The NMCCoE's education program will assist with students of all ages in cybersecurity
issues providing them with the knowledge and skills needed to work and lead as cybersecurity
professionals, to increase cybersecurity awareness in New Mexico, and to increase
the number of students pursuing cybersecurity degrees and other credentials.
The NMCCoE engages in outreach, cybersecurity literacy, recruitment, and education
activities with New Mexico high school students.
The NMCCoE supports the coordination, growth and enrollment of NMT academic programs
that lead to degree options, degrees and certificates in cybersecurity. These span
both undergraduate and graduate programs and include seeking collaborations with other
NM colleges and universities to better support state-wide endeavors in cybersecurity.
These support efforts will be focused on workforce development for the State of New
Mexico and include course offereings below.
Spring 2022 - the following courses are offered as part of the new Transdisciplinary
Cybersecurity graduate programs at NMT.
Cybersecurity Policy
CYBS 503-01 Cybersecurity Policy
A cybersecurity policy course that uses laws and standards to guide organizational policy development to secure information technology resources, without needlessly limiting technical responses, and analyzes both the outcomes of and processes for establishing those laws and standards.
Instructor: Dr. Thomas Harper
Psychology of Cybersecurity
CYBS 504 Psychology of Cybersecurity
A psychology of cybersecurity course that addresses psychology issues from how humans respond to instructions and policies and to how differently hackers and defenders think.
Instructors: Dr. Lorie Liebrock is the Director of the New Mexico Cybersecurity Center of Excellence
(NMCCoE) and a Professor of Computer Science and Engineering. Dr. Mark Samuels is
a Professor of Psychology.
Cybersecurity Risk Analysis and Management
CYBS 509 Cybersecurity Risk Analysis and Management
This course covers cybersecurity risk analysis and management for information systems.
Topics include: threat modeling and analysis; quantitative and qualitative risk assessment;
vulnerabilities, threats, witted adversaries, exploits, and mitigations; asset and
inventory management; impact analysis, business continuity planning, and disaster
recovery planning.
Emphasis is placed in risk management analysis and its implications on IT infrastructures
and compliance. Students will demonstrate effective application of the three pillars
of confidentiality, integrity, and availability using threat modeling, risk assessment
and mitigation as a basis for cybersecurity risk management planning in various simulated
or real environments.
Instructor: Dr. Erick Aguilar has Doctorate, Masters, and Bachelors degrees in Business Administration,
Management and Organizational Leadership, Computer Information Systems, Cybersecurity,
and History.
Note: this course is taught via cross enrollment at New Mexico Highlands University.
To enroll contact the NMCCoE for the cross enrollment form.
Reverse Engineering Malware
CYBS 515 Reverse Engineering Malware
Introduction to software reverse engineering of malicious software. Quick triage, static and dynamic analysis, string analysis, and deobfuscation analysis techniques. Intel x86 assembly, covering both 32 and 64-bit, Windows and Linux OS internals, will be discussed. Safe detonation using Cuckoo Sandbox, automated unpacking techniques. Detailed analysis and investigation of nation-state malware. Ghidra, FLARE VM, and other tools will be discussed.
Instructor: Dr. Danny Quist
Computer Network Security
CYBS 554 Computer Network Security
This course will explore each layer of the internet protocol stack, focusing on security deficiencies, and remedies to those security deficiencies, and will involve extensive lab exercises using the DeterLab shared testbed (accessed via the Internet to enable distance education participants). It will study computer network security architecture and security mechanisms to protect against sophisticated adversarial attacks. This course reviews cryptographic primitives that underlie most network security mechanisms, then applies this understanding to network services proving authentication for data and transaction integrity and availability, and encryption for confidentiality. It also covers the integration of security services into network applications and utilities including secure mail, secure web services, secure wireless, and investigates system security issues such as for firewalls and intrusion detections systems.
Instructor: Dr. Jizhou Tong
Hardware-Based Network Security
CYBS 557 Hardware-Based Network Security
This course will cover networking protocols, cryptography, and network security from the hardware implementation perspective. Topics include security of ND, NAT, IPSEC and other specialized IPv6 protocols in support of IoT functionality. The focus will be on implementation of security policy enforcement mechanisms in IPv6 network protocols in a Field Programmable Gate Array (FPGA) platform to protect an IoT application against sophisticated adversaries. Lab exercises using a FPGA platform will enable investigation of hardware-based security technologies such as the use of Physically Unclonable Functions that are not otherwise accessible from software.
