In this post I will relate my experience as an early Adopter for the Computer and Cybercrime Professional (From now on CCCP) college degree which I followed during 2016 and 2017 at Howest.
Voor het nederlandse versie hiervan druk hier.
NOTE: This version has my experience on some of the courses from the 2nd semester aswell, which aren't yet added in the dutch version.
UPDATE around 26 june 2018.
UPDATE around 25 april 2018. SCROLL DOWN UNTILL YOU SEE IT MARKED
I can say that I have learned some interesting things and that it wasn't a complete time waste. I'm saying this because I put a lot of time, motivation and money in it. If I hadn't been extremely motivated I would have given up after the first month.
However, had I known on beforehand all the things that I am about to tell you then I would have NOT registered AT ALL. If you are a student interested in going to Belgium to study Computer and Cybercrime Professional at Howest in Brugge OR in doing it at home I'd advise you to go look at Offensive Security and get a PluralSight account. Trust me on this one.
I finished college in 2012 and recieved a diploma for New Media and Communication Technology at Howest Kortrijk in Belgium. In the last Year i took all the specializations for Networking, Linux, CloudComputing and Cyber security.
For years I was interested in Programming, Linux and the basis of Cyber Security.
In the beginning of 2016 I had recieved an e-mail from a lector at Howest announcing the possibility for us to study CCCP AT HOME. I immediately sent a reply asking if we can do all exams from a great distance explaining I no longer live actively in Belgium and it would be pretty hard to get 4 weeks a year free only to sustain the exams and travel so much.
The response was positive which made me very happy about it. Then it came the time to Start Everything and the surprises didn't stop coming!
Trust me, what I'm about to relate is not the script to the next Dumb and Dumber film nor to a blockbusting comedy. True reality :)
Ok, so to be able to follow CCCP@HOME you need to have a bachelor in any IT field and to be a working professional. This is not something for newcomers. IT all seemed so professional, I expected it to be professional however it was a total calamity. I spent so much time on futile classes, spent time away from family, friends, health and any hobbies. I took more than 30 unpaid days from work and took most of my vacantion days to be able to study for this hoghwash college degree. So believe me when I say that it was proportionally debris.
It was 3 semesters long. It should have been 4 or 5 since they tried to put waay to much stuff in. Even though they knew that we where hired professionals who had a life they didn't even bother.
The biggest problem I have is with the lack of seriousnes and scarcity of any type of organzation. I truly think after 1 year that they made this joke of a college degree for at home students so they can make a lot of money without even trying.
Why do i say this? Heck, with real students you have to pay money for water, air conditioning, warming, classes, and professors.
For the at home version they didn't even bother to make video's. And if they did, they made something via a webcam of a laptop while in a big auditorium. No professional camera, no splitting the video's, bad audio quality, missing information.
I can write a whole book with all the defficiencies and to explain the inferiority of the CCCP @ HOME degree in comparison with ANY other online course. They should have PAID me to go there instead of the other way around. Now that IT professionals have SO MANY CHOICES!
The First Semester
The first problem What's the program?
Which classes do we have anyway? Before I registered I recieved a totally different class format than when I registered and it WAS AGAIN DIFFERENT IN REALITY! They mixed up some things even in the contract, I had figured it out in the 2nd semester. Good job!
2nd Problem So what are we learning?
What do we have to learn for the exams? I mean there where NO video's in the first semester and if there where video's they where for maybe 10% of the total courses. The quality and ordering was so bad that you could easily get lost.
Semester 1 comprised of Too MUCH theory. We had so many slides, some book references and that's it. Sorry, but I didn't pay to read slides. i want someone to talk to me, explain things, show examples. WTF! I can buy books myself and I can follow CTF writeups and I'll learn more than in the slides we had.
3d problem: Too much theory and academic plagiarism
Some courses where just academic plagiarism on other online courses. They just refered us to PluralSight (which we learned we had a subscriptino in the 2nd half of the 2nd semester!)
4th problem - Time wasted
Too much time wasted with futile things. IF it would have had a structure they would at laest have told us. Hey you bunch of idiots that made us a good load of money. You don't need to read all those books and things. The Exams will contain this and that!
5th problem: Broken Promises
First and 2nd semester, There where so many broken promises you can't even imagine. For the kickoff video's in the 2nd semester they said so many things that didn't actually occur. It's very painful.
