Secure Computer Systems

It's unfortunate that this course is so terrible because it covers the kind of topics that I'm really interested in. Just like a lot of other reviewers mentioned, the quiz questions are poorly-worded and in some cases just plain wrong. It makes me wonder if whoever wrote the questions even understands the material themselves. This course isn't graded on a curve because it's difficult; it's graded that way because it's impossible to get a good grade when the test materials are unintelligible. I have no idea how a course could have so many complaints over a span of years and still not get fixed.

TL;DR - This course is still a dumpster fire and it does not appear that there has been any kind of attempt to fix it.

Nothing much to say about this abysmal course that hasn't already be stated below. Also I took it in the Fall of 2025. It is difficult because it is so poorly structured. This is hands down the worst and most worthless class I have ever taken in my entire life. Do not expect to learn anything useful or interesting. This class should be renamed to "Ancient computing history." The Professor should retire, he cannot speak or engage in any meaningful way throughout his lectures, frequently loses track of what he is speaking about, cannot be concise or well spoken, and cannot refrain from loudly exclaiming "SO UHHHHH" and "OKAAY?" every 15 seconds. Even watching at 2x speeds the lecture material is extremely infuriating. Each week there are 4-6 hours of lectures, which contains about 90 minutes of actual material because he speaks SO slowly and SO disjointed, constantly going off on tangents explaining the most menial and irrelevant things.

His quizzes are so poorly written he had to give everyone a point for one question because it was incoherent.

The midterm and final exams are atrocious. The poorly constructed and poorly written English will have you questioning your own ability at grasping the language as a native English speaker.

Avoid this at all costs. If you are in InfoSec it is unfortunately required. Georgia Tech needs to seriously re-evaluate this Professor and course. It has me deeply concerned for the rest of the quality of this program. I cannot believe I paid for this.

I came in without a cybersecurity background at all - overall, this is a broad introduction to lots of security concepts related to files, networks, distributed systems, access management, Linux policies, etc.

Some of the material I found a little too theoretical, but a lot of the info is good knowledge for anyone in the software/cloud space. I actually would recommend taking the course.

Now, for the course itself - I didn't find the workload too bad. There are quizzes every week, and most of the questions are from lectures but a few here and there are from readings. If you watch the lecture videos - even without doing the required readings, you should be mostly fine.

Assignments are all doable, and conceptually not that challenging. P1 - P3 can all be done in one sitting. Out of these three, one of those projects is made optional if you are satisfied with your grades for the other two, because the lowest grade in these three is dropped. So if you get 100 and 100 on the first two projects, don't bother doing P3. Use this to manage your time to do exam prep instead, because the exams are brutal. P4 is the biggest, and most time consuming, and should be started early. However, I didn't find it overwhelming at all, and it can also be done in a few sessions if you grind it out. Assignment grading is pretty fair and lenient.

Now, the exams... Exams are closed note, closed EVERYTHING and fully free response. Each question has multiple parts, and each part has multiple sub questions to answer within it. It was honestly annoying. The questions are all scenario based as well, so it requires a really solid understanding of the material to do well.

Fortunately there is a curve at the end of the course because the exams are generally where people struggle. Make sure to manage your time well on the exams and avoid spending too much time writing a whole essay response for one question!

I would say, with moderate effort and low-moderate time commitment, this is an easy-ish B but difficult A. You can breeze through the quizzes and assignments, MAKE SURE to spend most of your time prepping for the exams.

For context, my day job is doing computer security research. Pros: The course covers a wide range of topics. For example, we talked about data privacy and k-anonymity, which I didn't know much about before this class. Cons: Some (maybe half?) stuff felt completely theoretical and irrelevant to the real world. I spent a lot of time memorizing syntax and theoretical frameworks. Some of the mechanisms described were so theoretical I have no idea how they would be implemented in the real world. The choice of things to focus on was bizarre. For example, the Authentication module had no mention of public key cryptography (in fact, the course barely mentioned it at all). The entire Authentication method was about an obscure paper about hardening passwords with keystroke timing. Which is a cute idea I guess, but not commonly used. And since there was no mention of asymmetric crypto, a lot of students probably left that class thinking passwords are the only way. The quizzes and tests were very ambiguous and wanted pretty specific answers. A lot of mind reading involved. (Lots of short answer as well) Lectures were very dry. Projects were tedious.

