username2835888
Badges: 3
Rep:
?
#1
Report Thread starter 2 years ago
#1
Dear All,
As an International student I am confused on which one is really worth the penny,experience and practical for Cyber Security.

I am currently holding offers from:
MSc Cyber Security Engineering - University of Warwick
MSc Information Security and Privacy - Cardiff University (Non-GCHQ Certified)
MSc Cyber Security - University of South Wales (Provisional GCHQ)

Awaiting Result from:
University of Surrey(Provisional GCHQ),Edinburgh Napier (Full GCHQ) and Royal Holloway (Full GCHQ)

Rejected at Lancaster (Full GCHQ)

Need current students advice from Computer Science faculty on where I can learn the most and futuristic opportunities?

-chinmay241
0
reply
username3079870
Badges: 19
Rep:
?
#2
Report 2 years ago
#2
The GCHQ thing is meaningless. I had the worst teaching experience I've ever had on a GCHQ provisionally certified module. The material were outdated, incorrect and on one occasion, missing lol!

GCHQ are endorsing courses and handing out scholarships as there are far too few Cyber Security professionals in the UK at the moment. This means more work for GCHQ in the longterm. For example, if Tesco Bank had more well trained Cyber Security engineers they might not have gotten hacked. That is less work for GCHQ. GCHQ endorsing a masters is simply them saying "we checked it out, they aren't teaching you anything unethical or reckless". It might impress some employers though in fairness.

In terms of the quality of the course, the GCHQ accreditation doesn't mean much. Think of it like a MOT. It might pass, but it doesn't mean its a good car. It doesn't mean its a bad car either.

Of the places you mentioned, Royal Holloway has the best research I've read. Warwick is a a fairly new course and overall has a good rep.

Really though, the GCHQ thing doesn't mean anything about the quality of the course or the quality of the modules.
1
reply
username2835888
Badges: 3
Rep:
?
#3
Report Thread starter 2 years ago
#3
(Original post by jestersnow)
The GCHQ thing is meaningless. I had the worst teaching experience I've ever had on a GCHQ provisionally certified module. The material were outdated, incorrect and on one occasion, missing lol!

GCHQ are endorsing courses and handing out scholarships as there are far too few Cyber Security professionals in the UK at the moment. This means more work for GCHQ in the longterm. For example, if Tesco Bank had more well trained Cyber Security engineers they might not have gotten hacked. That is less work for GCHQ. GCHQ endorsing a masters is simply them saying "we checked it out, they aren't teaching you anything unethical or reckless". It might impress some employers though in fairness.

In terms of the quality of the course, the GCHQ accreditation doesn't mean much. Think of it like a MOT. It might pass, but it doesn't mean its a good car. It doesn't mean its a bad car either.

Of the places you mentioned, Royal Holloway has the best research I've read. Warwick is a a fairly new course and overall has a good rep.

Really though, the GCHQ thing doesn't mean anything about the quality of the course or the quality of the modules.
I have got in Royal Holloway MSc Information Security with 1 year in industry.
Should I take up this or the warwick. I am more towards the technical side and won't like to mix with Management out here.

Any current students in RHUL to give some insight?
0
reply
Cisco Kid
Badges: 8
Rep:
?
#4
Report 2 years ago
#4
(Original post by jestersnow)
The GCHQ thing is meaningless. I had the worst teaching experience I've ever had on a GCHQ provisionally certified module. The material were outdated, incorrect and on one occasion, missing lol!

GCHQ are endorsing courses and handing out scholarships as there are far too few Cyber Security professionals in the UK at the moment. This means more work for GCHQ in the longterm. For example, if Tesco Bank had more well trained Cyber Security engineers they might not have gotten hacked. That is less work for GCHQ. GCHQ endorsing a masters is simply them saying "we checked it out, they aren't teaching you anything unethical or reckless". It might impress some employers though in fairness.

In terms of the quality of the course, the GCHQ accreditation doesn't mean much. Think of it like a MOT. It might pass, but it doesn't mean its a good car. It doesn't mean its a bad car either.

