Chair’s Message | Tackling the Big Issues for Students

Aug. 13, 2021

Dear Cybersecurity and Privacy community,

More on what student success might mean for the School of Cybersecurity and Privacy.

There is always a tension between keeping a college curriculum up-to-date and chasing after the latest fad. We academics try to put a brave face on it, but changing long-established courses is an often-tedious (and seldom-rewarded) process, filled with roadblocks and hurdles that scream, “STOP!” even when it has become clear that the newest thing will be around for a while, and the students who don’t know about it will be at a disadvantage in the eyes of many employers. I wrote about this phenomenon in Abelard to Apple. It’s one of the things that leads to bloated curricula filled with long chains of required courses, which leave little room for newer developments. Online course delivery helps a little. An instructor can snip out the old content and add the new with relatively little fuss. But how does an instructor know that the new stuff is likely to be important enough to make the change? If the change corrects an error, most teachers will hear about it soon enough. Sometimes the “old stuff” is there to advertise (a research area, for example) and the professor has a vested interest in keeping it around to attract graduate students. Consulting or short-term research exposes some faculty members to trends before they become truly disruptive. Often, however, we are simply late to the party. We might only find out when our alumni let us know about this *gap* in their training.

I gave this problem to my CS 4001 (Cyberethics) course a few years ago. “Give me some ideas for how current students can find out what the gaps are by talking to recent graduates. What do they know now that should influence what you are learning?” I asked. I received a lot of proposals. When you boil them all down you get something like the Personal Board of Directors (recommended by the Commission on Creating the Next), a technology-enabled network of mentors who share lessons from the workforce with students and teachers to help steer learning. Significantly, all my CS 4001 students said they would participate in such a mentor network. The idea was so compelling that when we asked the Silicon Valley design firm Ideo to host a worldwide competition for ideas that would change higher education, PDB was the winning proposal. We provided seed money to develop the idea, which has now blossomed into a portfolio of interesting projects.

I wondered as we began planning student-led and student-centered programs for SCP whether the PBD would have the same appeal in cybersecurity. Then I received this note from the same student I mentioned last week who discovered that, without internal champions, an entry-level job is hard to find:

“What is Cyber Resiliency?? When I learned I was going to be interviewed by the Cyber Resiliency Department, I quickly tried to learn what Cyber Resiliency was, because [we] never talked about it [in class and] I thought maybe it was new and just had not yet made it into the curriculum, but no, my research revealed it has been widely known since at least 2013 (https://www.mitre.org/sites/default/files/publications/13-4047.pdf ). It even has recent NIST publications dedicated to it. https://www.nist.gov/news-events/news/2019/09/cyber-resiliency-engineering-final-public-draft-nist-sp-800-160-volume-2

I am sure all of you know about Cyber Resiliency, but it was a surprise to me. I fell in love with the paradigm the cyber resiliency framework set up almost at once, because during my entire time [at Georgia Tech] I kept thinking – this is a losing battle…  The attack surface is too large, the chain of trust too long, the systems too complex…. We are never going to keep the bad guys out…  Cyber resiliency starts by saying, ‘That’s right, the bad guys are going to get in. Let’s win anyway and here are some methods to do so…’ [Our courses] talked about defense in depth but not about the many, many other concepts and methods within the cyber resiliency framework.”

The note ends with a not-too-subtle question: “Maybe this is something that needs to be rectified?” Let’s add this to the growing list of ideas for student-run initiatives for the upcoming SCP student town hall (stay tuned for an announcement of the date and time).

As we approach the start of the new semester:

  • I want to join the OMS Cybersecurity program directors in welcoming the newest class of students. The stories about what led students to the program always inspire me. I hope you feel part of our community of learners bound together by the commitment to a more secure cyber future.
  • Along those lines, I keynoted the close-out meeting of the X-Force Fellows of the National Security Innovation Network yesterday afternoon. Over a hundred projects, two hundred undergraduate fellows and a whole network of civilian and uniformed national security professionals tackled a range of practical problems that needed innovative thinking. Judging from the Q&A, there will be more opportunities next year for internships that target cybersecurity and privacy in the national security domain.
  • It’s time to expand SCP. We just finished an incredible first year of recruiting new professors to meet the demand for GT-trained cyber experts. We will be meeting for a retreat next Friday, Aug. 20, in Coda to plan hiring priorities for next year. I have heard from many of you about the kinds of courses and professors that you would like to see join the school. Please continue to send me your thoughts and suggestions. They will be helpful as we begin this most important task.
  • There’s a Career Chat (What Employers Really Want) today at noon. Hear from a panel of employers to learn what they are looking for in candidates.
  • In the Research Next Speaker Series, Dr. Cheryl Martin will be featured on Tuesday, Aug. 17.
  • And of course, Rats Night is around the corner. On Wednesday, Aug. 18, from 7-10 p.m., take over the Georgia Tech Library for a late night of fun filled with snacks, video games, trivia, arts and crafts, and free giveaways.
  • Finally for old and newcomers alike (we are all a little bewildered by this bustling city), Welcome to the 404: A Beginner’s Guide to Atlanta is Thursday, August 19. You can explore the best ways to connect with your new community, from sampling the city’s diverse culinary portfolio, harmonizing with Georgian nature, and engaging in GT and Atlanta’s proud history of service and activism.

