Chair’s Message | Graduation Weekend

May 7, 2021

Dear Cybersecurity and Privacy community,

Spring semester is officially a wrap, and starting this morning, members of the Graduating Class of Spring 2021 will take part in commencement ceremonies. Congratulations to all the graduates who are being conferred degrees and a special job well done to the students in our cybersecurity graduate programs. To the graduates – you will break new ground in the field as you start or continue your careers. You’ve been prepared well and we wish you the best of luck. Please stay connected with the school and visit us when you’re back in the area.

You can meet some of our new alumni – including the Online Master of Science in Cybersecurity program’s first women graduates – in the school’s graduation coverage.

As we mark the end of SCP’s second semester and prepare for summer, we have much that we can be proud of. Building a new school has taken the village institute, and many of you answered the call.

Some recent activity of note with SCP people and programs:

  • The Georgia Cybersecurity and Privacy Roadmap Taskforce convened its second workshop, bringing together leaders from Georgia industries and government – including aerospace, agriculture, defense, and intelligence – to drill down on the requirements needed in the public and private cybersecurity sectors. The video is available here and one more workshop is being planned.
  • Spring brought a number of high-profile cyber-attacks and digital privacy issues that were reported in the media. School faculty continue to engage in the public discourse on these topics and you can see where in this interactive graph.
  • Yesterday I keynoted an event that drew national tech and business leaders to discuss “Global Trends in Digital Infrastructure.” John McIntyre from Georgia Tech’s Center for International Business Education and Research (CIBER) – no relation – invited me to set the stage for the discussion and share with the primarily non-cybersecurity audience what the cyber landscape looks like.

At the end of the keynote, I discussed the investment Georgia Tech has made in the new school and how we are in a good position to scale our programs to educate higher numbers of professionals and leaders needed in cybersecurity and digital privacy. You are making that investment possible. I’m looking forward to continuing our work this summer. Happy trails.

Sincerely,

Richard  DeMillo 
Charlotte B. and Roger C. Warren Chair of Computing  
Chair, School of Cybersecurity and Privacy   Visit me at www.demillo.com
Follow me on Twitter @rad_atl and @richde

Chair’s Message | What’s Next?

April 16, 2021

Dear Cybersecurity and Privacy community,

It’s been a bit frenetic; I know. There’s a lot of new stuff to do. Between transferring faculty members to the new school, interviewing new professors, starting a new curriculum, and introducing the school to the world (“Hello, World!”), it’s been amazing how much time I got to spend this semester talking with all of you. 

You would think that, with summer break almost here, we would have more time for that. Rather than winding down the clock to a slower summer, SCP faculty and staff will use the next few months for a quick breather and assess where we are, then prepare to hit the ground running in the fall.

Next on my agenda is getting input from faculty and students on what services they would like to see in the new school. While the intercollege model that the institute has adopted for SCP has brought valuable opportunities, being the first in line for this new type of academic operation means we will also have to invent new ways of doing business. This is a good time for you to weigh in. If you are a student, what services do you wish we had? If you are an online student, what can we do to add value to your OMS-Cyber experience? My faculty colleagues are in the same boat: from budgetary and financial services to grant administration to laboratories to career advising and course scheduling, we will have to find new team members who can support SCP’s mission and operations. I’ll meet with SCP faculty members before the semester ends in two weeks to brainstorm. Everyone else will soon receive an invitation to a SCP community Town Hall, where we will have the same discussion with even broader participation. I hope to see you there.

Here’s a news item that may help kick off the Town Hall conversation: The recently announced reorganization of the institute’s corporate engagement model impacts the school and how we might be able to serve students at career fairs. Every college (and the institute) has its own career fair, so where do we fit in as an intercollege unit? What meaningful leads and relationships for job prospects can we help students with by using the school’s contacts with industry? It’s an exciting and interesting problem.

A note on curriculum topics: The second workshop from the Georgia Cybersecurity and Privacy Roadmap Taskforce will look at “Bridging the Cybersecurity and Privacy Workforce Skills Gap” on April 27, 2:30 – 4 pm EDT. You can find out more details and register to attend virtually by visiting https://gacybereducation.org/. Also, this fall the School of Electrical and Computer Engineering will introduce threads for their undergrad degrees (sidenote: they follow the College of Computing, which introduced threads for its bachelor’s in computer science in 2007 when I was dean). Cybersecurity will be one of the threads in the computer engineering bachelor’s degree. Third-year student Andrew Gonzalez shares an insightful glimpse of his experience taking cybersecurity courses.

