Chair’s Message | Charting the Way Forward

Nov. 20, 2020   

Dear Cybersecurity and Privacy community,   

Only two more weeks left this semester. It seems a little early to think about whether we are on track, but I am inspired by a conversation I just had with Georgia Tech CS 09 alumnus Kabir Barday. Kabir is the founder and CEO of OneTrust, a company he founded in 2016 to help enterprises tame the problems of privacy that are the unintended consequences of cybersecurity. OneTrust was featured in Inc. Magazine’s list of the fastest growing companies in America. In fact, OneTrust is the fastest growing company. I interviewed Kabir for the College of Computing’s John P. Imlay, Jr. Series on Entrepreneurship. Aside from the fascinating journey Kabir started as a Georgia Tech undergrad, I was struck by how disciplined he was in planning his future. Early milestones were important to Kabir’s success. There’s a lesson for the School. 

The first milestone must involve education. I wrote about this a couple of weeks ago: the central reason for creating a school is education. How will an SCP education will be different from other educational experiences? There is no substitute for experiencing the challenges and exhilaration of working in this industry. That’s why we talk about internships, co-ops and other kinds of active learning. It’s not hard to find cybersecurity programs that feature active, experiential learning. Integrating those experiences into a curriculum is another matter altogether. We chartered a curriculum committee this week. That was a milestone. I will meet with the committee today and challenge them to build a project-based learning program in cybersecurity and privacy. They will only succeed if they figure out how the needs of industry will flow through the school’s curriculum.   

Yesterday we celebrated the launch of the institute’s new strategic plan in a live virtual address with President Ángel Cabrera and other campus leaders. I hope you have a chance to review the plan in detail. The School of Cybersecurity and Privacy is in a unique position — as an intercollege school — to advance the strategic plan. We will champion a new model of collaboration and innovation for the institute and play our part in growing a culture of inclusiveness.  

The school reached another milestone this week and is now accepting applications for tenure track faculty positions at all ranks. The school is seeking outstanding candidates who will help define a new interdisciplinary field of cybersecurity and privacy that encompasses the technical, economic, behavioral, policy, legal and international relations aspects of the field. If you know of a qualified prospect (including yourself), please encourage that person to apply by the Dec. 15 deadline: https://academicjobsonline.org/ajo/jobs/17542 

I wish all students the best as they finish the semester. I’ll be taking next week off for Thanksgiving. Wherever you plan to spend the Thanksgiving holiday, I hope you celebrate the season safely, especially if you are traveling or planning any big celebrations with others. Today, we wrap the Cybersecurity Virtual Lecture series for the semester with Evan Glover, chief privacy officer of NCR Corporation, discussing “Building a Strategic Privacy Program.” 

As always, please feel free to drop by virtually today for the Chair’s Open Office Hour at 1 p.m. EDT.  

Sincerely,     

Richard DeMillo
Charlotte B. and Roger C. Warren Chair of Computing
Chair, School of Cybersecurity and Privacy  

Visit me at www.demillo.com
Follow me on Twitter @rad_atl and @richde     

Chair’s Message | Governance and Research

Nov. 13, 2020 

Dear Cybersecurity and Privacy community, 

We are nearing the end of the semester. The familiar cadence of academic life at Georgia Tech does not yet have much impact on the new School of Cybersecurity and Privacy. We have no courses, offer no degrees, and enroll no students. Those milestones are still weeks in the future. Most of the work is going on behind the scenes for now, largely unaffected by schedules, final exams, fall breaks and holiday vacations. However, I can see the progress. Every week moves us further along the path to becoming the academic home for cybersecurity and privacy.

The Executive Committee is designing the way the school will operate. Academic institutions operate on a unique principle of shared governance, which allocates responsibility and authority to the members of an academic community. Faculty and staff, students, administrators and governing boards each play a distinct role in that process. Without an effective and inclusive governing structure nothing much would happen. Expect to see the first committees planning for a new hiring season and creating new courses and curricula. Offices for student affairs will be announced shortly after that. The leadership of the school will have begun to take shape.