As always, let me know how you are doing. Make suggestions. Get involved in the School. It’s your home at Georgia Tech.

Sincerely,

Richard  DeMillo 
Charlotte B. and Roger C. Warren Chair of Computing  
Chair, School of Cybersecurity and Privacy    

Visit me at www.demillo.com
Follow me on Twitter @rad_atl and @richde

Chair’s Message | Making Experiential Student Learning a SCP Cornerstone

Aug. 6, 2021

Dear Cybersecurity and Privacy community,

I want to continue the conversation I started in last week’s letter about the school’s investment in cybersecurity students. We know that our students are invested in Georgia Tech, but I want that to be a two-way street: we are invested in their success too.

That investment takes many forms, beginning with some of the things I talked about last week, including investing in a culture that promotes developing the skills that we know are highly correlated with long-term success. Those turn out to be different from the technical, cognitive, and analytical skills that must be mastered to win hackathons or ace difficult final exams. Sometimes called T-shaped skills, these are learned traits like determination, ethical judgment, curiosity, entrepreneurship, and self-efficacy that employers say are the hardest to test for during job interviews but which time and time again are associated with career-long advancement, growth and even wealth creation.

Why T-shaped? If you think of cognitive skills like coding as the vertical stroke of the letter T, these other skills are the horizontal bar at the top. They cut across many different technical skill sets and help determine the mindsets and attitudes that employers value most. One of my industrial colleagues once described things this way: “We know we can get great problem-solvers from top-notch programs, but it’s really hard to find people that know which problems to solve.”

Some people call the skills in the horizontal bar of the T the soft skills. I never liked that term. There is nothing soft about them. For one thing, learning them is hard. They are what educational psychologists call malleable. They can be formed and shaped, but they are most easily learned when you are young and become progressively more difficult to learn the older you get. By the time you get to college and beyond, the trial-and-error process of learning from failure may be the only path. Knowing how to form and lead a high-performing team, for example, is not something that you can learn from a lecture. That’s why employers consistently value experience, even when they are recruiting new college graduates.

One recent graduate from the OMS Cyber program (1K+ students strong) shared with me and others the difficulty of landing his first job in the industry. He went through some 50 applications before landing his first cybersecurity job. I was keen on understanding his journey.

He already held an advanced degree in a hard science and had sailed through a demanding Georgia Tech degree program, so his vertical skills were strong. And he had no lack of determination and belief in his ability to succeed (self-efficacy), but of course those were not on his official transcript. What he found was that his lack of professional experience outside his coursework was a barrier to getting the call-back. In fact, he never got a call-back unless someone within the company recommended him. As he put it: “Even though I was applying for entry-level jobs, the reason I was given for not being selected was that I had no directly relevant experience.” He never did get an offer for an entry-level position. He was instead offered (and accepted) a position as lead cybersecurity engineer in a prestigious lab, several levels above entry level.

I’ll have more to say about this story in coming weeks, but for today I want to point to the plans we are making to build these learning experiences into the fabric of SCP. First, experiential learning and peer networking will be a hallmark of cybersecurity at Georgia Tech. In-person students have a leg up on the online students because of internships and networks of colleagues to provide those crucial introductions and recommendations. Building those experiences into online programs is more difficult and takes some investment, but we know it is possible and are committed to doing it.  

The VIP (Vertically Integrated Projects) courses are one way of going about it. A VIP section consists of teams of graduate and undergraduate students that persist over several years. VIP is an award-winning idea that was conceived by Georgia Tech professor Ed Coyle and is now deployed globally. It is as close as you can get to industrial experience, and it focuses on those T-shaped skills. I have supervised VIP sections and can tell you from actual experience that employers recruit VIP students aggressively (almost independent of discipline). Making VIP available to online students is not only possible but also something we are committed to doing with the help of mentors and coaches who augment traditional academic faculty members.

Second, we have incorporated the Center for Deliberate Innovation (CDI) into SCP. This is an award-winning approach to learning the mindsets and traits that lead to innovation. Led by former Associate Dean Merrick Furst, the novelty of CDI’s approach lies in its ability to create a deliberate culture that makes it possible for innovators to expose mistakes and blind spots while establishing safeguards that can be observed and repeated with less risk. Making CDI’s teams of mentors and coaches available to all students (traditional and online) will take some work, but it is a unique approach to providing the relevant experience that was mentioned above.

We are being intentional in our efforts. I have enlisted the school leadership to help us understand how to plug into existing peer networks as well as identify some “diamonds in the rough” who are willing to step forward to increase student engagement.