Instructor: Lyndon Pierson, a Hardware/Software Security Design Engineer and Sandia National
Laboratories Senior Scientist Emeritus, has over 35 years' experience in research
and development of improvements to high speed secure communications, network security,
and information assurance. Recently, as a Fellow of the University of Southern California
Information Assurance Program, and as a lecturer at USC, he co-developed and taught
major portions of a nine-course Masters of Cyber Security Engineering degree curriculum.
Lyndon’s current interests include researching the basic science, first principle
elements that should underlie our future cyber security designs, and applying and
teaching these elements for the design of more secure systems.
Secure Systems Administration
CYBS 564 Secure Systems Administration
This course is primarily a Laboratory based course. The intention of the course is to give the students an experience of administering an IT system for a hypothetical business with the IT system experiencing increasingly aggressively sophisticated cyber-attacks. They are expected to build a business plan for the hypothetical business, a policybased IT protection plan that
they then implement on the host machines and networks in the laboratory. Simultaneously the adversary builds an exploitation plan that attempts to defeat the business's IT protection implementation and is able to achieve his/her exploitation objectives. The adversary has access to any/all exploit technology available, but there is a moderating factor of cost associated with the exploitation technology. The defenders have access to protection technology, but again there is a mitigating cost factor associated with the protection technology. The objective of the class is to experience and learn the capabilities an effectiveness of both defensive and exploitative technology with an appreciation of the need for policy and planning that directs, supports, and constrains the actions of both sets of actors. This course is not offered via Distance Education
Instructors: A. Spencer Wilcox is the Chief Security Officer and Executive Director of Technology
for PNM Resources - a mid-sized invstor owned energy holding company.
Dr. Blaine Burnham worked more than a decade with the National Security Agency (NSA),
serving as division chief of the Infosec Research Council. While at NSA Dr. Burnham
established, promoted and sustained the Information Security Research Council for
the Department of Defense as well as the intelligence community as a whole. He also
achieved an operational prototype of a trusted client/server operation system; created
and developed the Product Security Profile (PSP); and directed the Infosec Criteria
and Guidelines organization that published half of the guideline documents, the Rainbow
Series, and crafted the Federal Criteria. Dr. Burnham also did stints on the technical
staffs of the Los Alamos National Laboratory and Sandia National Laboratory developing
tools and techniques for achieving higher levels of information security. Immediately
prior to joining University of Nebraska Omaha's faculty he was director of the Georgia
Tech Information Security Center. After spending time with University of Southern
California, Dr. Burnham joined the team at NMT to strengthen our cybersecurity offerings.
Dr. Burnham earned his Ph.D. in Mathematics from Arizona State University.
Cybersecurity Courses
Fall 2021 - the following courses are offered for the first time as part of the new
Cybersecurity graduate programs at NMT.
Cybersecurity Ethics and Law
CYBS 502-01 Cybersecurity Ethics and Law
A cybersecurity ethics and law course in which students learn standards of professional,
ethical behavior in cybersecurity fields by examining case studies, ethical questions,
and legal debates from the history of computing and cybersecurity.
Instructor: Nicholas M. Kelly is an Assistant Professor in the Department of Communication,
Liberal Arts, and Social Sciences. He studies the intersections of media, technology,
and culture. His current research focuses on depictions of computer hackers in popular
culture and the influence of science fiction on the history of computing technologies.
He is also a founder of and software developer for the Program Era Project, a Digital
Humanities initiative working to build an online database of information on creative
writing programs, their affiliated authors, and text-mined features of those authors’
works. Dr. Kelly earned his PhD at University of Iowa.
Instructors: Christopher J. ChoGlueck is an Assistant Professor of Ethics at New Mexico Tech.
He teaches practical philosophy courses, including Ethics of Computing and Information
Technologies (CSE/IT/PHIL 382). He specializes in philosophy of science, biomedical
ethics, and feminism. His research and teaching lie at the intersection of science
and values, particularly the philosophical issues raised by pharmaceutical drugs.
His main line of research explores how values and gender norms shape drug regulation
at the US Food and Drug Administration (FDA), involving reproductive health and the
labeling of drugs, as well as the consequences for women's health and reproductive
justice. He also studies how values influence biomedical research on male birth control.
