'Exceptional learning program' SOP for MS in Cyber Security Program(MSIT) / CMU

Hi

I am planning to apply for MS in cyber security program. Here is my draft of SOP which I am planning to submit. Request you all to please send me the feedback / comments.

my inquisitive nature

A strong desire to extend my Knowledge fueled by my inquisitive nature has always been a motivating & driving factor throughout my life. I believe that Education adds meaning to one's life & is much more than just a means to earn livelihood or jump ahead in Career. These factors have inspired me to apply for a MSIT program in Information Security and Assurance administered by the H. John Heinz III College of Carnegie Mellon University. I believe that with my Educational background, experience in Software Industry & tenacious attitude will help me in completing the program & help me in achieving my goal of becoming Enterprise Security architect.

The high value placed on education since childhood is one of the reasons I could stay motivated to obtain my graduate degree(Bachelor of Technology in Electronics & Communication) even when my father lost his job & I had to take a break from education to help him in new Business. But as soon as I could, I restarted my education while helping him in the Business as well. I dreamt of going for pursuing M.S. degree soon after graduation but had to help my family so started my career as a Software Engineer & pushed the dream of a MS degree to background. However during my graduation I was very interested in security related aspects of Electronic & Computer systems. Since most of the core subjects were from Electronics background but a number of Computer Science related subjects gave me a good foundation for a career in Software Industry. It also motivated me to go for a Master's degree in security domain if an opportunity presented itself in future.

I started my Career in Software Industry in 2005 with Accenture as a Software Programmer & since then have worked on different platforms for different projects. I have worked on different platforms such as Chordiant, Struts, Spring & Salesforce. I have strong grasp on object oriented concepts & have spent a good amount of time programming in Java. I am working on Salesforce as an Architect for last five years & the programming language Apex is quite similar to Java with certain features & limitations due to multitenant nature of the Force platform.

While writing code I was always interested on the security aspects of programming. I learnt about OWASP (Open Web Application Security Project) vulnerabilities & made it a point to ensure that the code I write is secure against vulnerabilities such as Cross-site scripting (XSS), SQL injection, Cross-Site Request Forgery & blocking the Invalidated Redirects and Forwards etc. In the rush of project deadlines sometimes it is easier to miss on the security aspects of the code. I always tried to ensure that in the project checklists for code review there is a section focused on the security points to ensure code security. During graduation some of the subjects included basics of Cryptography. Using that basic knowledge & studying on side I worked on dummy projects using Java Security API. I learnt & worked on Single-Sign-On, Encryption & Tokenization, Two-factor authentication & used tools like Cipher Cloud, Perspecsys etc.

Cyber threats are becoming more lethal & sophisticated and endangering every aspect of life from privacy of home to financial institutions, healthcare industry, Power & other utilities etc. With the boom in Internet of Things the number of devices connected to internet are projected to reach 50 Billion by 2020 there by leading to more attack vectors.

I know that transitioning from my current role of Enterprise System Architect to Enterprise Security Architect will be a challenging journey for me. In order to achieve my goal I need to equip myself with technical skills on various aspects of Cyber security such as information security, data privacy, risk analysis and strategies to detect & protect against cyber threats.

MSIT-ISA is an exceptional learning program covering various aspects of cyber security and will help me in achieving my goal of becoming an Enterprise Security architect. With close partnership of world-famous CERT Coordination Center & designation as National Center of Academic Excellence in Cyber Defense Education by the National Security Agency, I know this program that I will give me cutting edge Cyber Security skillsets & empower me for a successful professional career ahead. I believe my educational background, experience in Software Design & Development & passion to achieve my goal will empower me to complete this degree program.

I am looking forward to get an opportunity to pursue MSIT-ISA course at your esteemed institution.