A look at the week ahead and beyond:

  • On Monday, a select group of students will have the opportunity to be part of a roundtable discussion with R.K. Sehgal, Georgia’s Commissioner of Industry, Trade, and Tourism after the dot-com bust of the early 2000s. He was a brash, entertaining CEO of a $1 billion engineering company before I met him, and I came to appreciate his ability to “move mountains” in the public sector while I was the college’s dean. This is just another example of an opportunity we can offer students to energize them for the possibilities in the current digital economy.  
  • Wednesday is the start of the USENIX Security conference, one of the top-tier research venues in our field. Georgia Tech sits firmly in the top 5 of the organizations contributing to the technical program based on the number of papers (we have a baker’s dozen). You can explore our researchers’ work within the context of the whole program here
  • Research is an important component in the school. There are currently more than a dozen labs where students can explore different cybersecurity and privacy disciplines. As you prepare for the semester, see what current research might be available and suited to your interests. 
  • Finally, the College of Computing’s virtual UROC Job Fair (Undergraduate Research Opportunities in Computing) is Tuesday, Aug. 17, and the 3-Minute Madness for graduate students is Thursday, Aug. 19. Many SCP faculty will preview their work at 3MM, a pitch-style event.

As always, please feel free to reach out and engage with the school and share your cyber-related interests.

Sincerely,

Richard  DeMillo 
Charlotte B. and Roger C. Warren Chair of Computing  
Chair, School of Cybersecurity and Privacy    

Visit me at www.demillo.com
Follow me on Twitter @rad_atl and @richde

Chair’s Message | Students at the Forefront

July 30, 2021

Dear Cybersecurity and Privacy community,

You may have noticed that I devoted a lot of space in these letters last year to faculty matters – finding, recruiting, and blending them into a new school with its own way of doing business and a new culture suited to cybersecurity and privacy (in case you missed it, we have our own vibe). That was necessary. We can’t have an academic department without professors, so job one was figuring out who that might be and turning the sometimes-cranky gears of the Georgia Tech HR machine to move them from where they were to where we are now.

The same holds true for students. The whole point of the new school is to be a home for cybersecurity students. The importance of moving students to the front of the strategy queue was made clear to me this week because of four otherwise unrelated events.

  1. Graduate student orientation starts in a few weeks: Orientation works best when current students are involved in planning and conducting orientation. That usually means representatives from student government and organizations. As a new school we have neither.
  2. Employers have let us know they are interested in student-led and managed cyber labs and ranges: In other schools, existing clubs and special interest groups take up the challenge of student-managed facilities.
  3. A letter on job searches from a recent graduate crossed my desk: The student wanted to let us know that peer networks were a key factor in landing that first position. Cyber students are scattered among a dozen different units on campus. We know from experience that catalyzing these networks takes time and money. 
  4. In discussions with incoming students, it became clear that most awareness of SCP has not penetrated far into campus-wide cyber awareness: Unless you are enrolled in a cybersecurity degree program that is connected to an existing cybersecurity research project, you may not even know that Georgia Tech has a new school. On a related note, I was a half hour into a conversation with a staff member from the business and finance side of Georgia Tech, when it hit me: “This guy thinks I am leading an IT department, not an academic department.” That matters.

The bottom line is that, starting next week, we will begin a series of convenings with students.  My hope is that we will quickly create structures that allow us to be the student-centered department that I promised we would be when I took this job. That includes identifying and recruiting student leaders excited about taking up the challenge of creating a vibrant student life culture. Whether you are interested in startups and incubators, competitive events, governance, enrichment events, or simply networking, I hope you will stop in during office hours and give me your ideas for student involvement in cybersecurity and privacy at Georgia Tech and beyond.

I do not expect us to start at a sprint and try to accomplish everything right out of the gate. Remember, it’s been more than 10 years since Georgia Tech spun up a new academic unit, and, more importantly, we are coming back together into the same space after a long absence. Let’s give each other time to find our own comfort levels and paths to success. At the same time, we are fully focused and committed to moving forward and serving the best interests of our students.

Cybersecurity and digital privacy students now have a dedicated academic home. We look forward to welcoming all of you here soon. Amongst your week one school activities, you’re invited to my first open office hour on Friday, Aug. 27 at 1 p.m. Brendan Saltaformaggio will be a special guest and you can hear about some of the fascinating work in his CyFi Lab and engage with your peers. It’s your hour.

Sincerely,

Richard  DeMillo 
Charlotte B. and Roger C. Warren Chair of Computing  
Chair, School of Cybersecurity and Privacy  

Visit me at www.demillo.com
Follow me on Twitter @rad_atl and @richde

Chair’s Message | Welcome to the Inaugural SCP Faculty Cohort

July 23, 2021

Dear Cybersecurity and Privacy community,

It’s a little unreal to think that full campus operations are finally restarting after more than a year of our community being away from campus. Many of you are back already and reacquainting yourself with a regular routine. After today, we’re exactly 20 business days out from the first day of classes (Aug 23).

At our first monthly faculty meeting of the new fiscal year on Tuesday it was a genuine pleasure to see so many of you come out to Coda in midtown, and it wasn’t all business. It felt more like a homecoming of sorts, capping off a long ramp-up to create the school, which we announced last September.