The Exams
For the Exams I took almost 2 weeks free to study and go to Belgium to take them. I should mention that I'd planned 2 exams per day with 2-3 days between. Let's say that the organization for some exams was shortcoming in the least sense of the word.
For example the professors where LATE. ONe of them should have came to explain something but didn't even bother, i had to ask other profs how we where going to do it.
So what did I learn in the 1st semeser?
CCNA Security
Been There done that in 2012. waay to much theory. Some things where interesting. Online "learn at your own pace" at Cisco Netacademy.
Pure theoretical. Go solve it yourself mentality
Utility level: 3/10
VMware, cloud Computing and Security
Been therem done that in 2012. We had to pay an extra sum FOR THE BOOKS otherwise we couldn't go to the exams. I hadn't recieved my books, and the online version of "the books" was a crappy web interface. Again, learn at your own pace on the VMWARE platform. Nothing to do with our freakin college man! Go solve it yourself mentality
We had access to some virtual environments which is a plus.
Utility level in real life would be 6.5/10 but since It was ONLY for VMware i'll give it a 3.5 out of 10.
Security policies, threat and risk assessment
I have to be honest, this could have been a very interesting theoretical course. However we had NO video's. Go solve it yourself mentality
Too many slides, too many courses, too much theory. Around 1700 A4 pages to be read for this course alone.
NO practical applicability :(
Utility Level: 3/10
Cryptography
Ah now something that is extremely Interesting! This one had some video's thrown to it AT THE END OF THE SEMESTER. But don't think it was of applied cryptography no, it was mathematical equations and stuff which is good if you plan to teach cryptography.
Yes, MATHEMATICALLY APPLIED Cryptography! We had a book, a lot of theory of courses. But we had no idea what the exam would be. Programming? Theory? Mathematical equations?
ON the exam we had to analyse a whole new and unknown cryptographic algorithm to see how it works and try to cryptanalyse and break it. Yes, in 2 hours! Great idea! I mean professionals take years to analyse algorithms and we had 2 hours for the whole exam.
I was so fed up with everything during this exams that I didn't fill 1 of the 10 pges of the exam just because of the fury I had on the whole system. The first time I did this in MY WHOLE LIFE on an exam! I had eventually recieved the exact mark needed to pass since Most of the people I talked to thought this was the ONE course they would fail.
Please understand that CRYPTOGRAPHY is exremely important in Cyber Security. I'm not complaining about the cryptography field but about how it was thought.
Cryptography would get a 11 oout of 10. However the Utility level in which it was presented gets a 2/10
Windows and Linux Security
This is the ONLY course where we had VIDEO's. The video's where at rather acceptable quality. The professor was very friendly and posted a lot of howto's and stuff.
Luckily I already had experience with Windows and Linux servers so this was OK. This was actually THE ONLY practical thing I've done the whole semester. Thanks Jonas for everything!
Utility level: 8/10
Privacy and IT law
SuRPRISE it's middle november we got Privacy and IT law as an "extra" unnanounced course. They "forgot" about it.
At least there where some video's and I really enjoyed reading the laws (i-m not kidding) since I already knew most of them from my work a refresher oncomparing the EU law, Belgian and Romanian law with the US ones is good to know.
Utility level: 7/10
Per total.. A waste of time if you're looking after something practical. I mean, even if we where to have been thaught total bullshit in video's a-la Udemy manner I would have been more happy. Jesus, I just said it. I think Udemy would have done a better job and I'm not too fond of udemy.
However I was astonished to find out I've passed all of them except for VMWARE. The VMWARE exam - even though I've passed a prior version before - was a disaster because:
I had 2 exams planned on the same day, the first professor for the Windows & Linux security exam was 15-20 minutes late. THEN there was a problem with certain servers so we could not get Linux slices to do our work on them.
Also, the responsible person for the VMWARE exam was NOT there at all. I had to ask the first professor for help. Whom I forgave for being late because he was an awesome instructor and made the time to help you as a student. He made awesome presentations and stuff. So of coruse when I began the 2nd exam I was so furious that from the 40 questions some I couldn't concentrate one and just chose random answers.
The Second semester
During the first introduction day we had VIDEO's!!! They had acknowledged that there where some problems with the orgnaization and that they where thinking on making it better.
But they didn't take responsibility NOR did they say they're sorry. This is very weak and I had expected better. But hey, at least it improved a bit!