Of the places you mentioned, Royal Holloway has the best research I've read. Warwick is a a fairly new course and overall has a good rep.

Really though, the GCHQ thing doesn't mean anything about the quality of the course or the quality of the modules.
Really? Bloody hell, i thought GCHQ accreditation meant cream of the crop. Is it really that desperate out there? Just how much are they screaming out for Cyber Security grads?
0
reply
username3079870
Badges: 19
Rep:
?
#5
Report 2 years ago
#5
(Original post by Cisco Kid)
Really? Bloody hell, i thought GCHQ accreditation meant cream of the crop. Is it really that desperate out there? Just how much are they screaming out for Cyber Security grads?

Big time. Like most companies will bite your arm off if you have any sort of security know how at the minute. GCHQ accreditation might better at fully accredited unis, but here is an example of a GCHQ approved module I took in Software Security:

1) Lecturer said they were a researcher and didn't want to teach
2) They didn't understand C programming very well and made mistakes often during class. We had to correct the teacher on these when they came up.
3) Lecturer gave us incomplete notes on Software Testing (as in there were headers for the notes but literally blank pages under the headers!!).
4) The lecturer could not work Valgrind so we had to look up online how to do it.

It was farcical. If that's the standard the GCHQ aspire too, the UK is doomed.

In fairness, a few of the other modules were excellent. Each module is individually accredited so far as I know. So yeah, don't read too much in to the GCHQ think because it seems like the standards they require aren't too high.
0
reply
Jam19
Badges: 2
Rep:
?
#6
Report 2 years ago
#6
(Original post by jestersnow)
Big time. Like most companies will bite your arm off if you have any sort of security know how at the minute. GCHQ accreditation might better at fully accredited unis, but here is an example of a GCHQ approved module I took in Software Security:

1) Lecturer said they were a researcher and didn't want to teach
2) They didn't understand C programming very well and made mistakes often during class. We had to correct the teacher on these when they came up.
3) Lecturer gave us incomplete notes on Software Testing (as in there were headers for the notes but literally blank pages under the headers!!).
4) The lecturer could not work Valgrind so we had to look up online how to do it.

It was farcical. If that's the standard the GCHQ aspire too, the UK is doomed.

In fairness, a few of the other modules were excellent. Each module is individually accredited so far as I know. So yeah, don't read too much in to the GCHQ think because it seems like the standards they require aren't too high.
You are not going to go far in the cyber security field if you rely on things you was only taught at university, being in the infosec field you have to learn everyday for the rest of your life (new type of attacks get introduced regularly)

you complain about you had to look things up online lol welcome to cyber security , you complain about your lecturer making mistakes with coding , errmm even if you had 20 years experience writing in C you will still be making mistakes yourself !

You say you was taught outdated stuff , no you wasnt , you was taught the basics , even if he taught you up to date stuff , by the time next year it will be considered outdated anyways (this is how fast this industry moves) then you would still need to learn things by yourself after (online)

The Whole GCHQ accreditation , if you get onto a course then take it , employers will see that as a advantage , its not a necessity though , a OSCP certificate + a normal (not gchq) course is worth more than just a gchq accredited course
1
reply
username3079870
Badges: 19
Rep:
?
#7
Report 2 years ago
#7
(Original post by Jam19)
You are not going to go far in the cyber security field if you rely on things you was only taught at university, being in the infosec field you have to learn everyday for the rest of your life (new type of attacks get introduced regularly)

you complain about you had to look things up online lol welcome to cyber security , you complain about your lecturer making mistakes with coding , errmm even if you had 20 years experience writing in C you will still be making mistakes yourself !

You say you was taught outdated stuff , no you wasnt , you was taught the basics , even if he taught you up to date stuff , by the time next year it will be considered outdated anyways (this is how fast this industry moves) then you would still need to learn things by yourself after (online)

The Whole GCHQ accreditation , if you get onto a course then take it , employers will see that as a advantage , its not a necessity though , a OSCP certificate + a normal (not gchq) course is worth more than just a gchq accredited course
The course was at Qub. I presume you've done it too? You certainly seem to think you are qualified to talk about it.

