This document provides instructions and grading criteria for an assignment assessing a student's work as a cybersecurity consultant for a university. The assignment consists of three tasks: 1) assessing risks from a Bring Your Own Device policy to the university's information system, 2) justifying replacing password authentication with certificate-based authentication through a technical report, and 3) developing an anti-spam guideline for students and staff defining spam, providing examples, and giving instructions for handling and preventing spam. Detailed guidelines are provided for each task and rubrics outline how the assignment will be marked. The document specifies the required submission format and policies around extensions, original work, and receiving marks and feedback.