Chair’s Message | Some Weeks are Harder than Others

Oct. 22, 2021

Dear Cybersecurity and Privacy community,

It’s been over a year since I started writing these letters to generate discussions that I hoped would build the SCP community and keep you up to date on developments in our growing school. Every week, I try to be upbeat. That’s typically easy because we have made steady progress these past months. Every day, I get more confirmation that the answer to the question I asked my first day on the job (“What makes SCP distinctive?”) is the combination of rigor, real-world impact and open, collaborative spirit that is the particular strength of a Georgia Tech education and about which I have written so often.

Some weeks are harder than others. A few weeks ago, responding to feedback from a recent graduate, I wrote about what is missing in our curriculum and what we planned to do about it. This week, my inbox was filled with proof that we are still only midway through the sometimes arduous process of building a school. Anecdotes are not data, but when I hear the same story over and over again, I want to see what’s going on. More about what I found out in a few minutes. First, I want to tell you about the 20/20/60 rule and why it is important to get out of our own way.

As CTO for Hewlett-Packard, I learned a simple lesson from my predecessor Joel Birnbaum (father of the first commercially successful RISC architecture). Like Joel, I handled all R&D around the world, and I was often dazzled by the brilliance of the HP engineers who came up with ideas like ink jet printing (which was successful beyond anyone’s expectations,) and phase change memory (which was not.) Every single patent was aimed at a well-understood market, the key ingredient for efficient product development. This meant technical risk and market risk were effectively constrained, and for sixty years HP led the industry in creating new product categories. Yet, most new ideas never made it. Joel asked why and discovered that technical and market risk accounted for only 40% of total risk. Most risk (about 60%) was bundled in what he called organizational risk –the likelihood that existing organizations and decision-making would be unable to function. In short, we would not be able to get out of our own way. This led to the 20/20/60 rule which forced us to concentrate on that 60% by clearing bureaucratic clutter out of the way. 

We know that the 20/20/60 rule also applies to SCP. Nevertheless, I get emails like one this week from a graduating cybersecurity master’s student who wants to join her cybersecurity classmates at commencement but cannot because SCP does not yet have the right code. Instead, she will walk with Interdisciplinary students with whom she rightly points out she has little in common. It is hard to create a community when the three-letter code that is the price of admission, does not exist.  I have another bundle of emails from recent graduates who –like the student who was surprised to have not learned about resilience in class—suggest many topics they would like to hear about in their formal coursework.  Why aren’t we developing those courses? You guessed it: SCP does not yet have the necessary three letter code. It’s a small consolation to the affected students that we will at some future date figure out how to pry the elusive codes from the offices where are currently stuck. First, we must figure out how to get out of our own way. Feedback from students and recent graduates is crucial, so please let us know how we are falling short of expectations. 

Since we are talking about community building, let me remind you of our plans for a student town hall. While I am proud to see students stepping forward on their own initiative to help plan events like the student town hall, I hope the momentum isn’t lost. We are still looking for student led activities, so if you have something you want to see take root in the school, let me know. 

I also wanted to update you all on the status of SCP Chair search. As you may or may not be aware, I agreed to oversee the launch of this new school last year as interim chair. Throughout the course of this year the College of Computing has been conducting interviews for someone to fill the role after I step down. It is my understanding that the candidate pool has been narrowed down and a new chair should be in place sometime next year. We will of course bring the new chair in to meet as many of you as we can manage, and I look forward to watching the continued growth of the school after I take a step back.

Other events and activities:

  •  I will be holding open office hours again starting next Wednesday. You are welcome to drop in virtuallyor in-person. During this time, you have my undivided attention, and we can discuss future events, curriculum suggestions, what’s happening in the world of cybersecurity and privacy and more. I hope you will join me on Wednesday, Oct. 27, from 12:30 to 1:30 p.m. in the Chair Suite (Coda room 962A.) or at our usual BlueJeans location (see the SCP website for meeting ID) 
  • Second, on Monday Oct. 25 from 11 a.m. to 12 p.m. SCP will host a webinar entitled “Ransomware and Beyond: Demystifying Ransomware and Defending Against Future Attacks,” Milton Mueller, Nadiya Kostyuk and Joseph Jaeger, along with Trevor Lewis from Professional Education, will serve as panelists. The panel will also take questions from the audience. Registration is currently open, and I welcome you to take part in the discussion.
  • This week we are doing something a bit different for our weekly lecture series. We will be previewing some of the work that has been accepted to the ACM Computer and Communications Security Conference (CCS). Ph.D. students Jonathan Fuller, Carter Yagemann and Sena Sahin will each be giving lectures on their work. Carter will be discussing and demonstrating a technique he has developed to discover and explain novel vulnerabilities in real-world software. Sena will present her findings on how to strengthen typo-tolerant password authentication. Jonathan will give an explanation on the program he and other researchers developed that can covertly monitor and disrupt botnets. This will be a great exercise for our students as well as a great insight into the work being done at SCP. I look forward to seeing you there.

As always, please let us know what’s on your mind and stay active in SCP,

Richard DeMillo

Chair, School of Cybersecurity and Privacy

Charlotte B. And Roger C. Warren Chair of Computing

Visit me at https://www.cc.gatech.edu/people/richard-demillo

Follow me @rad_atl and @richde

Chair’s Message | Events and Announcements

Oct. 15, 2021

Dear Cybersecurity and Privacy community,

Next Friday will mark the one-year anniversary of my chair letter. I am looking forward to using next week’s letter to reflect on how we have grown as a school and a community. 