Btw I was a mature student with 11 years in the tech sector when I did this course. This includes 4 years as a pen Tester (CREST certified). In my professional opinion, the masters at QUB was sub-standard. This is based on comparison with my undergrad studies, my other masters degree, professional experience and industry standard certification. The GCHQ accreditation is no mark of quality for a course.
0
reply
Jam19
Badges: 2
Rep:
?
#8
Report 2 years ago
#8
(Original post by jestersnow)
The course was at Qub. I presume you've done it too? You certainly seem to think you are qualified to talk about it.

Btw I was a mature student with 11 years in the tech sector when I did this course. This includes 4 years as a pen Tester (CREST certified). In my professional opinion, the masters at QUB was sub-standard. This is based on comparison with my undergrad studies, my other masters degree, professional experience and industry standard certification. The GCHQ accreditation is no mark of quality for a course.
I did my course at the NSA when i was only 7months old , i then transferred to GCHQ directly when i was 2 years old because they needed someone to find some 0days on a nokia brick phone , i am now 6years old and a exploit developer

All jokes aside , why would you go to uni when you have 4years as a penetration tester lol , i would of went on offensive security and bought some courses which is a much better ROI

There are cyber security individuals out there who never learned at a university , but they are still better than you at pentesting ..... why? Because he put the time and effort into learning himself rather than being spoonfed
0
reply
username3079870
Badges: 19
Rep:
?
#9
Report 2 years ago
#9
(Original post by Jam19)
I did my course at the NSA when i was only 7months old , i then transferred to GCHQ directly when i was 2 years old because they needed someone to find some 0days on a nokia brick phone , i am now 6years old and a exploit developer

All jokes aside , why would you go to uni when you have 4years as a penetration tester lol , i would of went on offensive security and bought some courses which is a much better ROI

There are cyber security individuals out there who never learned at a university , but they are still better than you at pentesting ..... why? Because he put the time and effort into learning himself rather than being spoonfed
Look, if you are going to resort to ad hominen attacks and aren't interested in having a discussion about this then there is no point in continuing. Happy to discuss this if you or anyone else is actually interested in having a grown up conversation about it.

My reason for doing it was there are other other areas of Cyber Security (like Cryptography theory and Computer forensics) that I wanted to educate myself on. The MSc provided a single course to do this. In hindsight it wasn't the best course. In my experience the GCHQ accreditation doesn't mean much. Thats my opinion. It was the opinion of much of the class according to the class rep. I can't sit here and tell you it was a well taught course overall (some aspects were good) when it wasn't in my opinion. This year the course directors have resorted to offering 6 fully paid scholarships to the course as the applications are way down (you can view this on linkedin btw), due likely in part to bad word of mouth from ex students (Belfast being a small place with only 2 uni's).
0
reply
Cisco Kid
Badges: 8
Rep:
?
#10
Report 2 years ago
#10
(Original post by jestersnow)
Look, if you are going to resort to ad hominen attacks and aren't interested in having a discussion about this then there is no point in continuing. Happy to discuss this if you or anyone else is actually interested in having a grown up conversation about it.

My reason for doing it was there are other other areas of Cyber Security (like Cryptography theory and Computer forensics) that I wanted to educate myself on. The MSc provided a single course to do this. In hindsight it wasn't the best course. In my experience the GCHQ accreditation doesn't mean much. Thats my opinion. It was the opinion of much of the class according to the class rep. I can't sit here and tell you it was a well taught course overall (some aspects were good) when it wasn't in my opinion. This year the course directors have resorted to offering 6 fully paid scholarships to the course as the applications are way down (you can view this on linkedin btw), due likely in part to bad word of mouth from ex students (Belfast being a small place with only 2 uni's).
What modules did you study? On a side note, you are not the only one who has studied at a Uni with a below par cyber security course.
1
reply
username3079870
Badges: 19
Rep:
?
#11
Report 2 years ago
#11
(Original post by Cisco Kid)
What modules did you study? On a side note, you are not the only one who has studied at a Uni with a below par cyber security course.
We did:
Ethics and Law for Cyber Security (excellent)
Malware (okay)
Software Security (truly awful)
Cryptography (not great)
Network Security (good)
Computer Forensics (excellent)

These were all suppose yo be gchq accredited modules yet were completely variable in quality.

