RFC: Add IBM Cybersecurity Analyst Professional Certificate to the Final Project section

[lambdajack]

Problem:
OSSU could add a more complete set of resources for students wishing to follow a 'cybersecurity' related path. Related to #639.

Duration:
n/a

Background:
I see that there is a thread containing discussion on the inclusion of cybersecurity resources #639. That issue has remained quiet for some time, but the field is continuing to grow in importance at a seemingly exponential rate. I therefore think it should be an option for students engage in a security related specialisation as part of their OSSU experience.

The OSSU is a fantastic resource and I am very grateful to have been able to take advantage of it. I believe it can only get better by embracing cybersecurity resources and adding them as a path for future students to take. For many people the OSSU is their only option for getting a high quality, structured education in computer science and I think they should be given the option to engage deeper with cybersecurity.

Proposal:
To add a comprehensive cybersecurity course offering to the 'final project' section.

• The proposed course homepage: IBM Cybersecurity Analyst Professional Certificate

• See related pull request: Add IBM Cybersecurity Analyst Professional Certificate to the Final Project section #1026.

• The specialisation is comprised of 8 courses, with a capstone and assessment at the end, much like the other specialisations listed in the 'Final Project' section.

• High quality teachers and recognised cybersecurity giant backing.

• Wide range of of areas covered including an introduction, operational security, sysadmin, networking, threat assessment, database security and incident response.

• Highly rated curriculum (4.5 stars minimum course rating - capstone project rated at 4.8 stars). Ratings are a representation of over 60,000 students enrolled on the course (with approximately 5700 ratings).

• Course material is up to date.

• The recommended completion time is in keeping with the other courses in this section.

• English, Arabic, French, Portuguese (European), Italian, Vietnamese, German, Russian, Spanish subtitles.

• The course is available to enrol for free.

• The course is appropriately challenging and in keeping with the other courses in this section. The course starts out with a 'beginner' rated introduction and progresses to 'intermediate' difficulty by the end.

• Since the OSSU's base curriculum does not list cybersecurity resources as compulsory to progress (and I don't believe it should, as it stands perfectly as a solid all-encompassing computer science base and students should have the option to bypass it if they wish), this course is a good fit as it comprehensively covers the topic and will allow students who do not have a background in security to still get the most out of it.

Considerations:

• There are some complaints about the audio quality on the videos. I would say that, although it is not perfect quality, it is perfectly audible and not at all difficult to understand or grating to listen to. In any case, the content of the video lectures is thorough and I personally feel that the course is taught in a clear, concise and easy to understand way.
• Adding a cybersecurity related course to the Final Projects section may not be appropriate since the other cybersecurity sections of the readme note that their inclusion is provisional pending further consideration. Notwithstanding, it is clear that more and more traditional brick and mortar universities are putting a greater and greater emphasis on cybersecurity in their curriculum's and it would be prudent to mirror that behaviour.
• Since the courses are taught by IBM, there is naturally discussion of some of the tools IBM offers, though this does not detract from the quality delivery of the subject matter and how best to approach various cybersecurity challanges. Traditional open source cybersecurity tools are heavily utilised.

Sundaries

• If accepted, the course will need adding to the Trello board.

Alternatives:

• It may be decided that adding this course is not appropriate. In that case, I still believe reviving the discussion at Request for Comment: Add Security Courses #639 and vetting the security courses marked as 'provisional' so that they may have their provisional status removed would be an excellent step. Although it is good that the resources are pointed to, the fact that they are marked as 'provisional' will (likely) prevent many students from engaging; particularly if they are at the early stages of their career and are using the OSSU as their primary educational resource (which many users will be).
• Other course suggestions are welcome.

Final thoughts
^ The above said, I am no cybersecurity vetran and would certainly welcome the thoughts of those who are on IBM's offering. I have considered the contribution guidelines and this repository and hope that I have not missed anything obvious as to why this cannot be included.

Further to @spamegg1 request in #1026 (comment) I have copied much of the above from #1026. My apologies for any information duplication! I should have realised that this would be the better place to start the discussion. If you have read this RFC then there is no more information to be gained from the initial pull request comment at #1026.

[waciumawanjohi]

My first impression when I looked at the courses was that this looks biased towards using a specific suite of tools. Or in other words that it was more geared towards job training for an IBM shop than towards academic exploration. (A description of the relevant CS2013 Knowledge Area can be found here)

Reading through online discussions of the course suggest the same:

• "I did the Coursera course. It is okay as basics but the content turns towards an IBM marketing vibe after you get out the gates."
• "I have done it. It's only basic knowledge on each tech field, few basic labs in qradar , and a small powerpoint to create. Then you got two tests of 70 questions approximatively. IMO go for security+"
• "i'm not sure i see the value unless you end up working with those specific technologies. as a hiring manager most of this doesnt look like it transfers to internal security work."

Based on the discussions of this course, I wouldn't support adding this to the curriculum. If an analysis of the course showed that it aligned highly with the CS2013 I would be open to revising my opinion.

There are a few other Cybersecurity sequences that could be considered in place of this:

• U Maryland
• eCornell
• RIT

[waciumawanjohi]

Closing as there hasn't been a response in 30 days and there is another RFC that aims to address the top level concern. Feel free to reopen at need.