This week I want to talk about some upcoming SCP events as well as announce a new pathway we are planning to add to our M.S. programs. 

Today we are hosting Chris Rouland, CEO of Phosphorus Cybersecurity Inc., who will be giving a lecture titled “A Random Walk Through 1,000,000 Things.” I will let you guess what it’s about. Chris is a serial entrepreneur (Phosphorus is his third company,) and former CTO of Internet Security Systems, the company that Chris Klaus and Tom Noonan founded twenty-five years ago. He is also an old friend of the College of Computing (and a proud alum). We will be providing lunch for everyone who visits us in person and will be streaming the talk online for those who want to attend virtually. You can register for both online and in-person here.

Next, after receiving some student input I will be bringing back my open office hours starting next week. You are welcome to drop in virtually or in-person. I want to make you all aware that I am dedicated to creating a space to listen to your comments, suggestions and sometimes just chat about cybersecurity and the school. I hope you join me on Wednesday, Oct. 20, from 11:30 a.m. to 12:30 p.m. in the Chair Suite (Coda room 962A.) 

We are constantly tweaking the methods in which we communicate with all our stakeholders. Over the next few weeks we will start sending out a weekly rundown email listing all events happening in the school. Events held in a hybrid or virtual format will have the corresponding links for registration.

In the preparation meetings for our upcoming student town hall, several of you have asked for a Slack channel as an alternative to our usual email communications, (actually I was reminded that email is, well, 20th Century and not conducive to the kind of community building we are trying for in SCP.) Karl Grindal and Daniel Genkin are in the process of setting up SCP Slack channels. As they grow, we will be able to let you know about events and get feedback in real time. Join the conversation on SCP Slack by using your Georgia Tech email here

Later this month SCP will be hosting and participating in a virtual seminar focused on the discussion of ransomware. Ransomware and Beyond: Demystifying Ransomware and Defending Against Future Attacks, will be held on Monday, Oct. 25 from 11 a.m. to 12 p.m. SCP faculty Milton Mueller and Joseph Jaeger, along with Trevor Lewis from Professional Education, will serve as panelists for the seminar. Registration is currently open, and I welcome you to participate in the discussion. 

A final note to kick off what I hope is an extended and energetic discussion. We are planning to launch a new track in the M.S. programs (both in-person and online) that focuses on cybersecurity operations and strategy. We are moving quickly because demand has been building for a more rigorous approach to preparing students for CISO and other executive security roles. We expect the curriculum to be project-based and team taught by current faculty members, current and former CISOs and others with operational expertise. As far as I can tell we are the first research university to take this step, and I expect the operations and security track to grow quickly. 

Stay tuned for further discussion on the new Slack channels. By the way, we are also planning to adapt some of the existing undergraduate threads to include security operations and respond to the growing interest by employers in sponsoring undergraduate interns within their cyber organizations.

That’s all for this week. I hope you all had a chance to catch your breath during the short fall break. We are now heading into the busiest part of the semester, so check in on our new Slack channel, the SCP Twitter account (@GATechCyber) and the announcement section of our website for late breaking news. As always, feel free to drop me a note (clunky email or Slack message) and stay in touch. 

Sincerely, 

Richard DeMillo, Chair School of Cybersecurity and Privacy

Chair’s Message | Student Research Highlights

Sept. 24, 2021

Dear Cybersecurity and Privacy community,

As I mentioned last week, our school had eight papers accepted to the upcoming Association for Computing Machinery Conference on Computer and Communications Security, a tier one academic conference. Since we are celebrating SCP students this fall, I will take time this week to highlight some of the student involvement in these research papers.

We have over a dozen Ph.D. students who co-authored research that will be presented at the conference, as well as several who will make presentations themselves. Two of these students are wrapping up their studies with us and I can’t think of a better way for them to complete their time at Georgia Tech then presenting at one of the biggest cybersecurity conferences of the year. 

Jonathan Fuller is a Ph.D. student in the Cyber Forensics Innovation Laboratory. Jonathan and his advisor Dr. Brendan Saltaformaggio have spent the past year and a half developing C3P0, a software framework that allows researchers to covertly monitor command and control servers and eventually disrupt bot networks. Jonathan earned his master’s degree in Computer Science at the Air Force Institute of Technology and once he graduates, he will begin his career as a cybersecurity researcher at the Army Cyber Institute at West Point. 

The second Ph.D. student I want to recognize today is Carter Yagemann works with Dr. Saltaformaggio and Dr. Wenke Lee. Carter will be presenting two sets of results: one on novel techniques for bug hunting in user software and another on a new type of cyberattack that targets data lineage. After finishing his Ph.D., Carter will pursue an academic career where he can continue exploring his research interests of computer, vulnerability discovery and prevention, machine learning, mobile operating systems security, and systems security with focuses on binary analysis.