Sorry to hear you had a subpar experience too. Did you do it a gchq accredited university out of curioutsity ?
1
reply
The National Cyber Security Centre
Badges: 9
Rep:
?
#12
Report 2 years ago
#12
(Original post by jestersnow)
The GCHQ thing is meaningless. I had the worst teaching experience I've ever had on a GCHQ provisionally certified module. The material were outdated, incorrect and on one occasion, missing lol!
...
GCHQ endorsing a masters is simply them saying "we checked it out, they aren't teaching you anything unethical or reckless".
...
Really though, the GCHQ thing doesn't mean anything about the quality of the course or the quality of the modules.
(Original post by Cisco Kid)
Really? Bloody hell, i thought GCHQ accreditation meant cream of the crop. Is it really that desperate out there? Just how much are they screaming out for Cyber Security grads?
(Original post by jestersnow)
Each module is individually accredited so far as I know. So yeah, don't read too much in to the GCHQ think because it seems like the standards they require aren't too high.
Sorry for chipping into a slightly older thread, but as the owner of the GCHQ certification scheme (soon to be renamed the NCSC Certification scheme to better reflect our business), we thought we'd reply to some of the points made above.


jestersnow - you’re right that we need more well-trained cyber security engineers, and high-quality education. GCHQ/NCSC can’t do it all, and the more that companies can do to protect themselves, the better. However, some of the comments you made about the certification scheme aren’t quite accurate.

We don’t hand out scholarships (that’s the CyberFirst scheme if anybody is interested), and our assessments do more than just a basic check of the course. Our process assesses the subject coverage of the course, the standard of the staff and facilities, and the quality of exams, marking and dissertations. The assessments are carried out by independent experts from across industry, government and academia, and the universities have to reach a high standard for their applications to be successful.

The modules aren't individually assessed; the overall degree is considered, but the universities have to specify the content of the modules, and show how they address our standards and the skills framework.

Despite the above, we appreciate there is still the possibility that a university might still deliver a sub-standard course once they have certification, although experience has shown us that this rarely happens.


jestersnow - we're sorry if you had a bad experience on a certified course, but we’d encourage anybody in these cases to complain to the university, who will have a process for such things. If students still feel they are not being taken seriously, we are willing to listen, but our sole concern is the quality of the course and its teaching – we can’t get involved in legitimate university processes.

In general, student feedback from our certified courses is excellent (and forms part of an application for Full certification), but if a pattern emerges of students suggesting the course is not up to standard, we will investigate.

We hope this helps, and are happy to answer any questions that readers might have, either via PM or on a forum thread.
0
reply
username3079870
Badges: 19
Rep:
?
#13
Report 2 years ago
#13
(Original post by The National Cyber Security Centre)
Sorry for chipping into a slightly older thread, but as the owner of the GCHQ certification scheme (soon to be renamed the NCSC Certification scheme to better reflect our business), we thought we'd reply to some of the points made above.


jestersnow - you’re right that we need more well-trained cyber security engineers, and high-quality education. GCHQ/NCSC can’t do it all, and the more that companies can do to protect themselves, the better. However, some of the comments you made about the certification scheme aren’t quite accurate.

We don’t hand out scholarships (that’s the CyberFirst scheme if anybody is interested), and our assessments do more than just a basic check of the course. Our process assesses the subject coverage of the course, the standard of the staff and facilities, and the quality of exams, marking and dissertations. The assessments are carried out by independent experts from across industry, government and academia, and the universities have to reach a high standard for their applications to be successful.

The modules aren't individually assessed; the overall degree is considered, but the universities have to specify the content of the modules, and show how they address our standards and the skills framework.

