Category: Chair’s Message

March 12, 2021

Dear Cybersecurity and Privacy community,

I read and respond to all correspondence (if you sent me something and have not heard back from me yet, please send it again), but I don’t always have time to expand on ideas that deserve a fuller discussion. There were a dozen emails this week about my short summary of SCP’s first faculty retreat. It’s a little unfair to characterize questions that were well-intentioned and deserve deeper discussion, but bear with me. Many of you ask, “Why, among all the things SCP might emphasize, are you choosing X and not Y?” These are excellent questions but answering all the (X,Y) instances may not be especially informative.

Aside from the obvious (to me, at least) answer that we are not yet at the choosing stage, my stock response, is “Good question! Why not help us explore it in more detail?” We are at the beginning stage of a process that will play out over months and, if we are successful, years.  Here are some of the recurring phrases I captured in these initial discussions:

• Leverage campus resources to scaffold student success
• Curriculum with diverse paths for students
• Diverse student population
• Engage industry to provide students project-based learning and capstone course opportunities
• Integrate security/privacy modules across all colleges’ core curriculum
• Build demand for graduate training by appealing to undergraduates
• Opportunities for faculty to work with student research assistants

In effect, these are snapshots of possible futures for SCP. For the most part, they focus on students and reflect not only underlying principles but also the economic reality that SCP will succeed only if our students do. In the coming weeks, I will point you to Georgia Tech’s new ten-year strategic plan  and the report of the commission I co-chaired on the future of Georgia Tech education.

The most common (X,Y) questions have to do with whether SCP courses, programs, or degrees require technical proficiency as opposed to equally rigorous preparation in a non-technical field.  “As opposed to…” strikes me as a false choice. A much more interesting question is how X and Y are related. This was a week rich in examples of how that might work. Yesterday SCP co-hosted (with the School of Modern Languages) a roundtable event entitled “21st Century Cybersecurity: The Critical Role of Critical Languages in Advancing Multilingual and Cross-Culteral National Security Approaches, Competencies, and Perspectives.” The guest speaker was Dr. Michael Nugent, who directs the Defense Language and National Security Education Office.   Dr. Nugent’s summary of relevant programs and the panel discussion I moderated tied together the needs of cybersecurity in a globally connected world and multilanguage/cross-cultural research and education.

Jon Lindsay’s SCP seminar  (also yesterday) on the relationship between cyber conflict and intelligence practice is another example. Jon is a political scientist and expert in military intelligence with a deep knowledge of cybersecurity who argues, “Cyberspace is the most complex sociotechnical information system ever built, and cyber conflict is essentially just intelligence competition within it.”

So, as you formulate your own (X,Y) questions, consider how you might spark conversations like these. We are at the starting point of our planning process and mindful that most of the interesting questions have not been answered. You can reach out to any faculty on the school’s committees or the executive committee leadership to let us know of your interest in engaging.

Other items worth knowing about this week:

• Among our student successes, year-over-year growth for the Online MS in Cybersecurity program from 2019 to 2020 was 16% with 2021 on track to exceed that (based on spring enrollments). The program has enrolled more than 1,000 students to date.

• Mustaque Ahamad, professor in computer science, reminded me that the original MS in Cybersecurity started in 2002. So we have a big birthday to celebrate next year. Georgia Tech was early to the game in offering a graduate cybersecurity degree, and I think this reinforces why our next steps in the curriculum are so important. We need to be early to defining what the job market will expect in terms of skills and diversity in the future.

• Putting a face on our student success stories is equally as important. March is Women’s History Month and we are celebrating with highlights of women in our community. Becky Borrebach, an OMS Cyber student and U.S. Army captain stationed in Hawaii, is on track this spring to be one of the first female graduates in the program. One parallel that Becky made between the Army and Georgia Tech was that both organizations want the best people, regardless of gender. That testament, from a student who has never sat in a classroom on campus, is encouraging as we look to the future in growing our degree programs. You can read Becky’s story here.

• The school has also created a snapshot of women faculty and research scientists at Georgia Tech whose work is centered on or connected to cybersecurity and privacy. It shows a part of the diversity of education and research expertise across campus.

