CPRs: Community Project Requirements

CPRs:

Community Project Requirements (CPRs)

The community of security professionals in government, commercial, and academic and research organizations is a powerful force for good. They often work together in ad hoc teams to fight against cyber crime and to help organizations block attacks or recover from attacks. When they learn about a major new vulnerability and wonder how best to respond, or when their organization is attacked and they are seeking tools that can help them defend their systems, security practitioners look to their network of practitioners for ideas, proven techniques and help in avoiding major mistakes. The SANS Technology Institute education provides opportunities for you to build your own network of security professionals from the other students and the faculty. These are the people you can call on, and who can call on you, when in need. This is such an important component of your education that we have engineered team activities into the programs to enrich your educational experience, to begin contributing to the security community, and to expand your network of peers. The projects, which involve research, writing and speaking, are graded. The sum of your scores on these exercises will be your final Community Project grade; or, if they are graded on a pass/fail basis, you must pass each exercise to receive a passing Community Project grade.

Residential Institutes and Community Project Requirements - General

Attendance at Three Residential Institutes

When the term Residential Institute (RI) is used by STI, it means that the STI Master's Student is performing a Community Project Requirement at a SANS Institute conference. These events are the large live six-day conferences that the SANS Institute offers on a periodic basis in various U.S. cities and some international sites.

Planning Spreadsheet for Residential Institutes

In advance of an RI that a student wishes to attend, he/she must complete the excel spreadsheet which can be planning spreadsheet for Residential Institutes. The student will attach it to an e-mail and send it to info@sans.edu.

Grading Rubrics/Checklists

The student should review the applicable Grading Rubrics/Checklists before starting the CPR.

Learning Objectives & Methods of Assessment

Review STI's Learning Objectives & Methods of Assessment here.

Hotel Expenses

Students must pay for their own hotel room and hotel tax as well as their other expenses for travel and food with the following exception: When a student acts as a teaching assistant to satisfy the teaching assistant Community Project Requirement, the Institute pays for the hotel room and hotel tax; but the student does not receive a teaching assistant fee, and the Institute does not pay for any other expenses. When the student is acting as a teaching assistant under the general teaching assistant pool, the student receives a teaching assistant fee, and the student's authorized expenses are paid for.

What Community Project Requirements must be performed at a Residential Institute?

What Community Project Requirements are performed away from a RI?

  • Joint Written Project
  • Awareness Talk

Do the Community Project Requirements have to be performed in a particular order?

As a general rule, they are performed in the following order: WorkStudy, Group Discussion and Written Project, First Oral Presentation, Joint Written Project, Second Oral Presentation, Teaching Assistant (GIAC GSE is required in place of Teaching Assistant for MSISE students accepted on or after September 15, 2008), Awareness Talk. [Note: When a student is ready to pursue the GSE, they can do so early in the program if they desire.]

Why does the student have to attend the three RIs?

The RIs provides live face-to-face time among students, faculty, and instructors. It provides students with opportunities to build their own network of security professionals with other students, faculty, and instructors; and helps to build their leadership skills.

Oral Presentations

At two of the three RIs, students must make an oral presentation at TWO of the three RIs. Generally, the presentation occurs at the second and third RIs, but it is possible for the student to do the first presentation at the first RI if they coordinate it with SANS Technology Institute's senior staff. The presentation topic is based on the student's previously earned Gold GIAC certifications research (unless the student receives permission from the college to use a topic not related to Gold). Students may request resource material about "How to Give Effective Presentations" by e-mailing info@sans.edu.

The following are some rules and tips for the Presentations:

  • Graduate level work is expected and required.
  • The Presentation must be technically strong. The audience primarily consists of persons with a strong technical focus. On occasion and with special permission, a presentation with a strong management focus may be allowed.
  • The presentation should go beyond the course upon which it is based; otherwise persons in the audience who just took that course will be bored and not learn anything.
  • Experts in the room should be able to learn something new, and even persons new to the subject should be able to understand at least part of the presentation. (Experts will get a golden nugget or two, and new persons will learn a lot). Remember that each person in the audience is investing 40 minutes of their valuable time.
  • The audience is thinking, "What is in this presentation for me?" Think of it like giving a "gift' to the audience.
  • It is not expected to be a presentation of the whole gold paper upon which it is based. When reviewing your Gold paper, look for the "golden nugget(s)" in the paper, and build your presentation around the golden nugget(s).
  • Prior to the Presentation, the student should listen to (or, at least, read the PDFs) the "Effective Presentations" webcasts that the college makes available to students upon request to info@sans.edu. Students who have done so have found them to be interesting and valuable.
  • Time management is important. Be ready to "go" when it is time to give your Presentation. If you delay, the audience may lose interest and some may leave.
  • Eye contact is important.
  • Students should try not to read slides verbatim. Transition into each slide (for example, you can use the title of the slide safely as a transition 30% of the time).
  • Questions. Repeat the question (or rephrase it to a better question) so that everyone in the room can hear what the question is.
  • Laser Pointer. Practice with your laser pointer to make sure you are comfortable with it before you give the presentation.

