Course Review NTU EEE - EEE Y4S1 AY21/22

Note: Due to the passage of time, there are some details that I may have forgotten. Where applicable, this will be mentioned. Also, this post resumes where I left off after my internship hence there is an extra 10AU added into the computation in case you're wondering why the AU math doesn't add up. Also, FYP is an 8AU module but for calculation purposes, I split the AU count into 2 x 4AU per sem. Therefore, each sem will have 4AU for FYP. However in terms of grades, FYP is still considered In-Progress (IP) in Y4S1.

---

Y4S1: Aug 2021 - Dec 2022

General comments on what I did well, what I could have improved on etc will be included at the end of the post. I will also update the final results when they are out.

Each course is broken up into the following parts:

1. Marks and assessment component of the course

2. Course mechanics

3. Short Intro

4. Easy parts

5. Difficult parts

6. Exams/ final paper

7. Tips to do well

8. Overview/ my personal (MIGHT BE BIASED) comments

YEAR 4 SEMESTER 1 (15AU):

MAJ-CORE: EE4080 FINAL YEAR PROJECT (4AU), IP

MAJ-PRESCRIBED: EE6108 COMPUTER NETWORKS (3AU), GRADED

MAJ-PRESCRIBED: EE4717 WEB APPLICATION DESIGN (2AU), GRADED

GER-UE: CZ4070: CYBER THREAT INTELLIGENCE (3AU), (NON-GRADED; S/U EXERCISED)

GER-UE: SS9106: NETBALL (3AU), (NON-GRADED; S/U EXERCISED)

CORE/MPE AU CLEARD: 81/61, TOTAL GRADED COURSES: 93/69, TOTAL AU CLEARED: 132/141

Note: I leave out the review for SS9106 NETBALL because I do not remember too much of the course details e.g. assessment, content taught etc to write a proper review about it. Since these are important to a course review, I think that it would not make sense to review a course if I've forgotten almost everything about this course.

=== REVIEW PORTION ===

EE4080 - Final Year Project (Y4S1/-)

Lecturer: -

Faculty in charge: Assoc Prof Yakoob, with input from Mr Florian Gondesen Max from SCSE (he's a Dr now)

Marks and Assessment

[I do not remember clearly what the assessment rubrics were. Below is roughly what I can remember.]

Project Plan/Strategy: ???

Interim Report: ???

Final Report Draft: ???

Final Presentation: ???

Overall Grade: -

Course Mechanics

Throughout the 2 semesters, there are various deadlines to meet to ensure that the student is consistent in their work. For example, the Project Plan/Strategy is required to be submitted to your supervisor 6 weeks into the first semester for them to get an idea of what you would like to do. There is also an interim report that documents your progress at the point of submission, and a final report draft towards the end. The FYP experience culminates in a Final Presentation to both your supervisor and another faculty member (I'm not sure if there can be more than this 2-man panel, but in my case it was only Prof Yakoob and Dr Chan Chee Keong). Also, I recall that somewhere in Semester 2, I had to drop by some professor's office to brief them on my FYP (think it was Dr Chan... anyway, this was a required assessment component but I do not include it in the Marks and Assessment section because I don't remember what the official component was called).

After your final presentation, you are required to submit the final report to your supervisor and examiner before the FYP is considered complete.

Short Intro

Final Year Project is taken in the final year before graduation (no surprises there...) and lasts throughout the whole academic year i.e. 2 semesters. Before the final year begins, students are given a choice to "bid" for the project of their interest sometime after end of Y3S2. Some luck is required to get your desired project/supervisor. Otherwise, you are free to approach a faculty member and propose your own idea. In my case, I went with my own research idea.

One interesting thing I did for my FYP was that prior to my final year starting, I sent emails to various professors outside of EEE (specifically, to SCSE) in a bid to introduce myself to them and see if there were any interesting offensive security-related projects that they were working on. I got a couple of responses and Dr Lam Kwok Yan directed me to work with his Research Engineer (Florian) for my project.

The TL;DR of my project was that I recreated a couple of virtual machines with known vulnerabilities for CTF purposes. At the time, the Log4j vulnerability had just been discovered, so I went ahead with that and searched for an open source application that had a working proof-of-concept available for me to replicate. The link to my project can be found here.

Easy parts

I was lucky that I had somewhat of a consistently clear roadmap for what I wanted to do for my FYP. While my initial intention was to create something like a vulnerable network, I ended up with only a few vulnerable VMs because of resource and manpower constraints (obviously nobody would invest in constructing a vulnerable network LOL). Regardless, I think that not all projects would have had a similar and consistent "general direction" that mine had, which was to create something weak and demonstrate how to exploit it. I know of at least one acquaintance who spent most of his FYP struggling to set up some Linux gadget (?) so it illustrates the challenge of having an FYP where you are fairly confident of achieving the objectives within the specified FYP timeframe.

Hard parts

I think the hard parts would come from the guidance received. While I mentioned that I had Florian to help, the reality that I was on my own most of the time. A lot of my work came from existing prototypes from online sources such as TryHackMe and the OSCP course syllabus. To be fair, I can't really blame my supervisors for not being well-informed about zero-day developments. After all, these kinds of things are pretty niche and it is understandable that most people would not be as updated if they were not "in" the field to begin with (much less for academics).

Exams / final paper

There is no written exam. As mentioned, you are only required to do a final presentation and submit the final report after the presentation. Other than that, there are the regular check-ins that hold marks as well i.e. your Interim Report etc.

Tips to do well

Find a topic that you are interested to try and be prepared for the possibility that you're probably the only one who will be doing the work with minimal help/guidance. One professor can have numerous students that they are in charge of, so most of the time you will be on your own as was my case (also the fact that I don't think the people who were supervising me were exceptionally well-versed in what I was doing as well so...).

Final year is usually the time to start the job search so you can use what you're doing in FYP to market yourself to potential employers. In my case, I showcased my project in an interview and they asked me questions based off what I had done. Make no mistake, the questions were not easy to answer but I think by spending time and effort into your project, there is bound to be some basic level of questioning that you should be able to answer.

Overview / my personal (MIGHT BE BIASED) comments

I think that FYP is a good opportunity for one to explore a topic that they are interested in. In my case, I wanted to try recreating a very popular vulnerability while gaining some sysadmin experience. At that time I was also doing my OSCP, so I took the chance to make a couple of boxes that were inspired by my time doing the labs.