• And speaking of diversity, a recent industry report from global cybersecurity firm CrowdStrike finds that Georgia Tech is doing comparatively well when it comes to the gender diversity of its computer science (CS) faculty. We’re ranked #2.

• Today’s virtual cybersecurity lecture at noon is on a hot topic: deep fakes. Hany Farid, professor at the University of California at Berkeley presents on “Creating, Weaponizing, and Detecting Deep Fakes.” His research focuses on digital forensics, forensic science, misinformation, image analysis, and human perception.

Next week’s events include faculty candidate talks, a fireside chat with CS alumnus and cybersecurity expert Paul Judge, and our first workshop for the Georgia Cybersecurity and Privacy Roadmap Taskforce.

See you this afternoon for the chair’s virtual open office hour (1 pm ET).

Sincerely,

Rich DeMillo
Charlotte B. and Roger C. Warren Chair of Computing   
Chair, School of Cybersecurity and Privacy    

Visit me at www.demillo.com   
Follow me on Twitter @rad_atl and @richde   

March 5, 2021

Dear Cybersecurity and Privacy Community,

Thanks to all of you who commented on last week’s letter about the themes that came out of the faculty retreat. There will be working groups of students, faculty, alumni, and external stakeholders to expand the themes into narratives that will feed the strategic planning process beginning in earnest this fall. Now that the search committee for the inaugural chair has been announced, the questions posed during the retreat have taken on a new sense of urgency. I hope that many of you will find a way to be involved over the coming weeks.

The near-term business of building the school goes on as well. You should expect to see research and instructional faculty members added to the school and a new committee devoted to space and facilities soon. As I am sure you know, specialized laboratories and facilities are needed for world-class cybersecurity education and responsible experimentation. The new committee will seek broad input in developing a uniquely Georgia Tech approach to cybersecurity facilities.

I have hinted about it in the past, but today I can announce the first public event associated with a statewide initiative I am leading to address the challenge of producing enough qualified cyber-science and privacy professionals to close the cybersecurity workforce gap. I chair the new Georgia Cybersecurity and Privacy Roadmap Taskforce (GCRT), organized by the University System of Georgia, to develop the cybersecurity education playbook for public and private institutions (including K-12, technical colleges, and higher education). On March 17, GCRT kicks off the first in a series of workshops, Building a Strategic Blueprint for Cybersecurity and Privacy Education. The objective is to offer the state’s education community the chance to collaborate and share perspectives about the growing demand for cybersecurity talent. Broad participation from Georgia Tech will drive this effort. Check back for more details on the website next week.

On other fronts:

• This week, we had the opportunity to (virtually) host students admitted to the Ph.D. in computer science program and gave them a sneak peek of their new home in Coda. The Coda building is a nexus for innovation that will serve the school well (and it is the tallest building in midtown according to facilities management; it has 21 levels). Coda will also offer important opportunities for collaboration with industry because of its proximity to other key stakeholders in the Atlanta tech ecosystem.

• The institute recently announced plans for a full reopening of campus for fall semester. With this new guidance, we will assess safe ways to let our community engage in Coda later this year.

• Today at noon you can take part in a SCP lecture by my friend and colleague Harri Hursti, co-founder of Nordic Innovation Labs and one of the world’s foremost experts on the topic of electronic voting and critical infrastructure security. His talk will be on 2020 cyberattack trends and forecasts for 2021.

• I am out of town this week, but I hope you can join SCP’s Curriculum Committee Chairs and Professors Annie Antón and Sy Goodman at 1 p.m. ET for the chair’s virtual open office hour. As I mentioned a couple of weeks ago, developing SCP’s curriculum has turned into an exciting venture, so I am sure you will want to hear Annie and Sy share their visions of how cybersecurity education should evolve at Georgia Tech. Remember, we were ranked #1 nationally for our undergraduate cybersecurity programs, so do not expect tomorrow’s discussion to be tame. It has been great to see these two leaders challenge their colleagues to think boldly and innovatively about cybersecurity education.