Each student presenter will have 20 minutes to present their findings to the conference audience and then five minutes to answer questions. Please join me in congratulating these 16 School of Cybersecurity and Privacy Ph.D. students:

  • Amit Sikder
  • Berat Arik
  • Carter Yagemann 
  • David Heath
  • Ehsan Asdar
  • Fan Sang
  • Gururaj Saileshwar
  • Haichuan Xu
  • Jonathan Fuller
  • Ranjita Pai Kasturi
  • Ren Ding
  • Sean Sahin
  • Simon P. Chung
  • Vivek Verma 
  • Wen Xu
  • Yonghae Kim

Remember to watch for announcements of the SCP Student Townhall later this semester. If you’re interested in getting more involved send me a quick note or contact Karl Grindal kgrindal@gatech.edu.

I hope you have a great weekend.

Sincerely,

Richard DeMillo

Chair, School of Cybersecurity and Privacy

Charlotte B. And Roger C. Warren Chair of Computing

Visit me at https://www.cc.gatech.edu/people/richard-demillo

Follow me @rad_atl and @richde

Chair’s Message | Plans for a Student Town Hall

Sept. 17, 2021

Dear Cybersecurity and Privacy community,

Many thanks to all the faculty and students who came to last week’s steering committee for the Student Town Hall we are planning for later in the semester. As I have mentioned a few times already, I want to focus on student involvement this year. Interest in this idea is high among graduate and undergraduate students and exceptionally high among online master’s students.  A dozen students were interested enough to volunteer to help plan for the Town Hall meeting where this will be discussed. Interestingly, student interest in cybersecurity is also high among students enrolled in a wide variety of degree programs.

We will use the Town Hall to help get the word out about SCP and where cybersecurity and privacy are heading at Georgia Tech. I thought it would be an excellent way to survey student organizations, events, and initiatives SCP should embrace and sponsor. Still, the steering committee discussion convinced me that we could use the town hall format to generate new ideas and host an open conversation about student priorities, desires, and concerns. 

Here are just some of the areas of interest that are under discussion:

  • Surveying what existing technical/professional and student government organizations have to offer
  • Developing proposals for new organizations
  • Publishing student-focused newsletters and cyber-focused jobs boards
  • Discussing whether we need new governance models for cybersecurity and privacy
  • Meeting the demand for career advising and mentoring (especially peer mentoring)
  • Launching student-managed labs and facilities
  • Events ranging from talks and mixers to demo days that appeal directly to SCP students
  • Exploring possibilities for new learning approaches for cybersecurity and privacy

It’s not too late to get involved in planning the Town Hall. The steering committee will meet again in two weeks. If you are interested in working on any of these activities or if you have ideas or experience to share about similar meetings, please let me (rad@gatech.edu) or Karl Grindal (kgrindal@gatech.edu) know. One of us will get back to you soon.

In other news, the 2022 U.S. News and World Report Best College rankings has once again recognized our school as one of the best in the nation. The Georgia Tech School of Cyber Security and Privacy tied with the Massachusetts Institute of Technology (MIT) for the No. 2 spot in the Cybersecurity category. We were edged out this year by Carnegie Mellon University for the No. 1 ranking this year.

Our faculty and staff have been able to navigate the past year with tremendous perseverance. During normal circumstances, getting a brand-new school off the ground would be challenging, yet we have done it during a time of massive global disruptions. 

I am not a big fan of national rankings.  It’s nice to be recognized, but the real value of SCP will be realized by the opportunity it gives to students entering this exciting field. We have a long road ahead of us as we continue to work on and meet the aspirations we have set for ourselves. We are working hard behind the scenes to engage students in every area we can think of. I am looking forward to our Town Hall, and I am eager to hear from you.

Finally, the Association for Computing Machinery (ACM) released the list of research papers that have been accepted to November’s Conference on Computer and Communications Security. Among the papers accepted from submissions around the world, eight were co-written by SCP faculty and will be presented at the virtual conference. Congratulations to Brendan Saltaformaggio, Frank Li, Mustaque Ahamad, Taesoo Kim, and Wenke Lee on this accomplishment. 

Sincerely,

Richard DeMillo

Chair, School of Cybersecurity and Privacy

Charlotte B. And Roger C. Warren Chair of Computing

Visit me at https://www.cc.gatech.edu/people/richard-demillo

Follow me @rad_atl and @richde

Chair’s Message | Student Events

Sept. 10, 2021

Dear Cybersecurity and Privacy community,

The last two weeks have been a whirlwind as we press forward into a new semester and double down on our promise to bolster student engagement across the board. 

We kicked off our weekly lecturer series last week with a talk on Side Channel Attacks led by our very own Dr. Daniel Genkin, associate professor at SCP. He led a very engaging conversation that continued amongst students as they left the auditorium. I cannot think of a better way to kick off a series.

Earlier this week Daniel, along with his first year Ph.D. student Jason Kim, and researchers from University of Michigan, University of Adelaide and Tel Aviv University published their research on a new transient execution attack named Spook.js. The researchers specifically focused on Google Chrome’s Strict Site Isolation feature and were able to successfully launch side channel attacks using speculative execution and type confusion. The full paper can be found on their website spookjs.com

Today, we welcome Neil Gong, assistant professor of Electrical and Computer Engineering at Duke University, to the virtual stage where he will discuss Secure Federated Learning. We are all eager to hear what he has to say.

On the horizon we have a something I want to make sure our students, both online and on campus, are aware of. We will be hosting a Town Hall styled event later this fall which we are wanting to be entirely student driven. To put it simply: We want to hear from you!