The professor will be out this summer as far as my virtual open office hours are concerned. My weekly letters to you will become more irregular until we pick back up again in August. You can quiz me on what I’ve learned these first two semesters as chair of SCP today at 1 pm at my last session this semester, and I will always be an email or a Twitter DM away until we get together again in the fall. I hope it will be in person, but we are planning for any eventuality.

Thanks for reading. Good luck on finals and have a safe summer.

Sincerely,

Richard DeMillo
Charlotte B. and Roger C. Warren Chair of Computing 
Chair, School of Cybersecurity and Privacy  

Visit me at www.demillo.com  
Follow me on Twitter @rad_atl and @richde   

Chair’s Message | Extending Our Reach

April 9, 2021

Dear Cybersecurity and Privacy community,

As we hit the final stretch of spring semester, the school community – faculty, students, operations staff, administration, and external supporters – continue to engage and lay the groundwork for the coming fall. We are constantly looking forward, but we also have some high-visibility activity taking place now that’s worth taking note of:

The Technology Association of Georgia announced last week its picks for 2021’s Top 10 Innovative Technology Companies in Georgia. On the list is Codoxo, which almost five years ago to the day was the winner of the IISP Inaugural Demo Day Finale at Georgia Tech (April 13, 2016). The original GT news story includes a great testimonial about how a course in information security inspired two-time alum Musheer Ahmed to pursue his future career path. Now his company is using AI forensics to help mitigate the loss of billions of dollars in U.S. healthcare due to fraud, waste, and abuse.

Speaking of healthcare, a hack of Health Net records (and several universities) in January and just disclosed in March, has fueled the discussion over adoption of a national privacy law. I talked with a L.A. Times business columnist about the topic, and if you want an excellent overview of current global privacy issues, view a recording of Peter Swire’s Q&A with students at one of my virtual open office hours earlier this semester.

Data privacy is also getting attention in the spring issue of the Georgia Tech alumni magazine, hot off the presses and centered on ethics in tech. SCP faculty members Peter Swire and Annie Antón are featured and, without spoiling the short read for you, I will say that they frame the discussion in a very interesting way.

Last week’s virtual celebration for the NSA Codebreaker Challenge turned into an almost exclusively Georgia affair. The top three schools were invited to talk with National Security Agency officials and give input on future challenges. UNG and Georgia Tech (#1 and #2 in the 2020 challenge) were followed by #3 Oregon State which, as it turns out, has GT alum Yeongjin Jang organizing the university’s efforts. If you’re keeping count, Georgia Tech is one of 11 NSA Centers of Academic Excellence in Cybersecurity in the state, and Georgia sits in the top 10 nationally for number of CAE-designated institutions.

The codebreaker challenge is an example of students having an opportunity to work on complex and realistic problems in cybersecurity. As part of the efforts of the Georgia Cybersecurity and Privacy Roadmap Taskforce (GCRT) that I chair, the group is looking at such opportunities that support increasing the potential talent pool for the cyber workforce.

The next workshop for the GCRT will be industry-focused and include an overview of Georgia’s cyber workforce, existing gaps, and industry needs. You can sign up to get more information when the April workshop details are announced.

As you prepare to finish your last assignments and instructional days for the spring, take a minute to make sure you’re on our mailing lists or connected on social media. Summer may traditionally have less activity for students, but our school will maintain a steady pace as we prepare to share more good news and developments ahead of fall semester.

Two events of note from the school take place today and Tuesday, and you can stop by the chair’s virtual open office hour at 1 pm ET and ask me (almost) anything.

Thanks for reading.

Sincerely,

Richard DeMillo 
Charlotte B. and Roger C. Warren Chair of Computing 
Chair, School of Cybersecurity and Privacy  

Visit me at www.demillo.com  
Follow me on Twitter @rad_atl and @richde   

Chair’s Message | Intercollege Academic Model Taking Form

April 2, 2021

Dear Cybersecurity and Privacy community,

Who ultimately oversees this new school that runs point for cybersecurity and privacy education activity on behalf of all the academic colleges at Georgia Tech? This is a question that comes up frequently as we build the model for an intercollege academic unit.