You could say we crossed the finish line to becoming operational as a school with the start of the new fiscal year on July 1. We now have a home in Coda (on the 5th, 9th, and 10th floors) ready to welcome faculty, students, and staff. And more importantly, we have our inaugural cohort of faculty ready to move in. We are still in the process of deciding how to reconfigure the school for our new expanded space, but for now, the old IISP reception area on the 9th floor is serving as the department reception area too.

I am super excited to officially introduce you to the inaugural faculty and academic staff in the School of Cybersecurity and Privacy:

  • Mustaque Ahamad
  • Annie Antón (pending)
  • Sasha Boldyreva
  • Courtney Crooks (pending)
  • Rich DeMillo
  • Merrick Furst
  • Daniel Genkin (accepted effective 8/21)
  • Sy Goodman
  • Karl Grindal (post-doc)
  • Taesoo Kim
  • Vlad Kolesnikov
  • Nadiya Kostyuk (pending)
  • Joseph Jaeger (accepted effective 8/21)
  • Jae Hyuk Lee (post-doc; pending)
  • Wenke Lee
  • Lee Lerner (pending)
  • Frank Li
  • Jon Lindsay (accepted effective 8/21)
  • Vijay Madisetti
  • Sukarno Mertoguno
  • Milton Mueller
  • Sangdon Park (post-doc; pending)
  • Paul Pearce
  • Brendan Saltaformaggio
  • Peter Swire (pending)
  • Erkam Uzun (post-doc; pending)
  • Wen Xu (post-doc)

There are three additional names that I hope to add to our inaugural roster soon. I will update you as soon as possible. I will also make a more formal introduction to our new faculty members, Jon Lindsay, who is coming to us from the University of Toronto where he is an associate professor in the Munk School of Global Affairs, Joseph Jaeger who is currently a post-doc at the University of Washington, Mike Specter who will be graduating this summer from MIT and taking a year to post-doc at Google, and Daniel Genkin who is currently on the faculty of the University of Michigan.

You will notice another new addition. The Center for Deliberate Innovation (CDI) has moved to SCP. Led by Distinguished Professor Merrick Furst, CDI represents our commitment to entrepreneurial cybersecurity. Watch for Merrick and a fuller description of CDI programs and activities on the SCP website. The CDI Studio will be on the north end of the 5th floor SCP suite.

There was an incredible amount of energy and goodwill poured into the creation of this school. Your faculty contributed selflessly to spinning up an academic department from scratch. It was an unprecedented effort. I want to thank Mustaque for chairing the Executive Committee process that led to the creation of Curriculum, Recruiting, and Faculty Affairs committees. Mustaque was a tireless presence, and I am grateful for his service. Peter Swire took responsibility for the creation of the SCP Faculty Handbook, which will be a guide to future faculty and administrators. I asked Peter to document how we work. The result, which represents many hours of analysis and rounds of revisions and editing can be found on the SCP website. The Curriculum Committee, led by Sy Goodman and Annie Antón, focused on the creation of undergraduate learning experiences, beginning with threads in both ECE and Computing. This work will continue for the foreseeable future as we define and expand the boundaries of the field. Wenke Lee led the Faculty Recruiting Committee, whose success can be seen in the number of new colleagues in our inaugural roster. I thought this year would be a market test. It was. We exceeded expectations in both the number and quality of candidates who applied for positions in SCP. Thanks to everyone who generously donated time and effort to building the school.

Kenya Payton, Trinh Doan, Gloria Griessman, and Josh Preston took on extraordinary workloads with generous help from Elizabeth Ndongi and Sue Jean Chae to help the growing need for faculty support. Elizabeth is moving to a new role in SCS, and Kenya will provide backup support until a new position can be posted. Tiffany Ntuli will help us with academic program support and the transfer of SCS PhD students to SCP as we search for a new person for academic program support.

You will also see new Associate Chairs over the coming weeks. I already announced Sasha Boldyreva as the AC for Graduate Education. She is your go-to faculty member for all things having to do with the PhD program. Services for Master’s students and professional education are in the works. Other ACs will be announced soon.

As usual, faculty meetings will take place on the third Tuesday of every month from 11 am – 12 pm. You can see the slides from this week’s meeting here. Finally, we will hold a faculty retreat at the start of the fall semester to set hiring priorities for next year.

I am incredibly excited to see the progress we all have made in building our new school. As we filter back to campus, I hope you will stop in to say “hi” and talk about how we can be as successful as possible.

For students, new and returning alike, my school chair’s open office hours resume on Fridays starting Aug. 27. We will stick with a virtual format for the time being with details coming next week. Students have the mic at these sessions, so please take advantage of that.

What’s ahead? I’ll be focusing on students fall semester. I have heard from many of you about ways you want to engage with SCP — everything from new student-led clubs and organizations to career planning and advising. There is even a proposal for a student-managed cyber range.

You can also check out our first research news coverage in the school (if you’ve gotten your fill of Pegasus spyware headlines). The GT news is about an open-source malware forecasting and ranking tool and is just one of many examples of where our experts are continuing to make an impact.

