Hello, my name is Greg Williams, I'm a lecturer in the computer science department at the University of Colorado, Colorado Springs. This is the course, threats and attack vectors in computer security. It's the second course in the overall specialization called practical computer security. So a little bit more about me, I'm also, in addition to a lecturer, I'm also the director of IT operations, or information technology operations, for the university or the office of information technology for the university. You can also call it the director of networks and infrastructure, because that's exactly what my teams do. We manage telecom, we manage everything physical, servers, networks, again, telecom. So, my teams manage all the physical infrastructure for the office of information technology. I'm also, what qualifies me to teach this course is, among other things, I've been a former information security officer for the university. And the former HIPAA security officer for the university, for the medical data that we have. I hold certifications in Windows forensics and penetration testing. I've also held certifications in payment card industry processing, so you're going to hear some of that in these courses as well. How I approach payment card industry security as well. I did have my ISA internal security auditor certification, which is a very rigorous program that you have to go through, in order to get certified for that. So what made me go back to being somebody that's innovative, versus somebody in security? Well, I wanted to be innovative again, with security it's pretty, here is exactly what you need to do. And it's not so much innovation and, hey, look at all the cool things that we can do in computer security, well, it's not like that. So I really wanted innovate again, and I thought, hey, what best career path could I move to, that would allow me both to practice security still. Because, still on the operations side, but it would also allow me to keep up with my computer security. And I teach the stuff for the university as well, so it's a great opportunity to practice both sides of the house, so who is this course for? This course is going to be for anyone that's interested in computer security from a practical perspective, and not just theory. Like I said, I've been practicing this for several years, I've been in the industry now for about 15 years. And that is hands-on experience, dealing with security, dealing with organizations, and I haven't spent my entire career in higher education. I spent it in Fortune 5000 companies, if you watch my bio video, you'll see that. Again, who is this course for, you may be an executive that needs to understand what threats to be concerned about, what is your information security office telling you? Are they telling you something that you should be concerned with, or are they saying, everything's fine, we've got it taken care of. Maybe there's going to be a debrief in a few days that you need to understand what just happened. Maybe there was a security breach, small business owners are not immune to this, either. Small businesses often don't have the time or the money to deal with information security. So if you're watching this as a small business owner or somebody that's in management inside of a small business, I hope you're going to get some information out of this course. What to be concerned with, inside of computer security. This course is design to explore the threats that are out there today. What would you be concerned with, what are you concerned with, what doesn't allow you to sleep at night? I have things like that all the time, and now I'm in operations, I still worry about computer security all the time. My information security office, I like to discuss things one on one with them every week, or even as they arise throughout the week. But I need to still understand the concepts out there, in order to be able to communicate back and forth between me as senior management, and also from the security point of view. This course approaches the practical side of computer security. Again, it's the second course in In the specialization called practical computer security. This course will help you prepare for some industry leading computer security certifications, such as Security+ and CISSP. The concepts in here map to the concepts inside of those certifications. It's not going to help you with everything, and I encourage you to study other resources. But one of the best comments I've ever had from my students is, your courses have helped me pass my Security+ without actually studying for them. Which was a huge compliment for me, because I've been practicing this stuff awhile. So I don't have my Security+ certification, but I understand, because I've been doing it for so long. My approach to this course, and the others in this specialization, is to help you prepare for what you're going to see out in your career. Not just the things that you're going to study one little thing here, one little thing there, and really based on theory. So this course is based for anyone who's looking to learn more about the computer security industry. And, well, from really somebody that practices it on a day to day basis. Of course, you need to understand the theory behind computer security in order to practice it as well. The course modules in this course are designed to cover four different areas. The first module or week is going to introduce you to user based attacks. Second module is going to examine network and system based attacks. The third module is going to explore cloud security. And the fourth module is going to dive into common vulnerabilities. There's also a fifth module, which is a project based module. That's going to allow you to apply what you've learned in the previous four modules into an overall project that you're going to be peer reviewing. At the end of each module, there's going to be a quiz that is covering the topic that was discussed in that week. The course project is a hands-on application of what you have learned in the course. You must achieve at least an 80% passing grade for the quizzes and for the project, in order to pass the course. Even though there's no technical component to this course, I do have guides to show you how you can build your own lab, so you can even get more out of the course, if you wish. I hope you get excited about this course, and since I've been practicing real world information security in an enterprise setting for several years. I hope that you can see the value in having somebody that's been in the industry and taught it as well, from the stories that I'll present to you. Since I've also been senior management for a majority of my career, I hope my insights, both in senior management and talking to constituents across the organization, will help you disseminate information. Understanding how to weed through what vendors tell you is also an important part of this course. How do you actually communicate to those vendors, what is really important to you? What are you really concerned about, what threats are you concerned about? So let me explain a little story to you, the WannaCry vulnerability, if you will, it was an exploit that was developed by the NSA to breach Windows-based systems. And it was so dangerous, in fact, that Microsoft said, we're going to patch even our 16 year old operating system, Windows XP, in order to patch this hole. So as soon as that comes out, as soon as the NSA and Microsoft say, okay, this is actually our doing. Vendors just went after this like crazy, and they said, hey, we have this solution, we have this solution, we have this solution. Well, it's really, really simple to protect your systems, like patching your systems, why do I need to talk to all these vendors? What are my attack vectors that I need to be concerned with? So understanding some of these concepts, and understanding these real-world scenarios that I'm going to share with you, are going to help you throughout this course, see you in lesson one.
