Path to a free self-taught education in Information Security!
The NXFury curriculum is a complete education in information security using online materials. It's not merely for career training or professional development. It's for those who want a proper, well-rounded grounding in concepts fundamental to all information security disciplines, and for those who have the discipline, will, and (most importantly!) good habits to obtain this education largely on their own, but with support from a worldwide community of fellow learners.
It is designed based on the Open Source Society's Computer Science curriculum, and it is assumed most of the people following this curriculum are already vaguely familiar with the world of computing. The courses themselves are hand selected for the highest quality, but specifically chosen to meet the following criteria.
Courses must:
- Be open for enrollment
- Run regularly (ideally in self-paced format, otherwise running multiple times per year)
- Be of generally high quality in teaching materials and pedagogical principles
When no course meets the above criteria, the coursework is supplemented with a book. When a student wishes to pursue industry, level certifications, the curriculum shall include opportunities to substitute training for those in place of pre-existing course materials. When there are courses or books that don't fit into the curriculum but are otherwise of high quality, they belong in extras/courses or extras/readings.
Organization. The curriculum is designed as follows:
- Introductory Materials: for students to gain a basic foundation in programming, usage of certain software, logic, and critical thinking.
- Core Curriculum: The essential core of Information Security, required knowledge for well rounded adequate advancement in the field.
- Advanced Information Security: A more advanced set of skills required for high-fidelity or more masterful work, where students are able to pick what they wish to concentrate on.
- Specialization: Students must pick a specilization and complete the listed courses in it in order to better understand a particularly relevant niche.
- Final Project: A project for students to validate, consolidate, and display their knowledge, to be evaluated by their peers worldwide.
Duration. It is possible to finish within about 2 to 2.5 years if you plan carefully and devote roughly 20 hours/week to your studies. Remember, the more time you commit, the faster you'll progress!
Cost. All or nearly all course material is available for free. However, some courses may charge money for assignments/tests/projects to be graded. Note that both Coursera and edX offer financial aid.
Decide how much or how little to spend based on your own time and budget; just remember that you can't purchase success!
Process. Students can work through the curriculum alone or in groups of up to 5, ideally following the suggested order.
- We recommend doing all courses in the Core Curriculum, only skipping a course when you are certain that you've already learned the material previously.
- For simplicity, we recommend working through courses (especially the Core Curriculum) in order from top to bottom, as they have already been topologically sorted by their prerequisites.
- Courses in Advanced Information Security are electives. Choose one subject (e.g. Advanced Programming) you want to become an expert in and take all the courses under that heading. You can also create your own custom subject, but we recommend getting validation from the community on the subject you choose.
- Courses in Specialization are also a form of elective. However, you are picking a particular niche rather than a set of classes.
Content policy. If you plan on showing off some of your coursework publicly, you must share only files that you are allowed to. Do NOT disrespect the code of conduct that you signed in the beginning of each course!
Getting help (Details about our FAQ and chatroom)
- We have a discord server!
This should be your first stop to talk with other NXFury students. Why don't you introduce yourself right now? Join the NXFury Discord
- You can also interact through GitHub issues. If there is a problem with a course, or a change needs to be made to the curriculum, this is the place to start the conversation. Read more here.
Curriculum version: 0.0.1 (see CHANGELOG)
- Prerequisites
- Introductory Materials
- Core Curriculum
- Advanced Information Security
- Specialization
- Final project
- Core Curriculum assumes the student has already taken high school math. This includes algebra, geometry, and pre-calculus.
- Advanced Information Security and Specialization assumes the student has already taken the entirety of the Core Curriculum and is knowledgeable enough now to decide which electives to take.
If you've never written a for-loop, or don't know what a string is in programming, start here. This course is self-paced, allowing you to adjust the number of hours you spend per week to meet your needs.
Topics covered:
simple programs
simple data structures
| Courses | Duration | Effort | Prerequisites |
|---|---|---|---|
| Python for Everybody | 10 weeks | 10 hours/week | none |
This course will introduce you to the world of programming. Students who have been introduced to programming, either from the courses above or through study elsewhere, should take this course for a flavor of the material to come. If you finish the course wanting more, Information Security is likely for you!
Topics covered:
computation
imperative programming
basic data structures and algorithms
and more
| Courses | Duration | Effort | Prerequisites |
|---|---|---|---|
| Introduction to Computer Science and Programming using Python (alt) | 9 weeks | 15 hours/week | high school algebra |
| The Missing Semester of Your CS Education | 2 weeks | 12 hours/week | - |
This course will introduce you to basic logic to be applied to your decision making process. While not a course in complete, formal logic, it aims to introduce core concepts in order to instill critical thinking skills in the student. This will ideally aid in your decision making and approach to problem solving.