Sincerely,

Richard  DeMillo 
Charlotte B. and Roger C. Warren Chair of Computing  
Chair, School of Cybersecurity and Privacy  

Visit me at www.demillo.com
Follow me on Twitter @rad_atl and @richde

Chair’s Message | Graduation Weekend

May 7, 2021

Dear Cybersecurity and Privacy community,

Spring semester is officially a wrap, and starting this morning, members of the Graduating Class of Spring 2021 will take part in commencement ceremonies. Congratulations to all the graduates who are being conferred degrees and a special job well done to the students in our cybersecurity graduate programs. To the graduates – you will break new ground in the field as you start or continue your careers. You’ve been prepared well and we wish you the best of luck. Please stay connected with the school and visit us when you’re back in the area.

You can meet some of our new alumni – including the Online Master of Science in Cybersecurity program’s first women graduates – in the school’s graduation coverage.

As we mark the end of SCP’s second semester and prepare for summer, we have much that we can be proud of. Building a new school has taken the village institute, and many of you answered the call.

Some recent activity of note with SCP people and programs:

  • The Georgia Cybersecurity and Privacy Roadmap Taskforce convened its second workshop, bringing together leaders from Georgia industries and government – including aerospace, agriculture, defense, and intelligence – to drill down on the requirements needed in the public and private cybersecurity sectors. The video is available here and one more workshop is being planned.
  • Spring brought a number of high-profile cyber-attacks and digital privacy issues that were reported in the media. School faculty continue to engage in the public discourse on these topics and you can see where in this interactive graph.
  • Yesterday I keynoted an event that drew national tech and business leaders to discuss “Global Trends in Digital Infrastructure.” John McIntyre from Georgia Tech’s Center for International Business Education and Research (CIBER) – no relation – invited me to set the stage for the discussion and share with the primarily non-cybersecurity audience what the cyber landscape looks like.

At the end of the keynote, I discussed the investment Georgia Tech has made in the new school and how we are in a good position to scale our programs to educate higher numbers of professionals and leaders needed in cybersecurity and digital privacy. You are making that investment possible. I’m looking forward to continuing our work this summer. Happy trails.

Sincerely,

Richard  DeMillo 
Charlotte B. and Roger C. Warren Chair of Computing  
Chair, School of Cybersecurity and Privacy   Visit me at www.demillo.com
Follow me on Twitter @rad_atl and @richde

Chair’s Message | What’s Next?

April 16, 2021

Dear Cybersecurity and Privacy community,

It’s been a bit frenetic; I know. There’s a lot of new stuff to do. Between transferring faculty members to the new school, interviewing new professors, starting a new curriculum, and introducing the school to the world (“Hello, World!”), it’s been amazing how much time I got to spend this semester talking with all of you. 

You would think that, with summer break almost here, we would have more time for that. Rather than winding down the clock to a slower summer, SCP faculty and staff will use the next few months for a quick breather and assess where we are, then prepare to hit the ground running in the fall.

Next on my agenda is getting input from faculty and students on what services they would like to see in the new school. While the intercollege model that the institute has adopted for SCP has brought valuable opportunities, being the first in line for this new type of academic operation means we will also have to invent new ways of doing business. This is a good time for you to weigh in. If you are a student, what services do you wish we had? If you are an online student, what can we do to add value to your OMS-Cyber experience? My faculty colleagues are in the same boat: from budgetary and financial services to grant administration to laboratories to career advising and course scheduling, we will have to find new team members who can support SCP’s mission and operations. I’ll meet with SCP faculty members before the semester ends in two weeks to brainstorm. Everyone else will soon receive an invitation to a SCP community Town Hall, where we will have the same discussion with even broader participation. I hope to see you there.

Here’s a news item that may help kick off the Town Hall conversation: The recently announced reorganization of the institute’s corporate engagement model impacts the school and how we might be able to serve students at career fairs. Every college (and the institute) has its own career fair, so where do we fit in as an intercollege unit? What meaningful leads and relationships for job prospects can we help students with by using the school’s contacts with industry? It’s an exciting and interesting problem.

A note on curriculum topics: The second workshop from the Georgia Cybersecurity and Privacy Roadmap Taskforce will look at “Bridging the Cybersecurity and Privacy Workforce Skills Gap” on April 27, 2:30 – 4 pm EDT. You can find out more details and register to attend virtually by visiting https://gacybereducation.org/. Also, this fall the School of Electrical and Computer Engineering will introduce threads for their undergrad degrees (sidenote: they follow the College of Computing, which introduced threads for its bachelor’s in computer science in 2007 when I was dean). Cybersecurity will be one of the threads in the computer engineering bachelor’s degree. Third-year student Andrew Gonzalez shares an insightful glimpse of his experience taking cybersecurity courses.

The professor will be out this summer as far as my virtual open office hours are concerned. My weekly letters to you will become more irregular until we pick back up again in August. You can quiz me on what I’ve learned these first two semesters as chair of SCP today at 1 pm at my last session this semester, and I will always be an email or a Twitter DM away until we get together again in the fall. I hope it will be in person, but we are planning for any eventuality.