After my presentation, I also had the chance to present to Florian and Dr Sourav Gupta on what I had done in my FYP (this was a separate presentation that had nothing to do with my FYP). I am quite thankful that I was given a platform to speak outside of the official curriculum. :)

==

EE6108 - Computer Networks (Y4S1/3AU)

Lecturer: Dr Michelle (Part 1), Dr Xiao Gaoxi (Part 2)

Tutor: - (don't think there were tutorials for this course; everything was held online)

Marks and Assessment

CA1 Quiz (10%)

CA2 Assignment (10%)

Finals (80%)

Course Mechanics

13 weeks of lectures where the week 1 - week 7 are lectured by Dr Michelle and week 8 - week 13 are lectured by Dr Xiao Gaoxi. Continuous Assessment (CA) makes up 20% of the course marks while the final paper makes up 80% of the course marks.

CA1 is held during the week 7 session followed by a Summary & Revision component for Dr Michelle's part of the course. Can't remember when the CA2 Assignment was given out.

Short Intro

EE6108 is a Masters-level course. During my time, it was introduced as a replacement for a similar course EE4761 that had just been deprecated. This course is the follow up of EE3017 and delves deeper into Networking than what EE3017 covered. The first few lectures will be familiar if you've taken EE3017 prior to taking EE6018 (then again, I think the pre-requisite to taking EE6108 is to have taken EE3017).

The course touches on almost (if not) all the TCP/IP layers and protocols such as SPF, BGP etc. There's are calculations to be done which can range from calculating rates of XXX to calculating subnets. Knowledge of EE6108 is useful when taking EE4718 Enterprise Network Design due to the heavy emphasis of designing subnets for individual groups of end-hosts.

Easy parts

This course is not necessarily "easy". It is pretty content-heavy since it is meant for postgraduate study. I am not sure if undergraduate grading was done concurrently with postgraduate students, or if they separated the curve for UG vs PG.

That said, I think Dr Michelle makes a very good effort when teaching her part of the course. She made it a point to go through exercises at the very low level so it was easy to understand as long as you followed through the sessions. Don't remember how it was for Dr Gao, but I think during his second half of the course, I got so disinterested that I went to YouTube for the relevant content (the teaching materials are pretty public and I remember that there were YouTube videos teaching using the almost-exact materials as the one provided in EE6108). I felt that the online videos were better at keeping my attention span and taught in such a way that I understood better than how Dr Gao was explaining.

Hard parts

Again, the course content is a lot and personally, I couldn't see the usage of some of the content in the real world. I felt that most of the stuff I couldn't appreciate came from Dr Gao's portion since he was... not-so-good at teaching. I suppose it could have also been due to me not successfully covering everything that was taught.

Contrary to EE3017, I don't think I did a follow-up for this module after the semester ended. This is because I had already gotten a job and was preparing for the new phase to transition from being a student into the working world.

Exams/final paper

There is a final paper for this. As with EE3017, half of the questions were by Dr Michelle and the half by Dr Gao. The revision summary conducted by Dr Michelle in Week 7 is important as she gives out tips for her part of the paper.

Tips to do well

Refer to the tips for EE3017 in my Y3S1 review since EE108 follows closely to it. The only difference is that there is no IRA and lab in EE6108. That said, Dr Michelle did ask during the course if we would prefer doing some Cisco labs as part of our assessment, which everyone voted strongly against LOL. However in subsequent runs of this course since I left, I think she was saying that she wanted to design a lab or something so the assessment rubrics is likely to be different from the one in this review.

Overview / my personal (MIGHT BE BIASED) comments

I relied on Dr Michelle's teaching for the first part of the course and found that it was sufficient to understand and do the work. In fact, I don't think I was able to find a replacement online to teach her part of the course. Thankfully this was not needed since she was such a good lecturer.

For Dr Gao, I'm just relieved that there were online lectures available for me to refer to. This needs no further comment.

Overall, I think this is a very interesting module to further one's understanding on computer networks, and I took it because I wanted to follow up on my learning from EE3017 + build up my foundation to understand network security concepts (while the course doesn't have anything to do with security, Dr Michelle said she wanted to incorporate network security elements for future runs of the course). If I had a wish for this course, it would be for her to take over the full run of it (plus the EE3017 one) because her way of teaching and her solutions are quite intuitive to follow.

==

EE4717 -Web Application Design  (Y4S1/2AU)

Lecturer: Pre-recorded lectures, part 1 was done by Assoc Prof Chong Yong Kim and part 2 was done by Dr Muhammed Faeyz Karim / Dr Wesley Tan

Tutor: Dr Wesley Tan (if I recall correctly, he was the tutor for my group)

Marks and Assessment

CA Progress Assessment 1 [15m]

CA Progress Assessment 2 [15m]

CA Project Report (Design) Document [20m]

CA Project Report [20m]

CA Project Demo [30m]

Finals (50%) -> open book

Note: all CA components are summed to 100 marks, which constitutes 50% of the total grade.

Course Mechanics

The two Progress Assessments are based given out by week 4 and week 9 respectively, and are based on Case Studies from the course. In addition to this, you will pair up with another student in the tutorial class and both of you will have to do a Group Project. The Project Report (Design) Document is due by Week 6 and the Project Demo + Project Report are due by Week 13. Thereafter, there will be a written final exam where you are allowed to bring in your cheatsheet.

Easy parts

This course is not easy because of the sheer content-to-AU ratio. Just by number of things to hand up, it is probably the most demanding course in the semester. Add on that you are literally designing a fully functioning web application from scratch, and it can get quite overwhelming. Refer to next section for elaboration.

Hard parts

The "context" for PA1 an PA2 is actually freely available online. This course uses the JavaJam web application to teach the different components of web application design and the PAs are usually some form of twist to the lecture content. However, it requires some creativity and understanding of the lecture content to solve the PAs because they ask you to do some basic design to the JavaJam web app that is not direct taught.

The project (all 3 components of it) is probably the biggest pain of this course. As mentioned, you and your partner are required to come up with a fully functioning web application that has certain features such as forms and a backend database. Given that both of us (and many students in the course) were very new to web application design, we struggled a lot to get a minimum viable product by the deadline. Ultimately, we had to resort to getting code from some GitHub from a senior who cleared the module long before us.

