Cybersecurity: Bachelor of Applied Science

Bachelor of Applied Science Degree Program

Faculty Advisors

Dr. Wayne Machuca: 503-491-7631 | Room AC2776 Wayne.Machuca@mhcc.edu 
Katrinia McNeal: 503-491-2661 | Room AC2683 | Katrinia.McNeal@mhcc.edu 
Dr. Dustin Bessette: 503-491-2772 | Room AC2786 | Dustin.Bessette@mhcc.edu 
Jeff Sperley: 503-491-7357 | Room AC2783 | Jeff.Sperley@mhcc.edu
Edward Villareal: 503-491-7482 | Room AC2687 | Edward.Villareal@mhcc.edu

According to the United States Cybersecurity & Infrastructure Security Agency, cybersecurity is the art of protecting networks, devices, and data from unauthorized access or criminal use, and the practice of ensuring confidentiality, integrity, and availability of information.

Everything relies on computers and the internet now—communication (email, smartphones, tablets), entertainment (interactive video games, social media, apps), transportation (navigation systems), online shopping, credit cards, medicine (medical equipment, medical records), and the list goes on. How much of your daily life relies on technology? How much of your personal information is stored either on your own computer, smartphone, tablet or on someone else's system?

The Bachelor of Applied Science in Cybersecurity (BAS) at MHCC is designed to provide a deeper and richer foundation in cybersecurity to meet the demands of the industry. The BAS program starts with the 300-level coursework. Students joining the program are expected to have at least 90 applicable credits (any course numbered 100 or above) along with the program prerequisites listed below before enrolling in the any 300/400 level coursework. Completion of an associate degree is preferred.

cybersecurity

Please review the following options to enroll in this program:

  • Completion of the AAS Cybersecurity (Networking and Security Operations and Penetration Testing) degree at MHCC.
  • Completion of an AAS or AS degree in a related field (Information Technology, Computer Science, Computer Information Systems, Cybersecurity, etc.) either from MHCC or another school. Students will need to submit transcripts for evaluation to determine coursework equivalency.
  • Completion of an AAS, AS or bachelor's degree and has either industry experience or industry certifications. Students will need to submit transcripts for evaluation to determine coursework equivalency and show industry experience or industry certifications to receive credit for prior learning for coursework equivalency.
  • Any student with 90+ credits (any course numbered 100 or above) who has completed the program prerequisites are also invited to enroll.

Program Outcomes

At the completion of this program, students should be able to:

  • Utilize access management systems appropriate for small to medium-sized businesses.
  • Discuss the rules, laws, policies, and procedures as related to cybersecurity; identify and differentiate compliance requirements specific to Critical Infrastructure organizations and others.
  • Actively monitor a given environment using a range of deployed alerting tools; justify the implementation of appropriate algorithms to solve problems, and implement that solution.
  • Define steps in a forensic investigation and identify various tools used to recover evidence; perform a forensic investigation utilizing various tools; analyze results and propose, approve, and implement strategies to improve security.
  • Practice using appropriate project management tools, including tools for data gathering, data analysis, data representation, decision-making, and communication with internal and external stakeholders.

The BAS in Cybersecurity is designed so students may begin any term. 

To be successful in the BAS Cybersecurity program, students need to have completed the following prerequisite courses or their equivalents before starting any of the 300/400 level courses.

See a Cybersecurity Faculty Adviser before enrolling to determine if you need to take any additional prerequisites.

MTH095Intermediate Algebra with Right Triangle Trigonometry (Course offered online)5
or MTH098 Quantitative Reasoning II
WR121ZComposition I (Course offered online)4
CIS151Introduction to Networks4
or ISTM151N Preparation for Network+
ISTM183APreparation for A+ Essentials3
ISTM183BPreparation for A+ Practical Application (Course offered online)3
ISTM183CFundamentals of CyberSecurity3
ISTM133PIntroduction to Python (Course offered online)4
ISTM140LPreparation for Linux (Course offered online)4
ISTM233PPython for Cyber Security (Course offered online)4
ISTM279AWindows Server (Azure)4
or CIS279S Windows Server OS
ISTM283FPractical Digital Forensics3
CIS284SPreparation for Security+ (Course offered online)4

Students may begin in fall, winter, or spring term.