Dr. ChoGlueck earned his PhD at Indiana University.
Data Science for Cyber
CYBS 505-01 Data Science for Cyber
Data assembly, exploration, analysis, visualization, and inference. Python libraries
such as NumPy, Pandas, and scikit-learn. Students are expected to explore problems
related to cybersecurity threats, risks, and incidents that are important for businesses
to become safer and less vulnerable to cyberattacks. Students must communicate and
present their findings and results. Every student must complete at least one hands-on
project. Prior knowledge of probability and statistics at the undergraduate level
is assumed. Assumes experience with programming; experience with Python is recommended.
Instructor: Dr. Subhasish Mazumdar is an Associate Professor of Computer Science and Engineering.
His research focus is on mobile data managment, document databases, integrating heterogeneous
data souces, and information and knowledge systems. Dr. Mazumdar received his doctorate
at the University of Massachusetts at Amherst.
Computer Security and Incident Response
CYBS 514-01 Computer Security and Incident Response
This course covers what computer security incidents are and how to respond to an incident.
Computer security incident case studies serve as the backbone of the course allowing
students to analyze these case studies and determine how they were handled through
process and technical analysis. Topics covered are data sources for incident detection
and response, incident data analysis and incident remediation. Analysis areas covered
are network event analysis, malware analysis and computer forensics for computer security
incidents.
Instructor: Kelcey Tietjen is a Cyber Security Research and Development Manager. He is a veteran
information security professional with in-depth experience in incident response and
digital forensics. He has worked for several Fortune 500 companies consulting on incident
response, eDiscovery, application assessments, threat identification and digital forensics
capability augmentation. He has lead several computer incident response teams for
the US Department of Energy and National Labs. He has led information security operations
and engineering for a large global enterprise, which involved building a security
operations center, selecting and implementing incident response tools, configuring
central log management, enterprise full packet capture and hiring and managing a global
CIRT from the ground up. He has a passion for incident response and implementing security
in a means to maintain business operations while providing increased visibility and
risk mitigation.
Advanced Cryptography
CYBS 541-01 Advanced Cryptography
This course provides an overview of modern cryptographic theory and techniques, mainly focusing on their application into real
systems. Topics include number theory, probability and information theory, computation
complexity, symmetric and asymmetric cryptosystems, one-way functions, block and stream
ciphers, Kerberos authentication systems, public key infrastructure (PKI), secure
socket layer/transport layer security (SSL/TLS), and cryptographic protocols/applications
in many real systems.
Instructor: Dongwan Shin is a Professor of Computer Science and Engineering. His research areas
include computer security and privacy, softwarte engineering, cybersecurity, system
security, usable security, and software engineering/security. Dr. Shin earned his
PhD from University of North Carolina at Charolette.
Foundations of Cybersecurity
CYBS 561-01 Foundations of Cybersecurity
This course will explore the ideas, literature, and worked examples that established
the foundations of information security. The course introduces the concept of the
Information Domain as the fundamental primitive that is the axis for introducing the
policy requirements of Confidentially, Integrity and Availability that motivate the
need for Information Security. The concept of the 225 reference monitor is the organizing
principle for the course. The examination of foundational literature starts with appears
and ideas that first appeared in the mid 1960’s and spans the time of tremendous creativity
up through the following four decades.
Instructor: Dr. Blaine Burnham worked more than a decade with the National Security Agency (NSA),
serving as division chief of the Infosec Research Council. While at NSA Dr. Burnham established, promoted and sustained the Information Security Research Council
for the Department of Defense as well as the intelligence community as a whole. He
also achieved an operational prototype of a trusted client/server operation system;
created and developed the Product Security Profile (PSP); and directed the Infosec
Criteria and Guidelines organization that published half of the guideline documents,
the Rainbow Series, and crafted the Federal Criteria. Dr. Burnham also did stints
on the technical staffs of the Los Alamos National Laboratory and Sandia National
Laboratory developing tools and techniques for achieving higher levels of information
security. Immediately prior to joining University of Nebraska Omaha's faculty he was
director of the Georgia Tech Information Security Center. After spending time with
University of Southern California, Dr. Burnham joined the team at NMT to strengthen
our cybersecurity offerings. Dr. Burnham earned his Ph.D. in Mathematics from Arizona
State University.