We convened the school’s first Industry Advisory Board meeting this week, and it did not take board members long to come to grips with the question of how SCP will differentiate itself from the dozens of other cybersecurity initiatives around the country. The fact that we turned to industry to help us with this problem speaks loudly about the core values we want for the school. “What distinguishes cybersecurity at Georgia Tech?” is the central question. Technical rigor was one area of immediate agreement. Another was the integration of practical experience in all academic programs. Leveraging the Institute’s existing strengths was a third area around which there was consensus. These will be the pillars on which the school is built. I would be interested in your thoughts about how the new school will define itself. This is the beginning of a lengthy conversation, and I will be sharing with you in the coming weeks about how you can participate.

We’re not exactly starting from scratch. I pointed out in an earlier message that we were “born” with the highest recognition from our peers.  U.S. News & World Report ranked us as the number one university for undergraduate education in cybersecurity. And in case anyone thinks that recognition is a fluke, consider this: Georgia Tech researchers in cybersecurity and privacy had one of their biggest weeks of the year. Twenty GT authors published seven papers (see interactive graphic) at the Association for Computing Machinery’s Conference on Computer and Communications Security (CCS), the flagship annual conference of the Special Interest Group on Security, Audit and Control (SIGSAC) for the ACM.

Georgia Tech led all institutions in number of accepted papers. Not only that, Professor of Computer Science and IISP Executive Director Wenke Lee was a keynote speaker and the paper “PinDr0p: Using Single-Ended Audio Features to Determine Call Provenance” from ACM CCS 2010 was selected for the Test of Time Award of ACM CCS 2020. Also, ECE Assistant Professor Frank Li was a runner up for the SIGSAC dissertation award.

My congratulations to all involved. This work reaffirms the high level of cybersecurity and privacy work taking place across the institute and is a guidepost for future efforts.

On the events front, be sure to put today’s cybersecurity lecture at noon on your shortlist if you’re in search of a good talk. We’re joined by Jakub Szefer, associate professor from Yale University discussing “Securing FPGA-Accelerated Cloud Infrastructures.”

Next week, I’ll be hosting the John P. Imlay Jr. Series on Entrepreneurship Fireside Chat. I’m excited to sit down with Kabir Barday, CS 09 and founder and CEO of OneTrust. He’s one of Georgia Tech’s inaugural 40 Under 40 accomplished alumni and has an interesting story to tell. Join us Nov. 19, 7 p.m. EDT.

The chair’s open office hours continue today and every Friday at 1 p.m. EDT. Stop on by and ask anything on your mind or just drop in to say hello.

Sincerely,     

Richard DeMillo
Charlotte B. and Roger C. Warren Chair of Computing
Chair, School of Cybersecurity and Privacy  

Visit me at www.demillo.com
Follow me on Twitter @rad_atl and @richde     

Chair’s Message | Forward Momentum, and an Election

Nov. 6, 2020 

Dear Cybersecurity and Privacy community, 

Everything seemed to take a backseat to national politics this week, but the elections were also an opportunity for SCP and our colleagues across the campus to make important contributions to cybersecurity and privacy for voting. McCamish Pavilion served as a polling location for the election and it was completely staffed by students, one of the first locations with that distinction. A unified effort at the institute brought together the Secure and Safe Elections Research Group, with leadership from SCP, the College of Computing, and the College of Engineering. The group is analyzing the entire ecosystem of modern elections to develop tools that make voting more transparent with new approaches to modern voting systems. These are just two examples of the engagement with our electoral process. 

Next week’s meeting of the newly appointed Industrial Advisory Board (IAB) is a milestone for the School of Cybersecurity and Privacy, and we have been hard at work to create an active and engaged community of advisors. Chaired by GT Computing alumna and Northrop Grumman CISO Phyllis Schneck, this board will help SCP refine programs and services that are responsive to the needs of the industry and government organizations that will employ our alumni. My charge to the board is to keep our academic offerings grounded in the reality of cybersecurity and the societal challenges that face us all. We are fortunate to live in one of the nation’s most active communities of cybersecurity companies, and the SCP faculty who will develop courses and curricula are delighted to have stakeholders from such a broad range of companies as partners. I will share with you the results of their deliberations in next week’s letter. 

