During this advanced course, geared for students experienced in cyber security, students will be responsible for the management of a course (Systems Security), as well as the creation of a competition (UB Lockdown).


Name Email Slack Username
Dave Murray djmurray@buffalo.edu djmurray
Kevin Cleary kpcleary@buffalo.edu cleary.kevin.p

Course Recommendations

Due to the nature and complexity of the Security Development Program, prospective students interested in taking the Security Development Program should evaluate his/her own skills using the table below. Each student should have at least 6 points before attempting SecDev as the individuals are role models and will be taking on a self motivated education. If an individual does not meet the recommended points, he/she can still join but will be held to the same standards as a fellow SecDev student. Failure to meet responsibilities will be confronted in a meeting. Continuation will result in asking the student to step down to another program.

Item Point Value
Windows System Administration - Basic 1pt
Windows System Administration - Advanced (Including Active Directory Proficiency) 2pts
Linux System Administration - Basic 1pt
Linux System Administration - Advanced 2pts
Networking Basic (OSI and TCP/IP Model) 1pt
Networking Advanced (Subnetting, Firewalls, Ports, Packet Analysis) 2pts
Risk Management/Governance 1pt
Compliance (FISMA, HIPAA, PCI, etc) 2pts
Penetration Testing - Basic 1pt
Penetration Testing - Advanced 2pts
Virtualization - Basic 1pt
Virtualization - Advanced 2pts
IT Project Management Basic - Classes 1pt
Information Assurance MGS-650 - Class 2pts
IT Project Management Advanced - Experience 1pt

Student Learning Outcomes

Upon successful completion of this course a student will be able to… Assessment
demonstrate their proficiency in an Operating System Lecturing to Systems Security
UB Lockdown Competition
research topics they are not familiar with TBD
apply concepts learned from this and previous semesters Lecturing to Systems Security
UB Lockdown Competition

Course Requirements


Students in the Security Development Program are responsible for the mentorship of students in the Systems Security course.

Competition Management

Students in the Security Development Program are responsible for developing, organizing and managing all facets of the UB Lockdown competition. The competition has three goals: Education, Competitive, and Fun.



The competition will be an educational tool to teach students (competitors and track 3) about building systems and services, hardening, using tools, team dynamics, etc by the end of the competition.

Leading Indicators: Setting up a proper systems for educational; Red Team’s attack plan; technical difficulties

Lagging indicators: Feedback given shows that one person did not learn anything



No team or competitor has given up due to the lack of ability to continue caused by technical problems, red team, and/or lack of valiance for the duration of the competition.

Leading Indicators: Technical difficulties; read team’s attack plan; why winning is important

Lagging indicators: One competitor gave up



The majority of competitors are enjoying the competition even when things are getting stressful for the duration of the competition.

Leading Indicators: Technical difficulties, read team’s attack plan, interesting injections and solutions.

Lagging indicators: Feedback, bored/angry competitor


Ensuring the Continuity of UBNetDef

Students in the Security Development Program are expected to ensure UBNetDef will continue on after they graduate. This includes recruitment, passing of knowledge to new SecDev members, and enhancing the curriculums.

Course Conduct

Academic Integrity

Students must conduct their coursework in a manner that does not violate the University at Buffalo’s Academic Integrity Policy. Students found in violation of the Academic Integrity Policy will receive an F for the course.

Ethics Policy

As a student in cyber security, you are learning tools and given resources that are meant to help protect yourself and others. However, these tools and resources can also be used in malicious or illegal ways. It is imperative that while you are a representative of this class, and even well after, you perform any security education or training strictly inside our internal environment or a controlled and contained environment that you have prepared for yourself. Any activity outside of our internal environment is outside of our control and protection. If you are not sure what you’re doing, it is very easy to do something illegal without even knowing you are (even something as simple as port scanning outside our internal network). If you are unsure if something is allowed or not, contact one of the instructors or mentors. All network traffic inside our infrastructure will be monitored for malicious or suspicious activity and acted upon with severe consequences if such privileges are abused. You are being given an opportunity to learn, please do not waste it.

vCenter Usage

As a part of the Security Development Program, you are granted elevated permissions permissions inside the vCenter environment. Any misuse of the environment will result in the immediate failure of the student, as well as academic dishonesty charges being filed.

Network Logging Disclaimer

All traffic that occurs within the vCenter environment is being logged for analysis purposes. Traffic captures (pcaps) may be shared with other individuals within UBNetDef for educational purposes only. We highly discourage logging into any personal or social networking websites on a Virtual Machine hosted in the vCenter environment.