A 100-Day Home Study Plan for Cyber (with CPE Credit)

Thomas Carlyle once said that “our main business is not to see what lies dimly at a distance, but to do what lies clearly at hand.” This seems prescient for the times – and I hope it can bring a bit of upbeat energy to such a bleak period in our world.

I’m expecting that we’ll all be home for the next 100 days. If you’re reading this in early April, then that takes us all to mid-June. I hope this estimate doesn’t alarm you – but it pays to be realistic in our planning in the hopes that Mother Nature offers us a pleasant surprise.

And like the carpenter who thinks everything looks like a nail, as a lifelong college professor teaching cyber security, I think all of you resemble prospective students – albeit ones that truly need some cheering up. (And please focus on stats: The survival rate for COVID-19 is good.)

So here is what I propose: I will list below 100 learning modules on cyber security – most of them readings or videos, that you can do every day from now until mid-June. All materials come from publicly accessible sites, and most do not violate (ahem) any T’s & C’s.

Then, once we reach Chocolate Ice Cream Day (really, look it up), you can message me on LinkedIn with the hours you spent. I will happily send you a Continuing Professional Education (CPE) credit certification. (Each module should take about half an hour.)

I hope you decide to take me up on this, because at the end of the 100 days, I assure you that you’ll be smarter and more informed on cyber security. If this doesn’t happen, then what the heck – at least it will help pass some time.

Below are the learning modules. Cut-and-paste them into a file and print. Then tape the list on your computer monitor, right next to your VPN password. Good luck – and keep me posted over the next 100 days. I’ll check back in with you in June. Stay healthy and positive.

-------------------cut here -----------------------

1. Read blog on how firewalls work:

2. Watch video on RSA Algorithm:

3 - 4. Read “Reflections on Trusting Trust” (two-day process) (

5. Read Paper on Zero Trust:

6. Watch video explanation of Diffie-Hellman:

7. Watch video on surveillance detection of spies:

8. Spend 30 minutes on Brian Krebs’ site:

9. Watch Ted Talk on Cyber:

10. Watch address on State of Cyber 2018:

11 - 12. Read “The Birth and Death of the Orange Book (two day process)

13 -14. Read Steven Levy’s article on James Ellis (two-day process):

15- 16. Read paper on Cyber Weapon Limits (two-day process): file:///Users/edwardamoroso/Downloads/SSRN-id2809463.pdf

17. Spend 30 minutes on Bruce Schneier’s site:

18. Read Kevin Mitnick Story (Chapter One):

19. Watch Ted Talk on cyber:

20. Read SANS paper on packet filtering:

21 - 23. Read “An Intrusion Detection Model” (three-day process):

24. Watch DEFCON Spot the Fed video:

25. Here is another video on Diffie-Hellman:

26 - 27. Spend two days on this Kerberos site reviewing resources:

28. Spend another 30 minutes on Brian Krebs’ site:

29 - 30. Read the Bitcoin paper (two-day process):

31. Watch video on OT security monitoring:

32. Watch Ted Talk on personal data:

33. Read article on CIA model:

34. Watch video on State of Cyber 2019:

35. Watch this Ted Talk on Cyber Security:

36 - 37. Read paper on UMTS MITM attack (two-day process):

38 - 39. Read Lamport paper that served as basis for S/Key (two-day process):

40. Read James Ellis’ original paper on public key cryptography:

41 - 42. Spend two days on the NIST CSF website reviewing resources:

43 - 44. Read Charlie Miller’s paper on fuzzing mobiles (two-day process):

45. Read Bell Labs classic on password security:

46. Read Gene Spafford’s paper on mutation testing:

47. Spend another 30 minutes on Bruce Schneier’s site:

48. Read PDD-63 (Classic):

49. Read the alert for NotPetya:

50. Watch this talk from ten years ago:

HALFTIME – It’s Mid-May!

51. Read paper on the Bell LaPadula Model:

52. Spend today reading about cyber security in Canada:

53. Read classic EWD article from Dijkstra in 1975:

54 -55. Read Framework for Autonomous Machines (two-day process):

56. Watch video on SSL/CA:

57 – 59. Take three days to read this DHS Study on Mobile Security:

60. Review CMU’s incident response plan (and compare to yours):

61. Read this interview on SDN Security:

62. Read this article on open source versus proprietary software:

63. Spend another 30 minutes on Brian Krebs’ site:

64 - 65. Spend two days with the AES standard (do the best you can):

66. Read article on SIEM versus log management:

67. Spend day learning about Tor:

68. Read article on ISAC versus ISAO:

69. Spend today learning about security research at NSA:

70. Watch video on how blockchain works:

71. Spend today on the PCI website:

72. Listen to podcast on unidirectional gateways:

73 -74. Read paper on Secure Mobile Voice (two-day process):

75. Watch video on SCADA security:

76. Watch video on getting started in Bug Bounty:

77 – 78. Take two days to read Bloomberg article on Supermicro:

79. Watch video on GRC:

80 – 82. Read “Smashing the Stack for Fun and Profit” (three-day process) (

83. Spend day reading about Apple platform security:

84. Watch video on device hacking:

85. Read about the Great Feynman and his lockpicking:

86. Watch video on installing a reverse proxy at home:

87 – 88. Take two days and watch one-hour interview with Nir Zuk:

89. Read interview with HD Moore:

90. Spend day reading about AWS security:

91. Spend another 30 minutes on Bruce Schneier’s site:

92 – 93. Spend two days reading UK report on Huawei security:

94 – 95. Take two days to read the TLS RFC:

96 – 97. Spend two days on DHS incident response handbook:

98. Read article on GDPR:

99. Read article on Bill Gates and Trustworthy Computing:

100. Spend your last study day having fun reading Charlie Ciso cartoons!