Category: Chair’s Message

Dear Members of the SCP Community and Friends,

On Wednesday, June 1, after a distinguished career in academia and industry, Professor Michael Bailey becomes the founding chair of the School of Cybersecurity and Privacy (SCP). It is hard to think of a better choice. Besides his deep knowledge of the field, he is steeped in the aspirations and culture of excellence. That’s an important quality at a place like Georgia Tech, which does not take lightly the job of creating a new academic unit, especially in the glare of the national spotlight that accompanies being a first mover. SCP was born wearing the mantle of the top-ranked cybersecurity program in the annual USN&WR Best Colleges survey and virtually overnight became the program to beat for our peers. A new department also faces challenges from internal stakeholders—some who thought it unwise to form it at all, others who wanted to be in charge, and still others who, unconvinced by plans, wear their skepticism in plain sight. Bailey (as he is known to friends, students, and colleagues) let it be known during the selection and interviews that led to his appointment that he knows how to navigate such terrain. His memorable recounting of the many jobs of a school chair should be required viewing by everyone who wants such a position. Even more importantly, he promises to lead a school that revolves around the problems of cybersecurity, not the minutiae of academic disciplines. Thanks to Dean Charles Isbell and the dedicated members of the chair search committee chaired by Prof. Mark Reidl for bringing us to this threshold.

My current role as Interim Chair also changes on June 1 as I transition back to the faculty after two decades in academic administration. People in my position sometimes use transition letters like this one as a valedictory as leadership is handed off to a successor. I had that in mind (actually, what I had in mind was avoiding such a letter)  when I first wrote to you in Fall 2020, at the height of a global pandemic, to tell you about the modest near-term goals of creating an executive committee to formulate a charter, operating units, and board of industrial advisors. Charles thought a new chair would be in place relatively quickly—maybe within six months. I thought it would take perhaps a year. What followed over the next twenty months was a conversation in thirty-eight installments about how things were going as the SCP building blocks were laid in place. The lines were not always straight, but as campus reopened, sharp elbows were thrown over matters that now seem inconsequential but must nevertheless be settled in a functioning department. The things I thought would be hard turned out not to be. It was not hard to convince professors to join the school. That often meant giving up comfortable roles and titles elsewhere at Georgia Tech. Exciting new PhDs looking for their first academic jobs also showed up in unexpectedly large numbers.

I was prepared to spend the Memorial Day weekend taking self-satisfied stock that the department Bailey will soon lead has been tied in a neat bundle waiting for his arrival. That mood evaporated last week as I made two lists to discuss with him during our weekly transition meeting. One list, called “Immediate Governance Actions,” was the twenty or so tasks he would inherit immediately that must be done to finish the academic year—jobs like scheduling elections, appointing new committee members, and a raft of HR-related activities. “Immediate Operations” was the other list.  It was even longer and included addressing the big deal decisions that no one wants interim chairs to make, engaging with student leadership, replacing key staff, and resolving high-stakes organizational impasses.  That comes from good planning. The irony is you also find out how much further you have fallen behind in achieving your original goals every time you check.

Through a fog of virtual meetings, closings, openings, and a nagging sense that SCP was not getting the attention we deserved as the new kids on the block, we begin our third year as a school. We interviewed for nearly twenty senior staff positions and twice that many faculty candidates. We have two associate chairs (Vlad Kolesnikov and Sasha Boldyreva) who have impressively embraced vague job descriptions to bring some order to our academic affairs.

None of that would have been possible without the personal sacrifices and dedication of the School’s Administrative Officer, Trinh Doan, and Sue Jean Chae, who jumped in to assist the chair after an unexpected departure. Director of industry collaborations Gloria Griessman became a lynchpin, selflessly taking on tasks and responsibilities large and small. The Dean, Associate Deans, and the college support staff put up with our growth spurts despite being stretched too thin. Student leaders persevered. My fellow chairs and colleagues from all over Georgia Tech gave private words of encouragement and advice when they thought I needed it. Those words were often the fuel that got us through rough patches.

Finally, I want to thank the nearly thirty SCP faculty members who have poured their hearts into building this school, often throwing caution to the wind and trusting their colleagues to do the right thing. We are a community of peers, but it would be wrong not to mention the contributions of the incomparable Mustaque Ahamad, Wenke Lee, and Sy Goodman. They spent decades building the vision that led to the formation of the school.  I add Vijay Madisetti and Peter Swire, who took on key responsibilities this year.

I usually reserve the closing paragraphs of my letters for announcements. This final letter is no exception:

The Georgia Cybersecurity Education Roadmap Taskforce, a statewide educational initiative of Georgia Tech, SCP, Augusta Cyber Center, and the University System of Georgia, completed its work this month and its report outlining a bold vision for statewide participation in advancing cybersecurity education across Georgia’s many industries and institutions of higher education will be released this month. I chaired the Taskforce, and Gloria Griessman oversaw workshops, meetings, and report preparation. SCP Postdoc Karl Grindle, SCP IAB Chair Dr. Phyllis Schneck, and several SCP faculty and board members also contributed their time and energy to the project. Stay tuned for the announcement of the report’s recommendations. 