General education courses (such as math, writing, health, etc.) can be taken during any term, or before starting the program. 

Plan of Study Grid
First Quarter
FallCredits
CS161 Computer Science I 4
ISTM284E Ethical Hacking 3
ISTM300 Issues in Cybersecurity (Course offered online) 4
ISTM310 Cyber Defense Strategies (Course offered online) 3
MTH111Z
Precalculus I: Functions (Course offered online) (or higher)
or Math in Society
4
 Credits18
Second Quarter
Winter
CS162 Computer Science II 4
ISTM320 Digital Forensics and Incident Response (Course offered online) 4
ISTM331 Risk Analysis (Course offered online) 4
WR227Z Technical Writing (Course offered online) 4
 Credits16
Third Quarter
Spring
ISTM321 Mobile Forensics (Course offered online) 4
ISTM322 Critical Infrastructure (Course offered online) 4
ISTM345 Assembly Language for Cybersecurity (Course offered online) 4
ISTM380 Cyber Competition Alpha (Course offered online) 2
 Credits14
Fourth Quarter
Fall
BA285 Leadership and Human Relations 3
ISTM315 Cyber Offense Strategies (Course offered online) 3
ISTM340 Artificial Intelligence (Course offered online) 4
ISTM350 Preparation for Cybersecurity Analyst (Course offered online) 4
 Credits14
Fifth Quarter
Winter
BA205 Business Communications (Course offered online) 4
ISTM330 Cybersecurity Compliance (Course offered online) 4
ISTM333 Identity and Access Management (IAM) (Course offered online) 4
ISTM431 Information Technology Project Management (Course offered online) 3
 Credits15
Sixth Quarter
Spring
ISTM323 Practical Malware Analysis (Course offered online) 4
ISTM346 Secure Programming (Course offered online) 4
ISTM381 Cyber Competition Bravo (Course offered online) 2
ISTM490 Senior Project (Course offered online) 3
 Credits13
 Total Credits90

CS161 Computer Science I

Credits 4Fall/Winter

Registration Requirement: RD090 and WR090, or IECC201R and IECC201W; and MTH095, or MTH098; each with a "C" grade or higher, or placement above stated levels.

This course is an introduction to fundamental concepts of computer science including problem-solving, algorithm and program design, data types, control structures, repetition structures, functions and arrays. This course is designed for computer science majors and for students in other disciplines.

This course fulfills: Non-Lab Science

View Course Outcomes:

  1. Design and write pseudocode algorithms and flowcharts to solve given problems.
  2. Explain the structural components (syntax) and usage rules (semantics) of a programming language such as C++.
  3. Trace program code, identifying and recommending corrections for any errors.
  4. Write error-free programs using variables, constants, arrays, functions, control structures, repetition structures and files.

CS162 Computer Science II

Credits 4Winter/Spring

Registration Requirement: CS161 and MTH095 or higher, excluding MTH098.

This course is an introduction to object-oriented programming and to software engineering. Students will write programs that use structs, classes, inheritance and polymorphism to manage objects. Additional topics include recursion, information hiding, testing, and the use of debugging tools.

This course fulfills: Non-Lab Science

View Course Outcomes:

  1. Apply the principles of object-oriented design in the development of a complete software package, given a set of customer specifications.
  2. Develop and implement a plan for testing a program for correctness.
  3. Implement advanced language concepts and syntax such as polymorphism and inheritance in class definitions.

ISTM284E Ethical Hacking

Credits 3Winter

Registration Requirement: ISTM183A, ISTM183B, ISTM183C and ISTM140L or equivalent knowledge.