• One March 11, a panel with the school’s curriculum co-chairs, Profs. Antón and Goodman, will feature Michael Nugent, director of the Defense Language and National Security Education Office for the U.S. Department of Defense. Faculty candidate talks also continue next week.

I’ll be back soon with more updates. Meanwhile, have a great weekend, and please continue to send me your thoughts about how to launch our new school.

Sincerely,

Rich DeMillo
Charlotte B. and Roger C. Warren Chair of Computing  
Chair, School of Cybersecurity and Privacy   

Visit me at www.demillo.com  
Follow me on Twitter @rad_atl and @richde  

February 26, 2021

Dear Cybersecurity and Privacy Community,

The School of Cybersecurity and Privacy held its first faculty retreat this week. Retreats are the first step in a strategic planning process. They are a good way to begin talking about what’s important (and what’s not). Most of the time, a retreat is a closed meeting. There are good reasons for that. Any time you talk about what you stand for, there are going to be clashes.  Emotions often run high. In time, you find ways to work out the important differences, but you might not want the process to be in full public view. Halfway through the afternoon it occurred to me that this group had been engaged in the difficult conversations for the last six months or so. This meeting was an occasion to be optimistic. The retreat was not the beginning of a conversation but was rather a way to focus thoughts that had been in the air for weeks already.

Here is the central question we posed: Does the school subscribe to principles that can be explained to anyone?  Themes emerged almost immediately:

Trust: as a department focused on security and privacy, our goal is to build trust in cyber infrastructure, and we view ourselves as responsible stewards of methods for doing that.

Leadership: we embrace the challenges of building an academic home where excellence, an innovative mindset, and a focus on real-world security and privacy will influence boundaries and outcomes for the entire field.

Learning: a fundamental principle is our commitment to building a learning community of practitioners and scholars dedicated to education at all levels.

Being deliberate: use our unique role as a school responsible to many colleges to organize ourselves in deliberately innovative and agile ways.

We are sifting through dozens of suggestions like these:

• How do we invest in new ideas? We use the Buckminster Fuller-esque method of finding small projects that, if successful, have rapidly expanding impact.
• How do we become responsible stewards? We develop modules and courseware for the curricula in all colleges and programs to expose students to the critical issues.
• What kind of learning community are we? One that experiments safely.   

I hope you lend your voice in the coming weeks and months as we expand this conversation to include working groups and committees to explore ways to implement these principles.

A quick note: Today is the final round of cyber-attacks competition Mad Hacks: Fury Code, hosted by the National Security Innovation Network. Georgia Tech’s own Jane Kim is a member of Team Sky, one of nine finalists. The virtual event is at noon eastern time.

Also, join me to today at my virtual open office hour at 1 pm ET for the regular freeform discussion. I’m sure it won’t take much prodding if you ask me about more of my thoughts from the retreat.

Sincerely, 

Rich DeMillo  
Charlotte B. and Roger C. Warren Chair of Computing 
Chair, School of Cybersecurity and Privacy  

Visit me at www.demillo.com 
Follow me on Twitter @rad_atl and @richde 

February 19, 2021 

Dear Cybersecurity and Privacy Community, 

As I have conversations about SCP with faculty, students, administrators, industry leaders, and others, the discussions frequently turn to privacy education. It’s not a surprising turn in conversations about a school that’s dedicated to cybersecurity and privacy. What role does it play in the school? Will there be privacy-focused degrees? Are there classes that are available now? SCP is an unusual beast because so few of our peers even consider these questions.  

We can take a lead in defining privacy education in a world transformed by digital technology. Businesses and governments have clear financial and legal incentives to focus on cybersecurity in order to keep their doors open. The subject of privacy occupies a related but very different space where organizations are still finding their footing. I saw this firsthand in my previous post at Georgia Tech leading the Center for 21^st Century Universities (C21U). C21U was a pioneer in establishing digital learning in the U.S. We quickly grew from a handful of online students to well over three million in a span of two years. We thought we had a handle on the spaghetti nest of privacy rules and regulations governing higher education, but those were the rules drafted in a different age. When the European GDPR rules dropped, we were caught flat-footed. We only avoided disaster because we were hosting large amounts of student data and had developed data protection rules of our own. 