SCP has an administrative home in the College of Computing, which means we have only one set of rules and procedures to follow (trust me, Georgia Tech has lots of rules). Dean Charles Isbell is my boss. But I am also accountable to the Council of Deans of the remaining five colleges, library, and professional education. Like equity shareholders of a startup, they have invested in SCP and have a stake in our success.

When I was asked to become the interim chair and help launch SCP, I was careful to inquire about whether that means I report to eight bosses (nine, if you count the Provost, to whom all the deans report). As a former dean, I am well-versed in the university art of tending to investments of scarce academic resources. I knew that they didn’t all want the same things all the time, so I did not relish the idea of trying to please them all.

Charles was convincingly reassuring: “No, you will not have eight bosses,” he said. The shareholder/start-up analogy should have occurred to me right away. It would have helped quiet the annoying, ever-skeptical little voice in my head.

On the other hand, I do take the responsibility of regular reporting to the Council seriously. I do that with letters like this one. In fact, some of the deans read my weekly letters to keep up with what’s happening in SCP. I thought this week it would be fun to turn the tables and give you a preview of what I will be telling the Council in my end-of-the-semester report.

  • The SCP faculty met on Tuesday. It was our third monthly business meeting. I noted at the meeting that the school is on track to begin operations in August to coincide with the 2021-22 school year. This means all essential administrative functions are staffed and academic matters are being governed by committees.
  • We are being deliberate in naming the founding faculty members. There are 23 active requests from other units for positions in SCP (most of them for joint appointments). Here is the breakdown:
    • Computer Science – 7
    • Interactive Computing – 2
    • Computational Science & Engineering – 1
    • Electrical and Computer Engineering – 4
    • Public Policy and Sam Nunn School – 5
    • Scheller College of Business – 2
    • GTRI -2
  • I have appointed Alexandra “Sasha” Boldyreva as the SCP associate chair for graduate education. This reflects the importance of the master’s and PhD programs to the school. Sasha had a similar role in the School of Computer Science, and she is an experienced leader in supporting graduate students.
  • The Institute for Information Security and Privacy (IISP) – Georgia Tech’s research arm in these areas – will become part of SCP by the start of the fiscal year. IISP has been an engine driving the growth of cybersecurity and privacy research and innovation. IISP Executive Director and Professor Wenke Lee will continue in his leadership role.  
  • A timeline for the SCP chair search has been laid out by search chair and Professor Mark Riedl of Interactive Computing. The job announcement will go out shortly and by September the search committee hopes to deliver final recommendations. Finding the right candidate is critical to the school’s future success. I’ve talked previously about developing the school’s culture and the new chair will play a large part in defining that. Based on the faculty discussion, the search committee won’t have any shortage of input, but I encourage you to reach out and engage in the endeavor.
  • The curriculum committee will shortly deliver a recommendation for an undergraduate thread in cybersecurity starting fall semester. The group has identified this as an important need that aligns with the computer science and the electrical and computer engineering undergraduate programs, both of which include threaded curriculums.
  • The Georgia Cybersecurity and Privacy Roadmap Taskforce is bringing together industry stakeholders for our second workshop later this spring to identify workforce gaps in cyber-related jobs and careers. The first workshop surfaced interesting perspectives from the education sector, including discussion from University System of Georgia officials on how we might innovate to serve more students.

Balancing all the needs of a new school has taken the commitment of more people than I can name in this column, but their work is starting to pay dividends. I look forward to continuing the momentum we’ve built and identifying together where we head next.

As always, thanks for reading, and come say “hi” at my weekly virtual open office hour, Fridays at 1 pm ET. You can find out more ways to get involved with the school by visiting us online.

Sincerely,  

Richard DeMillo
Charlotte B. and Roger C. Warren Chair of Computing 
Chair, School of Cybersecurity and Privacy 

Visit me at www.demillo.com  
Follow me on Twitter @rad_atl and @richde   

Chair’s Message | The First Two Years: Online Master of Science in Cybersecurity

March 26, 2021

Dear Cybersecurity and Privacy community,

This week included a mid-semester break from instruction, so I hope you had a chance to take some time for yourselves.

The school has been working this semester with Georgia Tech Professional Education, which administers the Online Master of Science in Cybersecurity degree program (OMS Cyber), to put together a bigger picture of how the program has developed in its first two years.