This class demonstrates the ethical use of various "white hat" cyber penetration testing tools and techniques consistent with Ethical Hacking training. Network tools and techniques take place in an enclosed "sandbox" environment. Students are exposed to various computer hacking skills and analyze various protective measures and their effectiveness.

Additional Course Fee: $75.00

View Course Outcomes:

  1. Apply a penetration a testing framework and methodology to find and act upon vulnerabilities in a given system
  2. Be able to find, choose, and use the appropriate utility or series of steps for a given task or exploit in penetration testing activities.
  3. Produce a formal written assessment at the end of penetration testing activities to be given and used by a client.

ISTM300 Issues in Cybersecurity (Course offered online)

Credits 4Fall

Registration Requirement: CIS284S.

This cyber survey class is designed to prepare students with either existing IS, IT, or Cybersecurity AAS degree, or with equivalent IT industry experience, or returning student with advanced degree, to get foundational training on current cyber topics allowing successful entry into the Cybersecurity BAS program. An Associate Degree or better in any field OR at least 2 years experience in Cybersecurity, Information/Computer Information Systems, Computer Science, Information Technology or equivalent fields is highly recommended.

View Course Outcomes:

  1. Appraise the current cybersecurity landscape for strengths and weaknesses
  2. Differentiate various cybersecurity players and their associative attack strategies
  3. Assess the value of different kinds of cyber tools and describe how and when they should be appropriately applied
  4. Justify how physical security is an essential component of cybersecurity
  5. Using prior knowledge and training, be able to discuss cyber management topics (e.g., risk management, compliance, continuity, disaster recovery) and deliver actionable items (respond to questions, compile papers or reports, etc.).

ISTM310 Cyber Defense Strategies (Course offered online)

Credits 3Fall

Registration Requirement: CIS151 or ISTM151N. Co-requisite: ISTM284E.

This class establishes common defense strategy concepts and designs. Students will learn the basics of hardening an IT environment, implement monitoring and alerting tools across a network, and also conduct basic threat hunting activities. Students will develop a rudimentary Security Operations Center (SOC) as well as work with a Security Information and Event Management (SIEM) platform. Independent lab work is required. An Associate Degree or better in any field AND at least 2 years experience in Cybersecurity, Information/Computer Information Systems, Computer Science, Information Technology or equivalent fields is highly recommended.

View Course Outcomes:

  1. Perform vulnerability assessments and continuous defensive monitoring of a moderately complex networking environment containing a range of system types (clients, servers, firewalls, and other endpoints)
  2. Install, manage, configure, and tune a centralized logging and alerting tool to function as a centralized security monitoring tool
  3. Find, investigate, and mitigate active attacks on a network that have occurred previously and are actively occurring

ISTM315 Cyber Offense Strategies (Course offered online)

Credits 3Fall

Registration Requirement: ISTM233P. Co-requisite: ISTM284E.

This class will extend student’s understanding of penetration testing concepts from previous courses and learn how to engage in a more complex set of attack types, tools, and processes. An emphasis will be placed on “Red Team” activities and learning how to attack an active and complex network with a wider attack surface.

View Course Outcomes:

  1. Review "Red Team" and/or pentesting methodology to determine a target’s attack surface, gain initial access, escalate privileges, and then act on any objectives
  2. Determine the right tools for a given Red Team activity
  3. Initiate launch attacks that attempt to evade defenses and only minimally raise alarms
  4. Develop, configure, launch, and analyze the results of a phishing campaign

ISTM320 Digital Forensics and Incident Response (Course offered online)

Credits 4Winter

Registration Requirement: ISTM283F, ISTM183A, and ISTM183B.

In this course students learn the fundamentals of digital forensics and incident response. They are introduced to digital forensic tools and techniques to analyze data collected from electronic devices (including computers, media, and other digital sources). They will become familiar with proper techniques and tools utilized for securing, handling and preserving digital and multimedia evidence. Students are also introduced to the incident response process. An Associate Degree or better in any field AND at least 2 years experience in Cybersecurity, Information/Computer Information Systems, Computer Science, Information Technology or equivalent fields is highly recommended.