I have no announcement of significant changes for myself beyond the obvious time I will regain not attending administrative meetings. I still have projects to complete and loose ends to tie up. The clock tells me I am much closer to the end of my career than I like to admit.  On the other hand, I tell myself I would be a lousy retiree. Everyone close to me nods in agreement, which sometimes worries me.  But health permitting, I will take that as advice to stick around for a while to see how this new experiment turns out.  I arrived on this campus as a student in 1968 and have seen Georgia Tech’s history being written as it happened. Forming this school and leading it for nearly two years has been the most exciting chapter. 

Thank you for that privilege.

Richard DeMillo  

Charlotte B. and Roger C. Warren Professor of Computing and Chair, School of Cybersecurity and Privacy.

Nov. 19, 2021 

Dear Cybersecurity and Privacy community, 

Some words of encouragement to SCP students as we are nearing the end of the semester:

Hang in there. Rest is coming soon.

For some of you the end of the Fall 2021 semester means graduation, time to think about life after Georgia Tech. 

As some of you know, we hosted the Amazon Information Security Team this week. They gave us some great feedback after reviewing some of your resumes. The main point they wanted me to share with you was that the skills you are learning in the classroom are highly sought after at Amazon and in the field of cybersecurity and privacy in general. The problem, however, was some of those skills were not prominently displayed in the resumes they reviewed, or they were not there at all. So, I will tell you what Amazon whispered in my ear this week and about a couple of good ideas when it comes to submitting job applications. 

Keep your resumes short, no more than a page. I know as academics we tend to get wordy. We are used to writing pages on pages of dense research, math, and references. Condensing your experiences can be extremely challenging, but recruiters looking at resumes want the highlights. Save the details for your interview or go the route of submitting a CV (which should still be two pages for industry positions). 

Skim job posting for keywords and work them into your experiences. Gone are the days where a person is the first set of eyes on your application. Most companies, Amazon included, use software that automatically scan applications and push the ones with experiences in-line with the job posting to the hiring manager. While this may speed things up for HR, it means qualified applicants can slip through the cracks. 

You are entering the hottest job market in the world, and as we were reminded at last week’s meeting of the SCP Industrial Advisory Board, Georgia Tech graduates are in high demand.  But that doesn’t mean much if you don’t land the interview.  So, write your resume to be noticed by someone who has a stack of impressive resumes to review.  

Georgia Tech has an extensive network of alumni so before I let you go this week; I have an assignment. Think about where you want to go career-wise, industry or academia, and look for alumni in an organization you hope to one day be employed with. Reach out to them, pick their brain, make that connection. Even if you do not end up at that company or university, you still have a contact in your field you can reach out to for advice or just to talk. 

I hope you all have a restful Thanksgiving break. 

Keep up the excellent work and I will talk to you all when we come back.  

Best wishes,  

Richard DeMillo  

Charlotte B. and Roger C. Warren Professor of Computing and Chair, School of Cybersecurity and Privacy.

Nov. 5, 2021 

Dear Cybersecurity and Privacy community, 

There has been a great deal of internal discussion recently about community and shared goals as well as how to bring together individuals with differing interests in a space where they can achieve at the highest levels possible. I wanted to continue this dialog and expand it to all our audiences. It is vital that we stay honest with ourselves and each other when it comes to these conversations. 

Can we have a community without shared goals? The short answer, no. Our shared goals drive us all forward to the future. Personal goals are important and natural, but without shared goals, we are just a group of individuals competing over the same fixed resources. Without shared goals we are no longer in a contest for who has the best ideas to achieve something of value to us all. Sadly, as we see daily in other aspects of life, that kind of competition is not creative. It is usually destructive and leads to chaos.  

Competition is no stranger to science. Our field is full of smart people who are working to advance knowledge while trying to stay ahead of the competition. These rivalries are important. There are many important discoveries that would not have made had it not been for competition to be first or best. However, as I have mentioned in past letters, sometimes we get in our own way. 

This is where shared goals come into play. They are the structure–the guide posts–that keep us from tripping over ourselves as we rush to get our everyday tasks done. They also build communities. Shared goals bring people together and give them something in common, whether it be a set of values, a project outcome, or simply the next milestone along a path. 

So, what are our common goals? I posed this question to faculty, staff, and student gatherings this week. It should come as no surprise that, as Georgia Tech’s newest academic unit, we are still trying to come up with answers. Take the MS (Master of Science) in Cybersecurity for example. Three different schools participate and operate different tracks, but graduates all receive the same diploma. To satisfy degree requirements, students must attain specific learning objectives that are shared across the entire degree.  It doesn’t matter which school a student is admitted to. All graduates must demonstrate the same level of attainment. Courses may differ. Depth requirements may vary. But at the end of the day, we share the same educational goals. 