Despite the above, we appreciate there is still the possibility that a university might still deliver a sub-standard course once they have certification, although experience has shown us that this rarely happens.


jestersnow - we're sorry if you had a bad experience on a certified course, but we’d encourage anybody in these cases to complain to the university, who will have a process for such things. If students still feel they are not being taken seriously, we are willing to listen, but our sole concern is the quality of the course and its teaching – we can’t get involved in legitimate university processes.

In general, student feedback from our certified courses is excellent (and forms part of an application for Full certification), but if a pattern emerges of students suggesting the course is not up to standard, we will investigate.

We hope this helps, and are happy to answer any questions that readers might have, either via PM or on a forum thread.
Very interesting. Thanks. What is the process for moving from provisional to full accreditation for a university?
0
reply
The National Cyber Security Centre
Badges: 9
Rep:
?
#14
Report 2 years ago
#14
(Original post by jestersnow)
Very interesting. Thanks. What is the process for moving from provisional to full accreditation for a university?
To move from Provisional to Full Certification, an eligible degree programme must have been running in both the previous and current academic year, and the external examiner's report for the last academic year must be available. Provisional certification is typically valid for around 2 years, or until the first cohort of students have completed the degree.

The university in question needs to submit an incremental application, which in addition to describing any changes to the content, structure etc, since their previous application, should include the following:
  • a list of dissertations undertaken by students in the last year (or two years if available)
  • anonymised copies of one that achieved a distinction, a merit and a pass respectively, together with their marks and examiner's comments
  • a breakdown of the course's student numbers, a profile of the subjects/grades they entered with, and a profile of the grades they left with

It's also possible for a university to apply directly for Full certification, if a course has been running for some time.

Full certification is typically valid for 5 years, after which a university will need to re-apply.

If anybody would like to read the in-depth details, copies of our call documents and standards are available for download.
2
reply
username3079870
Badges: 19
Rep:
?
#15
Report 2 years ago
#15
(Original post by The National Cyber Security Centre)
To move from Provisional to Full Certification, an eligible degree programme must have been running in both the previous and current academic year, and the external examiner's report for the last academic year must be available. Provisional certification is typically valid for around 2 years, or until the first cohort of students have completed the degree.

The university in question needs to submit an incremental application, which in addition to describing any changes to the content, structure etc, since their previous application, should include the following:
  • a list of dissertations undertaken by students in the last year (or two years if available)
  • anonymised copies of one that achieved a distinction, a merit and a pass respectively, together with their marks and examiner's comments
  • a breakdown of the course's student numbers, a profile of the subjects/grades they entered with, and a profile of the grades they left with

It's also possible for a university to apply directly for Full certification, if a course has been running for some time.

Full certification is typically valid for 5 years, after which a university will need to re-apply.

If anybody would like to read the in-depth details, copies of our call documents and standards are available for download.
Great! Just for anyone else reading this in the future... Why would you recommend a NCSC accredited course over say something like CISSP certification?
0
reply
The National Cyber Security Centre
Badges: 9
Rep:
?
#16
Report 2 years ago
#16
(Original post by jestersnow)
Great! Just for anyone else reading this in the future... Why would you recommend a NCSC accredited course over say something like CISSP certification?
Good question. The answer is that different qualifications/accreditations/certifications serve different purposes, e.g. CISSP for those with more experience and a focus on practical experience, BCS accreditation of computing courses, or sector-specific schemes such as Cisco's networking series. Our scheme focuses on cyber security degrees only (and has only recently extended to Bachelor's degrees after focusing on the Master's level). It's intended to complement the range of work-focused or shorter courses, by assuring the more formal methods of learning and helping people at a particular stage of their journey, and we do maintain a dialogue with the other organisations where we can.

As such it's not a case of recommending our scheme over another - they each have different strengths and purposes. For instance you could undertake a certified degree, then get a job with a company where you undertake some specific qualifications in your area, or aim for a further qualification of some sort.

