Tero's comments on feedback for "Cyber Security" ICB705AS3YE-1, 2025 late autumn.

Thank you for the course and your feedback!

## Quant: Excellent

Quantitative feedback was excellent, overal 4.5 out of five, with 100% responses being 4-5. Most items were excellent (over 4.5) and one was very good (4.3), with highest score for "contents were up-to-date". For cyber security, we do have to ingest up-to-date latest and greatest content, but analyze it trough the lense of established models and theories.

## Themes

I looked at multiple feedback channels, including Peppi, TeroKarvinen.com https://terokarvinen.com/cyber-security/#comments , spoken feedback and emailed feedback.

I identified some themes on the feedback. Top strengths were hands-on, peer learning, instructor engagement and feedback, workplace relevance and good materials. Improvement areas were rebalance peer/teacher time, cross review instruction, hands-on onboarding and emphasized structure.

## Stengths

Linking hands-on to theory helped understanding the concepts in a concrete level. Even though this course's target workload did not allow training full hacking or pentesting skills, we used the same tools in simplified contexts. Some students had high level of technical skill, and they did extra tasks, including simple cryptoanalysis with coding. "The virtual machine exercises were at times even fun." "I especially enjoyed all the more technical tasks and tools we used in Linux." "Most of the tools we used… to demonstrate password cracking or sending messages using pgp, were new to me"

Peer learning, including presentations and discussions. "The presentations by students from various backgrounds were a great addition and offered perspectives on things I wouldn’t have otherwise considered" Engagement was made easy by the active discussion and insightul comments. Students were skillful in discussion and synthesis even with people from different backgrounds, including differences in technical and business knowledge.

Instructor engagement and feedback got multiple mentions. Giving specific and useful feedback was also possible because of student maturity. "The teacher’s feedback was excellent… honest and constructive comments"

Content was work relevant and up-to-date. "The course provides a good overview… and I am able to apply this new knowledge in my work." "Overall, the course felt engaging… very applicable to everyday industry challenges."

Materials were high quality and supported learning after the course. We looked at many types of materials (peer-reviewed, adversary channels, blogs, podcasts...) so now it's up to you to keep yourself informed after the course. Continued availability of materials on the website (terokarvinen.com) was found to help this.

## Improvement areas

For improvements, I'm planning to talk a bit more myself. I'm still going to keep emphasis on student peer learning, with just a little more teacher-led learning sprinkled in. Based on the ideas I got, I'm considering a structure where student presentations are required to be on the theme of the week. I myself would start by giving overview, then student presentations and discussion, and finally my wrapup. This might help with requests for some more teacher-led learning and structure, while keeping the peer-learning aspect that also received praise.

Some onboarding could be added for hands-on exercises and cross review process. Onboarding for hands-on task could be done student-to-student (techies teaching the less advanced); or differentiation might be needed, as there are huge differences with technical background of students.

## More cyber!

If you're still hungry for more

- On non-masters' level, we have technical courses teaching ethical hacking. We have one (1) instance of "Application Hacking" in English. Requries coding skills. "Application Hacking and Vulnerabilities" ICI012AS3AE-3001, Mondays at 11:00 in pa5001, early spring 2026. Enroll in Peppi 2025-11-26 w48 Wed 08:00. For other security courses, see https://terokarvinen.com/cyber-in-haaga-helia/
- Haaga-Helia hacker club, beginners welcome. https://ht8.fi/ https://discord.com/invite/gv2FCm3JU5
- Helsec. Helsinki has unique hacking scene. https://helsec.fi/
- Subscribe Tero's newsletter https://terokarvinen.com/newsletter/ - it includes invitations to visiting lectures by industry experts.

--
Tero

— Tero Karvinen, 2025-12-18

During the Cybersecurity course, I learned many new concepts and tools, such as Cybermeter, John the Ripper, port scanning techniques, public-key encryption theory and new aspects of threat modeling. The course provides a good overview of the fundamentals of cybersecurity and I am able to apply this new knowledge in my work.

The student presentations encouraged me to think about cybersecurity from several different perspectives. I especially enjoyed all the more technical tasks and tools we used in Linux. The technical assignments were approachable for learners of all skill levels and it was great that there were optional advanced exercises as well. I didn’t have time to do all of the voluntary tasks, but since the materials are available on Tero’s website, I can return to them later, which I appreciate.

I also liked that the presentation topic could be chosen quite freely. This allowed me to focus on something relevant to my own work, making it easy to connect the course content with real-world tasks.

If I were to suggest improvements, I would recommend allocating some lecture time for reviewing homework and course theory. Currently, most of the lecture time was used to student presentations. In addition, I prefer to plan my workload in advance, so I would have appreciated a clearer overview of upcoming assignments earlier in the course. Since I work full-time alongside my studies, knowing the expected weekly workload helps me manage my time more effectively.

Overall, I enjoyed the course and would gladly recommend it to other LITEM students or anyone interested in learning the fundamentals of cybersecurity.

— Henri, 2025-12-10

The course was excellently structured, and Tero was an extremely knowledgeable teacher. The course content was very well planned, and the homework assignments in particular were highly educational and well-designed. Each session taught something new, and especially in the homework assignments, I had the chance to try completely new things that I hadn’t attempted before. The topics were interesting, and I can apply the new knowledge in my work. Every student presentation was a good idea, although I would have allocated slightly less time to them during the course, as they currently took up quite a large portion. The teacher’s feedback was excellent, and I appreciated the honest and constructive comments, both on the content and the presentations themselves. Big thumbs up for that! I would definitely recommend this course to everyone, regardless of skill level, as the topic is very important and people generally have too little knowledge or interest in it.