As interim chair, I have tried to emphasize what I believe our shared goals should be. It is entirely possible my successor will have an entirely different idea of what these should be, but whoever the next chair might be, we will still have shared goals that we are all responsible for. Shared goals inevitably come into conflict with personal goals, but that conflict must be creative, because when you fail to achieve a shared goal it reflects badly on you—even if you did not contribute to the failure.  

Other items of note this week: 

• The Association for Computing Machinery (ACM) released the list of research papers that have been accepted to November’s Conference on Computer and Communications Security (CCS). Among the papers accepted from submissions around the world, eight were co-written by SCP faculty and their students.  

1. “An Inside Look into the Practice of Malware Analysis” Authors: from SCP, Miuyin Yong Wong, Matthew Landen, Manos Antonakakis, Douglas M. Blough, Mustaque Ahamad and Elissa Redmiles from Max Planck Institute for Software Systems 
2. “Automated Bug Hunting With Data-Driven Symbolic Root Cause Analysis” Authors: Carter Yagemann, Simon P. Chung, Brendan Saltaformaggio and Wenke Lee 
3. “C3PO: Large-Scale Study Of Covert Monitoring of C&C Servers via Over-Permissioned Protocol Infiltration” Authors: Jonathan Fuller, Ranjita Pai Kasturi, Amit Sikder, Haichuan Xu, Berat Arik, Vivek Verma, Ehsan Asdar and Brendan Saltaformaggio 
4. “Don’t Forget the Stuffing! Revisiting the Security Impact of Typo-Tolerant Password” Authors: Sena Sahin and Frank Li 
5. “HardsHeap: A Universal and Extensible Framework for Evaluating Secure Allocators” Authors: From SCP, Taesoo Kim and from the Korea Advanced Institute of Science and Technology, Yun, Woosun Song, Seunggi Min,  
6. “Hardware Support to Improve Fuzzing Performance and Precision” Authors: Ren Ding, Yonghae Kim, Fan Sang, Wen Xu, Gururaj Saileshwar and Taesoo Kim 
7. “One Hot Garbling” Authors: David Heath and Vladimir Kolesnikov 
8. “Validating the Integrity of Audit Logs Against Execution Repartitioning Attacks” Authors: From SCP, Carter Yagemann, Simon Chung, Wenke Lee and from the University of Illinois Urbana-Champaign, Mohammad Noureddine, Wajih Ul Hassan, and Adam Bat 

• Another research accolade that was not mentioned above, yet impressive none-the-less, is the work done by Yechan Bae, Youngsuk Kim, Ammar Askar, Jungwon Lim, and Taesoo Kim in finding memory-safety bugs in Rust programming. Their paper “Rudra: Finding Memory Safety Bugs in Rust at the Ecosystem Scale,” has received the Distinguished Artifact Award from the ACM Symposium on Operating Systems Principles which ran from Oct. 26-29. Rudra, the program developed by Taesoo and his students, was able to analyze and report potential memory safety bugs in Rust programming. Our researchers were able to identify 264 previously unknown memory safety bugs in just over six hours. The number of memory safety bugs identified by SCP researchers represents half of what has been detected by traditional means since 2016. Their work was selected as standout research amongst their conference peers.  

• These students and faculty are being recognized for their years of research and hard work represents the future of our school. One that is on the cutting edge of cybersecurity and privacy research in ways that will improve the lives of people around the globe. 

I want to continue this discussion of shared goals as well as communicating the accomplishments of our shared goals. I am keeping my weekly office hours open for those of you who want to drop in and talk. I am holding them every Wednesday from 12:30 – 1:30 p.m. (EST) and they are open to any student who wants to drop in virtually or in person. You can find the link on Slack or the SCP website. I am available to answer questions, help you navigate Georgia Tech’s mysterious bureaucracy or simply shoot the breeze on matters related to cybersecurity. 

We are also working to improve how our messaging is sent out. Our Communications Officer is setting up a mailing list service to make sure our messages (and my letters) are getting sent out in a more efficient manner. If you would like you unsubscribe, you are certainly free to do so. We are trying to move away from the emailing systems in place at Georgia Tech, due to the fact they are incredibly unreliable and tedious.  

I hope this Friday finds you well, and I hope you reach out and let me know any thoughts or opinions you might have. Do you agree with what our shared goals are at SCP? Do you disagree? Shoot me an email or drop by my open office hours and let me know. An honest and open discussion is the best way to make sure we are on the right track. 

Best wishes, 

Richard DeMillo 

Charlotte B. and Roger C. Warren Professor of Computing and 

Chair, School of Cybersecurity and Privacy. 

Oct. 29, 2021

Dear Cybersecurity and Privacy community,

We are in the final few weeks of the Fall 2021 semester and as we make our way towards finishing up our first 12 months of course offerings, things are as busy as ever. This week I wanted to give you a look at what we are doing to wrap-up the semester while laying the foundation for what comes next.

On Nov. 11, I will be meeting with the school’s Industrial Advisory Board (also known as the IAB,) to give them an update and ask for advice as we define the goals for the coming year. “But Dr. DeMillo, what is an Industrial Advisory Board- and why do we need to know about it?”