What’s next on my to-do list? It’s a sign of progress that the number of tasks is growing, although it is a little disconcerting to wake up in the morning to find new items with 2 a.m. timestamps. We are accelerating the process of adding faculty members to the school and identifying the committees that will handle everything from hiring and curriculum to research and facilities. Sometimes academic departments worry about defending turf and defining disciplinary boundaries. That’s not our approach. While the foundations of the field are important, everyone we talk to outside academia points us to skills and knowledge that lie just beyond technical mastery. Sometimes these are called “soft” skills. I don’t think it’s an apt (or appealing) description. For one thing, it gives the impression that they are not difficult to learn. I prefer to think of T-shaped skills. The vertical line of the T represents technical depth. The horizontal arm represents the skills that cut across disciplinary boundaries. It’s the horizontal skills that employers tell us repeatedly are the important ones for success. Much of my time these days is spent meeting with specialists in adjacent fields to discuss how those skills apply to our students. So, when you hear me talk about the porous boundaries of SCP, think about those adjacencies and what competitive advantages they might convey to our newly formed school.  

I had the opportunity to talk with many of you recently during the school chair’s open office hours, which will be weekly on Fridays at 1 p.m. EDT. I enjoyed listening and learning from students and faculty alike and hope you’ll take advantage of this time. I will be at the virtual meetup today, and I hope you can find a few minutes to stop in to say “hi.”  

Don’t miss the weekly virtual cybersecurity lecture series at noon. Youngwook Do, a Georgia Tech Cybersecurity Ph.D. Fellow, shares his work on novel ways to secure devices many of us use every day. 

Sincerely,     

Richard DeMillo
Charlotte B. and Roger C. Warren Chair of Computing
Chair, School of Cybersecurity and Privacy  

Visit me at www.demillo.com
Follow me on Twitter @rad_atl and @richde     

Chair’s Message | Putting the Pieces for Success into Place

Oct. 30, 2020  

Dear GT Cybersecurity and Privacy community,  

We finished our first full month as a school with a hurricane. Thanks in part to Zeta. I had planned to open this letter by saying “with a flurry of meetings and events,” but I can’t find anyone who thinks this week has been only a flurry. We are on a very fast track to have most of the critical academic functions defined and operating by the end of 2020, and this week was a critical one for defining those functions and identifying the stakeholders who will help us implement them. The school’s executive committee met for the first time Thursday morning. The meetings with potential industrial advisors kicked into high gear. I spent a day (re)learning how to be a school chair. We started meeting with our colleagues from across the university system about developing a cybersecurity roadmap for Atlanta, the state, and the region. I couldn’t have asked for more. Except maybe for the part about losing power and network access. I could have done without that.  

The executive committee will help us bootstrap our way to everything from curricula and instruction to research pillars and laboratories. I’ve mentioned the executive committee a couple of times already. You should expect to hear more from the committee in coming days. Here is the charge I gave them yesterday: Define how SCP will carry out basic and necessary academic functions by: 

  • Identifying key processes 
  • Recommending committees for carrying them out 
  • Recommending a plan for staffing key roles 

It’s a big job. I’ve asked the committee to be creative, rigorous, and strategic in their work. These are all qualities we value at Georgia Tech. You are in a perfect position to help the committee, and I am asking each of you to give us your best thinking on these topics.    

Here’s an example of what I mean. SCP is a unique academic unit with no pre-defined organizational boundaries. The skills that will matter to graduates are still being defined. It’s baked into the idea of cybersecurity that threats and capabilities are constantly evolving and shifting, so the curriculum must also be agile and continually refreshed. Traditional modes of delivering and paying for instructional content have been disrupted (by Covid-19, of course, but also by the revolution in online education that we helped launch a decade ago). What that means to me is that the current ways of doing business do not necessarily limit the ways that SCP will do business. I’ve been in too many meetings where we were urged to be creative and bold only to be handed a list of things we couldn’t talk about. Let’s not start creating SCP by saying “You can’t…”. On the other hand, random ideas don’t necessarily advance the cause either. No matter how bold and innovative they might be at first sight, they are, well, random. That’s where rigor comes in. The most compelling anecdote or moving story is no match for data well analyzed. Finally, the committee’s work must be strategic — it must lead somewhere. It must lead to a school consistent with its vision. It must be both manageable and transparent in its operations. It must be financially sustainable.  