This afternoon during my Virtual Open Office Hour, Peter Swire, one of Georgia Tech’s resident privacy experts, will join me. Peter just gave testimony on Capitol Hill in December on the EU-US Privacy Shield. His experience in previous federal administrations – and long record as a privacy and cyberlaw scholar and practitioner since the rise of the Internet in the 1990s – uniquely positions him to inform us on the complicated topic of privacy. I hope you’ll join us at 1 p.m. EDT and engage in the discussion.  

Another key area we are preparing to tackle is outreach, education pipeline, and workforce development needs in the state as it relates to cybersecurity and privacy. 

The Georgia Cybersecurity and Privacy Roadmap Taskforce, organized by the University System of Georgia (USG) and led by Georgia Tech, will seek to create and execute a strategic action plan that can be implemented across public and private education systems, including K-12, technical colleges and university programs. 

We will host a virtual workshop, Building a Strategic Blueprint for Cybersecurity and Privacy Education, in March with panelists from the state’s education community. The workshop offers stakeholders the chance to collaborate and share market perspectives about establishing a statewide education program to meet the growing demand for cybersecurity talent. 

By one estimate, there are currently more than 17,000 job openings in Georgia in cybersecurity areas. We plan to start addressing this issue with stakeholders across the state and create a wholistic approach that can guide educators, elected officials, and others and provide them with achievable cybersecurity education goals.  

More information on this effort will be available soon. 

To keep our community up to date, we’ve now made recordings available on the website for several events, including seminar talks, entrepreneur chats, panel discussions, and more. You will also find upcoming events here as our programming continues to expand.  

Thanks for reading. 

Sincerely, 

Richard DeMillo  
Charlotte B. and Roger C. Warren Chair of Computing 
Chair, School of Cybersecurity and Privacy  

Visit me at www.demillo.com 
Follow me on Twitter @rad_atl and @richde 

Feb. 12, 2021

Dear Cybersecurity and Privacy Community,

Suddenly, I feel like a school chair. For the last six months SCP has been preparing to be a school. This week was like hopping onto a moving conveyer belt.

• We are admitting students to the school. The Fall 2021 class of incoming Ph.D. students will receive acceptance letters this week. This year’s applicant pool was exceptional, and competition from peer institutions will be fierce, but with even a modest yield (that’s what we call the percentage of accepted students who show up), it will be the strongest doctoral class in recent memory. Demand for the master’s program is also high, but online students continue to outpace residential enrollment. The Online Master of Science in Cybersecurity program grew by 16 percent in its second year and is now more than 1,000 students as of spring 2021.

• Undergraduate programs are in the works. As I mentioned last week, the curriculum committee is consolidating and streamlining existing course offerings for available undergraduate degrees and certificates. A stand-alone undergraduate degree in cybersecurity is still in the early design phases. Last week’s letter must have hit a nerve. Thanks to all of you who took the time to contact Professors Antón, Goodman, and me with your must-have courses and concentrations. We will be holding town halls and round tables to gather broad input from the Georgia Tech community.

• Speaking of must-haves: I am chairing the Georgia Cybersecurity Roadmap Taskforce (GCRT), a group which will identify cybersecurity skills that are needed as Atlanta and the region become an important hub for cybersecurity and privacy. Gloria Griessman, who manages external engagements for SCP, oversees the GCRT agenda, part of which includes a series of panels focused on crucial questions. The first panel will take stock of existing programs at all educational levels from K-12 to post-secondary and lifetime education. Watch the SCP website for dates and times. On a related note, there is a new article about federal workforce needs and the CyberCorps program managed by SCP faculty members Profs. Ahamad and Goodman. Georgia Tech in one of the original ten CyberCorps sites.

• Hiring season is upon us. SCP began recruiting this week with a virtual talk from University of Maryland visiting scholar Julian Loss, who specializes in blockchain, distributed consensus and multi-person computation. You can find his seminar talk here.