Well, most schools at Tech and all six of the colleges invite notable alumni, subject matter experts, and leaders from industry and government from around the world to help shape academic and research programs. They then offer critical advice on everything from how well we are training our students to what more we can do to distinguish a Georgia Tech education from the rest of the pack. Things always look different from the outside, and a friendly but candid group of advisors is an essential ingredient for any organization that wants to avoid groupthink and be truly innovative. There will be a lot on the table on November 11 following a year of rapid growth. We are still feeling our way as an organization, and I actively seek out more experienced voices to help inform the choices ahead of us- because we do have choices to make. For instance: 

• How should we structure company-based internships, co-ops, and projects for all SCP students? 

• How should we expand the reach of cybersecurity? Every new headline prompts a wave of calls and emails to SCP about embedding cybersecurity education and training into new vertical applications. 

• What kinds of facilities (advanced security labs, ranges, and testbeds) should we be investing in? 

• Do our programs and curricula help close the global knowledge and skills gap in cybersecurity?

The IAB will form subcommittees to work on these and related questions. I will report back to you as the subcommittees start working on helping us define our future. Maybe some of you will end up helping the IAB think through some of the difficult problems involved in educating the next generation of cybersecurity professionals. 

On other fronts:

We are still planning for a student townhall meeting. You have more than likely seen several emails, tweets and space in these messages dedicated to this upcoming townhall event. If you haven’t taken this as an invitation to join in the discussion, it’s not too late to help shape the format and agenda for the townhall. Both of which are still very open ended.

The townhall will be whatever students and faculty want to make of it. I have given plenty of my suggestions (see my Sept. 17 letter,) but in the end the success of the townhall lies in the hands of students. Even so, we have already seen a great deal of progress towards finalizing the plans for the townhall. 

Karl Grindal has been putting a lot of time to solidify details and be proactive solidifying student suggestions. Karl has helped develop a Slack channel to help solidify a reliable communication network for students and school leadership. Anyone interested in joining the Slack may do so here. 

Over the next few days, I am hopeful we will settle on the following:

• A date for the townhall
• A name (townhall is more of an event description than a proper name in my opinion)
• Panels, speakers, forums, and topics you would like to see at the townhall

We will gather in the atrium at 2 p.m. on Friday following the weekly lecture series. 

In the coming weeks you will begin getting updates regarding a special guest coming to SCP. In mid-November our school will host the Amazon Information Security team for three days. The team will arrive on Wednesday, Nov. 17 for a “Day in the Life of Amazon” event and wrap things up on Friday with our weekly lecture series. Here is a tentative schedule of the week’s activities. 

• November 17th – Day in the Life of Amazon
• November 18th – Mixer with students and faculty
• November 19th – Lecture Series, featuring one of Amazon’s Leading Security Engineers

As always, I invite you to share your thoughts and ideas with school leadership. Now that our Slack workspace is active, the discussion will be even easier to follow. 

Remember that I have reserved Coda 0962a for drop-in office hours every Wednesday afternoon (EST) from 12:30 to 1:30. There is a virtual office open at the same time. You can find the link on Slack or the SCP website. I am available to answer questions, help you navigate Georgia Tech’s mysterious bureaucracy or simply shoot the breeze on matters related to cybersecurity. 

Best wishes,

Richard DeMillo

Charlotte B. and Roger C. Warren Professor of Computing and

Chair, School of Cybersecurity and Privacy.

Oct. 22, 2021

Dear Cybersecurity and Privacy community,

It’s been over a year since I started writing these letters to generate discussions that I hoped would build the SCP community and keep you up to date on developments in our growing school. Every week, I try to be upbeat. That’s typically easy because we have made steady progress these past months. Every day, I get more confirmation that the answer to the question I asked my first day on the job (“What makes SCP distinctive?”) is the combination of rigor, real-world impact and open, collaborative spirit that is the particular strength of a Georgia Tech education and about which I have written so often.

Some weeks are harder than others. A few weeks ago, responding to feedback from a recent graduate, I wrote about what is missing in our curriculum and what we planned to do about it. This week, my inbox was filled with proof that we are still only midway through the sometimes arduous process of building a school. Anecdotes are not data, but when I hear the same story over and over again, I want to see what’s going on. More about what I found out in a few minutes. First, I want to tell you about the 20/20/60 rule and why it is important to get out of our own way.

As CTO for Hewlett-Packard, I learned a simple lesson from my predecessor Joel Birnbaum (father of the first commercially successful RISC architecture). Like Joel, I handled all R&D around the world, and I was often dazzled by the brilliance of the HP engineers who came up with ideas like ink jet printing (which was successful beyond anyone’s expectations,) and phase change memory (which was not.) Every single patent was aimed at a well-understood market, the key ingredient for efficient product development. This meant technical risk and market risk were effectively constrained, and for sixty years HP led the industry in creating new product categories. Yet, most new ideas never made it. Joel asked why and discovered that technical and market risk accounted for only 40% of total risk. Most risk (about 60%) was bundled in what he called organizational risk –the likelihood that existing organizations and decision-making would be unable to function. In short, we would not be able to get out of our own way. This led to the 20/20/60 rule which forced us to concentrate on that 60% by clearing bureaucratic clutter out of the way. 

