Feb. 5, 2021
Dear Cybersecurity and Privacy Community,
The most fascinating committee you haven’t heard about may be SCP’s Curriculum Committee. I can see the email now: “Really? Curriculum? DeMillo, you are indeed an academic geek.” Curriculum is important, but I understand that most people would find endless discussions of required courses, assessments, credits, and pre-requisites a little, well, dry. But those are not the things that fascinate me.
I have been attending most of the meetings that committee chairs Profs. Antón and Goodman hold to discuss the degrees SCP will eventually offer, and I’ve noticed that the conversation has evolved recently. Cybersecurity is inherently interdisciplinary, which means that topics covered and skills learned are drawn from diverse fields. A consequence is that the instructors who lecture on those topics and teach those skills are often, intellectually speaking, miles apart. They are trained differently. Standards of scholarship are different, and—most importantly—they are very good at articulating why their work is of central importance. It’s a chasm that is especially apparent in discussions of curriculum. Georgia Tech has two very strong groups: one in the science and engineering of information security and the other in cybersecurity policy.
Practitioners from the technical camp tend to believe their work is clear-cut and unfettered by the messy matters of policy. Those who specialize in policy argue that policy studies have their own methods and standards that can be carried out without a detailed understanding of the underlying technology.
Recently, however, context entered the vocabulary of the curriculum committee. The occasion for this was a mini-seminar that College of Computing Dean Charles Isbell conducted on the origins of the Threads curriculum in computer science, an approach to undergraduate education that led to important curriculum changes nationwide. The Threads curriculum is all about context. Most people learn computing because they want to use computation for some broader purpose (like simulating an imploding star, predicting the behavior of complex markets, analyzing ancient texts, or exploring human intelligence). If you focus on the reason that people want to compute, Dean Isbell argued, you can teach the basics in that context much more effectively and efficiently.
The implications for SCP are important. The technology of cybersecurity only makes sense in the context of how it is used and regulated by human beings. This helps us to decide which are the important problems to pursue. On the other hand, policies that guide human behavior change with the underlying technology.
If we are successful in weaving together the several cultures that make up cybersecurity and privacy it will likely be due to inflection points like this one.
By the way, this is part of a much longer sermon on how technologies that bump up against regulations are stimulated to innovate in ways that would be unlikely if they simply ignored social, economic, and political constraints. It’s one of the reasons that I keep this book on my bookshelf as a reminder that Nobel Prizes and Turing Awards are often found in that soup.

February may be the shortest month of the year, but there’s no shortage of cybersecurity and privacy activities already underway.
A new key partnership between Georgia Tech and the National Security Innovation Network (NSIN) is now offering students several opportunities, including the month-long Mad Hacks: Fury Code Hackathon, which starts today. Patrick Reynolds, Georgia Tech’s program director for NSIN, hinted that he would love to see participation from Georgia Tech surpass Carnegie Mellon and Berkeley. Our students are always up for a challenge I think. That and there’s a $70K pot total for winners and the chance to continue developing your solutions alongside top experts.
Next week is the (virtual) Atlanta Cybersecurity Summit, where Brendan Saltaformaggio will represent Georgia Tech on the panel “The Future of Cloud Security.” On the same day, Feb. 11, the Sam Nunn School of International Affairs invites Jason Matheny, director of the Center for Security and Emerging Technology at Georgetown University, for a virtual talk on “Security Implications of Emerging Technologies.”
In a few weeks, the institute will be a leading contributor to the Network and Distributed System Security Symposium, Feb. 21-25. You can explore Georgia Tech technical papers along with a visual analysis by the school of all organizations at NDSS.
Georgia Tech also welcomes this month a new interim Chief Information Security Officer, Didier Contis. He is the director of Technology Services for the College of Engineering and started as interim CISO effective Feb. 1. Didier will be a part of the Office of Information Technology’s senior leadership team and report to Daren Hubbard, chief information officer and vice president for Information Technology. Didier was a key member of the Commission on Creating the Next in Education that I co-chaired with Prof. Bonnie Ferri a few years ago. It is good to see him in this new role.
I also want to give a shout out to the outgoing CISO, my friend, colleague, and Georgia Tech alumnus Jimmy Lummis. Jimmy worked tirelessly to build the institute’s cybersecurity and privacy culture during his tenure here.
Visit our website for activities and news that I couldn’t squeeze into this space. I received my second Pfizer injection yesterday, so I will be taking a day off from our regular Friday Open Office Hours. Prof. Mustaque Ahamad will be filling in for me. Be sure to ask him about the relationship between policy and technology in cybersecurity.
Sincerely,
Rich DeMillo
Charlotte B. and Roger C. Warren Chair of Computing
Chair, School of Cybersecurity and Privacy
Visit me at www.demillo.com
Follow me on Twitter @rad_atl and @richde