SCP has many opportunities for all our students, on-campus and online, to get involved in events, activities and governance. A town hall format would allow us to discuss existing and new channels for student engagement unique to the school. It is also my hope that this town hall format will bring a fresh perspective to our school and give us new ideas for future events. 

Stephen Eick, SGA Graduate student body president, will speak on the role the SGA plays for our graduate students. He also passed along some great resources that you can view here

I hope you consider joining us and give us the opportunity to hear your voice.

Go Jackets!

Sincerely,

Richard DeMillo

Chair, School of Cybersecurity and Privacy

Charlotte B. And Roger C. Warren Chair of Computing

Visit me at https://www.cc.gatech.edu/people/richard-demillo

Follow me @rad_atl and @richde

Chair’s Message | Welcome Back

Aug. 23, 2021

Dear Cybersecurity and Privacy community,

Welcome to the new semester for the School of Cybersecurity and Privacy!

Classes start this week. So do dozens of other routines that mark an academic year. Of course the “routines” are not so routine for us yet. It may not have been apparent to you last semester, but your school was being run by volunteers. I am personally grateful to all the faculty, students, administrators, and staff who worked behind the scenes last year to get this new venture launched. We will have a genuine launch party this fall where I will thank everyone properly. Over the next few weeks, you will see news about elections and appointments for new committees and offices. These will be the places you will go for help and advice or just to hang out with other cybersecurity folks.

For the last few weeks we have been talking about a focus on cybersecurity students, so it’s fitting that our first regular event was student-centered. We hosted SCP graduate student orientation last week. It was good to see so many of you in person. We’re thrilled that you share our excitement for the future of cybersecurity and privacy education at Georgia Tech. I hope you enjoy your shirts, bags, and other SCP goodies. There will be more SWAG as time goes on, which I hope will help spread the word that SCP is the place to go for all things having to do with cybersecurity.

Speaking of places to go. We are now live on the fifth floor of Coda. People are moving into new offices and labs, and the furniture for the Center for Deliberate Innovation (SCP’s own incubator and entrepreneurial studio) has already claimed its spot on the northeast corner. When you get off the elevator, you will see the WeWork™ entrance to the west and SCP in the other direction. Other fifth-floor tenants will be announced shortly. The SCP reception area is still on the 9th floor. You will see it immediately when you enter through the double glass doors. Those of you who have been in Coda know that it’s a little hard to just drop in because of the badging requirements. We are working with the building management on ways to make SCP’s offices more accessible to casual visitors and students. We will set up a messaging app to make it easier to let us know you are waiting to be admitted.

We welcomed five new faculty members to the school this summer, and the first three have begun to move into their new offices in Coda:

Dr. Daniel Genkin is joining us as an Associate Professor from the University of Michigan, where he established a national reputation for his analysis of hardware and system vulnerabilities. He was already collaborating with Georgia Tech researchers, so his transition to SCP is a chance to strengthen the hardware security area even more. Dr. Genkin’s lab is on the 5th floor of  Coda.

Dr. Joseph Jaeger arrived from his post-doc position at the University of Washington to become an Assistant Professor. His area is cryptography and includes fundamental contributions to applied and theoretical problems. He joins SCP’s world-class cryptographers to form one of the most formidable research groups in the country.

Dr. John Lindsay also arrived this week. He is an Associate Professor who specializes in cyber conflict and warfare. He joins us from the University of Toronto, where he established himself as one of the world’s experts in those areas. His analysis of Stuxnet stands out as a signal contribution to this important field. 

The two remaining new faculty members will arrive in 2022.

There was a faculty retreat last week to talk about the new services that will be available this year and to hear ideas about how to improve the existing ones. I read all of your comments and suggestions, and many of the changes in the works are due to input from you. The pandemic slowed some things down a bit, but not for our online students. We will continue to look for ways to make the OMS experience better.

It’s worth looking at just how many students the school is serving based on majors, courses, and faculty advisors. SCP is the first touchpoint for these students and their overall experience at Georgia Tech.

 General Enrollment Overview:

  • Ph.D. in Computer Science (Security/Crypto): 41 students
  • MS in Cybersecurity: ~100 students (151 applicants for AY 22)
  • Online MS in Cybersecurity: ~ 1200 unique students for lifetime enrollment of program
  • Several thousand students are taking our undergraduate classes each year (3,000+ in Introduction to Information Security alone)
  • Undergraduate thread in cybersecurity being developed for Fall Semester 2021

Also, a note on entrepreneurship for faculty and students:

  • Get plugged in right away on startup opportunities if you have an interest in seeing how projects are commercialized at Georgia Tech. The CREATE-X virtual Demo Day on Aug. 26 includes about 80 projects where teams pitch their startup efforts developed over the year. Among the presenters is Airbox Inc., offering a new way to identify and eliminate gaps in security for identities & secrets across cloud environments.
  • The Center for Deliberate Innovation has a unique approach to “engineering” new companies for success. They will be a direct pipeline for the SCP community to put its startup ideas into action.
  • A major new opportunity for our community involves the wider Atlanta ecosystem. Alumni Chris Klaus, Paul Judge, Mark Buffington and others were on a panel moderated by College of Engineering Dean and SCP faculty member Raheem Beyah earlier this year. It was focused on inclusive entrepreneurship and covered a lot of ground over the course of the day, including the news of more venture capitalist funding sources in the region. You can bookmark and watch a video of the whole program here.