We know that the 20/20/60 rule also applies to SCP. Nevertheless, I get emails like one this week from a graduating cybersecurity master’s student who wants to join her cybersecurity classmates at commencement but cannot because SCP does not yet have the right code. Instead, she will walk with Interdisciplinary students with whom she rightly points out she has little in common. It is hard to create a community when the three-letter code that is the price of admission, does not exist.  I have another bundle of emails from recent graduates who –like the student who was surprised to have not learned about resilience in class—suggest many topics they would like to hear about in their formal coursework.  Why aren’t we developing those courses? You guessed it: SCP does not yet have the necessary three letter code. It’s a small consolation to the affected students that we will at some future date figure out how to pry the elusive codes from the offices where are currently stuck. First, we must figure out how to get out of our own way. Feedback from students and recent graduates is crucial, so please let us know how we are falling short of expectations. 

Since we are talking about community building, let me remind you of our plans for a student town hall. While I am proud to see students stepping forward on their own initiative to help plan events like the student town hall, I hope the momentum isn’t lost. We are still looking for student led activities, so if you have something you want to see take root in the school, let me know. 

I also wanted to update you all on the status of SCP Chair search. As you may or may not be aware, I agreed to oversee the launch of this new school last year as interim chair. Throughout the course of this year the College of Computing has been conducting interviews for someone to fill the role after I step down. It is my understanding that the candidate pool has been narrowed down and a new chair should be in place sometime next year. We will of course bring the new chair in to meet as many of you as we can manage, and I look forward to watching the continued growth of the school after I take a step back.

Other events and activities:

•  I will be holding open office hours again starting next Wednesday. You are welcome to drop in virtuallyor in-person. During this time, you have my undivided attention, and we can discuss future events, curriculum suggestions, what’s happening in the world of cybersecurity and privacy and more. I hope you will join me on Wednesday, Oct. 27, from 12:30 to 1:30 p.m. in the Chair Suite (Coda room 962A.) or at our usual BlueJeans location (see the SCP website for meeting ID) 
• Second, on Monday Oct. 25 from 11 a.m. to 12 p.m. SCP will host a webinar entitled “Ransomware and Beyond: Demystifying Ransomware and Defending Against Future Attacks,” Milton Mueller, Nadiya Kostyuk and Joseph Jaeger, along with Trevor Lewis from Professional Education, will serve as panelists. The panel will also take questions from the audience. Registration is currently open, and I welcome you to take part in the discussion.
• This week we are doing something a bit different for our weekly lecture series. We will be previewing some of the work that has been accepted to the ACM Computer and Communications Security Conference (CCS). Ph.D. students Jonathan Fuller, Carter Yagemann and Sena Sahin will each be giving lectures on their work. Carter will be discussing and demonstrating a technique he has developed to discover and explain novel vulnerabilities in real-world software. Sena will present her findings on how to strengthen typo-tolerant password authentication. Jonathan will give an explanation on the program he and other researchers developed that can covertly monitor and disrupt botnets. This will be a great exercise for our students as well as a great insight into the work being done at SCP. I look forward to seeing you there.

As always, please let us know what’s on your mind and stay active in SCP,

Richard DeMillo

Chair, School of Cybersecurity and Privacy

Charlotte B. And Roger C. Warren Chair of Computing

Visit me at https://www.cc.gatech.edu/people/richard-demillo

Follow me @rad_atl and @richde

Oct. 15, 2021

Dear Cybersecurity and Privacy community,

Next Friday will mark the one-year anniversary of my chair letter. I am looking forward to using next week’s letter to reflect on how we have grown as a school and a community. 

This week I want to talk about some upcoming SCP events as well as announce a new pathway we are planning to add to our M.S. programs. 

Today we are hosting Chris Rouland, CEO of Phosphorus Cybersecurity Inc., who will be giving a lecture titled “A Random Walk Through 1,000,000 Things.” I will let you guess what it’s about. Chris is a serial entrepreneur (Phosphorus is his third company,) and former CTO of Internet Security Systems, the company that Chris Klaus and Tom Noonan founded twenty-five years ago. He is also an old friend of the College of Computing (and a proud alum). We will be providing lunch for everyone who visits us in person and will be streaming the talk online for those who want to attend virtually. You can register for both online and in-person here.

Next, after receiving some student input I will be bringing back my open office hours starting next week. You are welcome to drop in virtually or in-person. I want to make you all aware that I am dedicated to creating a space to listen to your comments, suggestions and sometimes just chat about cybersecurity and the school. I hope you join me on Wednesday, Oct. 20, from 11:30 a.m. to 12:30 p.m. in the Chair Suite (Coda room 962A.) 

We are constantly tweaking the methods in which we communicate with all our stakeholders. Over the next few weeks we will start sending out a weekly rundown email listing all events happening in the school. Events held in a hybrid or virtual format will have the corresponding links for registration.