We can now share some details on enrollment and industry sectors for employment. The program continues to grow. The 223-student spring 2021 cohort is the program’s largest (28% above 2020) for a spring semester. You can read about some of the OMS Cyber students here.  It’s been great to see the level of student engagement with the new school. Let us know if there are other ways we can help you connect with your professors and classmates.

2020 was a difficult year for everyone, but even in the middle of a pandemic there is reason to be optimistic about the direction the program is taking. Here are some of the highlights from the program as of December:

  • 80% of student enrollment is U.S.-based
  • Top 5 states for enrollment are Georgia, California, Virginia, Florida, and Texas
  • 84% of students are employed
  • Top sectors for employed students are technology, finance, and defense, each with ~10% or ▲
  • 1 out of every 4 new students in 2020 in the policy track identify as female
  • Enrollment of women increased in all three degree tracks in 2020
  • Black and Hispanic groups each make up at least 10 percent of enrollment

The school has developed an interactive graphic for OMS Cyber’s 2-year birthday that you can explore for yourself and use to find more insights into the program. Faculty have built a solid foundation with OMS Cyber, and combined with residential graduate degree programs, undergraduate courses, training certificates, and bootcamps, the school is in a good position to lead Georgia Tech in its next steps in cybersecurity and privacy education.

On another front: the Commission on Research Next just published its Phase 1 Report. The Commission was launched by Georgia Tech Executive Vice President for Research Chaouki T. Abdallah. The report is designed to identify and better understand research challenges universities will face in the next decade.

A major subsection of the report, “Research that Matters,” identifies seven societal challenges that will shape Georgia Tech’s research direction, and the topic of security makes two appearances:

  • Food, water, sanitation, and hygiene
  • Healthcare and medicine
  • Transportation, energy, and infrastructure
  • Cybersecurity and privacy
  • Diversity, equity, and inclusion
  • Education
  • Security, defense, and prevention of nuclear terror threats

Georgia Tech has a long record in cybersecurity research going back more than 20 years to the Sam Nunn Forum, which drew attention to the vulnerabilities of emerging computerized financial systems. As a former director of the Georgia Tech Information Security Center, I’m keenly aware of the opportunity and necessity to build our research enterprise in cybersecurity and privacy alongside our education programs. 

Wen Masters, deputy director of Information and Cyber Sciences in GTRI (and an advisor to SCP), is co-chair of Commission on Research Next. I encourage you to reach out to Wen or Wenke Lee, executive director of the Institute for Information Security and Privacy, to find out how to engage in this effort. Phase 2 is already underway.

Next Tuesday, March 30, is SCP’s monthly faculty meeting. Please join us as we share more news about the school’s ongoing development and how you can get involved.

On March 31, the National Security Agency will recognize Georgia Tech students for their top performance in the 2020 NSA Codebreaker Challenge (they placed 2nd). School faculty who are interested in attending the virtual celebration can contact Taesoo Kim, who has led GT participation in the program since it started in 2015. You can read about some of the students from the challenge and the invaluable experience it gave them in advancing their cybersecurity skill sets.

Please take a minute to see how you can connect with the school through events, my open office hour on Friday afternoons, or other opportunities. And if you have questions, drop us a note or contact me directly.

Thanks for reading.

Sincerely,

Richard DeMillo 
Charlotte B. and Roger C. Warren Chair of Computing 
Chair, School of Cybersecurity and Privacy  

Visit me at www.demillo.com
Follow me on Twitter @rad_atl and @richde

Chair’s Message | A Statewide Initiative in Cybersecurity and Privacy Education

March 19, 2021

Dear Cybersecurity and Privacy community,

On Wednesday, education representatives from around the state convened virtually in the first workshop held by the Georgia Cybersecurity and Privacy Roadmap Taskforce. Condensing the 90-minute session into a few themes can’t fully capture all the topics presented, but if I had to characterize the meeting, I would say that 1- the state of cybersecurity education in Georgia is maturing rapidly and 2- there are several educational frameworks that position us well for the future. That’s not to say there aren’t challenges ahead. As chair of the taskforce, I’ve asked the members to think holistically about how the state can train more cybersecurity and privacy professionals at scale and pinpoint timeframes to enact these recommendations. 