Thanks for reading. Good luck on finals and have a safe summer.

Sincerely,

Richard DeMillo
Charlotte B. and Roger C. Warren Chair of Computing 
Chair, School of Cybersecurity and Privacy  

Visit me at www.demillo.com  
Follow me on Twitter @rad_atl and @richde   

Chair’s Message | Extending Our Reach

April 9, 2021

Dear Cybersecurity and Privacy community,

As we hit the final stretch of spring semester, the school community – faculty, students, operations staff, administration, and external supporters – continue to engage and lay the groundwork for the coming fall. We are constantly looking forward, but we also have some high-visibility activity taking place now that’s worth taking note of:

The Technology Association of Georgia announced last week its picks for 2021’s Top 10 Innovative Technology Companies in Georgia. On the list is Codoxo, which almost five years ago to the day was the winner of the IISP Inaugural Demo Day Finale at Georgia Tech (April 13, 2016). The original GT news story includes a great testimonial about how a course in information security inspired two-time alum Musheer Ahmed to pursue his future career path. Now his company is using AI forensics to help mitigate the loss of billions of dollars in U.S. healthcare due to fraud, waste, and abuse.

Speaking of healthcare, a hack of Health Net records (and several universities) in January and just disclosed in March, has fueled the discussion over adoption of a national privacy law. I talked with a L.A. Times business columnist about the topic, and if you want an excellent overview of current global privacy issues, view a recording of Peter Swire’s Q&A with students at one of my virtual open office hours earlier this semester.

Data privacy is also getting attention in the spring issue of the Georgia Tech alumni magazine, hot off the presses and centered on ethics in tech. SCP faculty members Peter Swire and Annie Antón are featured and, without spoiling the short read for you, I will say that they frame the discussion in a very interesting way.

Last week’s virtual celebration for the NSA Codebreaker Challenge turned into an almost exclusively Georgia affair. The top three schools were invited to talk with National Security Agency officials and give input on future challenges. UNG and Georgia Tech (#1 and #2 in the 2020 challenge) were followed by #3 Oregon State which, as it turns out, has GT alum Yeongjin Jang organizing the university’s efforts. If you’re keeping count, Georgia Tech is one of 11 NSA Centers of Academic Excellence in Cybersecurity in the state, and Georgia sits in the top 10 nationally for number of CAE-designated institutions.

The codebreaker challenge is an example of students having an opportunity to work on complex and realistic problems in cybersecurity. As part of the efforts of the Georgia Cybersecurity and Privacy Roadmap Taskforce (GCRT) that I chair, the group is looking at such opportunities that support increasing the potential talent pool for the cyber workforce.

The next workshop for the GCRT will be industry-focused and include an overview of Georgia’s cyber workforce, existing gaps, and industry needs. You can sign up to get more information when the April workshop details are announced.

As you prepare to finish your last assignments and instructional days for the spring, take a minute to make sure you’re on our mailing lists or connected on social media. Summer may traditionally have less activity for students, but our school will maintain a steady pace as we prepare to share more good news and developments ahead of fall semester.

Two events of note from the school take place today and Tuesday, and you can stop by the chair’s virtual open office hour at 1 pm ET and ask me (almost) anything.

Thanks for reading.

Sincerely,

Richard DeMillo 
Charlotte B. and Roger C. Warren Chair of Computing 
Chair, School of Cybersecurity and Privacy  

Visit me at www.demillo.com  
Follow me on Twitter @rad_atl and @richde   

Chair’s Message | Intercollege Academic Model Taking Form

April 2, 2021

Dear Cybersecurity and Privacy community,

Who ultimately oversees this new school that runs point for cybersecurity and privacy education activity on behalf of all the academic colleges at Georgia Tech? This is a question that comes up frequently as we build the model for an intercollege academic unit.

SCP has an administrative home in the College of Computing, which means we have only one set of rules and procedures to follow (trust me, Georgia Tech has lots of rules). Dean Charles Isbell is my boss. But I am also accountable to the Council of Deans of the remaining five colleges, library, and professional education. Like equity shareholders of a startup, they have invested in SCP and have a stake in our success.

When I was asked to become the interim chair and help launch SCP, I was careful to inquire about whether that means I report to eight bosses (nine, if you count the Provost, to whom all the deans report). As a former dean, I am well-versed in the university art of tending to investments of scarce academic resources. I knew that they didn’t all want the same things all the time, so I did not relish the idea of trying to please them all.

Charles was convincingly reassuring: “No, you will not have eight bosses,” he said. The shareholder/start-up analogy should have occurred to me right away. It would have helped quiet the annoying, ever-skeptical little voice in my head.

On the other hand, I do take the responsibility of regular reporting to the Council seriously. I do that with letters like this one. In fact, some of the deans read my weekly letters to keep up with what’s happening in SCP. I thought this week it would be fun to turn the tables and give you a preview of what I will be telling the Council in my end-of-the-semester report.

