Kies de Nederlandse taal
Course module: 201900124
Capstone Cyber Security: Social, Business, and Entrepreneurial Skills (4TU)
Course info
Course module201900124
Credits (ECTS)5
Course typeCourse
Language of instructionEnglish
Contact persondr. M. Daneva
dr. M. Daneva
Contactperson for the course
dr. M. Daneva
prof.dr. A. Peter
Academic year2022
Starting block
RemarksTo take this course, you must also be enrolled at TU Delft as guest (Bijvakker).
Application procedureYou apply via OSIRIS Student
Registration using OSIRISYes
1.       The main responsible teacher and contact person is Dr. Zeki Erkin from TU Delft.
2.       Enrollment via Dr. Zeki Erkin at
3.       All communication about the course will be by e-mail and not via Canvas
4.       15 Twente participants max, 4TU.CybSec students have priority.
Please note that the course has 3 parts. All parts must be done within 12 months from the start of part 1 and in the following order:
1. Q1 & Q2: Capstone Social Skills
2. Q3 & Q4: Capstone Entrepreneurial skills
3. Q5*: Capstone Business skills

*) Be aware that if you start this course in 2021-2022 (parts 1 and 2), then part 3 will start at the beginning of the next academic year 2022-2023.
Learning goals (Capstone Social Skills; Q1 & Q2)
The aim of this component is to give students a good understanding of the social skills of Cyber Security in a real context. The students will acquire:
  • A good understanding of social skills applied to Cyber Security in the real world.
  • Experience in applying social skills.
  • Working with other professionals in a real context and adapting the learned social skills to it.
Learning goals (Capstone Entrepreneurial Skills; Q3 & Q4)
The aim of this component is to give students a good understanding of the entrepreneurial skills of Cyber Security. After completing this, the students will have a firm understanding of (and can apply this knowledge in real cases):
  • What characterizes technology-based entrepreneurs and develop awareness of your own entrepreneurial traits.
  • How entrepreneurial opportunities come into existence.
  • What it takes to develop market research and segmentation for start-ups, learn through interaction with potential clients.
  • How entrepreneurs in cyber security develop a building a minimum viable business proposition.
  • A proactive and innovative personal attitude and act as a responsible salesperson of new business opportunities
Learning goals (Capstone Business Skills; Q5)
The aim of this component is to give students a good understanding of the practical challenges and particularly the business aspects of Cyber Security. After completing this component, the students
  • understand and can analyze the complexity of cyber security, in terms of people, processes and technology
  • understand and can evaluate the threats and how to mitigate these in a structured approach like “Prevent, Detect, Respond”
  • can work as a team on the analysis and resolution of a realistic cyber security challenge.

Content (Capstone Social Skills; Q1 & Q2)
Delivery: This course takes place off-site in four sessions of about 5 hours, distributed over the first semester (e.g. one session in Oct, Nov, Dec & Jan.). Students will be able to start travelling after 9:00 on the outbound journey and after 18:30 on the return journey to save 40% on the railway fare.
Motivation: A cyber security professional must be able to communicate with other professionals and in their language. This means that a cyber security professional must have excellent social skills, including presentation, writing, interview, feedback, and reflection skills.
Synopsis: A graduate will mentor a group of students during the semester. The mentor invites his/her mentees to his office to expose the students to the real working environment. The students train specific social skills during each session. The trainings will be based on realistic cases from the host organisation where possible. The training sessions will be conducted in small parallel groups to ensure that all students are actively engaged in the training. Before each training day, the students are asked to study relevant literature and to prepare themselves. Students complete 3 homework assignments and write a reflection report after two trainings and at the end of the course.