• The date for the 2021 IISP/SCP Cybersecurity Summit is set and will be announced next week. This year’s theme will assess the new threat landscape and its effect on how companies organize their cybersecurity efforts and what skills will be needed.

• Project-based learning (PBL) is always a topic of conversation in the committees planning SCP’s courses and programs. I mentioned this before the holiday break last year, and I promised to give you an update. I have now spoken with our board of industrial advisors about internships and other project opportunities for SCP students. Most of the companies on our advisory board are enthusiastic about offering project-based learning experiences to SCP students.

• Very shortly, it will become a whole lot easier to collaborate with Microsoft around cybersecurity projects. As reported Thursday, Microsoft will open a new 90-acre campus to the west of Georgia Tech. With two new regional data centers, this will be a major expansion of Microsoft east of the Mississippi. As President Ángel Cabrera noted in a recent post: Silicon Valley-Puget Sound-ATL is the perfect triangle.

• To broaden our impact in another way, the school has been working to get a fuller picture of how faculty influence public discourse in the media. We’ve created an interactive visual snapshot of some Georgia Tech people, topics, and trends in the news and plan to update it periodically.

Today, GT Computing is launching a celebration of the black computing community in the college and beyond as part of Black History Month. You can read about our own Grace Fejokwu, an OMS Cybersecurity student, who has a fun story of where her cybersecurity journey started. Black students now account for almost 13 percent (~124 students) of the online program’s enrollment as of December.

I encourage you to take a minute to explore the virtual celebration, which includes an introduction from Dean Isbell.

Thanks for reading and I’ll talk with many of you at the chair’s open office hour later today.

Sincerely,

Rich DeMillo
Charlotte B. and Roger C. Warren Chair of Computing 
Chair, School of Cybersecurity and Privacy   

Visit me at www.demillo.com
Follow me on Twitter @rad_atl and @richde

Jan. 22, 2021 

Dear Cybersecurity and Privacy community, 

Digital transformation, accelerated by the pandemic, continues to play out in front of us, forcing organizations to rethink how they operate, and creating space for new industries to innovate in ways that would have been improbable a few years ago.  

During last week’s open office hours, we talked once again about the SolarWinds breach (building on the conversation we had started with Georgia Tech CISO Jimmy Lummis the week before) and how it might affect SCP’s courses and curriculum. I would like to say we were able to wrap the discussion up, but it was soon apparent that vertical industries (new and old) must have a say in how they deal with the vulnerabilities that come with digital transformation.  

I have encouraged the school’s Curriculum Committee to reach out to the university community broadly to gauge the gaps that our classes might fill. If you have ideas to share, please send them directly to me or one of the committee co-chairs, Professors Sy Goodman and Annie Antón. I am hopeful that we can host a roundtable or other events later this year to continue the conversation in person. The Curriculum Committee has set an aggressive schedule for launching new undergraduate courses, so your input right now can have a major impact. These meetings are an excellent way to build community and define our culture. We will continue to meet virtually every Friday afternoon at 1PM EST. You can find the link here.  

January and February tend to be slow months for conferences and symposia. I am taking advantage of this slower pace to ask school committees to accelerate their agendas. You should be hearing more from them in the coming weeks. In the meantime, there will be virtual visits and colloquia from cybersecurity researchers (spoiler alert: some of these visitors are job candidates, so consider attending a talk or two to meet future professors). There will also be some surprise announcements in February that will help cement Atlanta’s growing reputation as the North American cybersecurity hub.  

Monthly faculty meetings begin next Tuesday. Remember that SCP faculty members include all instructional staff, tenure-track academic faculty members, research faculty and many professionals in administrative roles. Most have received their invitations by now. If you missed yours, please send Kenya Payton a note and we will get one sent out to you right away. Faculty members should also keep their eyes peeled for a “Save the Date” notice for our first school retreat. 

Another interesting development concerns a new alliance with the National Security Innovation Network. NSIN will offer programs, events, and resources to student entrepreneurs at Georgia Tech. These include fellowships, employment and recruiting events, training workshops, and hackathons, the first of which is scheduled next month. 