Topics covered:
arguments
deductive reasoning
boolean logic
reasoning
and more
| Courses | Duration | Effort | Prerequisites |
|---|---|---|---|
| Introduction to Logic and Critical Thinking Specialization | 16 Weeks | 5 hours/week | none |
All coursework under Core Curriculum is required, unless otherwise indicated.
Topics covered:
functional programming
unit testing
object-oriented design
static typing
dynamic typing
manual memory management
boolean algebra
gate logic
memory
computer architecture
and more
The How to Code courses are based on the textbook How to Design Programs. The First Edition is available for free online and includes problem sets and solutions. Students are encouraged to do these assignments.
| Courses | Duration | Effort | Prerequisites |
|---|---|---|---|
| How to Code - Simple Data | 7 weeks | 8-10 hours/week | none |
| How to Code - Complex Data | 6 weeks | 8-10 hours/week | |
| Object-Oriented Design | 4 weeks | 4 hours/week | Basic Java |
| Design Patterns | 4 weeks | 4 hours/week | Object-Oriented Design |
| Software Architecture | 4 weeks | 2-5 hours/week | Design Patterns |
| Build a Modern Computer from First Principles: From Nand to Tetris (alt) | 6 weeks | 7-13 hours/week | - |
| Build a Modern Computer from First Principles: Nand to Tetris Part II | 6 weeks | 12-18 hours/week | - |
| C For Everyone: Programming Fundamentals | 3-4 weeks | 12-15 hours/week | - |
| C For Everyone: Structured Programming | 2 weeks | 5 hours/week | - |
| Computer Networking | 12 weeks | 5-8 hours/week | - |
Topics covered:
Privacy and Civil Liberties
and more
| Courses | Duration | Effort | Prerequisites |
|---|---|---|---|
| Data Privacy Fundamentals | 3 weeks | 3 hours/week | none |
Topics covered:
REST
refactoring
relational databases
transaction processing
and more
| Courses | Duration | Effort | Prerequisites |
|---|---|---|---|
| Databases: Modeling and Theory | 2 weeks | 10 hours/week | core programming |
| Databases: Relational Databases and SQL | 2 weeks | 10 hours/week | core programming |
| Databases: Semistructured Data | 2 weeks | 10 hours/week | core programming |
Topics covered
Confidentiality, Integrity, Availability
Secure Design
Defensive Programming
Threats and Attacks
Network Security
Cryptography
and more
| Courses | Duration | Effort | Prerequisites |
|---|---|---|---|
| Cybersecurity Fundamentals | 8 weeks | 10-12 hours/week | - |
| Principles of Secure Coding | 4 weeks | 4 hours/week | - |
| Identifying Security Vulnerabilities | 4 weeks | 4 hours/week | - |
| Courses | Duration | Effort | Prerequisites |
|---|---|---|---|
| Identifying Security Vulnerabilities in C/C++Programming | 4 weeks | 5 hours/week | - |
| Debuggers 1011: Introductory WinDbg | 2 weeks | 10-15 hours/week | - |
| Debuggers 1012: Introductory GDB | 2 weeks | 10-15 hours/week | - |
| Exploiting and Securing Vulnerabilities in Java Applications | 4 weeks | 5 hours/week | - |
After completing every required course in the Core Curriculum, students should choose a subset of courses from Advanced Information Security based on interest. Not every course from a subcategory needs to be taken. But students should take every course that is relevant to the field they intend to go into.
Topics covered:
debugging theory and practice
goal-oriented programming
parallel computing
object-oriented analysis and design
UML
large-scale software architecture and design
and more
| Courses | Duration | Effort | Prerequisites |
|---|---|---|---|
| Architecture 1001: x86-64 Assembly | 8 weeks | 10-15 hours/week | C programming |
| Architecture 2001: x86-64 OS Internals | 6 weeks | 10-15 hours/week | x86-64 Assembly Programming |
| Parallel Programming in Java | 4 weeks | 5 hours/week | Java programming |
| Software Testing | 4 weeks | 6 hours/week | Python, programming experience |
(*) book by Blackburn, Bos, Striegnitz (compiled from source, redistributed under CC license)
| Courses | Duration | Effort | Prerequisites |
|---|---|---|---|
| Web Security Fundamentals | 5 weeks | 4-6 hours/week | understanding basic web technologies |
| Security Governance & Compliance | 3 weeks | 3 hours/week | - |
| Digital Forensics Concepts | 3 weeks | 2-3 hours/week | Core Security |
After completing the curriculum above, you are finally ready to pursue a specialization in Information Security! Choose at least one of the below subcategories to complete:
Learn to extract data from mobile devices, with (or without) credentials.
