January 15, 2021
Dear Cybersecurity and Privacy community,
Welcome back from the extended holiday break. I hope we can meet face to face in 2021.
Besides all the political happenings in December, there was a year-end watershed moment for the new School of Cybersecurity and Privacy: the revelation that the ubiquitous SolarWinds Orion software had been breached by exploiting vulnerabilities in its software supply chain. Georgia Tech’s CISO Jimmy Lummis joined me at my open office hours session last Friday to talk about the nature of the attack and its implications for cybersecurity research and education. Jimmy also offered some insights into how organizations like Georgia Tech managed to shield itself from the attack’s worst effects. Spoiler alert: luck played a significant role. Thanks to all of you who attended and participated in the fascinating discussion.
Here’s why I believe SolarWinds is a defining moment for cybersecurity education at Georgia Tech: Tech graduates in large numbers end up in product engineering, business decision-making and policy-formulating positions in myriad vertical industries. All of those industries have vulnerabilities like the one exploited in the SolarWinds attack. Understanding attacks like SolarWinds must be an objective of every major on campus if our graduates are going to be well prepared for the challenges they will encounter in the workplace. This was the same reasoning that led Georgia Tech to be among the first research universities to require a working knowledge of computer science for every major. Now is the time to figure out how to equip all Tech graduates with basic cybersecurity skills. I cannot think of a more important challenge as we launch our design of courses and curricula. Please give us your thoughts on this topic. The Curriculum Committee, led by Professors Annie Antón (Interactive Computing) and Sy Goodman (International Affairs) are hard at work on these questions and your input is important.
The school has an opportunity to define the template for how students and academic professionals will tackle cybersecurity and privacy challenges today and in the future.
As an example, this month the Online Master of Science in Cybersecurity turns two years old. Within that period, the program has grown to enroll almost 1,000 students, with 11 graduates so far.
Many of the students in the program are working professionals and through their studies they have provided tangible security benefits to their employers. Student Michael Nichols of Murrieta, Calif., shared one such example:
“Just recently my company was being hit with network-crippling DDOS attacks. It just so happened that we were studying these types of attacks in my CS 6035 class at the same time. With the knowledge I gained, I was more clearly able to communicate what exactly was going on to upper management and recommended appropriate actions,” Nichols said.
Other students have shared testimonials and you can read about those on the school’s new homepage at https://scp.cc.gatech.edu. I hope you’ll note the diversity represented among the students, something we can be proud of and continue to grow.
Many of you said you enjoyed my conversation with OneTrust founder and CEO Kabir Barday in November. Thanks to Jennifer Whitlow and her team for hosting; an edited version has been posted here. Feel free to share this link on your own social networks.
With new beginnings come new opportunities, and we have a wealth of them in front of us. But there are also an equal number of challenges to address. I hope to meet you on the journey as we work through both together, and please remember to make your voices heard by reaching out to the school’s Executive Committee, chaired by Mustaque Ahamad.
Sincerely,
Richard DeMillo
Charlotte B. and Roger C. Warren Chair of Computing
Chair, School of Cybersecurity and Privacy
Visit me at www.demillo.com
Follow me on Twitter @rad_atl and @richde