Exams/final paper

I felt that the final exam was intended to overwhelm students by the sheer amount of things there were to do. From creating user stories to writing SQL statements, the exam was obviously not intended to be finished within the given time. It did not help that we had to hand-write code that would otherwise be done in VSC in real-life, which I felt did not reflect what a real final exam should be.

Tips to do well

I honestly have no idea... This course doesn't seem to be made for beginners. I only took this because it was required for my Computer Engineering specialization. I did not expect it to take up such a disproportionate amount of time.

Overview / my personal (MIGHT BE BIASED) comments

The workload-to-AU ratio for this course is insane. If not for the ready-made solutions that my lab partner hunted from GitHub, we would have been well and truly screwed. I don't think the course itself is difficult, it's just that there's just too little time to cover the amount of content that was planned for the course. This is one of those courses that you need prior experience to stand a chance in doing well in.

==

CZ4070 - Cyber Threat Intelligence (Y4S1/3AU)

Instructor: Lim Yihao (from Mandiant)

Tutor: No tutorial

Marks and Assessment

Pretty much forgot, but I remember there was a final, some random group presentation, maybe a quiz...?

Course Mechanics

There is a one physical session held every week throughout the semester. Week 1 is mainly to get to know everyone in class (class size is small, around 10 students) as well as to get the pairings together. Everyone is given an individual etude to practice by mid-semester and then the final concert is held either week 12 or 13 (can't remember). For every week's session, it will usually be some form of music theory/history of piano etc, before everyone breaks into their pairs to practice for the concert. Throughout the course, Ms Yeong will coach each pair to help them prepare for the final concert. Somewhere around the middle of the semester, each pair has to present on the progress of their practice.

Easy parts

I felt that this course had an easy vibe to it. Most of the time, I was just tuning in to the lectures to listen to the lecturer ramble about some Threat Intelligence stuff. To his credit, I think he did make an effort to make the course more engaging by having things like Class Activities where we broke into groups and did a bit of research to present on assigned topics. The final exam was alright too, mainly because I went in with the SU mindset HAHAHA. Also, there was one session where an external guest was invited to sit in on the lecture and give his own experience. I think the lecturer got in from Mandiant as well.

Hard parts

The group project required us to do some research on the topic "Which industries are more prone to ransomware threats?". Other groups got similar topics. However, there was little to no guidance on how to do the research. We were told to do web scraping for data on this topic (e.g. which industries, why these industries etc) and display them in a visualization. The only "help" we were given was a link to download Kali LOLLL. That's pretty much it. Not even a suggestion on which tool to use or anything.

Also, the lecturer states upfront that this module was not meant to be a technical course. There was no heavy coding (none actually) involved. Just a note in case readers are curious whether this course involves coding and technical knowledge.

Exams/final paper

The exam is alright, nothing too crazy. It doesn't require any long explanations or calculations and most of it were pretty simple stuff like matching A to B (?) or things like that  (e.g. short answer questions). I felt that the final exam was kind of kindergarten-ish in terms of the exam format.

Tips to do well

I wouldn't know because I had the SU mentality for this course and left early during the final exam HAHAHA.

Overview / my personal (MIGHT BE BIASED) comments

I took this course out of pure curiosity. As I had already started studying my OSCP in this semester, I wanted to try a cyber-related course to zhng up my resume and expose myself to different fields of cybersecurity (CTI =/= VAPT). Do I regret taking this course? I don't know... there's no inherent regret, so I suppose I'd be neutral about retaking this course again if I had to. The lecturer is quite nice though: I had a brief conversation with him once about crossing into cybersecurity from STEM and he was like "any company who discriminates against STEM when hiring for security roles are outdated; you won't want to be in that company anyway". LOL.

Happy 2024! :D

Hello everyone! It's been (coincidentally) exactly one year since my last post. Many things have happened since Jan 2023 and I've been kept busy on and off. Since I had a bit of time at the time of this writing and wasn't feeling so lazy, I thought I would come back and revive this old blog.

But first, I want to say that I was very surprised that the viewership on my blog kind of skyrocketed in Jan 2024 (aka this month). I noticed that some views came from reddit, so I dug a bit and found the following link:

https://www.reddit.com/r/NTU/comments/191bmwu/ntu_blogs_a_compilation_of_student_module_reviews/

Wow! I never thought that my blog would one day appear on NTU reddit, so I'm very touched and (somewhat) honored that people are still reading my rants long after I've graduated... plus I think the mods have since been reclassified??? I'm not too sure, but last I checked there were some changes to the course codes. Anyway, thank you to pimogohome for taking the trouble to compile the blogs. I'm sure other juniors / curious peeps will benefit from this effort. :)

Coming back to the blogpost, there are a lot of things I want to write about. I know that I've not done my mod review for Y4 (which is wayyy overdue) so that would be one of the more important things to complete on the to-do list. But other than that, I also have some very exciting news.

I've moved on to my second job since graduating from EEE but am still working in the public sector. I'm still in cybersecurity so there's no change to that. I think the past ~1.5 years since graduation have been interesting as I got to interact with many people who are excellent at what they do and whom I draw a lot of inspiration from. Of course, there were highs and lows in my early career but I think the varied experiences have helped me to adopt a more mature(?) and realistic outlook on working life.

During my time in the workforce since graduation, I was also very fortunate to be awarded a scholarship to pursue my Masters in cybersecurity. What that means for this blog is that I will now have more mod reviews to write for my blog content for the next few years! :D That said, the content covered will have some differences since it will no longer be undergraduate EEE mod reviews (the reviews will focus on cybersecurity topics at the postgraduate level). Some readers who read my posts only for the EEE content might see this blog start to go in a different direction, but I hope that the new content on different topics will help to spark some interests in EEE juniors who might be curious to switch fields to cyber. Nevertheless, please leave a comment if you would like my input for EEE undergraduate courses and I will do my best to reply. :)

Besides the above topics, I am also considering to write about my random thoughts on working in the tech industry and other related topics. There's no set topic that I have in mind, but obviously I think my rantings will be skewed towards cybersecurity rather than the typical SWE / DSML / AI fields etc. Since this is more of a lifestyle blog, I shall refrain from writing technical stuff and instead try to scope my topics towards a more general audience. If you have any topic that you'd like me to write about for tech, feel free to comment as well! Who knows, this blog might soon become the prose version of JomaTech HAHAHA.