I hope you’ll find a free moment to connect with us. In addition to the events mentioned above, check out the weekly virtual cybersecurity lecture series. You can find details on the school’s website.  

Sincerely, 

Richard DeMillo
Charlotte B. and Roger C. Warren Chair of Computing
Chair, School of Cybersecurity and Privacy  

Visit me at www.demillo.com 
Follow me on Twitter @rad_atl and @richde     

January 15, 2021 

Dear Cybersecurity and Privacy community,  

Welcome back from the extended holiday break. I hope we can meet face to face in 2021. 

Besides all the political happenings in December, there was a year-end watershed moment for the new School of Cybersecurity and Privacy: the revelation that the ubiquitous SolarWinds Orion software had been breached by exploiting vulnerabilities in its software supply chain. Georgia Tech’s CISO Jimmy Lummis joined me at my open office hours session last Friday to talk about the nature of the attack and its implications for cybersecurity research and education.  Jimmy also offered some insights into how organizations like Georgia Tech managed to shield itself from the attack’s worst effects.  Spoiler alert: luck played a significant role. Thanks to all of you who attended and participated in the fascinating discussion.   

Here’s why I believe SolarWinds is a defining moment for cybersecurity education at Georgia Tech: Tech graduates in large numbers end up in product engineering, business decision-making and policy-formulating positions in myriad vertical industries. All of those industries have vulnerabilities like the one exploited in the SolarWinds attack. Understanding attacks like SolarWinds must be an objective of every major on campus if our graduates are going to be well prepared for the challenges they will encounter in the workplace. This was the same reasoning that led Georgia Tech to be among the first research universities to require a working knowledge of computer science for every major. Now is the time to figure out how to equip all Tech graduates with basic cybersecurity skills. I cannot think of a more important challenge as we launch our design of courses and curricula. Please give us your thoughts on this topic. The Curriculum Committee, led by Professors Annie Antón (Interactive Computing) and Sy Goodman (International Affairs) are hard at work on these questions and your input is important. 

The school has an opportunity to define the template for how students and academic professionals will tackle cybersecurity and privacy challenges today and in the future. 

As an example, this month the Online Master of Science in Cybersecurity turns two years old. Within that period, the program has grown to enroll almost 1,000 students, with 11 graduates so far.  

Many of the students in the program are working professionals and through their studies they have provided tangible security benefits to their employers. Student Michael Nichols of Murrieta, Calif., shared one such example:  

“Just recently my company was being hit with network-crippling DDOS attacks. It just so happened that we were studying these types of attacks in my CS 6035 class at the same time. With the knowledge I gained, I was more clearly able to communicate what exactly was going on to upper management and recommended appropriate actions,” Nichols said. 

Other students have shared testimonials and you can read about those on the school’s new homepage at https://scp.cc.gatech.edu. I hope you’ll note the diversity represented among the students, something we can be proud of and continue to grow. 

Many of you said you enjoyed my conversation with OneTrust founder and CEO Kabir Barday in November. Thanks to Jennifer Whitlow and her team for hosting; an edited version has been posted here. Feel free to share this link on your own social networks. 

With new beginnings come new opportunities, and we have a wealth of them in front of us. But there are also an equal number of challenges to address. I hope to meet you on the journey as we work through both together, and please remember to make your voices heard by reaching out to the school’s Executive Committee, chaired by Mustaque Ahamad. 

Sincerely, 

Richard DeMillo
Charlotte B. and Roger C. Warren Chair of Computing
Chair, School of Cybersecurity and Privacy  

Visit me at www.demillo.com 
Follow me on Twitter @rad_atl and @richde     

Dec. 4, 2020 

Dear Cybersecurity and Privacy community, 

You may have missed it in my message before Thanksgiving week, so it bears repeating: the whole point of a school at Georgia Tech is education. We are used to thinking about education in familiar terms: lectures, exams, grades, credits, degrees, semesters. And curriculum. I hope you noticed the emphasis on the word curriculum. It’s the one thing we professors like to hang our hats on when we talk about education.  

