MSBX5500 Spring 2022 - Security Analytics


  • MSBX 5500
Dave Eargle (contact)
Fridays, 9:30am - 12:00am
Office Hours
See canvas

Course Description

This class is offered within the security analytics track of the business analytics masters at CU Boulder.

This class explores the application of data analytics to the domain of information security. It uses python machine learning libraries to both build and deploy models for both supervised and unsupervised modeling algorithms. Business problem contexts include classifying the likelihood that a file or website is malicious based on either extracted static indicators or dynamic behavioral analysis (predictive analytics), as well as network anomaly detection on organizational network traffic data or on user account usage (unsupervised machine learning).

Consider this sage prediction from 2020, still relevant for us today:

The year 2020 expects to see an increase in the preventative approach of deep learning environments, which will become outdated and dangerous. TTPs will continue to evolve cyber threats; we’ll fight AI with AI. Drones hovering outside office windows will discuss ML and AI to combat the threat landscape. These AI will announce a strike over Twitter, the first monumental disruption in 2020.

Real-time data and analytics and machine learning and AI creates unpreparedness by corporations and Big Tech companies. Managed detection engines are built on human made logic, but keeping this up-to-date against the latest studies costs almost three million cyber security. Perhaps the most attention raised by increasingly employed AI-based solutions is our need to reconsider our notions of what makes a mistake.

– Kelly Shortridge, VP of product strategy at Capsule8’s, bot.


This class has the following prerequisites:

  • Proficiency in (or concurrent coursework on) concepts of computer networking and information security management.
  • Proficiency in the basics of statistics and machine learning, as well as in using Python to perform the same.

Students in the security analytics track of the MSBA pass both prerequistes. MBAs may take the class, but only if they demonstrate competency to me in the two above prereqs. This is not a “learn python ML from scratch” class.

Learning Outcomes

Synopsis: Students will use security-related datasets to practice and demonstrate comprehension of principles of reproducible data science and deploying machine learning models.

Use code versioning and collaboration tools
  • Use Git and Github responsibly
  • Write markdown
  • Submit pull requests
Use cloud computing for data science
  • Spin up Jupyter notebooks on cloud instances. Fast.
Do reproducible data science
  • Share your code, its results, and (maybe) your data
  • “Works on my machine”: specify environments using tools like venv, MyBinder, and Docker
Deploy machine learning models with python
  • “Pickle” (serialize) models
  • Use “pipelines” for generalizable ML processes
  • Choose cutoff thresholds via optimizing F1
  • Create APIs to consume serialized models
  • Deploy models to cloud platforms, such as Heroku or AWS or GCP API ML endpoints


Canvas for announcements, and Slack for async watercooler-type banter and help-requests.

You aren’t required to read and be aware of everything that happens on slack to complete assignments. If it comes up in slack that something in the assignments is wrong, or broken, I’ll make an effort to update the assignment document webpage. Therefore, don’t rely on offline, potentially out-of-date assignment documents.

You are required to be aware of all announcements I make via Canvas.

Technology Requirements

You need python3 on a computer that you bring to class. Besides that, you just need a stable internet connection to use cloud computing resources.

Text Materials

You must grok this book:

Foster Provost and Tom Fawcett (2013), Data Science for Business: What You Need to Know About Data Mining and Data-Analytic Thinking. O’Reilly Media. Available on Amazon

Warning – the kindle version has crummy images. The book is not expensive.



This is a labs-based class. I will typically give you at least a week to complete each assignment. I may assign as many as one lab per week.

Labs may include submitting zip files of your code repositories, or submitting screenshot-evidence of task completion.


I will assign you some readings and associated open-book quizzes from Provost and Fawcett, and from other sources.

Final Exam

The final exam will include conceptual questions covering topics from lecture.


Most students will earn 80% of these points. Students who are exceptional and go above and beyond in enhancing the classroom experience may receive a higher score.

The following list is not comprehensive, but rather an example of items considered for the class participation score:

  • Attend and participate in class sessions (attendance is required!)
    • Making good efforts to complete in-class activities
  • Participate on the class Slack workspace.
    • Be a community member.
    • Ask good questions
    • Answer questions
    • Use slack reactions

Point Distribution

Category Weight
Labs 65
Reading Quizzes 5
Participation 10
Final Exam 20

Late Work

All assignments and projects are to be submitted on time or early, so plan accordingly. If you must miss class, please submit your assignment early. On rare occasions, an exception may be granted, allowing the student to submit the work late with a 20% penalty. Under no circumstances will anything be accepted more than a week late.