In the preparation meetings for our upcoming student town hall, several of you have asked for a Slack channel as an alternative to our usual email communications, (actually I was reminded that email is, well, 20^th Century and not conducive to the kind of community building we are trying for in SCP.) Karl Grindal and Daniel Genkin are in the process of setting up SCP Slack channels. As they grow, we will be able to let you know about events and get feedback in real time. Join the conversation on SCP Slack by using your Georgia Tech email here. 

Later this month SCP will be hosting and participating in a virtual seminar focused on the discussion of ransomware. Ransomware and Beyond: Demystifying Ransomware and Defending Against Future Attacks, will be held on Monday, Oct. 25 from 11 a.m. to 12 p.m. SCP faculty Milton Mueller and Joseph Jaeger, along with Trevor Lewis from Professional Education, will serve as panelists for the seminar. Registration is currently open, and I welcome you to participate in the discussion. 

A final note to kick off what I hope is an extended and energetic discussion. We are planning to launch a new track in the M.S. programs (both in-person and online) that focuses on cybersecurity operations and strategy. We are moving quickly because demand has been building for a more rigorous approach to preparing students for CISO and other executive security roles. We expect the curriculum to be project-based and team taught by current faculty members, current and former CISOs and others with operational expertise. As far as I can tell we are the first research university to take this step, and I expect the operations and security track to grow quickly. 

Stay tuned for further discussion on the new Slack channels. By the way, we are also planning to adapt some of the existing undergraduate threads to include security operations and respond to the growing interest by employers in sponsoring undergraduate interns within their cyber organizations.

That’s all for this week. I hope you all had a chance to catch your breath during the short fall break. We are now heading into the busiest part of the semester, so check in on our new Slack channel, the SCP Twitter account (@GATechCyber) and the announcement section of our website for late breaking news. As always, feel free to drop me a note (clunky email or Slack message) and stay in touch. 

Sincerely, 

Richard DeMillo, Chair School of Cybersecurity and Privacy

Sept. 24, 2021

Dear Cybersecurity and Privacy community,

As I mentioned last week, our school had eight papers accepted to the upcoming Association for Computing Machinery Conference on Computer and Communications Security, a tier one academic conference. Since we are celebrating SCP students this fall, I will take time this week to highlight some of the student involvement in these research papers.

We have over a dozen Ph.D. students who co-authored research that will be presented at the conference, as well as several who will make presentations themselves. Two of these students are wrapping up their studies with us and I can’t think of a better way for them to complete their time at Georgia Tech then presenting at one of the biggest cybersecurity conferences of the year. 

Jonathan Fuller is a Ph.D. student in the Cyber Forensics Innovation Laboratory. Jonathan and his advisor Dr. Brendan Saltaformaggio have spent the past year and a half developing C3P0, a software framework that allows researchers to covertly monitor command and control servers and eventually disrupt bot networks. Jonathan earned his master’s degree in Computer Science at the Air Force Institute of Technology and once he graduates, he will begin his career as a cybersecurity researcher at the Army Cyber Institute at West Point. 

The second Ph.D. student I want to recognize today is Carter Yagemann works with Dr. Saltaformaggio and Dr. Wenke Lee. Carter will be presenting two sets of results: one on novel techniques for bug hunting in user software and another on a new type of cyberattack that targets data lineage. After finishing his Ph.D., Carter will pursue an academic career where he can continue exploring his research interests of computer, vulnerability discovery and prevention, machine learning, mobile operating systems security, and systems security with focuses on binary analysis.

Each student presenter will have 20 minutes to present their findings to the conference audience and then five minutes to answer questions. Please join me in congratulating these 16 School of Cybersecurity and Privacy Ph.D. students:

• Amit Sikder
• Berat Arik
• Carter Yagemann 
• David Heath
• Ehsan Asdar
• Fan Sang
• Gururaj Saileshwar
• Haichuan Xu
• Jonathan Fuller
• Ranjita Pai Kasturi
• Ren Ding
• Sean Sahin
• Simon P. Chung
• Vivek Verma 
• Wen Xu
• Yonghae Kim

Remember to watch for announcements of the SCP Student Townhall later this semester. If you’re interested in getting more involved send me a quick note or contact Karl Grindal kgrindal@gatech.edu.

I hope you have a great weekend.

Sincerely,

Richard DeMillo

Chair, School of Cybersecurity and Privacy

Charlotte B. And Roger C. Warren Chair of Computing

Visit me at https://www.cc.gatech.edu/people/richard-demillo

Follow me @rad_atl and @richde

Sept. 17, 2021

Dear Cybersecurity and Privacy community,

Many thanks to all the faculty and students who came to last week’s steering committee for the Student Town Hall we are planning for later in the semester. As I have mentioned a few times already, I want to focus on student involvement this year. Interest in this idea is high among graduate and undergraduate students and exceptionally high among online master’s students.  A dozen students were interested enough to volunteer to help plan for the Town Hall meeting where this will be discussed. Interestingly, student interest in cybersecurity is also high among students enrolled in a wide variety of degree programs.