For background, when we set up the certification scheme, the number of cyber security degrees was booming, and as part of the first National Cyber Security Programme, we were challenged to find a means of identifying what 'excellent' meant in this context. We had done something similar to identify Academic Centres of Excellence in Cyber Security Research and so this was a natural follow-on, as was the extension to certifying Bachelor's degrees.
1
reply
Cisco Kid
Badges: 8
Rep:
?
#17
Report 2 years ago
#17
What areas of cyber security are the NCSC calling out for? What's in demand? e.g Pen Testing, Reverse Engineering of Malware etc.
0
reply
username3079870
Badges: 19
Rep:
?
#18
Report 2 years ago
#18
(Original post by Cisco Kid)
What areas of cyber security are the NCSC calling out for? What's in demand? e.g Pen Testing, Reverse Engineering of Malware etc.
My GCHQ/NCSC endorsed masters focused on Network Security, Malware, Crypto,and Computer Forensics mainly.

In general, there's a perceived shortage in all areas. The main issue isn't just the shortage, it's encouraging organisations (private and public) that investing in cyber security is a worth while thing to be doing.

The only real area I've seen a lot of action being taken is GDPR, and that's because of the press and legislation changes surrounding it. So many (though not all) organisations are taking it more seriously than other cyber security areas.

Certain areas of Cyber security may be a bit of a bubble too. For example, the big 3 of cloud computing (Azure, AWS and Google Cloud) and putting a lot of effort in to cloud security. So they are eating in to the work that a traditional network security engineer would've done. It's not there yet, but seeing how lucrative the market is and the huge resources they big 3 have at their disposal, it's an area that they will continue to dominate and monopolise in the near future. In other words, if you are a network security engineer in a team of 20 network security engineers and you aren't working for one of the big 3, chances are within a decade that team will shrink to about 5 people.

So if you are wanting to get in to a particular area of cyber security, have a read around the developments in that area and look at the long term prospects. Or get a job at Amazon, Google or Microsoft lol!
0
reply
Cisco Kid
Badges: 8
Rep:
?
#19
Report 2 years ago
#19
That's part of the problem, why invest time in network security when the job market will shrink in the future? It's ok to have a grasp of the concepts of network security but if GCHQ and other agencies, either private or government, would say where they are short of skills, i would fully focus my time on one area, instead of scattered knowledge right across the cyber security arena. I feel like I'm bobbing in an ocean and need to be anchored.
0
reply
The National Cyber Security Centre
Badges: 9
Rep:
?
#20
Report 2 years ago
#20
(Original post by Cisco Kid)
What areas of cyber security are the NCSC calling out for? What's in demand? e.g Pen Testing, Reverse Engineering of Malware etc.
(Original post by Cisco Kid)
<snip> It's ok to have a grasp of the concepts of network security but if GCHQ and other agencies, either private or government, would say where they are short of skills, i would fully focus my time on one area, instead of scattered knowledge right across the cyber security arena. I feel like I'm bobbing in an ocean and need to be anchored.
As jestersnow has pointed out, there is a perceived shortage in all areas of the subject.

From an NCSC point of view, we are particularly interested in developing more architects and risk analysts. We say 'develop' as we know that people with these skills aren't plentiful and the skills are critical, so we run our own development programmes for those with the aptitude and underpinning knowledge to acquire them.

Having said that we also have vacancies across a variety of technical areas, owing to the nature of our particular business - a look at https://www.gchq-careers.co.uk/index.html (click on 'Vacancies' in the top right-hand corner) will tell you more.
0
reply
X

Quick Reply

Attached files
Write a reply...
Reply
new posts
Back
to top
Latest
My Feed

See more of what you like on
The Student Room

You can personalise what you see on TSR. Tell us a little about yourself to get started.

Personalise

University open days

  • University of East Anglia
    Undergraduate Open Day Undergraduate
    Sun, 20 Oct '19
  • University for the Creative Arts
    Undergraduate Open Day Undergraduate
    Sun, 20 Oct '19
  • University of Gloucestershire
    Undergraduate Open Day Undergraduate
    Sun, 20 Oct '19

Have you made up your mind on your five uni choices?

Yes I know where I'm applying (67)
66.34%
No I haven't decided yet (21)
20.79%
Yes but I might change my mind (13)
12.87%

Watched Threads

View All