It is required that students read the information about presentations in the Planning Spreadsheet for Residential Institutes described above.

First Residential Institute

You will participate in the Work Study Program (previously called Volunteer Program) as a Facilitator. In addition to attending class, you will be a part of a live SANS conference. The purposes of Work Study are to help build leadership skills, team building skills, and, as a side benefit, you will probably develop relationships that last for years.

[The essay described in the following paragraph applies to students accepted on or after April 19, 2010.]

Students will write an essay about what they learned about leadership as a result of performing WorkStudy. To prepare them for Work Study and for writing this essay, students must read the leadership essay here before they undertake Work Study. The essay will be due within two weeks after WorkStudy (not to exceed one and a half typed pages; single spaced; double spaced between paragraphs). Performance on the essay will be evaluated by faculty of SANS Technology Institute. The student will be graded on a pass/fail basis, but that may change in the future.

Performance on the other activities related to Work Study will be evaluated by a SANS staff member experienced in the management of the residential institute/conference program. That SANS staff member may consult with faculty for whom the facilitator was a room monitor if applicable. The following is an example of an evaluation form that may be used: Facilitator Evaluation Form. The student will be graded on a pass/fail basis, but that may change in the future.

To be eligible to apply for the Work Study Community Project Requirement, the STI student must ALREADY have attended a large SANS conference. Student should coordinate with the SANS Facilitator Coordinator well in advance of the scheduled RI. The student should note boldly in their application to the Work Study Program that the student is in STI's Masters Degree Program, is requesting to perform Work Study as a Community Project Requirement, and that student ALREADY has attended a large SANS conference. The student should list in order of priority the courses for which the student is requesting to do Work Study. When the student has been approved to be a facilitator, the student should let STI know by sending student's Planning Sheet to info@sans.edu. Some examples of Facilitator duties include room monitor or bookroom Facilitator. Students can participate in those two types of activities without significantly affecting their ability to take a course at the conference. A Facilitator pays a reduced fee for the course in which he or she is a Facilitator.

Students must receive a passing score both on the essay (if applicable), and on the other activities related to Work Study, in order to have a passing score for the Work Study Community Project Requirement.

Below are the results of surveys of STI students about the value of Work Study:

  • Feb. 2009. We asked students to share what they learned as a result of work Study. Four responses were received:
    • I feel that the work study requirement serves multiple purposes.

      It is a fast paced week or more of 12 -16 hour days working in a close team environment.

      It offers students an opportunity to take on various team leadership roles Information Security professionals.

      It also provides a networking opportunity for STI students to meet and spend significant time getting to know their peers.

      Finally, at times, it really feels like a marathon, and the pressure of that type of "endurance" situation helps students to better understand their leadership tendencies and highlights areas in which they need further development.

    • For me, Work Study was great. As a virtual institution, STI promotes people meeting virtually, through email and other mechanisms, somehow this is not the same as meeting them in person. Work study allowed me to meet instructors and forge lifetime relationships with people I would not likely otherwise have met in person.

      It also permitted me to experience the leadership aspects of interacting with students, getting to understand the learning needs of those being introduced to Information Assurance training for the first time.

    • I found Work Study to be a valuable experience for several reasons.

      First, it was an opportunity to get training at a fraction of the regular cost, which was very valuable for me as a consultant who had to cover all fees myself.

      Second, I got an opportunity to work closely with other Work Study participants -- peers in the infosec field -- which encouraged all sorts of exchanges such as stimulating conversations and networking opportunities.

      Finally, by being a classroom facilitator, I was able to build relationships with the class instructor and with some students; if I had been a mere student, I would never have had that kind of visibility.