We will use the Town Hall to help get the word out about SCP and where cybersecurity and privacy are heading at Georgia Tech. I thought it would be an excellent way to survey student organizations, events, and initiatives SCP should embrace and sponsor. Still, the steering committee discussion convinced me that we could use the town hall format to generate new ideas and host an open conversation about student priorities, desires, and concerns. 

Here are just some of the areas of interest that are under discussion:

• Surveying what existing technical/professional and student government organizations have to offer
• Developing proposals for new organizations
• Publishing student-focused newsletters and cyber-focused jobs boards
• Discussing whether we need new governance models for cybersecurity and privacy
• Meeting the demand for career advising and mentoring (especially peer mentoring)
• Launching student-managed labs and facilities
• Events ranging from talks and mixers to demo days that appeal directly to SCP students
• Exploring possibilities for new learning approaches for cybersecurity and privacy

It’s not too late to get involved in planning the Town Hall. The steering committee will meet again in two weeks. If you are interested in working on any of these activities or if you have ideas or experience to share about similar meetings, please let me (rad@gatech.edu) or Karl Grindal (kgrindal@gatech.edu) know. One of us will get back to you soon.

In other news, the 2022 U.S. News and World Report Best College rankings has once again recognized our school as one of the best in the nation. The Georgia Tech School of Cyber Security and Privacy tied with the Massachusetts Institute of Technology (MIT) for the No. 2 spot in the Cybersecurity category. We were edged out this year by Carnegie Mellon University for the No. 1 ranking this year.

Our faculty and staff have been able to navigate the past year with tremendous perseverance. During normal circumstances, getting a brand-new school off the ground would be challenging, yet we have done it during a time of massive global disruptions. 

I am not a big fan of national rankings.  It’s nice to be recognized, but the real value of SCP will be realized by the opportunity it gives to students entering this exciting field. We have a long road ahead of us as we continue to work on and meet the aspirations we have set for ourselves. We are working hard behind the scenes to engage students in every area we can think of. I am looking forward to our Town Hall, and I am eager to hear from you.

Finally, the Association for Computing Machinery (ACM) released the list of research papers that have been accepted to November’s Conference on Computer and Communications Security. Among the papers accepted from submissions around the world, eight were co-written by SCP faculty and will be presented at the virtual conference. Congratulations to Brendan Saltaformaggio, Frank Li, Mustaque Ahamad, Taesoo Kim, and Wenke Lee on this accomplishment. 

Sincerely,

Richard DeMillo

Chair, School of Cybersecurity and Privacy

Charlotte B. And Roger C. Warren Chair of Computing

Visit me at https://www.cc.gatech.edu/people/richard-demillo

Follow me @rad_atl and @richde

Sept. 10, 2021

Dear Cybersecurity and Privacy community,

The last two weeks have been a whirlwind as we press forward into a new semester and double down on our promise to bolster student engagement across the board. 

We kicked off our weekly lecturer series last week with a talk on Side Channel Attacks led by our very own Dr. Daniel Genkin, associate professor at SCP. He led a very engaging conversation that continued amongst students as they left the auditorium. I cannot think of a better way to kick off a series.

Earlier this week Daniel, along with his first year Ph.D. student Jason Kim, and researchers from University of Michigan, University of Adelaide and Tel Aviv University published their research on a new transient execution attack named Spook.js. The researchers specifically focused on Google Chrome’s Strict Site Isolation feature and were able to successfully launch side channel attacks using speculative execution and type confusion. The full paper can be found on their website spookjs.com. 

Today, we welcome Neil Gong, assistant professor of Electrical and Computer Engineering at Duke University, to the virtual stage where he will discuss Secure Federated Learning. We are all eager to hear what he has to say.

On the horizon we have a something I want to make sure our students, both online and on campus, are aware of. We will be hosting a Town Hall styled event later this fall which we are wanting to be entirely student driven. To put it simply: We want to hear from you!

SCP has many opportunities for all our students, on-campus and online, to get involved in events, activities and governance. A town hall format would allow us to discuss existing and new channels for student engagement unique to the school. It is also my hope that this town hall format will bring a fresh perspective to our school and give us new ideas for future events. 

Stephen Eick, SGA Graduate student body president, will speak on the role the SGA plays for our graduate students. He also passed along some great resources that you can view here. 

I hope you consider joining us and give us the opportunity to hear your voice.

Go Jackets!

Sincerely,

Richard DeMillo

Chair, School of Cybersecurity and Privacy

Charlotte B. And Roger C. Warren Chair of Computing

Visit me at https://www.cc.gatech.edu/people/richard-demillo

Follow me @rad_atl and @richde

Aug. 23, 2021

Dear Cybersecurity and Privacy community,

Welcome to the new semester for the School of Cybersecurity and Privacy!

Classes start this week. So do dozens of other routines that mark an academic year. Of course the “routines” are not so routine for us yet. It may not have been apparent to you last semester, but your school was being run by volunteers. I am personally grateful to all the faculty, students, administrators, and staff who worked behind the scenes last year to get this new venture launched. We will have a genuine launch party this fall where I will thank everyone properly. Over the next few weeks, you will see news about elections and appointments for new committees and offices. These will be the places you will go for help and advice or just to hang out with other cybersecurity folks.