Rahul, the first 2 paragraphs of this essay are irrelevant to a masters degree statement of purpose. Those information are normally presented in a personal statement because that discusses the development of your interest in the field. The development of an interest is not the same as a development of a purpose in the field. The discussion that can make this purpose essay much stronger and more impressive would be if you can present a field in cyber security that you find challenging, hence your desire to study more about the field. So start off with paragraph 3 instead.

Your experience is admirable but your purpose is unclear. What field of cyber security do you want to master and why? Since you will be changing careers, you have to present a major reason why you believe that you have to transition to another field. BTW, Paragraph 5 does not tell me anything about your purpose for this study. This is general information that the reviewer is already familiar with, so without it properly connecting to something about your purpose for higher study, such as an interest in securing "The internet of things" in order to give people a sense of cyber privacy, that statement is useless. Also, kindly proof read the essay for grammatical errors. Remove the capital letters where it is not necessary.

Hi Holt

Thanks a lot for reviewing my essay & giving invaluable feedback. I am thinking of adding the following paragraphs in place of paragraph 5 & 6. Please let me know if it will address the points about purpose & field of cyber security you mentioned in second paragraph.

---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Cyber threats are becoming more lethal & sophisticated and endangering every aspect of life from privacy of home to financial institutions, healthcare industry, Power & other utilities etc. With the boom in Internet of Things the number of devices connected to internet are projected to reach 50 Billion by 2020 there by leading to more attack vectors.

Due to leaps of advancement in technology threats are becoming stealthier & sophisticated it is challenging to keep all the data stored & transmitting it securely. The complexity of the task increases exponentially in context of IoT due to different devices with different platforms & different protocols. Lack of security awareness in vendors providing smart home devices could be due to factors such as no culture of long term support, lack of incentive to provide security upgrades throughout product lifecycle. Limit on processing power, memory & security standards further compound this complexity. This pervasiveness & dynamic connectivity of different devices in a home network leads to several consequences as increased number of attack vectors & interoperability issues which can lead to leverage attacks.

In order to design secure IoT systems & devices a deep knowledge of security technologies & techniques such as Cryptography, Secure Communication protocols, Vulnerability Analysis & Detection, Security in Wireless networks & other cyber security skills is required.

I know that transitioning from my current role of Enterprise System Architect to Enterprise Security Architect enabling me to design such secure systems will be a challenging journey for me. In order to achieve my goal I need to equip myself with technical skills on various aspects of Cyber security. Apart from the technologies mentioned above, expertise in other cyber security areas such as information security, data privacy, risk analysis and strategies to detect & protect against cyber threats will give me the good foundation for my successful professional career ahead.

@Holt

Since I am quite close to the deadline request you to please let me know if the new paragraphs I posted above address some of the concerns you mentioned. Thanks a lot for your valuable feedback.

Rahul, I need you to clarify an expression in paragraph 4 (paragraph 2 of your reviewed draft based on Holt's advice) of your first post;"During graduation some the subjects...". You need to reconstruct that sentence because "basics of Cryptography" is a subject and not subjects. That part does not really reflect what you had in mind, so adjust it accordingly.

In your revised draft, you only have two paragraphs (2nd and 4th). The other two are not paragraphs as they fail to meet the minimum of 3 sentences typical of a paragraph in English Grammar. Always remember this rule when drafting an essay in paragraphs. If you want to use "IoT" as an acronym for Internet of Things, you must represent it in parenthesis immediately after the full expression as in 'Internet of Things (IoT)'. Also, avoid using '&' in place of 'and' because that would make your essay to taper towards an informal write-up. The points in paragraph 2 of your revised draft can further be strengthened if you could strongly link them to your experience as an Enterprise System Architect (ESA) and then suggest how acquiring knowledge and skills you mentioned in your supposedly paragraph 3 would help in your professional career. That way, the purpose of your study would be clear enough. That is why it is called 'a Statement of Purpose'. The link could come as a problem you encountered as an ESA which insecurity was the major reason. Just find a way to connect your plan of study to your experience. You will make it even stronger by stating the rationale behind your moving into a new field. All these will reflect purpose in the long run.