps), and integration of cyber security operations to software development and operation process (DevSecOps), and integration of relevant operations (MLops, AIops, DevOps)



Cyber Operation Planning and Analysis  

Planning of a Cyber Security operation in an IT organization vs an OT/ICS

Planning and Risk Analysis


Incident Detection and Characterization

Incident Indicators and Incident Detection

Analyzing Incidents


Vulnerability and Consequence Analysis   

Vulnerability Detection Methods and Tools, System Model and Consequence analysis, Threat Intelligence and Threat activation of Vulnerabilities


Incident Response and Recovery  

Data Analytics support for Incident Response,

Backup and Recovery, Recovery from Incident Methods


Cloud and API security issues   

Cloud Security, Cloud and API security


Case Studies  

Industrial Case Students  


 Total Lecture hours


40 hours



There is no textbook for such a course yet. Research Papers will be the main sources of study material. 

There will be other resources put on the web by the instructor.

  1. Lecture notes, assignments, supplemental readings, and other resources will be provided via the course website
  2. The course will consist of 3 hours of lectures per week, projects and homework, and possibly a course project.