For the last few weeks we have been talking about a focus on cybersecurity students, so it’s fitting that our first regular event was student-centered. We hosted SCP graduate student orientation last week. It was good to see so many of you in person. We’re thrilled that you share our excitement for the future of cybersecurity and privacy education at Georgia Tech. I hope you enjoy your shirts, bags, and other SCP goodies. There will be more SWAG as time goes on, which I hope will help spread the word that SCP is the place to go for all things having to do with cybersecurity.

Speaking of places to go. We are now live on the fifth floor of Coda. People are moving into new offices and labs, and the furniture for the Center for Deliberate Innovation (SCP’s own incubator and entrepreneurial studio) has already claimed its spot on the northeast corner. When you get off the elevator, you will see the WeWork™ entrance to the west and SCP in the other direction. Other fifth-floor tenants will be announced shortly. The SCP reception area is still on the 9^th floor. You will see it immediately when you enter through the double glass doors. Those of you who have been in Coda know that it’s a little hard to just drop in because of the badging requirements. We are working with the building management on ways to make SCP’s offices more accessible to casual visitors and students. We will set up a messaging app to make it easier to let us know you are waiting to be admitted.

We welcomed five new faculty members to the school this summer, and the first three have begun to move into their new offices in Coda:

Dr. Daniel Genkin is joining us as an Associate Professor from the University of Michigan, where he established a national reputation for his analysis of hardware and system vulnerabilities. He was already collaborating with Georgia Tech researchers, so his transition to SCP is a chance to strengthen the hardware security area even more. Dr. Genkin’s lab is on the 5^th floor of  Coda.

Dr. Joseph Jaeger arrived from his post-doc position at the University of Washington to become an Assistant Professor. His area is cryptography and includes fundamental contributions to applied and theoretical problems. He joins SCP’s world-class cryptographers to form one of the most formidable research groups in the country.

Dr. John Lindsay also arrived this week. He is an Associate Professor who specializes in cyber conflict and warfare. He joins us from the University of Toronto, where he established himself as one of the world’s experts in those areas. His analysis of Stuxnet stands out as a signal contribution to this important field. 

The two remaining new faculty members will arrive in 2022.

There was a faculty retreat last week to talk about the new services that will be available this year and to hear ideas about how to improve the existing ones. I read all of your comments and suggestions, and many of the changes in the works are due to input from you. The pandemic slowed some things down a bit, but not for our online students. We will continue to look for ways to make the OMS experience better.

It’s worth looking at just how many students the school is serving based on majors, courses, and faculty advisors. SCP is the first touchpoint for these students and their overall experience at Georgia Tech.

 General Enrollment Overview:

• Ph.D. in Computer Science (Security/Crypto): 41 students
• MS in Cybersecurity: ~100 students (151 applicants for AY 22)
• Online MS in Cybersecurity: ~ 1200 unique students for lifetime enrollment of program
• Several thousand students are taking our undergraduate classes each year (3,000+ in Introduction to Information Security alone)
• Undergraduate thread in cybersecurity being developed for Fall Semester 2021

Also, a note on entrepreneurship for faculty and students:

• Get plugged in right away on startup opportunities if you have an interest in seeing how projects are commercialized at Georgia Tech. The CREATE-X virtual Demo Day on Aug. 26 includes about 80 projects where teams pitch their startup efforts developed over the year. Among the presenters is Airbox Inc., offering a new way to identify and eliminate gaps in security for identities & secrets across cloud environments.

• The Center for Deliberate Innovation has a unique approach to “engineering” new companies for success. They will be a direct pipeline for the SCP community to put its startup ideas into action.

• A major new opportunity for our community involves the wider Atlanta ecosystem. Alumni Chris Klaus, Paul Judge, Mark Buffington and others were on a panel moderated by College of Engineering Dean and SCP faculty member Raheem Beyah earlier this year. It was focused on inclusive entrepreneurship and covered a lot of ground over the course of the day, including the news of more venture capitalist funding sources in the region. You can bookmark and watch a video of the whole program here.

The college launched its new website Friday in preparation for the start of the new school year, and many of you may already be kicking the tires on it. It’s designed to be more audience-centric, so if you have any feedback, you can send it here.  

I hope everyone stays safe and has a good first week of classes. There will undoubtedly be a lot to navigate.

At the end of the week, please join me and guest Brendan Saltaformaggio for my first virtual open office hour of the semester. It will be Friday at 1 p.m. (The chair’s virtual open office hour will take place regularly on Thursdays at 1 p.m. for the fall). I look forward to hearing about your start to the semester.

Go Jackets!

Sincerely,

Richard DeMillo
Chair, School of Cybersecurity and Privacy
Charlotte B. And Roger C. Warren Chair of Computing

Visit me at https://www.cc.gatech.edu/people/richard-demillo
Follow me @rad_atl and @richde