  • The SCP faculty met on Tuesday. It was our third monthly business meeting. I noted at the meeting that the school is on track to begin operations in August to coincide with the 2021-22 school year. This means all essential administrative functions are staffed and academic matters are being governed by committees.
  • We are being deliberate in naming the founding faculty members. There are 23 active requests from other units for positions in SCP (most of them for joint appointments). Here is the breakdown:
    • Computer Science – 7
    • Interactive Computing – 2
    • Computational Science & Engineering – 1
    • Electrical and Computer Engineering – 4
    • Public Policy and Sam Nunn School – 5
    • Scheller College of Business – 2
    • GTRI -2
  • I have appointed Alexandra “Sasha” Boldyreva as the SCP associate chair for graduate education. This reflects the importance of the master’s and PhD programs to the school. Sasha had a similar role in the School of Computer Science, and she is an experienced leader in supporting graduate students.
  • The Institute for Information Security and Privacy (IISP) – Georgia Tech’s research arm in these areas – will become part of SCP by the start of the fiscal year. IISP has been an engine driving the growth of cybersecurity and privacy research and innovation. IISP Executive Director and Professor Wenke Lee will continue in his leadership role.  
  • A timeline for the SCP chair search has been laid out by search chair and Professor Mark Riedl of Interactive Computing. The job announcement will go out shortly and by September the search committee hopes to deliver final recommendations. Finding the right candidate is critical to the school’s future success. I’ve talked previously about developing the school’s culture and the new chair will play a large part in defining that. Based on the faculty discussion, the search committee won’t have any shortage of input, but I encourage you to reach out and engage in the endeavor.
  • The curriculum committee will shortly deliver a recommendation for an undergraduate thread in cybersecurity starting fall semester. The group has identified this as an important need that aligns with the computer science and the electrical and computer engineering undergraduate programs, both of which include threaded curriculums.
  • The Georgia Cybersecurity and Privacy Roadmap Taskforce is bringing together industry stakeholders for our second workshop later this spring to identify workforce gaps in cyber-related jobs and careers. The first workshop surfaced interesting perspectives from the education sector, including discussion from University System of Georgia officials on how we might innovate to serve more students.

Balancing all the needs of a new school has taken the commitment of more people than I can name in this column, but their work is starting to pay dividends. I look forward to continuing the momentum we’ve built and identifying together where we head next.

As always, thanks for reading, and come say “hi” at my weekly virtual open office hour, Fridays at 1 pm ET. You can find out more ways to get involved with the school by visiting us online.

Sincerely,  

Richard DeMillo
Charlotte B. and Roger C. Warren Chair of Computing 
Chair, School of Cybersecurity and Privacy 

Visit me at www.demillo.com  
Follow me on Twitter @rad_atl and @richde   

Chair’s Message | The First Two Years: Online Master of Science in Cybersecurity

March 26, 2021

Dear Cybersecurity and Privacy community,

This week included a mid-semester break from instruction, so I hope you had a chance to take some time for yourselves.

The school has been working this semester with Georgia Tech Professional Education, which administers the Online Master of Science in Cybersecurity degree program (OMS Cyber), to put together a bigger picture of how the program has developed in its first two years.

We can now share some details on enrollment and industry sectors for employment. The program continues to grow. The 223-student spring 2021 cohort is the program’s largest (28% above 2020) for a spring semester. You can read about some of the OMS Cyber students here.  It’s been great to see the level of student engagement with the new school. Let us know if there are other ways we can help you connect with your professors and classmates.

2020 was a difficult year for everyone, but even in the middle of a pandemic there is reason to be optimistic about the direction the program is taking. Here are some of the highlights from the program as of December:

  • 80% of student enrollment is U.S.-based
  • Top 5 states for enrollment are Georgia, California, Virginia, Florida, and Texas
  • 84% of students are employed
  • Top sectors for employed students are technology, finance, and defense, each with ~10% or ▲
  • 1 out of every 4 new students in 2020 in the policy track identify as female
  • Enrollment of women increased in all three degree tracks in 2020
  • Black and Hispanic groups each make up at least 10 percent of enrollment

The school has developed an interactive graphic for OMS Cyber’s 2-year birthday that you can explore for yourself and use to find more insights into the program. Faculty have built a solid foundation with OMS Cyber, and combined with residential graduate degree programs, undergraduate courses, training certificates, and bootcamps, the school is in a good position to lead Georgia Tech in its next steps in cybersecurity and privacy education.

On another front: the Commission on Research Next just published its Phase 1 Report. The Commission was launched by Georgia Tech Executive Vice President for Research Chaouki T. Abdallah. The report is designed to identify and better understand research challenges universities will face in the next decade.

A major subsection of the report, “Research that Matters,” identifies seven societal challenges that will shape Georgia Tech’s research direction, and the topic of security makes two appearances:

  • Food, water, sanitation, and hygiene
  • Healthcare and medicine
  • Transportation, energy, and infrastructure
  • Cybersecurity and privacy
  • Diversity, equity, and inclusion
  • Education
  • Security, defense, and prevention of nuclear terror threats

Georgia Tech has a long record in cybersecurity research going back more than 20 years to the Sam Nunn Forum, which drew attention to the vulnerabilities of emerging computerized financial systems. As a former director of the Georgia Tech Information Security Center, I’m keenly aware of the opportunity and necessity to build our research enterprise in cybersecurity and privacy alongside our education programs. 