Ultimately, I still got an A. But this class wasn't worth it. I cannot recommend it to anyone. Either you're already familiar with this stuff, in which case you won't learn much of value. Or you're new to it, and you'll be led down a rabbit hole of irrelevancy.

TLDR: This was my first class in the OMSCS program and unfortunately it left me wanting more. When the course is good, it's very good, but when it's bad, it's not very good. Unfortunately, there was more bad than good. If you have an interest in security and not much formal coursework you might enjoy it more than I did, but if you're taken security classes before, you'll likely find too much of it to be a review. The course format is heavily weighted towards exams and makes the weekly work you have to do feel somewhat pointless in comparison.

My background: I have 5 years experience as a cybersecurity engineer and an undergraduate degree in computer science with a concentration in cyber security. I mention this because I have taken many security courses and do security work in my day job; I believe you will likely get more out of the course if you don’t have a ton of security background. I would recommend skipping this class if you do have a security background as the good parts of the class don't make up for the bad.

Pros:

• Modules 3 and 4 ("Protecting TCB from Untrusted Applications" and "Virtualization and Security") along with modules 11 and 12 ("Distributed Systems Security – Basics" and "Distributed Systems Security – Putting it All Together") were the best parts of the class. These lessons are basically platform security 101 and there's a lot of great content here. The readings include chapters from the x86 developers manual, which makes it very applicable to the real world, along with interesting research papers. If you have an interest in operating systems and low level security, you'll love this part of the course.

• Projects 1 and 4 were enjoyable, although they weren’t perfect. Project 1 explores memory protection, while project 4 is building what could be considered a basic zero trust distributed system. Project 4 is the largest one in the course. You’ll create a client and server in python that are fully authenticated using public key cryptography (under the assumption that both booted securely) and use them to build a file secure sharing service. At times project 4 was a bit tedious, especially due to the constraints of the assignment (you can only submit 2 python files so forget about sharing code between the client and the server).

• While you have to read a lot of papers, some of them are quite interesting. The TAs do a good job of telling you which sections of the papers to focus on, because some of them are quite lengthy.

Cons:

• The biggest drawback of the course is the way it is graded. Weekly quizzes (closed note) make up 20% of the grade, two exams make up 60%, and the 4 labs make up the remaining 20%. The quizzes are 10 questions long. 7 or 8 questions are relatively easy if you have read the material and 2 or 3 you will struggle to understand what they are even asking. The exam is also closed note and follows a similarly frustrating pattern. Some of the questions are quite easy, others are oddly specific, and others are poorly worded. I found the exams to be very frustrating, even though I was able to do well on them.

• The labs can be long at times (in particular project 4), but unfortunately a lot of that is due to their tediousness and not because they are challenging. The way the projects are designed also make it hard to test due to you needing to call required functions that aren't suited for writing proper tests.

• Weeks 5, 6, 7, and 9 ("Authentication", "Discretionary Access Control", and "Mandatory Access Control", "Mandatory Access Control in SELinux") will be largely be a review for anyone with a security background. These were the weakest parts of the course in my opinion. Unfortunately, that's 4 weeks of not the best content in the middle of the class.

My averages:

• Quizzes: high 90s
• Projects: high 90s
• Exams: 90
• Final grade: 93% (>84% was an A this semester)

Overall: The highlights of the course, dealing with operating systems and platform security, are the best parts of the course. Even if you have a security background, you'll enjoy this because you get to dive into a lot of details pertaining to processor specifications and such. Unfortunately, the remaining weeks aren't great, and the middle of the course is a slog. The quizzes and exams are frustrating due to having confusing questions. In my opinion, the projects should be worth more. I spend around 20 hours a week on this class, mostly reading the papers for the week and working on the projects. The course has a lot of potential to be good, but unfortunately it just isn’t quite there. If you're interested in learning more about security, this course will definitely cover a lot of interesting topics, but the presentation isn't the best.