The college launched its new website Friday in preparation for the start of the new school year, and many of you may already be kicking the tires on it. It’s designed to be more audience-centric, so if you have any feedback, you can send it here.  

I hope everyone stays safe and has a good first week of classes. There will undoubtedly be a lot to navigate.

At the end of the week, please join me and guest Brendan Saltaformaggio for my first virtual open office hour of the semester. It will be Friday at 1 p.m. (The chair’s virtual open office hour will take place regularly on Thursdays at 1 p.m. for the fall). I look forward to hearing about your start to the semester.

Go Jackets!

Sincerely,

Richard DeMillo
Chair, School of Cybersecurity and Privacy
Charlotte B. And Roger C. Warren Chair of Computing

Visit me at https://www.cc.gatech.edu/people/richard-demillo
Follow me @rad_atl and @richde

Chair’s Message | Tackling the Big Issues for Students

Aug. 13, 2021

Dear Cybersecurity and Privacy community,

More on what student success might mean for the School of Cybersecurity and Privacy.

There is always a tension between keeping a college curriculum up-to-date and chasing after the latest fad. We academics try to put a brave face on it, but changing long-established courses is an often-tedious (and seldom-rewarded) process, filled with roadblocks and hurdles that scream, “STOP!” even when it has become clear that the newest thing will be around for a while, and the students who don’t know about it will be at a disadvantage in the eyes of many employers. I wrote about this phenomenon in Abelard to Apple. It’s one of the things that leads to bloated curricula filled with long chains of required courses, which leave little room for newer developments. Online course delivery helps a little. An instructor can snip out the old content and add the new with relatively little fuss. But how does an instructor know that the new stuff is likely to be important enough to make the change? If the change corrects an error, most teachers will hear about it soon enough. Sometimes the “old stuff” is there to advertise (a research area, for example) and the professor has a vested interest in keeping it around to attract graduate students. Consulting or short-term research exposes some faculty members to trends before they become truly disruptive. Often, however, we are simply late to the party. We might only find out when our alumni let us know about this *gap* in their training.

I gave this problem to my CS 4001 (Cyberethics) course a few years ago. “Give me some ideas for how current students can find out what the gaps are by talking to recent graduates. What do they know now that should influence what you are learning?” I asked. I received a lot of proposals. When you boil them all down you get something like the Personal Board of Directors (recommended by the Commission on Creating the Next), a technology-enabled network of mentors who share lessons from the workforce with students and teachers to help steer learning. Significantly, all my CS 4001 students said they would participate in such a mentor network. The idea was so compelling that when we asked the Silicon Valley design firm Ideo to host a worldwide competition for ideas that would change higher education, PDB was the winning proposal. We provided seed money to develop the idea, which has now blossomed into a portfolio of interesting projects.

I wondered as we began planning student-led and student-centered programs for SCP whether the PBD would have the same appeal in cybersecurity. Then I received this note from the same student I mentioned last week who discovered that, without internal champions, an entry-level job is hard to find:

“What is Cyber Resiliency?? When I learned I was going to be interviewed by the Cyber Resiliency Department, I quickly tried to learn what Cyber Resiliency was, because [we] never talked about it [in class and] I thought maybe it was new and just had not yet made it into the curriculum, but no, my research revealed it has been widely known since at least 2013 (https://www.mitre.org/sites/default/files/publications/13-4047.pdf ). It even has recent NIST publications dedicated to it. https://www.nist.gov/news-events/news/2019/09/cyber-resiliency-engineering-final-public-draft-nist-sp-800-160-volume-2

I am sure all of you know about Cyber Resiliency, but it was a surprise to me. I fell in love with the paradigm the cyber resiliency framework set up almost at once, because during my entire time [at Georgia Tech] I kept thinking – this is a losing battle…  The attack surface is too large, the chain of trust too long, the systems too complex…. We are never going to keep the bad guys out…  Cyber resiliency starts by saying, ‘That’s right, the bad guys are going to get in. Let’s win anyway and here are some methods to do so…’ [Our courses] talked about defense in depth but not about the many, many other concepts and methods within the cyber resiliency framework.”

The note ends with a not-too-subtle question: “Maybe this is something that needs to be rectified?” Let’s add this to the growing list of ideas for student-run initiatives for the upcoming SCP student town hall (stay tuned for an announcement of the date and time).

As we approach the start of the new semester:

  • I want to join the OMS Cybersecurity program directors in welcoming the newest class of students. The stories about what led students to the program always inspire me. I hope you feel part of our community of learners bound together by the commitment to a more secure cyber future.
  • Along those lines, I keynoted the close-out meeting of the X-Force Fellows of the National Security Innovation Network yesterday afternoon. Over a hundred projects, two hundred undergraduate fellows and a whole network of civilian and uniformed national security professionals tackled a range of practical problems that needed innovative thinking. Judging from the Q&A, there will be more opportunities next year for internships that target cybersecurity and privacy in the national security domain.
  • It’s time to expand SCP. We just finished an incredible first year of recruiting new professors to meet the demand for GT-trained cyber experts. We will be meeting for a retreat next Friday, Aug. 20, in Coda to plan hiring priorities for next year. I have heard from many of you about the kinds of courses and professors that you would like to see join the school. Please continue to send me your thoughts and suggestions. They will be helpful as we begin this most important task.
  • There’s a Career Chat (What Employers Really Want) today at noon. Hear from a panel of employers to learn what they are looking for in candidates.
  • In the Research Next Speaker Series, Dr. Cheryl Martin will be featured on Tuesday, Aug. 17.
  • And of course, Rats Night is around the corner. On Wednesday, Aug. 18, from 7-10 p.m., take over the Georgia Tech Library for a late night of fun filled with snacks, video games, trivia, arts and crafts, and free giveaways.
  • Finally for old and newcomers alike (we are all a little bewildered by this bustling city), Welcome to the 404: A Beginner’s Guide to Atlanta is Thursday, August 19. You can explore the best ways to connect with your new community, from sampling the city’s diverse culinary portfolio, harmonizing with Georgian nature, and engaging in GT and Atlanta’s proud history of service and activism.