View Course Outcomes:

  1. Discuss the rules, laws, policies, and procedures that affect digital forensics
  2. Define steps included in a digital investigation from the initial recognition of an incident through the steps of evidence gathering, preservation and analysis, and the completion of legal proceedings
  3. Identify important file metadata and apply their use in a forensic investigation
  4. Perform a forensic investigation on a forensic image, using various tools to recover evidence, resulting in a report documenting the investigation
  5. Describe the incident response process

ISTM321 Mobile Forensics (Course offered online)

Credits 4Spring

Registration Requirement: ISTM183A, ISTM183B, and ISTM283F.

This course introduces students to the fundamentals of mobile forensics. Presented are techniques, tools, and procedures for conducting digital and network forensics of mobile devices. Topics include mobile forensics procedures, related legal issues, mobile platforms, bypassing locks, rooting/jailbreaking process, logical acquisition, physical acquisition, data recovery, analysis, and reporting.

View Course Outcomes:

  1. Summarize rules, laws, policies, and procedures that affect mobile forensics
  2. Describe various file system structures that are utilized in different mobile devices
  3. Identify the common artifacts found on mobile devices to look for during forensic investigation
  4. Define steps in a forensic investigation on a mobile device and the various tools used to recover evidence

ISTM322 Critical Infrastructure (Course offered online)

Credits 4Spring

Registration Requirement: CIS151 or ISTM151N. Co-requisite: ISTM300.

This class is an overview of the impact of cybersecurity critical infrastructure. Topics include attack targets, vulnerabilities, and actors. Various methodologies are appraised for mitigation of attacks and reduction of attack profiles. Lab work includes introduction to “ladder logic programming” and other Critical Infrastructure-based techniques. Prior programming experience in any modern language is recommended.

View Course Outcomes:

  1. Recognize cybersecurity requirements, issues, and needs specific to Critical Infrastructure organizations
  2. Demonstrate elementary Industrial Control Systems (ICS) and how they function
  3. Describe and differentiate Supervisory Control and Data Acquisition (SCADA) systems
  4. Apply various protocols and standards typically based on CI specific litigations and compliance
  5. Create elementary Ladder Logic Programs suitable for Programmable Logic Controllers (PLCs)

ISTM323 Practical Malware Analysis (Course offered online)

Credits 4Spring

Registration Requirement: Recommended requisite: CS162 preferred.

This course analyzes malware - including trojans and rootkits - using basic static and/or dynamic analysis through tools such as IDA Pro or similar.

View Course Outcomes:

  1. Identify and differentiate among the roles of the major computer system components in traditional and emerging architectures
  2. Analyze and propose solutions to address potential security risks to a computer's architecture
  3. Explain ways performance-enhancing techniques, virtualization and specialized domains can impact the security of a computer system and prioritize strategies to ensure system security

ISTM330 Cybersecurity Compliance (Course offered online)

Credits 4Winter

Registration Requirement: ISTM300. Co-requisite: ISTM284E.

This cyber management class explores the realm of cyber and legal compliance required for both business and government. Presented from the perspective of a layperson with no prior knowledge of concepts, topics in this class will include: the Health Insurance Portability and Accountability Act (HIPAA), Family Educational Rights and Privacy Act (FERPA), personally identifiable information (PII) concepts, the Payment Card Industry (PCI), and various legal issues involving privacy directed toward how companies can effectively maintain a compliant stance.

View Course Outcomes:

  1. Identify the various US cyber privacy laws (e.g. HIPAA, FERPA, PCI) and apply measures or rules which bring a system into compliance
  2. Prepare, design, and create a basic plan for a common IT compliance audit
  3. Differentiate compliance requirements between organizational types and technical domains
  4. Identify the ethical and educational requirements for an individual seeking a career as an IT Auditor

ISTM331 Risk Analysis (Course offered online)

Credits 4Winter/Spring

Registration Requirement: Co-requisite: ISTM300.

