MSBX 5500 | Spring 2021

Instructor: Dave Eargle (contact)

See for class meeting day and time.

See Canvas for office hours and slack workspace information

Course Description

This class is a capstone class for the security analytics track of the business analytics masters at CU Boulder. This is the second time ever that this class has been taught.

This class explores the application of data analytics to the domain of information security. It uses python machine learning libraries to both build and deploy models for both supervised and unsupervised modeling algorithms. Business problem contexts include classifying the likelihood that a file or website is malicious based on either extracted static indicators or dynamic behavioral analysis (predictive analytics), as well as network anomaly detection on organizational network traffic data or on user account usage (unsupervised machine learning).

Consider this sage prediction:

“The year 2020 expects to see an increase in the preventative approach of deep learning environments, which will become outdated and dangerous. TTPs will continue to evolve cyber threats; we’ll fight AI with AI. Drones hovering outside office windows will discuss ML and AI to combat the threat landscape. These AI will announce a strike over Twitter, the first monumental disruption in 2020.

“Real-time data and analytics and machine learning and AI creates unpreparedness by corporations and Big Tech companies. Managed detection engines are built on human made logic, but keeping this up-to-date against the latest studies costs almost three million cyber security. Perhaps the most attention raised by increasingly employed AI-based solutions is our need to reconsider our notions of what makes a mistake.”

– Kelly Shortridge, VP of product strategy at Capsule8’s, bot.


This class has the following prerequisites:

  • Mastery of computer networking and infosec, as some examples and labs throughout go into depth for both.
  • Mastery of basics of statistics and machine learning. Goes deeper into certain areas of CRISP-DM, assuming foundational knowledge

Students in the security analytics track of the MSBA pass both prerequistes. MBAs may take the class, but only if they demonstrate competency to me in the two above prereqs. This is not a “learn python ML from scratch” class.

Learning Outcomes

Some of the learning outcomes below are actually target program outcomes a security analytics student. As such, while we won’t necessarily hit all of these in this class, each assignment should touch on at least some of these.

Use collaborative and open-source coding practices
  • Git and github
  • Sharing read-only Jekyll notebooks on github
  • Markdown language
Continuous self-education
  • Problem-solve by reading and using python library documentation and source code
  • Use open tools such as wikipedia to learn cutting-edge ML techniques and concepts
  • Obtain domain-specific ML knowledge by reading academic papers and extracting methods
Apply CRISP-DM to security analytics contexts
  • explain examples unsupervised and supervised business problems in security analytics domains
  • comfortably discuss fundamentals of the entire CRISP-DM process
Report analytics results
  • write a full CRISP-DM report and publish it in an open format
  • recommend a model based on evaluation scores
  • report feature importances, written for a managerial audience.
Demonstrate and explain deployment of models with python
  • choosing a cutoff threshold – automating using optimization of F1 (and why)
  • python-“Pickling” a model
    • sklearn pipelines for easy replicability
  • Cloud deployment, such as AWS API ML endpoint
  • Explain and use tools such as Docker, Heroku, and Mybinder


Canvas announcements, Slack for async watercooler type banter and help, and a class Github repo for assignments.

You aren’t required to read and be aware of everything that happens on slack to complete assignments. If it comes up in slack that something in the assignments is wrong, or broken, I’ll make an effort to update the assignment document webpage. Therefore, don’t rely on offline, potentially out-of-date assignment documents.

You are required to be aware of all announcements I make via Canvas.

Technology Requirements

I’ll try to make it so that you don’t need a fancy-pants laptop for any of our class content. We’ll do cloud computing etc.

Text Materials

You must grok this book:

  • Provost, Foster and Tom Fawcett (2013), Data Science for Business: What You Need to Know About Data Mining and Data-Analytic Thinking. O’Reilly Media. Available on Amazon


This is a labs-based class. I will typically give you at least a week to complete each assignment. Assignments may include programming and report writing, reading and exams, and deliverables on projects. As one of my key goals for you is for you to have portfolio-ready work and job market-ready domain mastery,

I may give you the ability to redo certain assignments after I have given you feedback.

Assignments will be hosted on GitHub but formally assigned on Canvas. Deliverables may often be for you to give me a link pointing to your completed work.


Assignments will be weighted when assigned. Sorry that I can’t tell you all of the assignments and weights ahead of time – this is only the second time this class have ever been taught, so I want to maintain some flexibility. But I won’t change the weighting after I have given the assignment. I’ll use Canvas to post all assignments with their weights, so that you have an overview idea at any given time. That is to say, if I assign you something, it won’t not be on Canvas. So you can use Canvas for tracking.