EEE to Cybersecurity + a brief timeline of searching for my first job

Hello readers! It's been more than half a year since my last post and I'm back to update my blog.

Firstly, this post is written and published on Chinese New Year 2023, so I'd like to wish a Happy Chinese New Year and hope for a good year ahead for everyone :)

A lot has happened in these past ~7 months and I've since graduated from NTU and am currently working in the civil service! :)

There's a lot to write about, and I'm aware that I have yet to update my course review for my final year modules when I was still in NTU. I've been meaning to write about them but the inspiration keeps coming and going before I can pen down anything meaningful, but I promise it'll be up sometime this year, hopefully in the next few months! For this blog post, I thought I would share a bit about my current job and what I've been doing since graduation.

I've adopted a QnA format to write this post, so I hope you enjoy! As always, please drop your comments if you have any and I'll be happy to answer them. :)

If you are an existing NTU junior and have questions related to cybersecurity as a career, feel free to drop them in the comments as well and I will answer them!

A short timeline of my job search journey

If you've read my post on my EEE internship, I wrote at the time that I wanted to pursue a career in cybersecurity. For the uninitiated, cybersecurity can be broadly categorized into two groups: offensive security vs defensive security. The former is the branch of cyber that deals in proactive security and is perhaps most glamourized in mainstream movies (think: a person in hoodie in a cold server room typing on his laptop and the classic "I'm in!" scene), while the latter deals mainly in reactive security such as investigating and containing cyber attacks.

As written in my previous posts, I was primarily interested in offensive security. Specifically, I was looking for roles in penetration testing and/or exploit development while job searching in Y4S2. In layman explanation, these are roles that deal with testing the security of various applications and/or technologies. For example, if a developer codes a website that accepts certain input, my job would be to test if the input field accepts certain characters and if so, exploit it to do bad stuff to the website.

Offensive security roles typically require some prior experience to land the role. Therefore, there were not a lot of jobs who were willing to take fresh graduates with no prior experience in the field. I had to sift through a few companies (off the top of my head, maybe around 10? Not too sure how many I applied to as I write this) and only managed to secure two offers within about a month (around Feb - March 2022). Due to time constraint and wanting to focus on other things, I stopped my job search and made my choice between these two offers shortly after I got them.

What am I doing today?

Currently, my role involves Vulnerability Assessment & Penetration Testing (VAPT). I also do bug bounty triaging and vulnerability research. It's a really fulfilling role and I count myself lucky that I get the chance to pursue a career that I'm passionate in (I can't imagine the horror of waking up everyday and dragging yourself to a job that you have no passion for).

You studied EEE! Why change to cybersecurity?

Why not?

I've come to learn that cyber is a field that requires passion to sustain and thrive, and this means being willing to put in the work to get better everyday. Of course, this applies to everything else in life, but in the context of this field, it is especially important. There is so much more I could write on the topic of "What I feel it takes to succeed in cybersecurity", but I'll save it for another post.

To answer the question more directly, I would say that throughout my time in EEE, I did not manage to feel a burning desire to want to learn beyond what was taught compared to the experience when I first dipped my toes in cyber. It was always "oh I'm just going to study this to pass" or "I have absolutely no idea what the lecturer is talking and I can't be arsed to find out more if it's not going to be on the test". Simply put, I'd say that I just didn't feel anything that stirred my heart in EEE. And when cyber came along, the experience made me realize that it was what I wanted to do.

Looking back, the closest I came to wanting to learn would probably be the Computer Communications / Computer Networks modules that were taught partly by Dr Michelle, and I suppose credit has to be given to her good teaching that made me want to find out more beyond what the course syllabus required.

Modules in NTU EEE that have relevance to cybersecurity

Digital Electronics: Understand the concept of 0/1 and the different gates.

Microprocessors: Assembly language is fundamental for writing exploits (exploit writing is not covered in this module obviously, but assembly is required for it).

Computer Communications: Absolutely fundamental to learning about TCP/IP and IPv4 etc.

Computer Networks: Largely relevant for the same reasons as Computer Communications.

Information Security (the MPE, not the UE): Teaches some common terminology and introduces important topics such as encryption etc (however, it's nothing too technical).

FYP: search for a relevant project or simply come up with your own! I came up with my own and did everything from scratch since there was no precedence FYP for my research topic.

If you would like to access my FYP, you can do so here.

My EEE Internship Experience (EEE AY 20/21 Y3S2)

Hello readers, I just finished my final written paper for Y4S2 so I am back with another post on my NTU undergraduate experience. In this post, I will be talking about my internship in Y3S2. While it has been around a year since then, I will try my best to recall as much as I can. The following are the contents of this post for easy navigation:

The "unofficial" introduction to Professional Internship (PI) for NTU EEE (My Version)

My professional interest and choice for PI

PI Experience

Hindsight and Takeaways

Overall Conclusion

The "Unofficial" Introduction to PI

As everyone knows, engineering courses in NTU require you to do a credit-based internship to fulfill graduation requirements. Most students clear their internship in Y3S1 or Y3S2. In the semester before they officially start, applications will open for students to check out and apply for companies that they are interested in. Besides school-related sources, students can also source their own internships and submit them to the School for confirmation. Note that students are also free to do internships during their holidays but these do not count as credit-based.

In my case, I did my internship in Y3S2 (Jan 2021 - May 2021) at Keysight Technologies Singapore. I got it through InPlace, which is the internship portal for EEE and I think other Schools as well. I was placed there as a Product Security Engineering Intern under their Product Security Team.

My Professional Interest and Choice for PI

Even before the intern application season for my batch came, I had already developed an interest in cybersecurity. I will not go into the details of my interest in this post, but it is safe to say that I was determined to do my internship in a cybersecurity-related role by the time internship season rolled around the corner.

Like any other student, I spent time going through the listings for cybersecurity roles both on InPlace as well as from other sources. In a nutshell, InPlace carries out internship applications in 3 rounds, and students who did not get their first choice companies would then participate in the subsequent round, and so on. For me, I managed to get an interview with a company in my first round choice i.e. Keysight. I was interviewed by the team lead and another engineer and received the offer shortly after.

