Cybersecurity and Threat Intelligence
The Master of Cybersecurity and Threat Intelligence (MCTI) is offered by the School of Computer Science.
This professionally oriented master's is unique in its core focus on threat intelligence, Security Incident and Event Management (SIEM), intrusion prevention, malware analysis, penetration testing, and computer forensics, and in its integration of experiential lab-based learning. It covers the most challenging and technical aspects of the cybersecurity field and ensures that graduates are equipped with the professional capabilities to respond ethically and with a global social awareness of the implications of their work. Students gain hands-on experience with real and simulated security attacks such that graduates are primed to help organizations create security frameworks, protect sensitive data from threats, and analyse violations to help prevent future breaches.
Administrative Staff
Director
Ali Dehghantanha (150 Research Lane Suite 120C)
adehghan@uoguelph.ca
Graduate Program Coordinator
Stacey Scott (3308 Reynolds, Ext. 54153)
graddir@socs.uoguelph.ca
Graduate Program Assistant
Simar Dhindsa (150 Research Lane, Suite 120)
cybergrad@socs.uoguelph.ca
Program Manager
Rick Moroz (150 Research Lane, Suite 120B)
rmoroz@uoguelph.ca
Graduate Faculty
This list may include Regular Graduate Faculty, Associated Graduate Faculty and/or Graduate Faculty from other universities.
Luiza Antoine
B.Sc. Politehnica Bucharest (Romania), M.Sc., PhD Alberta - Associate Professor
Graduate Faculty
Neil Bruce
B.Sc. Guelph, M.A.Sc., Waterloo, PhD York - Associate Professor
Graduate Faculty
David A. Calvert
BA, M.Sc. Guelph, PhD Waterloo - Associate Professor
Graduate Faculty
Ritu Chaturvedi
PhD Windsor - Assistant Professor
Graduate Faculty
Rozita Dara
B.Sc. Shahid Teheshti, M.Sc. Guelph, PhD Waterloo - Associate Professor
Graduate Faculty
Ali Dehghantanha
BSE Azad, M.Sc., PhD Putra Malaysia - Associate Professor
Graduate Faculty
David Flata
B.Sc., M.Sc., PhD Saskatchewan - Associate Professor
Graduate Faculty
Dan Gillis
B.Sc., M.Sc., PhD Guelph - Associate Professor
Graduate Faculty
Minglun Gong
B.Eng. Harbin Engineering, M.Sc. Tsinghua, PhD Alberta - Professor and Director
Graduate Faculty
Gary Gréwal
B.Sc. Brock, M.Sc., PhD Guelph - Associate Professor
Graduate Faculty
Andrew Hamilton-Wright
B.Sc., M.Sc. Guelph, PhD Waterloo - Associate Professor
Graduate Faculty
Hassan Khan
B.Sc. NUST, M.Sc. Southern California, PhD Waterloo - Assistant Professor
Graduate Faculty
Stefan C. Kremer
B.Sc. Guelph, PhD Alberta - Professor
Graduate Faculty
Xiaodong Lin
B.A.Sc. Nanjing, M.Sc. East China Normal, PhD Beijing, PhD Waterloo - Professor
Graduate Faculty
Pascal Matsakis
B.Sc., M.Sc., PhD Paul Sabatier (France) - Professor
Graduate Faculty
Judi R. McCuaig
B.Ed., B.Sc., MS, PhD Saskatchewan - Associate Professor
Graduate Faculty
Denis Nikitenko
B.Sc. Ryerson, M.Sc., PhD Guelph - Assistant Professor
Graduate Faculty
Joseph Sawada
B.Sc., PhD Victoria (British Columbia) - Professor
Graduate Faculty
Stacey Scott
B.Sc. Dalhousie, PhD Calgary - Professor
Graduate Faculty
Fei Song
B.Sc. Jilin (China), M.Sc. Academia Sinica (China), PhD Waterloo - Associate Professor
Graduate Faculty
Deborah A. Stacey
B.Sc. Guelph, M.A.Sc., PhD Waterloo - Associate Professor
Graduate Faculty
Fangju Wang
BE Changsha, M.Sc. Peking, PhD Waterloo - Professor
Graduate Faculty
Mark Wineberg
B.Sc. Toronto, M.Sc., PhD Carleton - Associate Professor
Graduate Faculty
Michael A. Wirth
B.Sc. New England (Australia), M.Sc. Manitoba, PhD RMIT Melbourne - Associate Professor
Graduate Faculty
MCTI Program
Admission Requirements
Admission to the Master of Cybersecurity and Threat Intelligence program may be granted on the School of Computer Science’s recommendation to:
- Applicants who have successfully completed an undergraduate degree/baccalaureate in an honours program or the equivalent (having achieved a grade average of at least 75%, B, in the last four semesters of study) in computer science, computer engineering, or a related subject area (or hold a minor in one of these areas) from a recognized university; and
- Applicants who have relevant experience or background knowledge of Data Communication and Networking (such as a course equivalent to CIS*3210 Computer Networks) and Computer Programming (such as a course equivalent to CIS*2500 Intermediate Programming).