    • I can say that I really enjoyed it. I can also say that the increased access to the professor of the class provides a great time to ask questions that are not specifically class related. Since SANS instructors, unlike most university professors, are actually in the field doing the things they teach, their experience is very enlightening. The work itself is mundane which gives you an opportunity to speak with others in the security field. There is always something to learn from a fellow student or security practitioner since none of us know everything.

  • Sept. 2009. Seventeen of twenty-eight students replied:
    • At that time, we noted that the Purpose of WorkStudy/Facilitators was as follows: Teamwork is the primary focus of WorkStudy; and, as a side benefit, the student likely will develop relationships that last for years.

    • Have you performed Work Study as a Community Project Requirement? - Yes 13; No 4

    • If so, do you believe we are achieving our purpose? - 12 of the 13 who said yes above also replied yes here; 1 of the 13 replied maybe.

Joint Written Project

A student must engage in ONE Joint Written Project (JWP) during the term of the masters program. (It generally is completed after the first RI preferably, or after the second RI). It is recommended, but not required, that the student take MGT 525 Project Management and Effective Communications for Security Professionals and Managers before the student starts the Joint Written Project. The student must work with at least one other student as his or her partner(s) in the JWP. JWPs are assigned by the faculty of SANS Technology Institute via email to the student partners. Note that the project is due within 30 days after the assignment is given. For the assignment, a senior staff member will select a Learning Objective for the team. The Learning Objective will have an associated Outcome. In general, the team will:

  • Perform a critical analysis of the Learning Objective.
  • Perform a gap analysis and determine the project steps to improve the Learning Objective. A gap analysis means the team determines where they are and where they want to be.
  • Conduct original research on new developments that may have altered the subject matter.
  • Students create an assessment tool to measure whether students have mastered the subject material.
  • Submit the project results for evaluation and grading.

The JWP is written, and does not involve an oral presentation. The students will collaborate with their partner(s) by e-mail, phone, etc. to coordinate their efforts. In life, partners often must coordinate a project by e-mail, phone, etc. rather than face-to-face, so this project gives students experience working virtually. After the students receive the topic, they have up to 7 calendar days to submit their Project Plan for review. Once the Project Plan is approved, they have 30 days to submit the completed project for grading to SANS Technology Institute. The grade will be a team grade / each student in that team will receive the same grade. The grade will be on a pass/fail basis, but that may change in the future. SANS Technology Institute may, but is not required to, post passing projects onto its website.

How is a student assigned a partner? Please see the "Partner - How to Obtain a Partner" section below.

Second Residential Institute

Group Discussion and Written Project

The student will arrive two days BEFORE the scheduled RI to participate in a Group Discussion and Written Project (GDWP). A problem will be presented to the student's team the evening before the project is to be presented; and, as a team, the team prepares to present a recommended solution to senior staff about 24 hours later. As a leader, you will be expected to deal with situations with short turnaround times, so this project allows you to demonstrate those skills and to improve them. The actual presentation is given by one member of the team which the team selects. The presentation will be 15 minutes, 7 slides, 5 to 6 bullets per slide, maximum 10 typed pages. The presentation usually occurs in the evening in front of a member of SANS Technology Institute's senior staff. Generally, there are no other people in the audience, or only a few. The grade will be a team grade / each student in that team will receive the same grade. The grade will be on a pass/fail basis, but that may change in the future. SANS Technology Institute may, but is not required to, post passing projects onto its website. Due to a timing conflict, students generally cannot schedule a GDWP at the same conference where they are performing the WorkStudy Community Project Requirement. For more information about the GDWP, see the Planning Spreadsheet for Residential Institutes described above.

How is a student assigned a partner? Please see the "Partner - How to Obtain a Partner" section below.

Oral Presentation

See the Oral Presentation discussion in the "Attendance at Three Residential Institutes" section above.

Joint Written Project

If not already completed, see discussion above.

Third Residential Institute

Teaching Assistant

The following applies to (A) students in the MSISM program, and (B) MSISE students admitted into the master's program BEFORE September 15, 2008 unless those MSISE students opt to take the GSE in place of TA:

The student will assist an instructor as a teaching assistant (formerly a teaching assistant was called a proctor) in a hands-on course. Leaders have to be good at troubleshooting, whether the problem is technical, process or personal. A teaching assistant's job is to help other students, and that usually involves a lot of troubleshooting. The student will benefit from being exposed to an excellent hands-on instructor, and the student will be able to exercise important skills while assisting others in the hands-on instruction.