I won’t bury the headline here. The GCRT is working to create a playbook for the entire Georgia education ecosystem to be used as a strategic guide for cybersecurity education. This guide will help build Georgia’s capacity to certify teachers, support faculty in higher education to serve more students, and scale delivery of education and training programs, all of which will lead to more students who are equipped to enter the cybersecurity and privacy workforce. The economic driver here is clear: there’s a workforce gap (you can monitor it for yourself) that we must address in order to secure our national infrastructure and protect how we do business across networks. This is an imperative for the state, and part of the solution must include a comprehensive education and training plan.

Some of the issues being raised in cybersecurity education remind me of those in computer science education – how do we address scale, access, instructional delivery methods, resources for instructors and students, etc.?

Georgia Tech not too long ago answered some of these questions in a big way when it took its master’s degree in computer science online and disrupted the market – it was the first online graduate CS degree from a top public research university that was equal to its residential program in all but cost. It’s been hugely successful; OMSCS currently enrolls 10,000+ students and costs less than $9K.

I mention this because Wednesday’s discussion surfaced some ideas that capture this spirit of thinking big and doing education in ways that are perhaps not common but are necessary and have huge potential payoffs. Some of this discussion revolved around how to solve creating more standardized delivery methods for instruction and finding and training qualified instructors across the education spectrum.

It’s an interesting parallel for me and perhaps a good bit of synergy to be the chair of the new school at Georgia Tech and this taskforce. Both enterprises require new ways of thinking and models that can support growing demand in this space. Just as I have encouraged the community to make their voice heard during the formation of the new school, please feel free to reach out to taskforce members as we continue this statewide initiative. There will be two more workshops this year that you can also take part in.

A recent example of Georgia’s strengths in cybersecurity is the National Security Administration Codebreaker Challenge, where eight colleges and universities in the state placed in the top 100 teams across the country in 2020. Georgia Tech was second, among 452 qualifying institutions, and has been in the top three ever since the competition started in 2015. Taesoo Kim, associate professor in computer science, and participating students (many from CS 6265) will be recognized by the NSA at the end of the month. This competition provides students with a hands-on opportunity to develop their skills in reverse-engineering and low-level code analysis through realistic problem-solving. Our school developed an interactive visual breakdown of top-performing teams here.

For those students new to Georgia Tech this semester, welcome and good luck. A special welcome to the 223 online students starting their journey in the OMS Cyber program. You’re invited to my weekly virtual open office hour, Fridays at 1 pm ET. I look forward to seeing some new faces and hearing about you and your interests.

Thanks for reading.

Sincerely,

Richard DeMillo 
Charlotte B. and Roger C. Warren Chair of Computing 
Chair, School of Cybersecurity and Privacy   

Visit me at www.demillo.com  
Follow me on Twitter @rad_atl and @richde     

Chair’s Message | Possible Futures for SCP

March 12, 2021

Dear Cybersecurity and Privacy community,

I read and respond to all correspondence (if you sent me something and have not heard back from me yet, please send it again), but I don’t always have time to expand on ideas that deserve a fuller discussion. There were a dozen emails this week about my short summary of SCP’s first faculty retreat. It’s a little unfair to characterize questions that were well-intentioned and deserve deeper discussion, but bear with me. Many of you ask, “Why, among all the things SCP might emphasize, are you choosing X and not Y?” These are excellent questions but answering all the (X,Y) instances may not be especially informative.

Aside from the obvious (to me, at least) answer that we are not yet at the choosing stage, my stock response, is “Good question! Why not help us explore it in more detail?” We are at the beginning stage of a process that will play out over months and, if we are successful, years.  Here are some of the recurring phrases I captured in these initial discussions:

  • Leverage campus resources to scaffold student success
  • Curriculum with diverse paths for students
  • Diverse student population
  • Engage industry to provide students project-based learning and capstone course opportunities
  • Integrate security/privacy modules across all colleges’ core curriculum
  • Build demand for graduate training by appealing to undergraduates
  • Opportunities for faculty to work with student research assistants

In effect, these are snapshots of possible futures for SCP. For the most part, they focus on students and reflect not only underlying principles but also the economic reality that SCP will succeed only if our students do. In the coming weeks, I will point you to Georgia Tech’s new ten-year strategic plan  and the report of the commission I co-chaired on the future of Georgia Tech education.