As always, let me know how you are doing. Make suggestions. Get involved in the School. It’s your home at Georgia Tech.

Sincerely,

Richard  DeMillo 
Charlotte B. and Roger C. Warren Chair of Computing  
Chair, School of Cybersecurity and Privacy    

Visit me at www.demillo.com
Follow me on Twitter @rad_atl and @richde

Chair’s Message | Making Experiential Student Learning a SCP Cornerstone

Aug. 6, 2021

Dear Cybersecurity and Privacy community,

I want to continue the conversation I started in last week’s letter about the school’s investment in cybersecurity students. We know that our students are invested in Georgia Tech, but I want that to be a two-way street: we are invested in their success too.

That investment takes many forms, beginning with some of the things I talked about last week, including investing in a culture that promotes developing the skills that we know are highly correlated with long-term success. Those turn out to be different from the technical, cognitive, and analytical skills that must be mastered to win hackathons or ace difficult final exams. Sometimes called T-shaped skills, these are learned traits like determination, ethical judgment, curiosity, entrepreneurship, and self-efficacy that employers say are the hardest to test for during job interviews but which time and time again are associated with career-long advancement, growth and even wealth creation.

Why T-shaped? If you think of cognitive skills like coding as the vertical stroke of the letter T, these other skills are the horizontal bar at the top. They cut across many different technical skill sets and help determine the mindsets and attitudes that employers value most. One of my industrial colleagues once described things this way: “We know we can get great problem-solvers from top-notch programs, but it’s really hard to find people that know which problems to solve.”

Some people call the skills in the horizontal bar of the T the soft skills. I never liked that term. There is nothing soft about them. For one thing, learning them is hard. They are what educational psychologists call malleable. They can be formed and shaped, but they are most easily learned when you are young and become progressively more difficult to learn the older you get. By the time you get to college and beyond, the trial-and-error process of learning from failure may be the only path. Knowing how to form and lead a high-performing team, for example, is not something that you can learn from a lecture. That’s why employers consistently value experience, even when they are recruiting new college graduates.

One recent graduate from the OMS Cyber program (1K+ students strong) shared with me and others the difficulty of landing his first job in the industry. He went through some 50 applications before landing his first cybersecurity job. I was keen on understanding his journey.

He already held an advanced degree in a hard science and had sailed through a demanding Georgia Tech degree program, so his vertical skills were strong. And he had no lack of determination and belief in his ability to succeed (self-efficacy), but of course those were not on his official transcript. What he found was that his lack of professional experience outside his coursework was a barrier to getting the call-back. In fact, he never got a call-back unless someone within the company recommended him. As he put it: “Even though I was applying for entry-level jobs, the reason I was given for not being selected was that I had no directly relevant experience.” He never did get an offer for an entry-level position. He was instead offered (and accepted) a position as lead cybersecurity engineer in a prestigious lab, several levels above entry level.

I’ll have more to say about this story in coming weeks, but for today I want to point to the plans we are making to build these learning experiences into the fabric of SCP. First, experiential learning and peer networking will be a hallmark of cybersecurity at Georgia Tech. In-person students have a leg up on the online students because of internships and networks of colleagues to provide those crucial introductions and recommendations. Building those experiences into online programs is more difficult and takes some investment, but we know it is possible and are committed to doing it.  

The VIP (Vertically Integrated Projects) courses are one way of going about it. A VIP section consists of teams of graduate and undergraduate students that persist over several years. VIP is an award-winning idea that was conceived by Georgia Tech professor Ed Coyle and is now deployed globally. It is as close as you can get to industrial experience, and it focuses on those T-shaped skills. I have supervised VIP sections and can tell you from actual experience that employers recruit VIP students aggressively (almost independent of discipline). Making VIP available to online students is not only possible but also something we are committed to doing with the help of mentors and coaches who augment traditional academic faculty members.

Second, we have incorporated the Center for Deliberate Innovation (CDI) into SCP. This is an award-winning approach to learning the mindsets and traits that lead to innovation. Led by former Associate Dean Merrick Furst, the novelty of CDI’s approach lies in its ability to create a deliberate culture that makes it possible for innovators to expose mistakes and blind spots while establishing safeguards that can be observed and repeated with less risk. Making CDI’s teams of mentors and coaches available to all students (traditional and online) will take some work, but it is a unique approach to providing the relevant experience that was mentioned above.

We are being intentional in our efforts. I have enlisted the school leadership to help us understand how to plug into existing peer networks as well as identify some “diamonds in the rough” who are willing to step forward to increase student engagement.