Formal Security Policy Models And Formal Security Methods
CYBS 589-01 Formal Security Policy Models And Formal Security Methods
Security policy is the definition of what it means to be secure for a system, organization or other entity. Some useful security policies are expressed
quite imprecisely and still have value to cybersecurity operations. However, if you
express your policy very precisely in terms of information subjects and objects, then
you can “prove” some theorems about a system that implements this policy, especially
about desired “confidentiality” or "integrity" of data objects, and even some aspects
of "availability". If you construct your security design so as to avoid "undecidability"
and "unmanageable complexity", one can use Formal Methods to validate both the design
and its implementation. Formal Methods are a particular kind of mathematically rigorous techniques for the
specification, development and verification of software and hardware systems. How
do you go from a "Policy" to a "Formal Security Policy Model" using first order logic
to develop a "Formal Top Level Specification", then apply "Formal Methods" to prove
that a design enforces the desired policy? Furthermore, how does one validate that
an implementation of this design results in the correct functionality (and no other
extraneous/malicious functionality)? This course will explore the history of the
application of "Formal Methods" to Cyber Security, examine the "state of the art"
in these matters, and as time permits, delve into actual application of these techniques
using simplified examples both in class group assignments and in individual semester
projects. (This course is focused on formal access control policy rather than the
more general laws and standards that should guide organizational cybersecurity policy
development. While a basic foundation in Information Assurance will be helpful, the
more general CYBS 503 “Cybersecurity Policy” is not a prerequisite.)
Instructor: Lyndon Pierson, a Hardware/Software Security Design Engineer and Sandia National
Laboratories Senior Scientist Emeritus, has over 35 years' experience in research
and development of improvements to high speed secure communications, network security,
and information assurance. Recently, as a Fellow of the University of Southern California
Information Assurance Program, and as a lecturer at USC, he co-developed and taught
major portions of a nine-course Masters of Cyber Security Engineering degree curriculum.
Lyndon’s current interests include researching the basic science, first principle
elements that should underlie our future cyber security designs, and applying and
teaching these elements for the design of more secure systems.
Addressing many of the greatest challenges to society requires understanding and integration
of the methods, theories, techniques, and perspectives of multiple disciplines to
develop new approaches to solve complex, real-world challenges. The mission of the
Transdisciplinary Cybersecurity graduate programs is to prepare students with a broad
understanding of cybersecurity from the foundational documents that have guided the
development of the discipline to the ethical, legal, and psychological challenges
that cybersecurity professionals face. Students further engage in hands-on cybersecurity
risk analysis, data analysis, and policy development. In addition, technical electives
provide technical expertise that students will need to solve real-world challenges
in cybersecurity. Technical electives and research spans the breath of cybersecurity
including access control, cryptography, electronic warfare, forensics, hardware security,
network security, reverse engineering, and secure systems engineering.
These programs are designed to:
engage students with diverse backgrounds in cutting edge cybersecurity research and
prepare them for high demand, high pay cybersecurity careers; and
enhance cybersecurity innovation leading to improvement in the cybersecurity stance
of the state of New Mexico, the nation, and the world.
If you want to apply to one of the Transdisciplinary Cybersecurity or Cybersecurity
Certificate programs in GradCAS.
If you want to take a few courses before submitting an application for regular admission
(e.g., before submitting transcripts and letters of recommendation), you can request
special graduate admission with this form.
The schedule is in banweb under Cybersecurity. with the exception of CYBS 509, which is offered via cross enrollment
each spring.
CyberSeek is a tool designed to decode the relationship between job seekers and employers.
This tool includes two interactive data visualizations:
The CEC will provide and enable research and entrepreneurial opportunities for students
and faculty to:
Engage in applications and research projects, in addition to conventional classroom
experiences.
Engage in entrepreneurial activities and intellectual property development in coordination
with NMT's Office of Innovation Commercialization.
Collaborative projects with existing NMT research centers, particularly ICASA and
the new Cyber-Kinetic Research Center at Playas.
Free Educational Resource
The Jargon File
This is the Jargon File, a comprehensive compendium of hacker slang illuminating many
aspects of hackish tradition, folklore, and humor. http://www.catb.org/jargon/html/
Cyber Cafe
Join us every Friday from 12 - 12:45 pm. Email CyberCenters@nmt.edu for an invitation. This open discussion will bring together cybersecurity ideas, problems, and challenges.