— Martti, 2025-12-10

The course was exactly what is was hoping for and then some! Tero is very involved, active and challenges students in a friendly manner that makes the course itself very interesting! I had some technical background from my work and the assignments were well designed in a way that they were engaging while also being accessible to the more business oriented students etc.

The skills learned from this course are very relevant for anyone working in an organization and for personal security measures as well! I personally learned a lot of new interesting things from message encryption to threat modeling and did a lot of things like breaking passwords or or using cybersecurity maturity measuring tools for the first time! The lecture topics of the course were relevant, interesting and nicely represented either in the form of Tero lecturing about them or via another students presentation! If I would change anything about the lecture structure, I would like to see a bit more time during lectures to go through the homework assignments, questions etc. as I felt that some weeks the presentations took up the whole lecture time of that week.

Having students peer-review each others homeworks also created a nice feedback loop that could be used to refine assignments along the course.

I personally enjoyed the course very much and would recommend it to anyone with even a sliver of interest in cybersecurity as the course offers something for everyone on any skill level!

— Tommy, 2025-12-10

I began this course with very limited knowledge of cybersecurity and its models. After completing it, I now have a clearer understanding of threat modeling and the NIST framework. I also learned about hashing tools, encryption and decryption, and even practiced password-cracking techniques for the first time. These skills will definitely be useful in my work.

The presentations were informative, although a few were quite technical and challenging to follow. Still, they broadened my exposure to the cybersecurity domain. The instructor’s comments were also helpful and contributed to improving my reports.

One area of improvement could be incorporating more hands-on exercises during class and reducing the overall presentation time. In some sessions, it felt like there were only presentations and limited active learning opportunities.

— Akash Sahu, 2025-12-10

I liked that the course was with weekly online meetings with student presentations. I believe that the best way to learn is to explain the chosen topic to an audience. It also helps with presentation skills and it was great that we got to choose our own topic, which allowed me to deepen my knowledge on an area that was not so familiar to me before.

The idea of doing a little bit technical homework was a nice touch as it allowed me to understand how the theories work in practice. That's also something that really supported my learning. The difficulty level was also quite good, as it was challenging but not totally impossible to complete the homework.

The skills that I learned will definitely help me in my own work in the future and I really like that there is a cyber security course at Haaga-Helia.

Some improvements to the course could be to have maybe 20% of each lecture where we discuss some theme that is facilitated by the lecturer. These could be:
- Introduction to Cyber Security (what is cyber security & why does it matter)
- What kind of weaknesses attackers exploit that organizations should be aware of?
- How can businesses prevent cyber crime and stay safe against attackers?
- Information security, what needs to be considered in a project or a business.

— Henri, 2025-12-10

I learned a lot during this course, especially practical concepts I had not used before, such as Cybermeter (Kybermittari), basic threat modeling, DevSecOps principles, passwordless authentication, and cloud security fundamentals. Some of the tasks were familiar ones like installing linux on a virtual box nmap port scanning or using a password manager, however there were also lots of other tasks that were new experiences for me, including trying PGP encryption, analyzing security blogs with a feed reader, and completing a mini maturity assessment. These skills feel very relevant for real companies, especially for modern software development and API security work.

I enjoyed the presentations a lot, both giving my own and listening to others. The topics were diverse, up-to-date, and very practical, ranging from SOC operations to DDoS attacks, cloud backup, DevSecOps, and cryptography. Class discussions, comments, and feedback were supportive and helpful. Overall, the course felt engaging, hands-on, and very applicable to everyday industry challenges.

If I had to suggest improvements, I would only add a few more structured examples for threat modeling or maturity assessments, or a small Linux starter guide for beginners. Otherwise, the course worked extremely well, and I would definitely recommend it, especially to software developers, cloud engineers, or anyone wanting a practical introduction to cybersecurity today.

— Elham, 2025-12-10

The course definitely taught me important and interesting concepts and details on the subject of Cyber Security. Linux things and many terms were new for me so I was able to improve my understanding of the technical side of cyber security. Never before had I done hash cracking or used a password manager. The presentations were well-prepared and the topics useful. I especially enjoyed the Q&A part and the teacher's commentaries on the presentation topics - a very good way to learn and gain insight. I got all my questions and comments answered and replied to. I also got meaningful feedback on my own presentation and questions from the audience got me thinking about the topic in new ways. I would definitely recommend the course to anyone interested in cyber security as I thoroughly enjoyed it myself. A slight change I might make would be to make the few lectures more theme-oriented, including a short introduction by the teacher followed by presentations around a more concise theme. In this implementation I was not able to find such a structure and it should be mentioned that this could simply be a matter of preference.

— Aku T, 2025-12-10

This course was truly inspiring and gave me lot of insight, which I can now utilise in my work. I especially liked the peer-reviewed weekly homework, which let me use my existing skills, but also helped me to learn more of the weekly subject. Most of the tools we used, for example to demonstrate password cracking or sending messages using pgp, were new to me, and it was interesting to learn how to use them. I also feel that after this course, I’m more equipped to follow the cybersecurity scene from the perspective of my own work.

While the course structure and subjects are already great, I would maybe organise the students’ presentations to have similar ones during the same class, and so that they would be related to the class subject.

I recommend this course to everyone, as it is easily approachable for any skill levels, and offers something new to all skill levels.

— nikov, 2025-12-10