The course leaves a lot desired unfortunately. This is my 9th course and I can confidently say it was one of the worst I took throughout my program. I will lay out my pros and cons for the course:

Pros:

• The professor is extremely active, arguably the most active professor out of any of the GATech OMSCS courses I've taken.
• Weekly office hours held by the professor himself which is nice.
• The content is interesting and relevant, sort of like an Operating Systems Security course which is helpful for low level developers.

Cons:

• The course grade distribution is terrible, with 20% for quizzes, 60% for the two exams, and 20% for 4 separate lab projects. The quizzes use vague language to ask questions, so it is often easy to misinterpret the question and choose an answer that is partially correct, but not the most correct.
• The lectures are extremely dull, and the course is very focused on understanding of the large amount of academic papers. The professor is definitely knowledgeable on the subject, but he is very long-winded and the course lectures are extremely difficult to parse relevant information from. I am not usually one to have a limited attention span but I had an insanely difficult time focusing on the lectures.

My overall opinion is that while the content is interesting, but the method of grading is unbalanced and there are better ways to teach the material. In my opinion, project-based courses have been the best courses in the OMSCS program. The lack of weight to the project grades, in addition to the high weight of exams and quizzes (80% of the grade) and the dull content delivery all makes this a recipe for a tough time. The course is very much "memorize the content for the test" but the content itself is not delivered well enough to warrant it. The course definitely needs some work, but again kudos to the professor for at least being present in the classroom.

Personally, I would avoid this class.

The class mainly focuses on research papers, and while the topics are interesting, I found the professor's assessment methods to be challenging. The open-ended exam questions were too tough, and the quizzes were like essays that required extensive reading before selecting an answer. The timing was also too short, making it difficult to complete the assessments within the allotted time.

However, I did enjoy the projects, especially the last one, even though they were time-consuming. Overall, I believe that the course could have been much better if the professor had used a different style of examination to assess the students' knowledge.

I ended up really enjoying this course. I sought it out initially as a chance to force myself to read more academic papers while taking a subject that I found very interesting. After the first few weeks, I was a little skeptical if I would enjoy the course. I initially felt like the quizzes were unfairly hard, but I got used to them. I figured out that I wasn't paying enough attention to the lectures, and was focusing a bit too much on the readings. Once I started watching the lectures more intently (and even rewatching some), and rereading my notes from them, then digging into the readings as time permitted, the quizzes got a lot easier and I was able to enjoy the class. The concepts that the papers discuss are also covered in the lectures, the papers just go into more detail. It sounds really silly (and probably obvious to most) looking back, but don't overlook the value of deeply understanding the lectures, and I'd recommend doing that before you get into the readings.

That being said, the projects in this class were really fun. I did P1, P2 and P4 (the lowest of P1/2/3 gets dropped, so you can skip 3 if you're happy with grades on 1 and 2). P1 was pretty straightforward, particularly if you took IIS. I'd say it was medium difficulty. There were a few other C concepts I needed to learn. I'm not a particularly strong C coder and I was able to get through the project without too much difficulty and made an A on it. Python is more my jam, so P2 wasn't too bad for me. Overall all of the concepts taught on the projects (1/2/4) were really interesting.

I do have to take a moment to compliment P4. As other reviews have stated, it's a pretty long project. I started it with only 2 weeks left (even though I had seen plenty of reviews on here advising to start it right away), and it was a pretty busy 2 weeks, but not unbearable, even with pairing another class (also keep in mind again that I'm a strong Python coder). I worked on it everyday for those two weeks, including several hours each weekend day. I could have turned it in with a couple of days to spare and made either a high B or low A, but I came back and made a 100. So definitely don't wait until the last minute for it. Overall though I really really enjoyed the concepts that it taught. It's one of those projects that (IMO) was really rewarding. A lot of work but you look back at the end like dang, that was actually really fun. Like a lot of projects, once you get through the setup and get into a rhythm, it's manageable and fun.

The midterm and final are no cakewalk, and they're over half the grade (30% each I believe). As other reviews have stated, they're open ended questions, so you definitely have to spend a lot of time preparing for them. I felt like they were pretty fair overall. There were definitely some questions that were from the depths of the lectures. Made mid 70s on both the midterm and final, both of which were just above the class avg.

I made a high B in the class, but that seemed appropriate given some of my struggles early on getting adjusted to the quizzes/readings/lectures etc. Overall a challenging and enjoyable class.