This cyber management class takes an in-depth approach to understanding how to perform risk analysis and differentiate various kinds of risk affecting a particular organization. In this manner, all risks can be enumerated and then mitigated appropriately based on the technology and/or resources available to that organization.

View Course Outcomes:

  1. Perform an assessment of an existing computer system for vulnerabilities
  2. Apply common vulnerability testing tools appropriate to a specific environment (organizational, system, or platform)
  3. Create a proposal for developing and managing a vulnerability and asset database
  4. Create a proposal for the identification, ranking, and mitigation of critical vulnerabilities in a system

ISTM333 Identity and Access Management (IAM) (Course offered online)

Credits 4Winter

Registration Requirement: CIS279S or ISTM279A.

This course introduces the concept of access control to information systems, whether local or remote. Applications, authentication, and accounting for end users and system administrators will be covered. In addition, security controls for access control including tokens, biometrics, and the use of public key infrastructures (PKI) will be covered. The overriding objective is to provide a foundation for access control and identity management methods used to secure networks, data, and information systems in both the public and private sectors and in organizations large and small.

View Course Outcomes:

  1. Perform an assessment of an existing access management system
  2. Design a new access management system appropriate for a small or medium sized business
  3. Demonstrate in a lab environment the encryption and decryption of files using Public Key Infrastructure (PKI)

ISTM340 Artificial Intelligence (Course offered online)

Credits 4Fall

Registration Requirement: CS161. Co-requisite: CS162.

This course covers the important concepts artificial intelligence is bringing to society. Topics to be covered include: terminology and scope of learning systems, mathematics of machine learning, classification of tasks, regression strategies, and evaluation of learning systems.

View Course Outcomes:

  1. Identify and evaluate approaches to machine learning and identify their strengths and weaknesses
  2. Justify the implementation of appropriate algorithms to solve problems, and implement that solution
  3. Analyze datasets for insufficiencies
  4. Demonstrate effective partitioning of datasets

ISTM345 Assembly Language for Cybersecurity (Course offered online)

Credits 4Spring

Registration Requirement: CS161. Co-requisite: CS162.

This course is an introduction to assembly language programming, as it applies to Cybersecurity professionals. Topics to be covered include: C programming, assembly instruction set architectures (x86-64, IA32, and ARM), conditional and repetition structures, functions, and arrays in assembly.

View Course Outcomes:

  1. Design, implement and test assembly language code written to solve specific problems
  2. Describe and discuss how assembly language code can be used by Cybersecurity professionals to reduce vulnerabilities and improve the security of software applications
  3. Analyze C code to determine appropriate locations to insert assembly code and implement assembly language code within C to solve a specific problem
  4. Compare code solutions to solve a problem using different instruction set architectures and provide translation of code written in one assembly language to another

ISTM346 Secure Programming (Course offered online)

Credits 4Spring

Registration Requirement: CS161. Co-requisite: CS162 and ISTM300.

This course introduces the secure software development process, including designing secure applications, writing secure code that can withstand attacks, and security testing and auditing. The course also focuses on the security issues a developer faces, common security vulnerabilities and flaws, and security threats. The course explains security principles, strategies, coding techniques, and tools that can help make code resistant to attacks. Students will write and analyze code that demonstrates specific security development techniques.

View Course Outcomes:

  1. Describe the role secure programming plays in software development and cybersecurity
  2. Design and implement code that uses secure programming strategies to protect data and its access
  3. Discriminate among common code vulnerabilities identified by software tools and make recommendations for corrections

ISTM350 Preparation for Cybersecurity Analyst (Course offered online)

Credits 4Fall

Registration Requirement: ISTM300 and ISTM310.

This course introduces tools and strategies for mitigating cybersecurity risks, recognizing prevalent threats, assessing organizational security, gathering and scrutinizing cybersecurity intelligence, and responding to incidents in real-time. The curriculum aims to equip students with the requisite skills and knowledge to adeptly analyze and address security threats within the context of a contemporary digital landscape.