Besides InPlace, I had also attempted to source from external platforms. One reason is because there are simply only that many cyber-related openings for non-CS students. I do not remember exactly which companies I had applied now but there were a few banks in the pool. At some point, I received an invite from a foreign bank to submit an application to my School for further processing (because this was considered external application and hence needed to be approved first) before they could consider me for an interview. However, I did not proceed with this because by then I had already confirmed my placing with Keysight.

PI Experience

My internship was done during the aftermath period of COVID-19. Since we had Circuit Breaker in 2020 and the situation was somewhat iffy then (think: snap measures), I would say that it sort of impacted the overall experience of my internship at Keysight. For example and according to my understanding, Keysight usually sends their interns to the Malaysia site to expose them to more aspects of the business during their internship. There would also be some intern events for bonding and networking. However, due to the pandemic, all of these were cut. Essentially, we only went to office 2-3 times per week and either stayed in the room they gave to us or went up to interact with the full-time guys (they had a separate room for interns).

Besides myself, there were 2 other interns from NUS. All 3 of us were parked under Product Security, although we worked with different team members from the full-time team. For me, my initial main task was to conduct regression testing on the team's Vulnerability Management Tool (VMT). I will not go into further details for privacy reasons. In the second half, I did some research and came up with proof-of-concepts on using an acquired technology to automate the regression testing process. I had to basically redo all the test cases in the first half and write scripts in a rather obscure language to ensure that testing could be automated for every version release of the VMT.

Hindsight and Takeaways

The following is my thoughts while reflecting on my internship. I've formatted it in a pro vs con template to better convey my thoughts. Hopefully it will help juniors who are interested in cybersecurity to make an informed choice in the future. I will start with the cons before moving on to the pros.

Cons: If I were honest, I would say that my internship experience kind of went off a tangent. I was looking for an internship that could give me exposure to penetration testing. One of the reasons I chose Keysight was because they had advertised the role to include PT. However in reality, I did not do much, if any, PT during my time there. I would say that the team was more focused on the scanning phase of the process rather than on PT itself. As mentioned, the second half of my time was spent doing automation-related work instead of getting practical experience on how to conduct vulnerability assessments.

Also, we were pretty much left to our own devices most of the time. Other than the interactions with the full-time guys during lunch time, there were not many work-related interactions except during the regular standup meetings. Overall, it felt more like a software type of role rather a cybersecurity one.

Pros: That said, the full time guys were mostly opened to talk to the interns whenever we had questions. The talks ranged from work-related to certifications etc. At that time, I was taking my CEH and one of the full-time guys was nice enough to provide test past exam answers since he had already taken it before and passed. Sadly, he took v10 but I was doing v11 so it was not really relevant but at least he was nice enough to help. I remember he also gave me a pep talk on doing OSCP and telling me not to worry too much and just go for it, saying it would be an experience to start doing offensive security from nothing. It was encouraging to have that talk because I was still quite the noob at the time compared to now.

Another nice bit of interning at Keysight would be their cafe. The cafe food was nice albeit a bit pricey. Sadly their canteen was mostly closed (cafe =/= canteen) so I didn't have many experiences trying their canteen food.

Work-wise, they had some cool stuff to play around with that usually require a subscription. I think they had Burpsuite Pro, Nessus etc. Unfortunately I was not aware of these and only came to know about them towards the end of my internship.

Overall Conclusion

"Well, I guess I made my choice so I have to stick with it." would be a sentence that could sum up my experience at Keysight. It's not entirely bad, but I am of the view that there could be areas of improvement. During my time here, I managed to clear my CEH and get some motivation for OSCP, so that could be considered as an objectively good thing.

In any case, I made the choice that I thought was the best for myself under those circumstances, so there is nothing left but to look forward to where the future will take me! :)

As for you, my readers, I hope that you have gained some insight into how internship works at NTU EEE and are better informed to make your own choices. :D

Course Review NTU EEE - EEE Y3S1 AY20/21

Y3S1: Aug 2020 - Dec 2020

General comments on what I did well, what I could have improved on etc will be included at the end of the post. I will also update the final results when they are out.

Each course is broken up into the following parts:

1. Marks and assessment component of the course

2. Course mechanics

3. Short Intro

4. Easy parts

5. Difficult parts

6. Exams/ final paper

7. Tips to do well

8. Overview/ my personal (MIGHT BE BIASED) comments

YEAR 3 SEMESTER 1 (18AU):

MAJ-CORE: EE3080 DESIGN & INNOVATION PROJECT (2AU), GRADED

MAJ-PRESCRIBED: EE3014 DIGITAL SIGNALL PROCESSING (3AU), GRADED

MAJ-PRESCRIBED:  EE3017 COMPUTER COMMUNICATIONS (3AU), GRADED

MAJ-PRESCRIBED: EE4758 INFORMATION SECURITY (3AU), GRADED

GER-CORE: ET0001 ENTERPRISE & INNOVATION (1AU), P/F

GER-PE (STS): CM8002 FORENSIC SCIENCE (3AU), GRADED (S/U AVAILABLE)

GER-UE: AAI08A PIANO ENSEMBLE (3AU), GRADED (S/U AVAILABLE)

CORE/MPE AU CLEARD: 62/61, TOTAL GRADED COURSES:84 /69, TOTAL AU CLEARED: 107/141

Note: I will not be reviewing EE3014 as I do not have much memory of the module. As for CM8002, I will not review it as well as I did not put in enough effort to render a memory of the course.

Brief comments on CM8002: The course gave a lot of case studies which I felt was very interesting. Learnt a bit of history from the course content as well. No labs, only lectures (can't remember if they were pre-recorded from previous semesters or live-recorded every week).

=== REVIEW PORTION ===

EE3080 - Design & Innovation Project (Y3S1/2AU)

Lecturer: ???

Faculty in charge of my group: Prof Ponnuthurai Nagaratnam Suganthan

Marks and Assessment

[I do not remember clearly what the assessment rubrics were. Below is what I can remember.]

Group Presentation: I think we were the second last or something...?

Project Report: ???

Peer Evaluation: ???

Overall Grade: -

Course Mechanics

I forgot what the course mechanics were as well.

Short Intro

DIP is basically a group project module where you will be grouped with a few other students and everyone will work on one project throughout the semester. At the end, the group will present to a group of faculty and will be graded on the presentation. From what I remember, the group meetings are scheduled OTOT and there is no fixed timing, at least that was how it was with my group.

