Is computer security getting better, or is it getting worse? With each passing day, we hear reports of new security breaches targeting major government, corporate and university networks — in spite of decades of effort to harden the hardware and software that runs the Internet. Part of the problem has been a profound disconnect between academic researchers and security practitioners, underpinned by a fundamental misunderstanding of the role the human element plays in circumventing supposedly secure systems. To help bridge this gap, this course introduces students to the major concepts of practical security engineering, with an emphasis on risk mitigation as opposed to imperfect risk prevention. With this guiding philosophy, the course covers the core principles of cryptographic protocols, software security, and network security, which will serve as useful building blocks for application-specific security engineering endeavors. Special attention will be paid to current topics in the field, including cryptographic libaries, preemptive strategies for combating software bugs, wireless networks, and web security. Balance will be struck between theoretical analysis and real-world cases, giving students an appropriate background to pursue further work in security in an academic or professional setting.