About This Class

This class was the first of its kind at the Florida State University Computer Science Department (which is a CAE/IAE and CAE/R), and was started in the spring semester of 2013. The vision of this class is to fill the common gaps left by most University level security courses, by giving students a deep technical perspective of how things are attacked and hacked. The motivation of teaching such subject material was twofold: primarily to produce skilled students geared to become penetration testers and/or incident responders; and secondarily to hopefully raise the bar for security courses (as there is a real dearth of skilled security professionals coming out of college). This class spawned out of the security club/CTF-team N0L3ptr ("Nole pointer") that I founded, as my weekly meetings regularly became class-like sessions/workshops for members who knew next to nothing, but wanted to learn more about penetration testing and real world security.

When creating this course I discovered that someone else had pioneered the way for creating such a class at another University, and he had made the course entirely opensource. Furthermore that person provided the academic community with slides, advice, and a talk on how to do the same. This person is Dan Guido, now the CEO of Trail of Bits, and he taught (with help) "Application Security and Vulnerability Analysis" at NYU Polytech. Dan Guido's Talk "So You Want To Train An Army Of Ninjas" provided insight and inspiration for my creation of the "Offensive Security" course. Thanks Dan!

This course was entirely created from scratch, and with the help of Professor Xiuwen Liu we managed to deliver a fast-paced, content-rich semester long course. CIS 4930/CIS 5930 "Offensive Security" is a hands-on, practical, in-depth survey of important topics which are often totally untouched in most courses. Furthermore, I decided to video tape every lecture (when possible) and put them online, for the current and future students.

Designing a brand new course is very difficult for a single person, especially a course in the fast-paced world of computer security. Thanks to the frequent advice and support of friends/fans, whom range from malware analysts in the AV industry, reverse engineers and vulnerability researchers, incident responders for big labs, and penetration testers, this class turned out to be a success. Special thanks go out to Joshua Lawrence and Mitch Adair for their invaluable help in teaching and preparing course material for the class.

I really became aware of how important this course is after I presented my invited talk at BSIDES Orlando 2013. The title of my talk is "Lessons from Training Ninjas", and was an ode to Dan Guido's talk about his own class. If you want to teach your own class similar to this one, I would strongly urge you to see the above talk, and then my own:

---W. Owen Redwood

BSIDES Orlando 2013 Slides

This work is licensed under a Creative Commons license.