A sample case for each session is provided below:
Day 1: Interviewing busy executives. Sample case:  The student is a consultant who needs assess the risk of introducing a new application for a company. Key staff of the company, such as the Chief Information Officer, the Chief Information Security Officer, and the IT manager of provisioning, has different views on the project. The challenge will be to obtain the most relevant information in the time available, to verify the information, and to propose the best possible advise.
Day 2: Writing to change organisations. Sample case: The student is asked to write a press release for a government agency on a new cyber security policy. The challenge will be to use plain English only, to convey the message even if people only scan the press release.
Day 3: Giving and receiving feedback. Sample case: The student is an engineer in a team and the team failed their target because one of the team members has consistently been slacking. He/she is not taking responsibility for his/her behaviour. The challenge with feedback in general is to recognise its value for your personal and professional growth and learn to search for it in everyday life. The challenges in giving feedback are to do so in a verbally non-violent way, to make it easier to recognize, understand and accept, to encourage learning, and to show respect even if there is disagreement. The challenges in receiving feedback are to postpone defence mechanisms, discover the full message, to encourage learning, to separate understanding from processing the feedback, and to thank the other one for her/his effort.
Day 4: Presenting as an expert witness. Sample case: The student is an expert witness who has to explain in 5 minutes how a botnet provides relative anonymity for an offender to a non-technical audience. The presentation has to contain an analogy and an illustration, both created by the students themselves. The challenge will be to establish a rapport with the audience, to present the essence and leave out irrelevant (technical) detail, to verify that the audience has truly grasped the essence of the case, and to avoid tunnel vision.
Content (Capstone Entrepreneurial Skills; Q3 & Q4)
Delivery: This course takes place in two online sessions and two off-site sessions, one session per month from Feb to May. The off-site sessions last about 5 hours. Students will be able to start travelling after 9:00 on the outbound journey and after 18:30 on the return journey to save 40% on the railway fare.
Motivation:  New technology developments in IT and computer sciences have provided momentum for a wide range of applications which are increasingly embedded in the devices and applications we use in our daily lives. While the opportunities for new products, applications and new business are large, the challenge with regards to security are also increasing. These challenges, in turn, do also provide cyber security entrepreneurs the possibilities to address them with new services and product solutions.
Synopsis: In this course we will investigate the way in which entrepreneurs in cyber security develop new services and products. We will investigate and get a deeper understanding of the personal attitude that characterizes technology-based entrepreneurs and how they developed their value proposition based on customer needs and technology progress.
Content (Capstone Business Skills; Q5)
Delivery: This course is takes place off-site during a full week at the start of the academic year.
Motivation: Cyber security is a complex domain and students must understand what their contribution can be to the overall solution of a problem. New cyber security problems may appear suddenly (e.g. bash gate, heart bleed) and require urgent solutions. The solution may involve new technology, but also involve new (crisis) management processes based on the cooperation of people from various organizations (employees, customers, ISACs, NCSC, etc.).
Synopsis: During your first year of the master specialisation Cyber Security you have learned a lot of theory. Now is the time to prove that you have mastered the theory. Can you translate technical security problems and solutions into compelling cases for C-level executives? Can you convince executives of the risks and the opportunities of cyber security? Can you convince an audience that is primarily interested in the business? During this practical hands-on week, you will work in teams on your business skills and you will receive feedback by professionals who actively work in the security business world.
Contents: Cyberspace as 5th domain and its socio-technical (physical, digital and social) aspects, critical infrastructures, examples of high impact incidents, impact and risk identification & assessment, cascading effects, cyber risk mitigation methodologies, checklists & standards, responsibilities for cyber security, legal issues, rules & regulations, ethical issues, Internet governance.
Date and time: off-site during the first week of Delft term in Q1, i.e from 9 am on Monday 30 August 2021 until 4 pm on Friday 3 September 2021.
Sample case: You are the new security officer of an organisation that has never had a cyber security officer before. Your task will be to professionalise the cyber security of the organisation.
Format: In five days a fictional case will be presented and studied from a number of angles. Students work in groups on specific problems, presenting the results to other groups and also plenary. Each day the groups and the perspective change. The first day focuses on understanding the organisation and the case. The remaining days focus on prevention, detection, response and crisis management. All aspects of cyber security will play a role, ranging from compliance to crypto and from pen testing to politics. During the evenings, extra challenges may be provided, such as lock picking and red-blue teaming.
Preparation: Students must have studied the cases before arriving at the off-site.

Additional information:
1.       The main responsible teacher and contact person is Dr. Zeki Erkin from TU Delft.
2.       Enrollment via Dr. Zeki Erkin at
3.       All communication about the course will be by e-mail and not via Canvas
4.       15 Twente participants max, 4TU.CybSec students have priority
Participating study
Master Computer Science
Required materials
Recommended materials
Instructional modes
Presence dutyYes

Assignments, Presentations

Kies de Nederlandse taal