The most common (X,Y) questions have to do with whether SCP courses, programs, or degrees require technical proficiency as opposed to equally rigorous preparation in a non-technical field.  “As opposed to…” strikes me as a false choice. A much more interesting question is how X and Y are related. This was a week rich in examples of how that might work. Yesterday SCP co-hosted (with the School of Modern Languages) a roundtable event entitled “21st Century Cybersecurity: The Critical Role of Critical Languages in Advancing Multilingual and Cross-Culteral National Security Approaches, Competencies, and Perspectives.” The guest speaker was Dr. Michael Nugent, who directs the Defense Language and National Security Education Office.   Dr. Nugent’s summary of relevant programs and the panel discussion I moderated tied together the needs of cybersecurity in a globally connected world and multilanguage/cross-cultural research and education.

Jon Lindsay’s SCP seminar  (also yesterday) on the relationship between cyber conflict and intelligence practice is another example. Jon is a political scientist and expert in military intelligence with a deep knowledge of cybersecurity who argues, “Cyberspace is the most complex sociotechnical information system ever built, and cyber conflict is essentially just intelligence competition within it.”

So, as you formulate your own (X,Y) questions, consider how you might spark conversations like these. We are at the starting point of our planning process and mindful that most of the interesting questions have not been answered. You can reach out to any faculty on the school’s committees or the executive committee leadership to let us know of your interest in engaging.

Other items worth knowing about this week:

  • Among our student successes, year-over-year growth for the Online MS in Cybersecurity program from 2019 to 2020 was 16% with 2021 on track to exceed that (based on spring enrollments). The program has enrolled more than 1,000 students to date.
  • Mustaque Ahamad, professor in computer science, reminded me that the original MS in Cybersecurity started in 2002. So we have a big birthday to celebrate next year. Georgia Tech was early to the game in offering a graduate cybersecurity degree, and I think this reinforces why our next steps in the curriculum are so important. We need to be early to defining what the job market will expect in terms of skills and diversity in the future.
  • Putting a face on our student success stories is equally as important. March is Women’s History Month and we are celebrating with highlights of women in our community. Becky Borrebach, an OMS Cyber student and U.S. Army captain stationed in Hawaii, is on track this spring to be one of the first female graduates in the program. One parallel that Becky made between the Army and Georgia Tech was that both organizations want the best people, regardless of gender. That testament, from a student who has never sat in a classroom on campus, is encouraging as we look to the future in growing our degree programs. You can read Becky’s story here.
  • The school has also created a snapshot of women faculty and research scientists at Georgia Tech whose work is centered on or connected to cybersecurity and privacy. It shows a part of the diversity of education and research expertise across campus.
  • And speaking of diversity, a recent industry report from global cybersecurity firm CrowdStrike finds that Georgia Tech is doing comparatively well when it comes to the gender diversity of its computer science (CS) faculty. We’re ranked #2.
  • Today’s virtual cybersecurity lecture at noon is on a hot topic: deep fakes. Hany Farid, professor at the University of California at Berkeley presents on “Creating, Weaponizing, and Detecting Deep Fakes.” His research focuses on digital forensics, forensic science, misinformation, image analysis, and human perception.

Next week’s events include faculty candidate talks, a fireside chat with CS alumnus and cybersecurity expert Paul Judge, and our first workshop for the Georgia Cybersecurity and Privacy Roadmap Taskforce.

See you this afternoon for the chair’s virtual open office hour (1 pm ET).

Sincerely,

Rich DeMillo
Charlotte B. and Roger C. Warren Chair of Computing   
Chair, School of Cybersecurity and Privacy    

Visit me at www.demillo.com   
Follow me on Twitter @rad_atl and @richde   

Chair’s Message | Taking the Long View

March 5, 2021

Dear Cybersecurity and Privacy Community,

Thanks to all of you who commented on last week’s letter about the themes that came out of the faculty retreat. There will be working groups of students, faculty, alumni, and external stakeholders to expand the themes into narratives that will feed the strategic planning process beginning in earnest this fall. Now that the search committee for the inaugural chair has been announced, the questions posed during the retreat have taken on a new sense of urgency. I hope that many of you will find a way to be involved over the coming weeks.