When pressed, most people would say that a curriculum is the prescribed sequence of courses leading to a defined academic goal (like a degree). The problem is that degrees — or grades or even courses for that matter — are not educational outcomes. A degree, for example, does not measure whether material has been mastered. Most of the time a degree doesn’t even ensure proficiency in basic skills. A simple listing of courses commoditizes learning. The same series of courses can lead to wildly different educational outcomes. A list of courses doesn’t define how subjects are learned or the units of achievement. It doesn’t define what is excluded or what subjects are implicit. Nor does it define how students experience learning. In other words, the one thing we professors like to hang our hats on doesn’t say much about how we plan to shape a student’s learning. 

The reason I am (painfully) telling you how little real meaning is packed into the word curriculum is that our school now has a Curriculum Committee, and, evidently, the first thing that the committee must do is articulate a vision for the SCP learning experience. That’s not a clerical task. I expect they will talk to a lot of people over the coming weeks or months. They will spark conversations. There will be strong opinions stated forcefully. I hope there will be arguments about what we stand for.    

Here’s an example: I believe that cybersecurity requires an active learning experience called project-based learning (PBL). Internships, for example, are one way to approach PBL. Some universities, like tiny Olin College of Engineering (@OlinCollege) have thrown out traditional lecture-based courses entirely in favor of projects where students must demonstrate skills mastery to make progress through the curriculum. There’s a mountain of data that points to the superiority of active learning, but it’s messy. Stanford Dean of Education Dan Schwartz calls it a “pile of goo.” 

I’ve asked our new curriculum committee to not be deterred by all this ambiguity. We don’t have to resolve issues right away. We do have to begin the conversations though. We will begin that process right after the winter holidays. It’s not often that educators get to start with a blank sheet of paper. I hope you will all find a way to make your voices heard. 

Final exams and the end of this nonstandard semester are upon us, but professional activities will continue. 

Next week, at the Annual Computer Security Applications Conference, a research team from Georgia Tech, led by CS Professor Wenke Lee and ECE Asst. Professor Brendan Saltaformaggio, will demonstrate via simulation the vulnerability of stock markets to being manipulated by a botnet of compromised brokerage accounts. In a paper co-authored by CS Professor Mustaque Ahamad, researchers explore whether it is possible to build a practical collaborative phone blacklisting system that makes use of mechanisms to provide privacy guarantees to participants who collaborate to detect spam callers. Also accepted in the technical program is “A Flexible Framework for Expediting Bug Finding by Leveraging Past (Mis-)Behavior to Discover New Bugs” co-authored by ECE Assoc. Professor Manos Antonakakis. Georgia Tech, as at CCS 2020, is a leader in the technical program.  

I encourage all GT faculty and researchers to please continue sharing with the school their efforts in cybersecurity and privacy. This will give us a broader perspective of the institute’s larger body of work. The school ultimately is a resource for Georgia Tech’s total cybersecurity and privacy efforts. We want to be able to make connections across campus no matter where you work or study.   

A cybersecurity milestone for the institute that we can all celebrate will take place one week from today. At the fall commencement ceremony on Dec. 11, students from the Online Master of Science in Cybersecurity degree program’s first official cohort will receive their degrees. We are excited to share more about these graduates next week and celebrate with them. 

Also, just for fun and to finish out your busy finals schedule, the school created an interactive chart from Cybersecurity Ventures’ list of ‘hacker’ movies. You might find some old friends or new films worth checking out.  

This is my final letter of the semester and today at 1 p.m. EDT is the last open office hour I’ll hold this semester. All are welcome and if any of our soon-to-be graduates want to come by it would be a treat to hear about what comes next for you.  

Please have a safe holiday season. I will be back with more news and other thoughts about our new school in January.  

Sincerely,     

Richard DeMillo
Charlotte B. and Roger C. Warren Chair of Computing
Chair, School of Cybersecurity and Privacy  

Visit me at www.demillo.com 
Follow me on Twitter @rad_atl and @richde