Aug. 13, 2021
Dear Cybersecurity and Privacy community,
More on what student success might mean for the School of Cybersecurity and Privacy.
There is always a tension between keeping a college curriculum up-to-date and chasing after the latest fad. We academics try to put a brave face on it, but changing long-established courses is an often-tedious (and seldom-rewarded) process, filled with roadblocks and hurdles that scream, “STOP!” even when it has become clear that the newest thing will be around for a while, and the students who don’t know about it will be at a disadvantage in the eyes of many employers. I wrote about this phenomenon in Abelard to Apple. It’s one of the things that leads to bloated curricula filled with long chains of required courses, which leave little room for newer developments. Online course delivery helps a little. An instructor can snip out the old content and add the new with relatively little fuss. But how does an instructor know that the new stuff is likely to be important enough to make the change? If the change corrects an error, most teachers will hear about it soon enough. Sometimes the “old stuff” is there to advertise (a research area, for example) and the professor has a vested interest in keeping it around to attract graduate students. Consulting or short-term research exposes some faculty members to trends before they become truly disruptive. Often, however, we are simply late to the party. We might only find out when our alumni let us know about this *gap* in their training.
I gave this problem to my CS 4001 (Cyberethics) course a few years ago. “Give me some ideas for how current students can find out what the gaps are by talking to recent graduates. What do they know now that should influence what you are learning?” I asked. I received a lot of proposals. When you boil them all down you get something like the Personal Board of Directors (recommended by the Commission on Creating the Next), a technology-enabled network of mentors who share lessons from the workforce with students and teachers to help steer learning. Significantly, all my CS 4001 students said they would participate in such a mentor network. The idea was so compelling that when we asked the Silicon Valley design firm Ideo to host a worldwide competition for ideas that would change higher education, PDB was the winning proposal. We provided seed money to develop the idea, which has now blossomed into a portfolio of interesting projects.
I wondered as we began planning student-led and student-centered programs for SCP whether the PBD would have the same appeal in cybersecurity. Then I received this note from the same student I mentioned last week who discovered that, without internal champions, an entry-level job is hard to find:
“What is Cyber Resiliency?? When I learned I was going to be interviewed by the Cyber Resiliency Department, I quickly tried to learn what Cyber Resiliency was, because [we] never talked about it [in class and] I thought maybe it was new and just had not yet made it into the curriculum, but no, my research revealed it has been widely known since at least 2013 (https://www.mitre.org/sites/default/files/publications/13-4047.pdf ). It even has recent NIST publications dedicated to it. https://www.nist.gov/news-events/news/2019/09/cyber-resiliency-engineering-final-public-draft-nist-sp-800-160-volume-2
I am sure all of you know about Cyber Resiliency, but it was a surprise to me. I fell in love with the paradigm the cyber resiliency framework set up almost at once, because during my entire time [at Georgia Tech] I kept thinking – this is a losing battle… The attack surface is too large, the chain of trust too long, the systems too complex…. We are never going to keep the bad guys out… Cyber resiliency starts by saying, ‘That’s right, the bad guys are going to get in. Let’s win anyway and here are some methods to do so…’ [Our courses] talked about defense in depth but not about the many, many other concepts and methods within the cyber resiliency framework.”
The note ends with a not-too-subtle question: “Maybe this is something that needs to be rectified?” Let’s add this to the growing list of ideas for student-run initiatives for the upcoming SCP student town hall (stay tuned for an announcement of the date and time).
As we approach the start of the new semester:
- I want to join the OMS Cybersecurity program directors in welcoming the newest class of students. The stories about what led students to the program always inspire me. I hope you feel part of our community of learners bound together by the commitment to a more secure cyber future.
- Along those lines, I keynoted the close-out meeting of the X-Force Fellows of the National Security Innovation Network yesterday afternoon. Over a hundred projects, two hundred undergraduate fellows and a whole network of civilian and uniformed national security professionals tackled a range of practical problems that needed innovative thinking. Judging from the Q&A, there will be more opportunities next year for internships that target cybersecurity and privacy in the national security domain.
- It’s time to expand SCP. We just finished an incredible first year of recruiting new professors to meet the demand for GT-trained cyber experts. We will be meeting for a retreat next Friday, Aug. 20, in Coda to plan hiring priorities for next year. I have heard from many of you about the kinds of courses and professors that you would like to see join the school. Please continue to send me your thoughts and suggestions. They will be helpful as we begin this most important task.
- There’s a Career Chat (What Employers Really Want) today at noon. Hear from a panel of employers to learn what they are looking for in candidates.
- In the Research Next Speaker Series, Dr. Cheryl Martin will be featured on Tuesday, Aug. 17.
- And of course, Rats Night is around the corner. On Wednesday, Aug. 18, from 7-10 p.m., take over the Georgia Tech Library for a late night of fun filled with snacks, video games, trivia, arts and crafts, and free giveaways.
- Finally for old and newcomers alike (we are all a little bewildered by this bustling city), Welcome to the 404: A Beginner’s Guide to Atlanta is Thursday, August 19. You can explore the best ways to connect with your new community, from sampling the city’s diverse culinary portfolio, harmonizing with Georgian nature, and engaging in GT and Atlanta’s proud history of service and activism.
As always, let me know how you are doing. Make suggestions. Get involved in the School. It’s your home at Georgia Tech.
Charlotte B. and Roger C. Warren Chair of Computing
Chair, School of Cybersecurity and Privacy
Visit me at www.demillo.com
Follow me on Twitter @rad_atl and @richde