The near-term business of building the school goes on as well. You should expect to see research and instructional faculty members added to the school and a new committee devoted to space and facilities soon. As I am sure you know, specialized laboratories and facilities are needed for world-class cybersecurity education and responsible experimentation. The new committee will seek broad input in developing a uniquely Georgia Tech approach to cybersecurity facilities.

I have hinted about it in the past, but today I can announce the first public event associated with a statewide initiative I am leading to address the challenge of producing enough qualified cyber-science and privacy professionals to close the cybersecurity workforce gap. I chair the new Georgia Cybersecurity and Privacy Roadmap Taskforce (GCRT), organized by the University System of Georgia, to develop the cybersecurity education playbook for public and private institutions (including K-12, technical colleges, and higher education). On March 17, GCRT kicks off the first in a series of workshops, Building a Strategic Blueprint for Cybersecurity and Privacy Education. The objective is to offer the state’s education community the chance to collaborate and share perspectives about the growing demand for cybersecurity talent. Broad participation from Georgia Tech will drive this effort. Check back for more details on the website next week.

On other fronts:

  • This week, we had the opportunity to (virtually) host students admitted to the Ph.D. in computer science program and gave them a sneak peek of their new home in Coda. The Coda building is a nexus for innovation that will serve the school well (and it is the tallest building in midtown according to facilities management; it has 21 levels). Coda will also offer important opportunities for collaboration with industry because of its proximity to other key stakeholders in the Atlanta tech ecosystem.
  • The institute recently announced plans for a full reopening of campus for fall semester. With this new guidance, we will assess safe ways to let our community engage in Coda later this year.
  • Today at noon you can take part in a SCP lecture by my friend and colleague Harri Hursti, co-founder of Nordic Innovation Labs and one of the world’s foremost experts on the topic of electronic voting and critical infrastructure security. His talk will be on 2020 cyberattack trends and forecasts for 2021.
  • I am out of town this week, but I hope you can join SCP’s Curriculum Committee Chairs and Professors Annie Antón and Sy Goodman at 1 p.m. ET for the chair’s virtual open office hour. As I mentioned a couple of weeks ago, developing SCP’s curriculum has turned into an exciting venture, so I am sure you will want to hear Annie and Sy share their visions of how cybersecurity education should evolve at Georgia Tech. Remember, we were ranked #1 nationally for our undergraduate cybersecurity programs, so do not expect tomorrow’s discussion to be tame. It has been great to see these two leaders challenge their colleagues to think boldly and innovatively about cybersecurity education.
  • One March 11, a panel with the school’s curriculum co-chairs, Profs. Antón and Goodman, will feature Michael Nugent, director of the Defense Language and National Security Education Office for the U.S. Department of Defense. Faculty candidate talks also continue next week.

I’ll be back soon with more updates. Meanwhile, have a great weekend, and please continue to send me your thoughts about how to launch our new school.

Sincerely,

Rich DeMillo
Charlotte B. and Roger C. Warren Chair of Computing  
Chair, School of Cybersecurity and Privacy   

Visit me at www.demillo.com  
Follow me on Twitter @rad_atl and @richde  

Chair’s Message | The First Steps to Strategic Planning

February 26, 2021

Dear Cybersecurity and Privacy Community,

The School of Cybersecurity and Privacy held its first faculty retreat this week. Retreats are the first step in a strategic planning process. They are a good way to begin talking about what’s important (and what’s not). Most of the time, a retreat is a closed meeting. There are good reasons for that. Any time you talk about what you stand for, there are going to be clashes.  Emotions often run high. In time, you find ways to work out the important differences, but you might not want the process to be in full public view. Halfway through the afternoon it occurred to me that this group had been engaged in the difficult conversations for the last six months or so. This meeting was an occasion to be optimistic. The retreat was not the beginning of a conversation but was rather a way to focus thoughts that had been in the air for weeks already.

Here is the central question we posed: Does the school subscribe to principles that can be explained to anyone?  Themes emerged almost immediately:

Trust: as a department focused on security and privacy, our goal is to build trust in cyber infrastructure, and we view ourselves as responsible stewards of methods for doing that.

Leadership: we embrace the challenges of building an academic home where excellence, an innovative mindset, and a focus on real-world security and privacy will influence boundaries and outcomes for the entire field.

Learning: a fundamental principle is our commitment to building a learning community of practitioners and scholars dedicated to education at all levels.