Anyway, let me make a comparison so you get what I mean.
The first semester could be explained like the first people who discovered how to make fire. We don't know anything about them. We just presume it has happened.
The 2nd semester was a little better but it's still a long way from a professional course.
What did we learn?
Cybercrime
Again, here are some slides read them. Go solve it yourself mentality. If I understood correctly there where some specialized Police Officers that came to present as guest lecturers once for the guys following CCCP in the NON at home version. But they didn't want to be filmed so hence we had to read everything ourselves.
Anyway, the utility is rather high, but the way it was thought i'll give it a 1/10.
Mobile Web Apps and Security
This is the ripoff academic plagiarism i've been talking about. References to go and view pluralsight and learn something
At least we had video's this time and things where explained.
The only downside was that we didn't lear anything that had to do with security at all. we where refered to PLURALSIGHT again.
But hey, at least I learned to make a Progressive Web App!
I think some professors needed to get some more hours so they pretended to care.
Utility level 5/10
Web Pentesting
So, we recieved some text files and where told to go study OWASp top 10. Some slides that talked about various things.
No Videos BRo. Nothing. Empty. Oh yeah, and we had to use WebGoat.. Ok.. I could have done this myself and could have kept all the money! :D
Utility level in the real life: 10/10 The way it wasn't thought 1/10.
Forensic Analysis
This is one of the few things that I actually enjoyed and this made it worth all the other stupid courses and problems that existed. We learned how to recover and hide data. The labo's where extremely interesting. We had VIDEO's in good quality by a professor that actually cared and explained things how they should have been explained.
Utility level: 10/10
Network and System Pentesting
Yes, thaught by Tijl Deneut. Had lessons from him back in 2011-2012. We had video's. Cool labs.
Access to a restricted internal VPN lab containing many vulnerable virtual machines where we could break into. Also Catch The Flag.
It was fun, it could have been a little better BUT I'm not complaining in comparison with all the other bollocs I had to encounter.
Utility level: 10/10
Practical Reverse Engineering and Malware Analysis
Now this is something I've been wanting to do for a long time. They really made it seem "simple". It was extremely FUN.
After the university year ended i started learning more about this and I eventually started understanding Assembly by writing C doe.
There where video's, labs, catch the flag. And fun exercises. The explanations where great. Again, Tijl Deneut and someother guy thaught this.
Utility Level: 10/10
The Third semester
Since I didn't recieve any information even to this day from the irresponsable coordinator I couldn't and WOULDN'T have done the 3d semester anyway.
Read below
The Most Evil part (Registered TradeMark Kurt Callewaert)
So, as I said, I don't live in Belgium anymore due to my work. I had asked if it was possible to do the exams. The answer was yes. In february right after the exams before the 2nd semester began I opened a ticket and sent some e-mails asking HOW we can solve doing the exams without me having to go there. I mean there are endless possibilities on doing this How could Massive online courses do this?
Anyway. IN 4 months I didn't recieve any answer. Each time I asked something I got an answer that they're working on it. Good, I eventually recieved the exam planning that every student had recieved and I went to my employer to get free days to study and free days for the exams.
Did I mention that all free days I took and all unpaid days I took wheren't paid by my employer and that they all came from my OWN pocket? Well, a few days before the exams began I sent another message in the ticketing system asking how's it going. Seeing that I got no answer the night before the first exam I sent another concerning message with a rather assertive tone. I wasn't by any means arrogant or something. I just wanted to know what the heck would happen.
The response I got was that I was a little "over the edge" and that they'd contact me on 07/06. In european speak this means the 7th of June. But it seems the 6th of July had passed and I hadn't recieved any news.
After seeing that I didn't recieve anything i continued writing a very large letter to the college. The letter I had started after the exams form the 1st semester.
But I eventually gave up writing it since I wasted SO much time. My wife was nearing the moment of giving birth so I had other things to do than go on a rage. I gave up trying. I mean, it wasn';t worth it after all.
So I stopped verifying my student e-mail from july untill november. If they had wanted to contact me they could have done it via my personal one and via my phone number. Then in november I went again online just to see if the account worked, and to my surprise I kept recieving e-mails from various stuff at school. I chedked the history and there WAS NO OTHER mail.
In december (2017) I just deleted the mailbox from my phone and from my PC. It wasn't worth it anymore.