A look at the week ahead and beyond:

  • On Monday, a select group of students will have the opportunity to be part of a roundtable discussion with R.K. Sehgal, Georgia’s Commissioner of Industry, Trade, and Tourism after the dot-com bust of the early 2000s. He was a brash, entertaining CEO of a $1 billion engineering company before I met him, and I came to appreciate his ability to “move mountains” in the public sector while I was the college’s dean. This is just another example of an opportunity we can offer students to energize them for the possibilities in the current digital economy.  
  • Wednesday is the start of the USENIX Security conference, one of the top-tier research venues in our field. Georgia Tech sits firmly in the top 5 of the organizations contributing to the technical program based on the number of papers (we have a baker’s dozen). You can explore our researchers’ work within the context of the whole program here
  • Research is an important component in the school. There are currently more than a dozen labs where students can explore different cybersecurity and privacy disciplines. As you prepare for the semester, see what current research might be available and suited to your interests. 
  • Finally, the College of Computing’s virtual UROC Job Fair (Undergraduate Research Opportunities in Computing) is Tuesday, Aug. 17, and the 3-Minute Madness for graduate students is Thursday, Aug. 19. Many SCP faculty will preview their work at 3MM, a pitch-style event.

As always, please feel free to reach out and engage with the school and share your cyber-related interests.

Sincerely,

Richard  DeMillo 
Charlotte B. and Roger C. Warren Chair of Computing  
Chair, School of Cybersecurity and Privacy    

Visit me at www.demillo.com
Follow me on Twitter @rad_atl and @richde

Chair’s Message | Students at the Forefront

July 30, 2021

Dear Cybersecurity and Privacy community,

You may have noticed that I devoted a lot of space in these letters last year to faculty matters – finding, recruiting, and blending them into a new school with its own way of doing business and a new culture suited to cybersecurity and privacy (in case you missed it, we have our own vibe). That was necessary. We can’t have an academic department without professors, so job one was figuring out who that might be and turning the sometimes-cranky gears of the Georgia Tech HR machine to move them from where they were to where we are now.

The same holds true for students. The whole point of the new school is to be a home for cybersecurity students. The importance of moving students to the front of the strategy queue was made clear to me this week because of four otherwise unrelated events.

  1. Graduate student orientation starts in a few weeks: Orientation works best when current students are involved in planning and conducting orientation. That usually means representatives from student government and organizations. As a new school we have neither.
  2. Employers have let us know they are interested in student-led and managed cyber labs and ranges: In other schools, existing clubs and special interest groups take up the challenge of student-managed facilities.
  3. A letter on job searches from a recent graduate crossed my desk: The student wanted to let us know that peer networks were a key factor in landing that first position. Cyber students are scattered among a dozen different units on campus. We know from experience that catalyzing these networks takes time and money. 
  4. In discussions with incoming students, it became clear that most awareness of SCP has not penetrated far into campus-wide cyber awareness: Unless you are enrolled in a cybersecurity degree program that is connected to an existing cybersecurity research project, you may not even know that Georgia Tech has a new school. On a related note, I was a half hour into a conversation with a staff member from the business and finance side of Georgia Tech, when it hit me: “This guy thinks I am leading an IT department, not an academic department.” That matters.

The bottom line is that, starting next week, we will begin a series of convenings with students.  My hope is that we will quickly create structures that allow us to be the student-centered department that I promised we would be when I took this job. That includes identifying and recruiting student leaders excited about taking up the challenge of creating a vibrant student life culture. Whether you are interested in startups and incubators, competitive events, governance, enrichment events, or simply networking, I hope you will stop in during office hours and give me your ideas for student involvement in cybersecurity and privacy at Georgia Tech and beyond.

I do not expect us to start at a sprint and try to accomplish everything right out of the gate. Remember, it’s been more than 10 years since Georgia Tech spun up a new academic unit, and, more importantly, we are coming back together into the same space after a long absence. Let’s give each other time to find our own comfort levels and paths to success. At the same time, we are fully focused and committed to moving forward and serving the best interests of our students.

Cybersecurity and digital privacy students now have a dedicated academic home. We look forward to welcoming all of you here soon. Amongst your week one school activities, you’re invited to my first open office hour on Friday, Aug. 27 at 1 p.m. Brendan Saltaformaggio will be a special guest and you can hear about some of the fascinating work in his CyFi Lab and engage with your peers. It’s your hour.

Sincerely,

Richard  DeMillo 
Charlotte B. and Roger C. Warren Chair of Computing  
Chair, School of Cybersecurity and Privacy  

Visit me at www.demillo.com
Follow me on Twitter @rad_atl and @richde

Chair’s Message | Welcome to the Inaugural SCP Faculty Cohort

July 23, 2021

Dear Cybersecurity and Privacy community,

It’s a little unreal to think that full campus operations are finally restarting after more than a year of our community being away from campus. Many of you are back already and reacquainting yourself with a regular routine. After today, we’re exactly 20 business days out from the first day of classes (Aug 23).

At our first monthly faculty meeting of the new fiscal year on Tuesday it was a genuine pleasure to see so many of you come out to Coda in midtown, and it wasn’t all business. It felt more like a homecoming of sorts, capping off a long ramp-up to create the school, which we announced last September.