Before the start of the semester, the school will give you a choice of what project you would like to do. You will then submit a list of what you want and get assigned according to your choice of project (unless it is over-subscribed). The available topics include electrical/electronics/computer-related such as AI/ML, Neural Networks etc. My group chose to design some predictive network I think.

Easy parts

As with any group project, being able to work with your team is crucial. I was fortunate as my team could work together with each other. I still keep in contact with some of my teammates today. The strengths of some of us could shore up weaknesses in the others and vice versa. I would say that I enjoyed working this team and am grateful that the really strong guys could tank a lot of the nitty gritty (Melvin, Bo Xiang etc).

Hard parts

Surprisingly, the difficulty came from the un-cooperativeness of the organization we were supposed to do the project for. In our situation, we were informed that our project was supposed to be in collaboration with HTX. We were supposed to help them create AI models to pick out real ID photographs from fake ones. Early on in the project, we requested for raw data from them but were ignored. This incident repeated itself throughout the duration of the project and we finally gave up when we came to the realization that they probably did not view our work as significant enough to bother corresponding with us. I vividly remember Melvin sending email after email to chase them for replies only for them to send a one-off reply towards the end of our project to basically go no further than acknowledge our existence. It was truly disgusting. Also, it didn't help that our prof didn't take too much of a vested interest in our work as well, but what's new right?

Exams / final paper

There is no written exam. We only did a final presentation and submitted a project report.

Tips to do well

Find a group that you can work well with. They will come in very handy especially in situations when you are not sure how to go forward and you have nobody to turn to. Essentially, you will be handling a mini-FYP in the sense that the content could very well be equivalent to an FYP but the weightage and time given to DIP is only worth 2AU. It is in these situations that your groupmates' expertise will save the situation as it was for me. Also, please split the report writing evenly as your group will be writing a report that is around the length of an FYP. Refer to my point on the mini-FYP.

Overview / my personal (MIGHT BE BIASED) comments

Never ever work for stat board projects for DIP, good groupmates are essential, and coffee/tea keeps the productivity up.

==

EE3017 - Computer Communications (Y3S1/3AU)

Lecturer: Dr Michelle (Part 1), Prof Cheng Tee Hiang (Part 2)

Tutor: ??? (I forgot)

Marks and Assessment

Quiz 1 (15%)

Quiz 2 (15%)

Lab (10%)

IRA (10%)

Finals (50%)

Course Mechanics

I do not remember but according to the notes I saved, it states 13 weeks of face-to-face tutorial 1.5h each (excluding lab I think).

Short Intro

EE3017 is the introduction course to network-related topics. It is a pre-requisite for EEE's Computer Engineering specialization because it is needed as a pre-req for EE4718 which is the design course that is typically offered in Semester 2. Some topics taught in this course include TCP/IP structure, some encoding techniques, Wireless/Ethernet etc... I do not remember all the topics.

I was particularly interested in this course because of my interest in cybersecurity. In my later posts, I will talk a bit more about this interest as part of what I've been doing the last couple of years.

The course is partly taught by Dr Michelle who I think is a really good lecturer. Personally, I would rank her on the more extreme end of the faculty who knows how to teach. Till today, I still recall the stuff that she taught in EE3017 in my work.

Easy parts

Because of my interest, I could find motivation to do a lot of the work in this course so to me what is supposedly "dry technical stuff" could be considered manageable. Objectively speaking, I would say the IRA were not difficult. As long as you review the lecture material according to the schedule, you should be fine. As it has been a long time, I do not recall much about the rest of the content.

Hard parts

I would say that this course has a lot to learn about which cannot be covered in the 13 weeks. In my case, I wanted to go beyond what was taught because it was important that I committed certain concepts to permanent familiarity. For example, TCP/IP architecture and IP addressing are very important things to know especially in designing networks. On the subject of IP address, this knowledge is crucial for EE4718 Enterprise Network Design where students are required to design and assign IP addresses to a pre-defined environment. As of this writing, I have not yet started on the course (week 7 already and haven't started... year 4 mentality hahahaha) but off the top of my head, I wonder why they don't just use a DHCP server to do the assignment hmmm...

Exams/final paper

There is a final paper for this. The questions were set half by Dr Michelle and half by Prof Cheng. I cannot remember the content of the course. However, it is good to note that Dr Michelle will conduct a "revision class" sometime around recess week where she hints at the topics tested for the final. It is good to study for those as the other prof usually will not set mention anything about their questions.

Tips to do well

I think that for computer communications or any IT-related subjects, doing well requires having a passion for what you're studying. I would like to define doing well not just by the traditional meaning of scoring well in exams, but to really appreciate what is being taught and understanding them from a practical point of view. After all, 考试是死的 人是活的 and this is true in cybersecurity where exams are not at all reflective of the skills of the candidate and their true worth is assessed by their practical skills. Nevertheless, in the context of EE3017 as an academic subject, I would advice to put in good effort into the topics that Dr Michelle highlights in her "revision class". As for the other half, I really do not know how to advise because the other prof can set whatever they want. Also, remember to put in effort for the IRA because those are easy marks. Lastly, the lab for this topic is NOT HARD AT ALL (ok, maybe to me is not because of my cyber background). It is essentially pinging hosts and recording what you see.

Overview / my personal (MIGHT BE BIASED) comments

This was a very interesting course full of knowledge to learn. Post-semester follow up is highly encouraged to thoroughly internalize the concepts taught, and to facilitate further self-study.

Note that there is a part 2 to this course which is EE4761 (deprecated since AY21/22). I will elaborate more on this in my Y4S1 review where I took the replacement course EE6108 (a Masters course that they gave to undergraduates to replace EE4761).

==

EE4758 - Information Security (Y3S1/3AU)

Lecturer: Assoc Prof Yakoob

Tutor: No tutorial

Marks and Assessment

Quiz 1 (20%)

Quiz 2 (20%)

Essay Assignment (20%)

Finals (40%)

Course Mechanics

EE4758 is the only cybersecurity-related course offered by EEE that is taken as a MPE (the other one offered by EEE called Cybersecurity is a UE). This course touches on some profiles of the threat environment such as the types of threat actors, prevention/detection systems, case studies etc... There is also a significant focus on (extremely easy) cryptography which is tested in the final paper.