Successful applicants must also meet the University of Guelph’s English Proficiency requirements for admission. If an applicant’s first language is not English, an English Language Proficiency test will be required during the application phase.
All applications will be reviewed by the cybersecurity admissions committee. Students are admitted for a September start date. The School of Computer Science office should be consulted for admission deadlines.
Learning Outcomes
Upon successful completion of the Master of Cybersecurity and Threat Intelligence at the University of Guelph, graduates will have the capacity to practice the following.
- Security Analysis and Design
- Analyse various threats that an organization is facing and demonstrate vulnerabilities in existing systems and processes; and
- Define and implement security policies for organizations of different sizes using well-established security controls.
- Security Architecture
- Evaluate existing network architectures and identify attack surfaces and vulnerabilities;
- Implement methods to build a defensible architecture; and
- Build mechanisms to continuously monitor the activities in the secured enterprise network architecture.
- Threat Intelligence
- Follow best practices and ethical issues revolving around collection, labelling, storage, and sharing of data from sources of interest;
- Analyse and correlate data from various sources to draw meaningful conclusions about potential malicious activity; and
- Use artificial intelligence to design smart data driven systems to respond to Advanced Persistent Threats.
- Digital Forensics
- Identify, collect, analyse, and preserve evidences from a variety of traditional and modern computing platforms; and
- Solve and document compromised cases through incident handling and forensics investigation methodologies to develop investigation plans.
- Penetration Testing
- Conduct structured discovery of security vulnerabilities in systems, networks, and web services; and
- Propose concrete methods to fix discovered security vulnerabilities.
- Professional Capacity
- Demonstrate ethical behaviour consistent with academic integrity and the professional code of ethics as required in cybersecurity and threat intelligence;
- Collaborate and conduct in-depth research about different cyber threats and prepare relevant technical and non-technical reports; and
- Demonstrate entrustable professional skills including initiative, responsibility, accountability, and decision making in complex situations.
Program Requirements
The Master of Cybersecurity and Threat Intelligence is a coursework master's degree focused on training individuals to become technically skilled and ethically-minded cybersecurity professionals. Students develop mastery in security analysis and design, security architecture, threat intelligence, digital forensics, and penetration testing. Hands-on training in the cybersecurity teaching lab, the Security Operations Centre, enables students to work with real and simulated security attacks independently and collaboratively. Students may choose to complete their program through an independent project wherein students partner with an industry or academic partner to produce an evidence-based solution to a complex cybersecurity problem.
All students in the Master of Cybersecurity and Threat Intelligence program are required to complete a minimum of 4.00 graduate credits, including CIS*6590 Professional Seminar in Cybersecurity. The remaining 3.50 credits must be completed from the following list of courses:
Code | Title | Credits |
---|---|---|
CIS*6510 | Cybersecurity and Defense in Depth | 0.50 |
CIS*6520 | Advanced Digital Forensics and Incident Response | 0.50 |
CIS*6530 | Cyber Threat Intelligence and Adversarial Risk Analysis | 0.50 |
CIS*6540 | Advanced Penetration Testing and Exploit Development | 0.50 |
CIS*6550 | Privacy, Compliance, and Human Aspects of Cybersecurity | 0.50 |
CIS*6560 | Cybersecurity and Threat Intelligence Project | 1.00 |
CIS*6570 | Advanced Cryptography and Cryptanalysis | 0.50 |
CIS*6580 | Security Monitoring and Cyber Threat Hunting | 0.50 |
CIS*6670 | Special Topics in Cybersecurity | 0.50 |
Courses
An examination of Artificial Intelligence principles and techniques such as: logic and rule based systems; forward and backward chaining; frames, scripts, semantic nets and the object-oriented approach; the evaluation of intelligent systems and knowledge acquisition. A sizeable project is required and applications in other areas are encouraged.
Relational and other database systems, web information concurrency protocols, data integrity, transaction management, distributed databases, remote access, data warehousing, data mining.
Artificial neural networks, dynamical recurrent networks, dynamic input/output sequences, communications signal identification, syntactic pattern recognition.
Data mining and bioinformatics, molecular biology databases, taxonomic groupings, sequences, feature extraction, Bayesian inference, cluster analysis, information theory, machine learning, feature selection.
This course will discuss problems where optimization is required and describes the most common techniques for discrete optimization such as the use of linear programming, constraint satisfaction methods, and genetic algorithms.