Being deliberate: use our unique role as a school responsible to many colleges to organize ourselves in deliberately innovative and agile ways.

We are sifting through dozens of suggestions like these:

  • How do we invest in new ideas? We use the Buckminster Fuller-esque method of finding small projects that, if successful, have rapidly expanding impact.
  • How do we become responsible stewards? We develop modules and courseware for the curricula in all colleges and programs to expose students to the critical issues.
  • What kind of learning community are we? One that experiments safely.   

I hope you lend your voice in the coming weeks and months as we expand this conversation to include working groups and committees to explore ways to implement these principles.

A quick note: Today is the final round of cyber-attacks competition Mad Hacks: Fury Code, hosted by the National Security Innovation Network. Georgia Tech’s own Jane Kim is a member of Team Sky, one of nine finalists. The virtual event is at noon eastern time.

Also, join me to today at my virtual open office hour at 1 pm ET for the regular freeform discussion. I’m sure it won’t take much prodding if you ask me about more of my thoughts from the retreat.

Sincerely, 

Rich DeMillo  
Charlotte B. and Roger C. Warren Chair of Computing 
Chair, School of Cybersecurity and Privacy  

Visit me at www.demillo.com 
Follow me on Twitter @rad_atl and @richde 

Chair’s Message | Privacy Education: Our Second Pillar and an Opportunity

February 19, 2021 

Dear Cybersecurity and Privacy Community, 

As I have conversations about SCP with faculty, students, administrators, industry leaders, and others, the discussions frequently turn to privacy education. It’s not a surprising turn in conversations about a school that’s dedicated to cybersecurity and privacy. What role does it play in the school? Will there be privacy-focused degrees? Are there classes that are available now? SCP is an unusual beast because so few of our peers even consider these questions.  

We can take a lead in defining privacy education in a world transformed by digital technology. Businesses and governments have clear financial and legal incentives to focus on cybersecurity in order to keep their doors open. The subject of privacy occupies a related but very different space where organizations are still finding their footing. I saw this firsthand in my previous post at Georgia Tech leading the Center for 21st Century Universities (C21U). C21U was a pioneer in establishing digital learning in the U.S. We quickly grew from a handful of online students to well over three million in a span of two years. We thought we had a handle on the spaghetti nest of privacy rules and regulations governing higher education, but those were the rules drafted in a different age. When the European GDPR rules dropped, we were caught flat-footed. We only avoided disaster because we were hosting large amounts of student data and had developed data protection rules of our own. 

This afternoon during my Virtual Open Office Hour, Peter Swire, one of Georgia Tech’s resident privacy experts, will join me. Peter just gave testimony on Capitol Hill in December on the EU-US Privacy Shield. His experience in previous federal administrations – and long record as a privacy and cyberlaw scholar and practitioner since the rise of the Internet in the 1990s – uniquely positions him to inform us on the complicated topic of privacy. I hope you’ll join us at 1 p.m. EDT and engage in the discussion.  

Another key area we are preparing to tackle is outreach, education pipeline, and workforce development needs in the state as it relates to cybersecurity and privacy. 

The Georgia Cybersecurity and Privacy Roadmap Taskforce, organized by the University System of Georgia (USG) and led by Georgia Tech, will seek to create and execute a strategic action plan that can be implemented across public and private education systems, including K-12, technical colleges and university programs. 

We will host a virtual workshop, Building a Strategic Blueprint for Cybersecurity and Privacy Education, in March with panelists from the state’s education community. The workshop offers stakeholders the chance to collaborate and share market perspectives about establishing a statewide education program to meet the growing demand for cybersecurity talent. 

By one estimate, there are currently more than 17,000 job openings in Georgia in cybersecurity areas. We plan to start addressing this issue with stakeholders across the state and create a wholistic approach that can guide educators, elected officials, and others and provide them with achievable cybersecurity education goals.  

More information on this effort will be available soon. 

To keep our community up to date, we’ve now made recordings available on the website for several events, including seminar talks, entrepreneur chats, panel discussions, and more. You will also find upcoming events here as our programming continues to expand.  

Thanks for reading. 

Sincerely, 

Richard DeMillo  
Charlotte B. and Roger C. Warren Chair of Computing 
Chair, School of Cybersecurity and Privacy  

Visit me at www.demillo.com 
Follow me on Twitter @rad_atl and @richde