Besides assignments, your grade will be determined by your “participation.” Examples of participation may include, but are not limited to, the following:

  • attending class sessions (attendance is required!)
    • having your camera on during class
    • “engaging” during class
      • not doing other things during class
      • eye contact?
      • using the zoom “chat” feature during class
      • verbally asking questions or making comments (not a hard requirement)
  • participating on the class Slack workspace. This is more about being a community member.
    • asking good questions
    • answering questions
    • leaving slack reactions
    • not changing your display name to be “Llama Face”
      • actually this arguably counts as positive slack participation

Like last semester, I’ll give you an opportunity to suggest and justify a participation score for yourself.

Relevant University Offices, Policies, and Procedures

Classroom Behavior

Both students and faculty are responsible for maintaining an appropriate learning environment in all instructional settings, whether in person, remote or online. Those who fail to adhere to such behavioral standards may be subject to discipline. Professional courtesy and sensitivity are especially important with respect to individuals and topics dealing with race, color, national origin, sex, pregnancy, age, disability, creed, religion, sexual orientation, gender identity, gender expression, veteran status, political affiliation or political philosophy. For more information, see the policies on classroom behavior and the Student Code of Conduct.

Requirements for Covid-19

As a matter of public health and safety due to the pandemic, all members of the CU Boulder community and all visitors to campus must follow university, department and building requirements, and public health orders in place to reduce the risk of spreading infectious disease. Required safety measures at CU Boulder relevant to the classroom setting include:

  • maintain 6-foot distancing when possible,
  • wear a face covering in public indoor spaces and outdoors while on campus consistent with state and county health orders,
  • clean local work area,
  • practice hand hygiene,
  • follow public health orders, and
  • if sick and you live off campus, do not come onto campus (unless instructed by a CU Healthcare professional), or if you live on-campus, please alert CU Boulder Medical Services.

Students who fail to adhere to these requirements will be asked to leave class, and students who do not leave class when asked or who refuse to comply with these requirements will be referred to Student Conduct and Conflict Resolution. For more information, see the policies on COVID-19 Health and Safety and classroom behavior and the Student Code of Conduct. If you require accommodation because a disability prevents you from fulfilling these safety measures, please see the “Accommodation for Disabilities” statement on this syllabus.

All students who are new to campus must complete the COVID-19 Student Health and Expectations Course. Before coming to campus each day, all students are required to complete the Buff Pass. In this class, you may be reminded of the responsibility to complete the Buff Pass and given time during class to complete it.

Students who have tested positive for COVID-19, have symptoms of COVID-19, or have had close contact with someone who has tested positive for or had symptoms of COVID-19 must stay home. In this class, if you are sick or quarantined, please contact me via email or slack.

Accommodation for Disabilities

If you qualify for accommodations because of a disability, please submit your accommodation letter from Disability Services to your faculty member in a timely manner so that your needs can be addressed. Disability Services determines accommodations based on documented disabilities in the academic environment. Information on requesting accommodations is located on the Disability Services website. Contact Disability Services at 303-492-8671 or [email protected] for further assistance. If you have a temporary medical condition, see Temporary Medical Conditions on the Disability Services website.

Preferred Student Names and Pronouns

CU Boulder recognizes that students’ legal information doesn’t always align with how they identify. Students may update their preferred names and pronouns via the student portal; those preferred names and pronouns are listed on instructors’ class rosters. In the absence of such updates, the name that appears on the class roster is the student’s legal name.

Honor Code

All students enrolled in a University of Colorado Boulder course are responsible for knowing and adhering to the Honor Code. Violations of the policy may include: plagiarism, cheating, fabrication, lying, bribery, threat, unauthorized access to academic materials, clicker fraud, submitting the same or similar work in more than one course without permission from all course instructors involved, and aiding academic dishonesty. All incidents of academic misconduct will be reported to the Honor Code ([email protected]); 303-492-5550). Students found responsible for violating the academic integrity policy will be subject to nonacademic sanctions from the Honor Code as well as academic sanctions from the faculty member. Additional information regarding the Honor Code academic integrity policy can be found at the Honor Code Office website.

The University of Colorado Boulder (CU Boulder) is committed to fostering an inclusive and welcoming learning, working, and living environment. CU Boulder will not tolerate acts of sexual misconduct (harassment, exploitation, and assault), intimate partner violence (dating or domestic violence), stalking, or protected-class discrimination or harassment by members of our community. Individuals who believe they have been subject to misconduct or retaliatory actions for reporting a concern should contact the Office of Institutional Equity and Compliance (OIEC) at 303-492-2127 or [email protected] Information about the OIEC, university policies, anonymous reporting, and the campus resources can be found on the OIEC website.

Please know that faculty and graduate instructors have a responsibility to inform OIEC when made aware of incidents of sexual misconduct, dating and domestic violence, stalking, discrimination, harassment and/or related retaliation, to ensure that individuals impacted receive information about options for reporting and support resources.

Religious Holidays

Campus policy regarding religious observances requires that faculty make every effort to deal reasonably and fairly with all students who, because of religious obligations, have conflicts with scheduled exams, assignments or required attendance. In this class, please contact me far in advance about any such conflicts, so that we can work something out.

See the campus policy regarding religious observances for full details.