The Solution (in my viewpoint)
Soltions exist for everything. You just need capable people. From what I saw most of the way they handled things was in a rather unprofessional way.
If I where vengeful I could have made the life of the responsible people a living hell for being such an jerks.
I mean, dear coordinators. If you're having memory problems you can always take Vitamin B12. But i think the problem is deeper than that.
They say that you can write a book by writing one page per day. How about one letter per day, is it that difficult?
Dude, couldn't you at least have sent me an e-mail telling me that the school either:
- Doesb't want to do any exams online or on distance
- That it's not possible because of x, y z
- That you are sorry but you made a mistake when you said multiple times that it's possible but it's not possible and that you can make up to me
Even the most stupid fake excuse could have been accepted instead of nothing.
It's the first time that I'll swear. Be prepared! Be sure you are prepared for what is to come!
What a group of postponing, irresponsible, unorganized, wankers.
That's it. Did you expect more? Yes, I was furious, I was mad but now I'm writing these lines in a neutral mode. Actually writing helped me relieve everything.
I think that if anyone else would have been in my shoes - and espcially a cyber security noob or expert - wouldn't have let this go unnoticed without first wreaking havoc.
Yes they would sure deserve a lot more than those words. But nog being antagonistic has the benefits of being extremely eliberating. Rage, revenge all eat up a person from the inside.
I was able to just ignore this. You won't belive how it feels to let something pass.
Update 25th of April 2018: After e-mailing complaints to certain places including the highschool I have recieved mails that they're investigating it. During this time I've also contacted a person responsible for the CCCP@HOME who told me that he will try to handle it. Now we need to handle some administrative things and I'll need to plan my time to start learning and take the exams in August. I'm curious if it will work out but i'm cautious.
Update 26th of June 2018: So by sending status update mails i always recieved the answer that they're working on a personalized answer and offer for me. Two months later I recieved an e-mail which should have contained answers. I was really curious what they had to say but at the same time I can't really complain that I'm disappointed. being disapointed means putting your hopes up. I had no more hopes since they've already inspired hopelessness from their part and they already met the criteria for failure. The e-mail only contained an exam reglementation which I should sign and a 1 page excel with the names of all the courses. No answers to all my questions posed throughout time. The new exam reglementation? I as the student need to reach out to a university locally and make a contract between them and Howest. Then the new university needs to allocate a person whom will be interested in doing technical stuff to prepare for the exam and be there on the day of the exam. This in practice sounds way worse than in theory. The main problem is that we live in a modern age where everything can be verified with the proper tools. So in 2018 there is no system setup for proper exam taking just like all the online courses do it already.
Waiting... for an excuse
I'm still waiting for an oficial excuse from Howest for this whole shitty experience. I truly hope I will recieve one so I can disconfirm that they're not not a bunch of money grabbers and no one can take responsibility for their actions.
I had been to good and I didn't complain too much. But from now on I KNOW i need to speak my mind because it's my freakin time and money. I've yet again learned a lesson in life.
Disappointment
Because of the disappointment caused by this Cyber security degree I decided to NOT follow anyother degree anymore. I also decided that CyberSecurity is something worth looking into and studying. However when i discovered Elixir in november 2017 before I went to DefCamp I decided to do CyberSecurity as a hobby rather than a fulltime thing. The Elixir/Erlang ecosystem is what I've been missing my whole life as a programmer.
Conclusion(s)
- If they fail once, twice and keep on failing they'll fail all the time and there's no hope in getting a proper solutin.
- Being an Early Adopter in ANY field is not such a good idea.
- If something is WRONG START COMPLAINING in a friendly and educative manner. Complain and nag to point out the inefficiencies that are visible and that HURT you. Being assertive is a very important skill.
- Don't follow university courses anymore unless they are at the quality of the top 10 universities in the USA and you have VIDEOS and REVIEWS like you have on udemy, pluralsight, etc.
- I am sorry for wasting my time with this degree and I should have spent more time with my family had I known it was so badly organized and structured.
- At least I've learned some usefull things. But My wife thinks differently she says I could have invested my time in other projecs, we could have visited the world.. etc And you know what? She's right! (Because she's a woman of course!:)
- Don't go to study Computer and Cybercrime Professional at Howest in Brugge. (At least not untill they've weeded out the problems)
- Everything can be summed in 1 word: EXPERIMENTAL