You could say we crossed the finish line to becoming operational as a school with the start of the new fiscal year on July 1. We now have a home in Coda (on the 5th, 9th, and 10th floors) ready to welcome faculty, students, and staff. And more importantly, we have our inaugural cohort of faculty ready to move in. We are still in the process of deciding how to reconfigure the school for our new expanded space, but for now, the old IISP reception area on the 9th floor is serving as the department reception area too.

I am super excited to officially introduce you to the inaugural faculty and academic staff in the School of Cybersecurity and Privacy:

  • Mustaque Ahamad
  • Annie Antón (pending)
  • Sasha Boldyreva
  • Courtney Crooks (pending)
  • Rich DeMillo
  • Merrick Furst
  • Daniel Genkin (accepted effective 8/21)
  • Sy Goodman
  • Karl Grindal (post-doc)
  • Taesoo Kim
  • Vlad Kolesnikov
  • Nadiya Kostyuk (pending)
  • Joseph Jaeger (accepted effective 8/21)
  • Jae Hyuk Lee (post-doc; pending)
  • Wenke Lee
  • Lee Lerner (pending)
  • Frank Li
  • Jon Lindsay (accepted effective 8/21)
  • Vijay Madisetti
  • Sukarno Mertoguno
  • Milton Mueller
  • Sangdon Park (post-doc; pending)
  • Paul Pearce
  • Brendan Saltaformaggio
  • Peter Swire (pending)
  • Erkam Uzun (post-doc; pending)
  • Wen Xu (post-doc)

There are three additional names that I hope to add to our inaugural roster soon. I will update you as soon as possible. I will also make a more formal introduction to our new faculty members, Jon Lindsay, who is coming to us from the University of Toronto where he is an associate professor in the Munk School of Global Affairs, Joseph Jaeger who is currently a post-doc at the University of Washington, Mike Specter who will be graduating this summer from MIT and taking a year to post-doc at Google, and Daniel Genkin who is currently on the faculty of the University of Michigan.

You will notice another new addition. The Center for Deliberate Innovation (CDI) has moved to SCP. Led by Distinguished Professor Merrick Furst, CDI represents our commitment to entrepreneurial cybersecurity. Watch for Merrick and a fuller description of CDI programs and activities on the SCP website. The CDI Studio will be on the north end of the 5th floor SCP suite.

There was an incredible amount of energy and goodwill poured into the creation of this school. Your faculty contributed selflessly to spinning up an academic department from scratch. It was an unprecedented effort. I want to thank Mustaque for chairing the Executive Committee process that led to the creation of Curriculum, Recruiting, and Faculty Affairs committees. Mustaque was a tireless presence, and I am grateful for his service. Peter Swire took responsibility for the creation of the SCP Faculty Handbook, which will be a guide to future faculty and administrators. I asked Peter to document how we work. The result, which represents many hours of analysis and rounds of revisions and editing can be found on the SCP website. The Curriculum Committee, led by Sy Goodman and Annie Antón, focused on the creation of undergraduate learning experiences, beginning with threads in both ECE and Computing. This work will continue for the foreseeable future as we define and expand the boundaries of the field. Wenke Lee led the Faculty Recruiting Committee, whose success can be seen in the number of new colleagues in our inaugural roster. I thought this year would be a market test. It was. We exceeded expectations in both the number and quality of candidates who applied for positions in SCP. Thanks to everyone who generously donated time and effort to building the school.

Kenya Payton, Trinh Doan, Gloria Griessman, and Josh Preston took on extraordinary workloads with generous help from Elizabeth Ndongi and Sue Jean Chae to help the growing need for faculty support. Elizabeth is moving to a new role in SCS, and Kenya will provide backup support until a new position can be posted. Tiffany Ntuli will help us with academic program support and the transfer of SCS PhD students to SCP as we search for a new person for academic program support.

You will also see new Associate Chairs over the coming weeks. I already announced Sasha Boldyreva as the AC for Graduate Education. She is your go-to faculty member for all things having to do with the PhD program. Services for Master’s students and professional education are in the works. Other ACs will be announced soon.

As usual, faculty meetings will take place on the third Tuesday of every month from 11 am – 12 pm. You can see the slides from this week’s meeting here. Finally, we will hold a faculty retreat at the start of the fall semester to set hiring priorities for next year.

I am incredibly excited to see the progress we all have made in building our new school. As we filter back to campus, I hope you will stop in to say “hi” and talk about how we can be as successful as possible.

For students, new and returning alike, my school chair’s open office hours resume on Fridays starting Aug. 27. We will stick with a virtual format for the time being with details coming next week. Students have the mic at these sessions, so please take advantage of that.

What’s ahead? I’ll be focusing on students fall semester. I have heard from many of you about ways you want to engage with SCP — everything from new student-led clubs and organizations to career planning and advising. There is even a proposal for a student-managed cyber range.

You can also check out our first research news coverage in the school (if you’ve gotten your fill of Pegasus spyware headlines). The GT news is about an open-source malware forecasting and ranking tool and is just one of many examples of where our experts are continuing to make an impact.

Sincerely,

Richard  DeMillo 
Charlotte B. and Roger C. Warren Chair of Computing  
Chair, School of Cybersecurity and Privacy  

Visit me at www.demillo.com
Follow me on Twitter @rad_atl and @richde