Wen Masters, deputy director of Information and Cyber Sciences in GTRI (and an advisor to SCP), is co-chair of Commission on Research Next. I encourage you to reach out to Wen or Wenke Lee, executive director of the Institute for Information Security and Privacy, to find out how to engage in this effort. Phase 2 is already underway.

Next Tuesday, March 30, is SCP’s monthly faculty meeting. Please join us as we share more news about the school’s ongoing development and how you can get involved.

On March 31, the National Security Agency will recognize Georgia Tech students for their top performance in the 2020 NSA Codebreaker Challenge (they placed 2nd). School faculty who are interested in attending the virtual celebration can contact Taesoo Kim, who has led GT participation in the program since it started in 2015. You can read about some of the students from the challenge and the invaluable experience it gave them in advancing their cybersecurity skill sets.

Please take a minute to see how you can connect with the school through events, my open office hour on Friday afternoons, or other opportunities. And if you have questions, drop us a note or contact me directly.

Thanks for reading.

Sincerely,

Richard DeMillo 
Charlotte B. and Roger C. Warren Chair of Computing 
Chair, School of Cybersecurity and Privacy  

Visit me at www.demillo.com
Follow me on Twitter @rad_atl and @richde

Chair’s Message | A Statewide Initiative in Cybersecurity and Privacy Education

March 19, 2021

Dear Cybersecurity and Privacy community,

On Wednesday, education representatives from around the state convened virtually in the first workshop held by the Georgia Cybersecurity and Privacy Roadmap Taskforce. Condensing the 90-minute session into a few themes can’t fully capture all the topics presented, but if I had to characterize the meeting, I would say that 1- the state of cybersecurity education in Georgia is maturing rapidly and 2- there are several educational frameworks that position us well for the future. That’s not to say there aren’t challenges ahead. As chair of the taskforce, I’ve asked the members to think holistically about how the state can train more cybersecurity and privacy professionals at scale and pinpoint timeframes to enact these recommendations. 

I won’t bury the headline here. The GCRT is working to create a playbook for the entire Georgia education ecosystem to be used as a strategic guide for cybersecurity education. This guide will help build Georgia’s capacity to certify teachers, support faculty in higher education to serve more students, and scale delivery of education and training programs, all of which will lead to more students who are equipped to enter the cybersecurity and privacy workforce. The economic driver here is clear: there’s a workforce gap (you can monitor it for yourself) that we must address in order to secure our national infrastructure and protect how we do business across networks. This is an imperative for the state, and part of the solution must include a comprehensive education and training plan.

Some of the issues being raised in cybersecurity education remind me of those in computer science education – how do we address scale, access, instructional delivery methods, resources for instructors and students, etc.?

Georgia Tech not too long ago answered some of these questions in a big way when it took its master’s degree in computer science online and disrupted the market – it was the first online graduate CS degree from a top public research university that was equal to its residential program in all but cost. It’s been hugely successful; OMSCS currently enrolls 10,000+ students and costs less than $9K.

I mention this because Wednesday’s discussion surfaced some ideas that capture this spirit of thinking big and doing education in ways that are perhaps not common but are necessary and have huge potential payoffs. Some of this discussion revolved around how to solve creating more standardized delivery methods for instruction and finding and training qualified instructors across the education spectrum.

It’s an interesting parallel for me and perhaps a good bit of synergy to be the chair of the new school at Georgia Tech and this taskforce. Both enterprises require new ways of thinking and models that can support growing demand in this space. Just as I have encouraged the community to make their voice heard during the formation of the new school, please feel free to reach out to taskforce members as we continue this statewide initiative. There will be two more workshops this year that you can also take part in.

A recent example of Georgia’s strengths in cybersecurity is the National Security Administration Codebreaker Challenge, where eight colleges and universities in the state placed in the top 100 teams across the country in 2020. Georgia Tech was second, among 452 qualifying institutions, and has been in the top three ever since the competition started in 2015. Taesoo Kim, associate professor in computer science, and participating students (many from CS 6265) will be recognized by the NSA at the end of the month. This competition provides students with a hands-on opportunity to develop their skills in reverse-engineering and low-level code analysis through realistic problem-solving. Our school developed an interactive visual breakdown of top-performing teams here.

For those students new to Georgia Tech this semester, welcome and good luck. A special welcome to the 223 online students starting their journey in the OMS Cyber program. You’re invited to my weekly virtual open office hour, Fridays at 1 pm ET. I look forward to seeing some new faces and hearing about you and your interests.

Thanks for reading.

Sincerely,

Richard DeMillo 
Charlotte B. and Roger C. Warren Chair of Computing 
Chair, School of Cybersecurity and Privacy   

Visit me at www.demillo.com  
Follow me on Twitter @rad_atl and @richde