| Courses | Duration | Effort | Prerequisites |
|---|---|---|---|
| Android Forensics and Security Testing | 3 weeks | 10-15 hours/week | - |
| Introduction to ARM | 8 weeks | 10-15 hours/week | x86-64 Assembly Programming |
Become good at understanding how software works, with limited to no available source code.
| Courses | Duration | Effort | Prerequisites |
|---|---|---|---|
| Reverse Engineering 3011: Reversing C++ Binaries | 5 weeks | 10-15 hours/week | C and Assembly Programming |
| Reverse Engineering 3201: Symbolic Analysis | 5 weeks | 10-15 hours/week | C, Python, Assembly Programming |
Develop Secure Software that's hard to exploit.
| Courses | Duration | Effort | Prerequisites |
|---|---|---|---|
| Secure Software Development: Requirements, Design, and Reuse | 7 weeks | 1-2 hours/week | Core Programming and Core Security |
| Secure Software Development: Implementation | 7 weeks | 1-2 hours/week | Secure Software Development: Requirements, Design, and Reuse |
| Secure Software Development: Verification and More Specialized Topics | 7 weeks | 1-2 hours/week | Secure Software Development: Implementation |
Learn security standards in which the industry builds networks and systems, and how to implement them effectively. We have elected to train to NIST standards, as we believe risk evaluation, a core piece of NIST standards, to be an important component in information security.
| Courses | Duration | Effort | Prerequisites |
|---|---|---|---|
| NIST CSF | 1 week | 4 hours/week | - |
| NIST DoD RMF | 1 week | 4 hours/week | NIST CSF |
| NIST 800-171 | 2 weeks | 3 hours/week | NIST DoD RMF |
Design and implement cryptographic systems, learn how they work, and learn what makes certain encryption algorithms more secure than others.
| Courses | Duration | Effort | Prerequisites |
|---|---|---|---|
| Cryptography I | 7 weeks | 2.5 hours/week | - |
| Applied Cryptography | 20 weeks | 2 hours/week | - |
| Mathematical Foundations for Cryptography | 4 weeks | 4 hours/week | - |
The NXFury Information Security curriculum is project-focused. The assignments and exams for each course are to prepare you to use your knowledge to solve real-world problems.
After you've gotten through the above curriculum, you should think about a problem that you can solve using the knowledge you've acquired. Not only does real project work look great on a resume, but the project will also validate and consolidate your knowledge. You can create something entirely new, or you can find an existing project that needs help via websites like CodeTriage or First Timers Only.
Upon completing your final project:
-
Submit your project's information to PROJECTS via a pull request.
-
Put the NXFury Information Security badge in the README of your repository!
- Markdown:
[](https://github.com/TheNXFury/NXFuryInfoSec) - HTML:
<a href="https://github.com/TheNXFury/NXFuryInfoSec"><img alt="NXFury- Information Security" src="https://img.shields.io/badge/NXFURY-Information%20Security-blue.svg"></a>
- Markdown:
-
Use our community channels to announce it to your fellow students.
Solicit feedback from your NXFury peers. You will not be "graded" in the traditional sense β everyone has their own measurements for what they consider a success. The purpose of the evaluation is to act as your first announcement to the world that you are an information security specialist and to get experience listening to feedback β both positive and negative.
The final project evaluation has a second purpose: to evaluate whether NXFury, through its community and curriculum, is successful in its mission to guide independent learners in obtaining a world-class information security education.
You can create this project alone or with other students! We love cooperative work! Use our channels to communicate with other fellows to combine and create new projects!
My friend, here is the best part of liberty! You can use any language that you want to complete the final project.
The important thing is to internalize the core concepts and to be able to use them with whatever tool (programming language) that you wish.
In our Discord Server, please submit your project as a github repo to our staff. Your project will be graded on the following:
- Demonstration of skills you have learned throughout the curriculum
- Project is of sufficient size for the quantity of people involved in the project
Students should note that the following will not be accepted as submissions:
- Projects involving any illegal activity whatsoever
- Attempts to "rank up" in penetration testing labs online.
- Projects that contain excessive copying of others' work.
After completing the requirements of the curriculum above, you will have completed the equivalent of a full bachelor's degree in Computer Science. Congratulations!
What is next for you? The possibilities are boundless and overlapping:
- Look for a job in information security!
- Check out the readings for classic books you can read that will sharpen your skills and expand your knowledge.
- Join a local hacker meetup (e.g. via meetup.com).
- Engage in bug bounties to make software more secure (e.g. via HackerOne).
The original template for this course generously provided by the Open Source Society University. Security-related courses provided by OpenSecurityTraining.