Schedule

By Mike Hicks

January 2, 2026

Date	Topic / Speaker	Readings & handouts	Assignment
Jan 15	Introduction and syllabus	S. Keshav. How to Read a Paper. ACM SIGCOMM Computer Communication Review, Volume 37, Number 3, July 2007.
Jan 20	Attacks: Vulnerability exploitation	MITRE. 2025 CWE Top 25 Most Dangerous Software Weaknesses. Dec 2025. Marc Frederic Gomez. Top 25 CWE 2025 - Technical Analysis. Blog article, Dec 2025. OWASP. OWASP Top 10: The Ten Most Critical Web Application Security Risks. Dec 2025. Christian Heilmann. Web Security: Are You Part of the Problem?. Smashing magazine, Jan 2010.
Jan 22	Attacks: Exploiting the human	Ho, Grant, et al. Understanding the efficacy of phishing training in practice. 2025 IEEE Symposium on Security and Privacy (SP). IEEE, 2025. Optional: Lorrie Faith Cranor. A Framework for Reasoning About the Human in the Loop. In Proceedings of UPSEC 2008.	Proj 1: Security Breach Communication & Persuasion Video Due: Feb 9
Jan 27	Speaking and writing well (generally, and for security)	Ernst, Michael. How to give a technical presentation
Jan 29	Cybersecurity economics	Ross Anderson. Why information security is hard - an economic perspective. Seventeenth annual computer security applications conference (ACSAC). IEEE, 2001. Ian Griggs, The Market for Silver Bullets, 2008.