Easy parts

From a "real" security point of view, this course is extremely superficial. If I were to draw a comparison between this course and external theory-based courses such as CEH, I would rank this course even lower in terms of difficulty. For example, there is not much depth to the encryption methods covered in EE4758. Some technicalities are touched on but it definitely does not delve into the finer details of encryption. Also, contrary to typical courses on security, this course does not have any practical component to it at all. That means no live machines to practice on, no tools to use, nothing of that sort. It is pure theory content. The essay CA is purely another "research" paper that imo can be fluffed through.

Hard parts

Because the course is so easy, it is hard to score well. There are almost no calculations to perform in the final exam save a couple small encryption questions (iirc was Diffie-Helman or something). Most of the written content can be lifted off the textbook directly. There is really nothing much to say for this course except that for those who are considering a career in security, absolutely do not let this course fool you into thinking that real cybersecurity is this simple. IT IS NOT.

Exams/final paper

The final paper consists of 4 questions each testing on certain weeks' content. As mentioned previously, the questions are largely manageable. Compared to other EEE papers, this is one of those papers where a student can actually finish within the allocated time. Pay attention to what Prof Yakoob mentions during his revision lecture, he will hint at what will come out (but usually encryption will come out since it's the only calculation-based question the course has).

Tips to do well

There is no need to prepare excessively. Do well for the quiz because they are unbelievably easy. As for the essay, it can be settled quite fast if you put in the effort to do your research properly.

Overview / my personal (MIGHT BE BIASED) comments

Personally, I wouldn't bother highlighting this on my resume if I were to apply for cybersecurity jobs after graduation. Will I put it down? Yes. Will I highlight it? No. This is because, and I unreservedly state this, 99.9% of students probably took this course not understanding anything about real cybersecurity at all, and this course does not come close to offering students a glimpse of real-world cybersecurity.

That said, it is an easy A for the book-smart kids who want to maintain their perfect GPA. As with all other courses, this is still an academic module at the end of the day so some might view this course as yet another one to take to keep their GPA high. For me, someone who is genuinely interested in the subject and not the course, I would say that there is much left to be desired in terms of quality content delivery from EE4758.

==

AAI08A - Piano Ensemble (Y3S1/3AU)

Instructor: Ms Yeong Lan Ing

Tutor: No tutorial

Marks and Assessment

Class Part (???%)

Etude (???%)

Final Concert (50%)

Course Mechanics

There is a one physical session held every week throughout the semester. Week 1 is mainly to get to know everyone in class (class size is small, around 10 students) as well as to get the pairings together. Everyone is given an individual etude to practice by mid-semester and then the final concert is held either week 12 or 13 (can't remember). For every week's session, it will usually be some form of music theory/history of piano etc, before everyone breaks into their pairs to practice for the concert. Throughout the course, Ms Yeong will coach each pair to help them prepare for the final concert. Somewhere around the middle of the semester, each pair has to present on the progress of their practice.

Easy parts

-

Hard parts

This course is NOT for beginners. To begin with, there is an existing piano grade requirement to be admitted into the course. It is also helpful to keep in mind that the final concert is a piano DUET, meaning that no solo is allowed. Expect your classmates to be extremely talented as many of them would have already established themselves prior to joining the course. I was in the first batch of students to take this course and in my class there was a FRSM, a few LRs and quite a few Grade 8s/DipABRSM/ATCL. My duet partner was an ATCL and she was amazing.

Exams/final paper

The Etude you get depends on your skill level. You will be assessed based on the piece you present in Week 1 and the Etude will be assigned to you subsequently. As for your final concert piece, you get a choice to pick what you want to present after discussing with your partner. For my class, a few pairs went for French classical including my partner and I (we did Introduction and Rondo Capriccioso). You can also opt to arrange your own pieces which was the case for one of the pairs in my class.

Tips to do well

Practice.

Overview / my personal (MIGHT BE BIASED) comments

I took this course out of pure interest and passion in piano. I went in knowing full well that I would not do extremely well because there were simply too many talented people in my class. I still cannot forget the day when the pair doing Habanera presented their work. I had never seen nor heard such a good live performance before. It really goes to show that those who dedicate themselves to their craft can achieve such impressive feats. Personally to me, this course is a re-affirmation of my passion in piano which is why seeing such great playing motivates me to become a better player!

2022 Update

Hello readers.

It's been a while and my blog is back. :)

For those of you who wanted to read my reviews. I would like to apologize for the sudden disappearance of my blog for the past year or so. Some stuff happened and blogging had to take a back seat.

But to randomly quote Dom Mazzetti: "Here I am, right around the holiday season. Like a dad that went out for cigarettes and just kind of crept back in."

Almost 2 years have passed since the latest post on this blog and naturally, my priorities have deviated greatly from where I left off. I'm currently about 5 weeks into my final semester before graduation (yes, Y4S2 that's how fast time flies haha) and in the midst of FYP, amongst many other things.

Looking back, there seems to be a lot that I could write about from where I last left off. Things such as course reviews, my internship and holidays to simply just how life has been since the pandemic.

I think it is too much to write in one go, so I intend to adopt a more carefree and unstructured way to document everything I have done since then. In other words, I will be doing away with the usual structure from the previous posts. This is also due to my memory of the courses that I've taken being hazy at this point of time which means that adopting the structure would not bring much value to juniors who are curious about the prospective courses.

That said, do look forward to some interesting ideas I have for my subsequent posts:

    Memorable UEs including NIE Piano Ensemble (a graded course)

    My Y3S2 internship at Keysight Technologies

    My current Y4S2 FYP and what I've been up to since 2020?

    More course reviews! (from more recent semesters)

    CCAs and Concerts in a Pandemic (Y4 Eleganza after 2 postponements since Y2!)

    Looking Ahead: What I intend to do and where I intend to go?

I may or may not write about all of them due to my schedule and there is no scheduled order of topics, but I hope that whatever stories I do end up writing may pique the interest of my juniors and blog readers.

As usual, do leave comments if you have any questions and I will do my best to reply them ASAP. :)

Have a good day and stay safe. :)

Course Review NTU EEE - EEE Y2S1 AY19/20

[UPDATE: this is an incomplete entry from Y2S1 published for memories' sake. At the time of this publication aka Feb 2022, I have effectively forgotten what I wanted to write here, so I'll be leaving this post as is.]

Hello to all my readers! I hope everyone is doing well. :) This is my course review for Y2S1 AY19/20. I have tried my best to remember as much as I could but please forgive me if I forgot anything. Some parts will be left as ? if I really don't remember.