This course introduces the student to basic genetic algorithms, which are based on the process of natural evolution. It is explored in terms of its mathematical foundation and applications to optimization in various domains.
Representation of uncertainty, Dempster-Schafer theory, fuzzy logic, Bayesian belief networks, decision networks, dynamic networks, probabilistic models, utility theory.
Objects, modeling, program design, object-oriented methodology, UML, CORBA, database.
Intelligent systems consisting of multiple autonomous and interacting subsystems with emphasis on distributed reasoning and decision making. Deductive reasoning agents, practical reasoning agents, probabilistic reasoning agents, reactive and hybrid agents, negotiation and agreement, cooperation and coordination, multiagent search, distributed MDP, game theory, and modal logics.
This course concentrates on the theoretical and practical issues related to the design and study of interactive technologies for human use. Topics include: general principles of design, qualitative and quantitative research methods, prototyping techniques, theoretical issues underlying designing to individuals and groups, and ethical issues related to conducting research involving humans.
This course introduces software tools and data science techniques for analyzing big data. It covers big data principles, state-of-the-art methodologies for large data management and analysis, and their applications to real-world problems. Modern and traditional machine learning techniques and data mining methods are discussed and ethical implications of big data analysis are examined. May be offered in conjunction with DATA*6300.
This course emphasizes machine learning for sequential data processing. It covers common challenges and pre-processing techniques for sequential data such as text, biological sequences, and time series data. Students are exposed to machine learning techniques, including classical methods and more recent deep learning models, so that they obtain the background and skills needed to confront real-world applications of sequential data processing. May be offered in conjunction with DATA*6400.
Brightness transformation, image smoothing, image enhancement, thresholding, segmentation, morphology, texture analysis, shape analysis, applications in medicine and biology.
Neural networks, artificial intelligence, connectionist model, back propagation, resonance theory, sequence processing, software engineering concepts.
This course provides an overview of concepts and technical measures that are employed to enforce security policies and protect networks and systems from malicious activities. Students will learn how to engineer a secure system and how to secure networks in an ethical manner.
This course provides an in-depth understanding of theoretical concepts and practical issues in the field of digital forensics and incident response. Students will develop necessary skills, methodologies, and processes to detect cyber incidents and conduct in-depth computer and network investigation.
This course provides an in-depth understanding of techniques for detecting, responding to, and defeating Advanced Persistent Threats (APT) and malware campaigns using artificial intelligence and data mining techniques. Students will identify, extract, and leverage intelligence from different types of cyber threat actors.
This course provides an in-depth understanding of techniques for detecting, responding to, and defeating Advanced Persistent Threats (APT) and malware campaigns using artificial intelligence and data mining techniques. Students will identify, extract, and leverage intelligence from different types of cyber threat actors.
This course provides an in-depth view of the privacy, regulatory, and ethical issues surrounding cybersecurity. It covers methods of mitigating/treating privacy risks associated with emerging technologies that collect, manage, and analyse data. This course also examines data protection regulations and compliance strategies.
Students plan, develop, and write an industry- or faculty-led report and produce required tools, services, and software. Projects should advance knowledge or practice, and address an emerging challenge in cybersecurity, cyber threat intelligence, digital forensics and incident response, cyber threat hunting, or a closely related field.
This course provides an in-depth understanding of modern cryptography, with emphasis on practical applications. Topics covered include classical systems, information theory, symmetrical cryptosystems, block ciphers, stream ciphers, DES, AES, asymmetric cryptosystems, ECC, provable security, keyexchange and management, and authentication and digital signatures, among others.
This course provides a comprehensive review of tools, techniques, and procedures for monitoring network events and assets to build a secure network architecture. It trains students in methods for hunting attackers that could bypass designed network defense mechanisms in an enterprise.
This two-semester course offers a multidisciplinary forum for discussion of topics related to cybersecurity. The seminar fosters professional skills development (academic and industry), promotes collaboration between industry experts and graduate students, facilitates mentoring and project development, and contributes to the transfer of knowledge between industry and academia.
This special topics course examines selected, advanced topics in computer science that are not covered by existing courses. The topic(s) will vary depending on the need and the instructor.
This is a reading course. Its aim is to provide background knowledge to students who need to get a head-start in their thesis research fields early during their program while no suitable regular graduate courses are offered. Admission is under the discretion of the instructor.
This course provides an in-depth view of a variety of advanced topics within cybersecurity. Subject areas discussed in any particular semester will depend upon the interests of both the students and the instructor. Students should check with the School of Computer Science to determine what topics will be offered during specific semesters.
This course aims to develop students' ability in technical communication and general research methodology. Each student is expected to present a short talk, give a mini lecture, review a conference paper, write a literature survey and critique fellow students' talks and lectures.