View Course Outcomes:

  1. Explore methods for identifying and assessing vulnerabilities in systems
  2. Understand the architecture and functionality of security tools commonly used in cybersecurity analysis
  3. Develop skills in detecting and responding to security incidents
  4. Interpret and analyze security logs to identify and respond to suspicious activities
  5. Develop incident response strategies to effectively mitigate and recover from security incidents
  6. Leverage threat intelligence to enhance security defenses
  7. Understand the importance of compliance with relevant laws, regulations, and policies
  8. Evaluate and improve the security posture of an organization

ISTM380 Cyber Competition Alpha (Course offered online)

Credits 2Spring

Registration Requirement: ISTM310 and ISTM320. Co-requisite: ISTM284E.

This course is the first in a series of four total cyber competition courses offered for the AB in Cybersecurity program. This course will allow students to compete individually and in teams based on concepts / subject materials presented. Note: Competitions for this course may be with national (National Cyber League, etc.) or local (capture the flag-type or other) events and may include intercollegiate competitions.

View Course Outcomes:

  1. Diagnose and apply solutions to cyber challenges using critical thinking and research skills
  2. Demonstrate skills with a range of ethical hacking tools to determine issues for and/or implement a solution based on a scenario
  3. Hypothesize ways to gather intelligence on subjects including identifying the cybersecurity landscape, analyzing log files and reporting tools, and performing a phishing campaign

ISTM381 Cyber Competition Bravo (Course offered online)

Credits 2Spring

Registration Requirement: ISTM310 and ISTM320. Co-requisite: ISTM284E.

This course is the second in a series of four total cyber competition courses offered for the AB in Cybersecurity program. This course will allow students to compete individually and in teams based on concepts / subject materials presented. Note: Competitions for this course may be with national (National Cyber League, etc.) or local (capture the flag-type or other) events and may include intercollegiate competitions.

View Course Outcomes:

  1. Diagnose and apply solutions to cyber challenges using critical thinking and research skills
  2. Hypothesize ways to gather intelligence on subjects including identifying the cybersecurity landscape, analyzing log files and reporting tools, and performing a phishing campaign
  3. Hypothesize ways to gather intelligence on subjects including identifying regulations for digital forensics, using programmable logic controllers to assess information gathered, and analyzing an IT compliance audit

ISTM431 Information Technology Project Management (Course offered online)

Credits 3Winter

Registration Requirement: Co-requisites: ISTM300 and WR227.

This course introduces foundational concepts in project management, with an emphasis on IT projects. Topics and skills include determining a project’s scope, specifications and assumptions; identify appropriate methods and processes for initiating, planning, and controlling projects. This course prepares students for (but does not guarantee success on) the CompTIA Project+ exam.

View Course Outcomes:

  1. Demonstrate project management activities typically practiced during each phase of a project lifecycle
  2. Describe best practices in project cost control
  3. Identify common project team organizational structures
  4. Practice using appropriate project management tools, including tools for data gathering, data analysis, data representation, decision-making, and communication with internal and external stakeholders
  5. Explain relevant information security concepts informing best practices in project planning
  6. Implement effective meeting management techniques

ISTM490 Senior Project (Course offered online)

Credits 3Spring

Registration Requirement: Instructor signature required.

As a bridge from college to career, this capstone experience provides students with the opportunity to apply and expand on the knowledge and skills gained during their academic career. Students participate as teams in a virtual environment where they must defend a network with multiple devices while attempting to compromise the opposing team's network and devices. In this hands-on experience, they must rely on learned skills, industry best practices, and the teammates to be successful. Students work with the faculty member to reflect on and assess performance in this course.

View Course Outcomes:

  1. Demonstrate effective teamwork skills through critical thinking, problem solving, and communication
  2. Evaluate systems and data resources to prioritize their value and respond strategically
  3. Assess attack strategies and recommend defenses to those attacks
  4. Determine a target’s attack surface, gain initial access, escalate privileges, and then act on any objectives

Online option regularly offered

Cultural Literacy course