University Policies

Classroom Behavior

Both students and faculty are responsible for maintaining an appropriate learning environment in all instructional settings, whether in person, remote or online. Those who fail to adhere to such behavioral standards may be subject to discipline. Professional courtesy and sensitivity are especially important with respect to individuals and topics dealing with race, color, national origin, sex, pregnancy, age, disability, creed, religion, sexual orientation, gender identity, gender expression, veteran status, political affiliation or political philosophy. For more information, see the policies on classroom behavior and the Student Conduct & Conflict Resolution policies.

Requirements for COVID-19

As a matter of public health and safety, all members of the CU Boulder community and all visitors to campus must follow university, department and building requirements and all public health orders in place to reduce the risk of spreading infectious disease. Students who fail to adhere to these requirements will be asked to leave class, and students who do not leave class when asked or who refuse to comply with these requirements will be referred to Student Conduct and Conflict Resolution. For more information, see the policy on classroom behavior and the Student Code of Conduct. If you require accommodation because a disability prevents you from fulfilling these safety measures, please follow the steps in the “Accommodation for Disabilities” statement on this syllabus.

CU Boulder currently requires masks in classrooms and laboratories regardless of vaccination status. This requirement is a precaution to supplement CU Boulder’s COVID-19 vaccine requirement. Exemptions include individuals who cannot medically tolerate a face covering, as well as those who are hearing-impaired or otherwise disabled or who are communicating with someone who is hearing-impaired or otherwise disabled and where the ability to see the mouth is essential to communication. If you qualify for a mask-related accommodation, please follow the steps in the “Accommodation for Disabilities” statement on this syllabus. In addition, vaccinated instructional faculty who are engaged in an indoor instructional activity and are separated by at least 6 feet from the nearest person are exempt from wearing masks if they so choose.

If you feel ill and think you might have COVID-19, if you have tested positive for COVID-19, or if you are unvaccinated or partially vaccinated and have been in close contact with someone who has COVID-19, you should stay home and follow the further guidance of the Public Health Office ([email protected]). If you are fully vaccinated and have been in close contact with someone who has COVID-19, you do not need to stay home; rather, you should self-monitor for symptoms and follow the further guidance of the Public Health Office ([email protected]).

Accommodation for Disabilities

If you qualify for accommodations because of a disability, please submit your accommodation letter from Disability Services to your faculty member in a timely manner so that your needs can be addressed. Disability Services determines accommodations based on documented disabilities in the academic environment. Information on requesting accommodations is located on the Disability Services website. Contact Disability Services at 303-492-8671 or [email protected] for further assistance. If you have a temporary medical condition, see Temporary Medical Conditions on the Disability Services website.

Preferred Student Names and Pronouns

CU Boulder recognizes that students’ legal information doesn’t always align with how they identify. Students may update their preferred names and pronouns via the student portal; those preferred names and pronouns are listed on instructors’ class rosters. In the absence of such updates, the name that appears on the class roster is the student’s legal name.

Honor Code

All students enrolled in a University of Colorado Boulder course are responsible for knowing and adhering to the Honor Code academic integrity policy. Violations of the Honor Code may include, but are not limited to: plagiarism, cheating, fabrication, lying, bribery, threat, unauthorized access to academic materials, clicker fraud, submitting the same or similar work in more than one course without permission from all course instructors involved, and aiding academic dishonesty. All incidents of academic misconduct will be reported to the Honor Code ([email protected]); 303-492-5550). Students found responsible for violating the academic integrity policy will be subject to nonacademic sanctions from the Honor Code as well as academic sanctions from the faculty member. Additional information regarding the Honor Code academic integrity policy can be found on the Honor Code website.

CU Boulder is committed to fostering an inclusive and welcoming learning, working, and living environment. The university will not tolerate acts of sexual misconduct (harassment, exploitation, and assault), intimate partner violence (dating or domestic violence), stalking, or protected-class discrimination or harassment by or against members of our community. Individuals who believe they have been subject to misconduct or retaliatory actions for reporting a concern should contact the Office of Institutional Equity and Compliance (OIEC) at 303-492-2127 or email [email protected]. Information about university policies, reporting options, and the support resources can be found on the OIEC website.

Please know that faculty and graduate instructors have a responsibility to inform OIEC when they are made aware of incidents of sexual misconduct, dating and domestic violence, stalking, discrimination, harassment and/or related retaliation, to ensure that individuals impacted receive information about their rights, support resources, and reporting options. To learn more about reporting and support options for a variety of concerns, visit Don’t Ignore It.

Religious Holidays

Campus policy regarding religious observances requires that faculty make every effort to deal reasonably and fairly with all students who, because of religious obligations, have conflicts with scheduled exams, assignments or required attendance.

See the campus policy regarding religious observances for full details.