The student must coordinate with the SANS teaching assistant coordinator well in advance of the scheduled RI. The teaching assistant coordinator may be reached at djorgensen@sans.org. The student should tell the teaching assistant coordinator that the student is in SANS Technology Institute's masters degree program, and that the student is requesting to be a teaching assistant to satisfy the student's Community Project Requirement in the Master's Program. The student should let info@sans.edu know when the student has been chosen to be a facilitator in performance of the student's Community Project Requirement.

Teaching assistants are graded on a pass/fail basis. The instructor in the room will observe your grace under fire as you face various challenges, and then evaluate your performance. An example of the Teaching Assistant Evaluation form may be downloaded here. As teaching assistants, students likely will have access to the faculty speaker room to enhance their relationships with the faculty. For successful students, this can be the event during which they become a full-fledged member of the defensive information security community.

The student may not be able to take courses at this RI since he or she may be a teaching assistant about 36 hours over the span of the conference. The student will not be paid a fee for this teaching assistant requirement. When a student acts as a teaching assistant to satisfy the teaching assistant Community Project Requirement, the Institute pays for the hotel room and hotel tax; but the student does not receive a teaching assistant fee, and the Institute does not pay for any other expenses. (If a student later wants to apply to be a teaching assistant under SANS general teaching assistant pool, the student may be able to receive a teaching assistant fee. When the student is a teaching assistant under the general teaching assistant pool, the student receives a teaching assistant fee and the student's authorized expenses are paid for).

GIAC GSE:

The following applies to students in the MSISE program who were admitted into the masters program ON OR AFTER September 15, 2008:

The student must pass the GIAC GSE. For details about the GSE, see the GIAC GSE page. To understand more about misconceptions surrounding the GSE and for tips on Preparing for the GSE, see Kevin Bong's tips on preparing for the GSE.

Oral Presentation:

See the Oral Presentation discussion in the "Attendance at Three Residential Institutes" section above.

After Completion of the above Presentations/Projects

Security Awareness Talk in Student's Community - Plan

The Plan for the Security Awareness Talk. Within 30 days after the student finishes the presentations and projects described above, the student must present a plan to SANS Technology Institute describing how the student intends to satisfy the Awareness Talk. See the Grading Rubric/Checklist posted on the STI website or contact info@sans.edu to obtain it. (This paragraph about "the Plan" applies to students admitted June 1, 2006 and after).

Teaching Security Awareness in the Community (Applies to all students)

The student will teach SANS SECURITY 351 - Computer and Network Security Awareness, or a similar awareness course, at no cost or low cost to members of the public in the student's own community. [Note: MGT 438: How to Establish a Security Awareness Program includes material from SEC 351]. Upon student's request to info@sans.edu, the Institute will allow the student to use the SEC 351 course material for a low cost, or the student can devise his or her own course content. The student, and possibly SANS Technology Institute, will invite members of the public to attend. At least one representative from the student's own organization (place of employment) must be present. Evidence of the talk must be provided to SANS Technology Institute as provided in the Grading Rubric/Checklist posted on the STI website or contact info@sans.edu to obtain it.

Partner - How to Obtain a Partner for the Group Discussion & Written Project and the Joint Written Project

This section applies to students admitted before December 1, 2007:

Students may obtain their own partners by communicating with other master's students to see if someone is interested, or they may elect to have a partner assigned to them by the institution as described below.

This section applies to students admitted December 1, 2007 and after:

Partners will be assigned by the institution. The student will advise info@sans.edu that they wish to perform the (1) Group Discussion and Written Project at a certain Residential Institute, or (2) Joint Written Project starting at a certain time. If other students also request to perform that project, then the institution will pair them in groups (generally of two or three). There may be occasions where other students do not wish to perform that project at that time or place, so the student will need to schedule it later.

In keeping with the consistent leadership policy of the college, it is expected that students will follow through in their plans to work with a partner. Each of them relies on the other in making plans. Please note that the institution is not liable for costs and inconvenience incurred by a student resulting from a partner's failure to perform. In the unlikely event that students schedule a Group Discussion and Written Project, and one arrives but the other does not, then the following applies:

  • The student who is present may reschedule it for a later date (recommended);

or

  • The student who is present may proceed on his/her own (not recommended but acceptable).

The student who does not arrive receives an incomplete.