---

Y2S1: August 2019 - Nov 2019

General comments on what I did well, what I could have improved on etc will be included at the end of the post. I will also update the final results when they are out.

Each course is broken up into the following parts:

1. Marks and assessment component of the course

2. Course mechanics

3. Short Intro

4. Easy parts

5. Difficult parts

6. Exams/ final paper

7. Tips to do well

8. Overview/ my personal (MIGHT BE BIASED) comments

[CONFIRMED] YEAR 2 SEMESTER 1 (20AU):

MAJ-CORE EE2001 CIRCUIT ANALYSIS (4AU), GRADED

MAJ-CORE: EE2004 DIGITAL ELECTRONICS (4AU), GRADED

MAJ-CORE: ENGINEERING MATHEMATICS I (4AU), GRADED

MAJ-CORE: EE2008 DATA STRUCTURES & ALGORITHMS (4AU), GRADED

GER-CORE: EE0005 INTRO TO DATA SCIENCE & AI (3AU), GRADED

GER-CORE: HY0001 ETHICS & MORAL REASONING (1AU), P/F

CORE/MPE GRADED AU CLEARED: 37/61, TOTAL AU OF GRADED COURSES: 51 /69, TOTAL AU CLEARED: 57/141

=== REVIEW PORTION ===

EE2001 - CIRCUIT ANALYSIS (Y2S1/4AU)

Lecturer:
Part 1: Prof Er Meng Joo
Part 2: Assoc Prof Justin Dauwels
Part 3: Assoc Prof Soh Cheong Boon

Tutor: Prof Wang Youyi

1. Marks and assessment component of the course

Quiz 1 (?%): ?/?
Lab 1 (?%): ?/?
Lab 2 (?%): ?/?
Home Assignment 1 (5%): ?/?
Home Assignment 2 (5%): ?/?

Finals (60%): ?

NOTE: INCOMPLETE/UNCONFIRMED ASSESSMENT RUBRIC

2. Course mechanics

EE2001 consists of weekly online lectures and a 2h weekly tutorial. Finals consists of 4 questions, each set by a different setter. There are 2 labs, each before and after recess week. 2 home assignments are given and must be submitted by a certain deadline in hardcopy. Quiz 1 was administered around end September.

3. Short Intro

Circuit Analysis introduces the basics of circuit theory in EEE. In my opinion, this course is the "core of the core" in all EEE courses. It is split into 3 parts. The first 4 weeks deals with things like basic laws e.g. Thevenin, KVL, KCL... and introduces inductor and capacitor. Part 2 introduces Laplace Transform for 2 weeks I think. The last part talks about power, though I cannot remember exactly what. I do remember that there were delta-Y etc transformation or something like that, but that was towards the end. There is also AC current content in part 3.

4. Easy parts

Personally, I don't think there were any easy parts. Some of my friends thought that the power part was easy, but I really hated power. Maybe it had to do with me burning out by the time the later weeks came. If I really had to choose, I would say that the first few weeks were manageable but that's really about it. Everything goes to shit once Dauwels starts lecturing from week 4 onwards.

5. Difficult parts

I would rank EE2001 on the harder spectrum of courses that I've taken so far. There are a lot of theories behind what they teach and they don't teach from the ground up. For example, the course goes straight in to application of Thevenin etc. I didn't feel that there were any groundwork for students to fully appreciate how the theories were derived. Also, Laplace was a complete disaster. Dauwels is bad at teaching and I HIGHLY RECOMMEND learning from YouTube or some other source.

6. Exams/ final paper

As mentioned, the final paper is a 4 question paper. Each question corresponds to a part of the lecture notes covered. Question 1 talks about circuit analysis part of the course and includes op amps. It's quite a standard question and enough practice should be done to do well in it. Question 2 is on Laplace and is set by Dauwels. Highly advised to leave it to the last as there have been instances in the past where it was set wrongly as mentioned by SCB in his revision lecture. Questions 3 and 4 are related to power if I remember correctly. I think there was one question from my batch that was related to the Homework Assignment that we were given.

7. Tips to do well

1. Homework Assignment should aim to score full or as close to full as possible. They are not easy, but get a good friend and tough it out together and things should be alright.

2. Labs should be more or less equal throughout the cohort. That being said, SCB did mention that there were A-game professors who tried to give high marks during the lab to help their students. I don't know which profs these are but they do exist so...

3. Finals should be practised a lot. Pay attention to the Homework Assignments given; there could very well be a part of the finals question or even a whole question that comes from the homework assignment. Questions 1, 3 and 4 should be mastered if you wish to score high in this course. As for Question 2, try your best.

8. Overview/ my personal (MIGHT BE BIASED) comments

I really hate circuit analysis. This course felt like a big rush because they were rushing through the whole thing. Lectures are pre-recorded and go really fast without any explanation. For example, in part 1, the lecturer would say something like "use KVL to redraw the circuit like this" without showing how to actually do it. It's really frustrating to figure out alone, especially when there are a lot of content. My tutor was shit and I didn't learn anything from him. I think I started to skip the tutorials after week 2.

Towards the end, SCB will hold a revision lecture. Apparently, a lot of people will attend this lecture as they say it's very important. Personally, I didn't feel very confident after listening, probably because I was really lost throughout the course anyway. One funny thing would be listening to SCB trash talk Justin Dauwels. For me, the revision lecture was more of an entertainment session where SCB ranted about his displeasure with Dauwels haha.

P.S. If you think EE2001 is hard, wait till you get to EE2002 Analog Electronics. :)

==

EE2004 - DIGITAL ELECTRONICS (Y2S1/4AU)

Lecturer:
Part 1: (can't remember the dude's name)
Part 2: Assoc Prof Lim Meng Hiot

Tutor: Assoc Prof Ho Duan Juat

1. Marks and assessment component of the course

Quiz (?%): ?/?
Lab 1 (?%): ?/?
Lab 2 (?%): ?/?
Lab 3 (?%): ?/?

Finals (60%): ?

NOTE: INCOMPLETE/UNCONFIRMED ASSESSMENT RUBRIC

2. Course mechanics

3. Short Intro

4. Easy parts

5. Difficult parts

6. Exams/ final paper

7. Tips to do well

8. Overview/ my personal (MIGHT BE BIASED) comments