That’s a framework for thinking about how SCP might operate. It’s not the only one, but it is the one I started with. On behalf of Mustaque Ahamad, the executive committee chair and professor of Computer Science, and the other committee members, I am inviting you to share your ideas. You don’t have to write a lot. An email to the committee may trigger an idea that leads in an unexpected direction. I hope you can find time to engage.  

November is going to be a scramble. The academic calendar is still a work in progress, but I have promised the deans’ council an update by the end of the semester. As you can see, we will be running as fast as we can to meet that milestone. We will meet with our new SCP Industrial Advisory Board on November 10. GT Computing Alumna and Northrop Grumman Vice President and CISO Phyllis Schneck is the inaugural chair of the board. I’ll give you an update on the industrial advisory board in next week’s letter. 

Before you break for the weekend and socially distanced trick-or-treating, you can watch our live virtual lecture series at noon. Today’s topic focuses on new malware vulnerabilities in digital ad platforms.

This afternoon at 3 p.m. EDT, I invite you to the first chair’s open office hours, a kind of virtual open house. I expect to do a lot of listening during these weekly sessions. I hope this letter has given you some ideas about what we might talk about. Please join us. 

Sincerely,     

Richard DeMillo
Charlotte B. and Roger C. Warren Chair of Computing
Chair, School of Cybersecurity and Privacy  

Visit me at www.demillo.com
Follow me on Twitter @rad_atl and @richde     

Chair’s Message | Building Community

Oct. 23, 2020 

Dear GT Cybersecurity and Privacy community,  

Forming a new school means enabling the mechanics of an academic unit — committees, budgets, facilities, curricula, hiring faculty and staff — and all of the back-office things that make it work. Those are things that we usually only notice when something goes wrong. Otherwise they just fade into the background after a while. The one thing that we notice every day is the character of the place. What’s the culture like? Is this a community I want to join? Are my contributions valued? Is anyone else invested in my success? These are things that can’t be enabled by just declaring it so. Culture can’t be turned on like a switch.   

People who study organizations will tell you that the character of an organization must be developed over time. You don’t always know if you’re heading in the right direction, but successful organizations almost always point to intangibles like character and culture as keys to their success. It’s especially true of innovative organizations. We spent a lot of time in the Commission on Creating the Next (CNE) discussing Georgia Tech’s culture. Robert Kegan’s book, An Everyone Culture: Becoming a Deliberately Developmental Organization, was required reading for Commission Members. We even appropriated the idea of being deliberately innovative for the title of the CNE Report. I think about how to be deliberate a lot these days. 

Since there’s no magic button to push, maybe the best we can hope to achieve in these early days of the school is to talk about the communities — students, faculty, alumni, industry partners, and the larger academic ecosystem of peers and collaborators — that will come together and define our culture. In this week’s message I’d like to focus on some of their higher-profile activities. That’s how most people outside the school will know us. We may be a new school, but we are not exactly starting from scratch. 

  • Vice President for Interdisciplinary Research Raheem Beyah and Chief Information Security Officer Anant “Jimmy” Lummis headlined a virtual panel discussion with other Georgia Tech cybersecurity experts this week to discuss creating a cybersmart culture and how organizations might manage increased network vulnerabilities and attacks during the pandemic and after. It was an informative talk with many insights and much engagement from the more than 100 attendees. 
  • Students with an eye on startup success recently participated in Cybersecurity Demo Day at Georgia Tech, hosted by the Institute for Information Security and Privacy (IISP). Students presented innovative research ideas before a panel of expert judges at the finale. Research with the best chance of commercialization or demonstrating the most impact were awarded cash prizes. Read about the award winners or watch the video.  
  • Alumni are our ambassadors and role models off campus who enrich our community in many ways. Georgia Tech has had many graduates go on to become influencers and leaders in the cybersecurity industry. The Fall issue of the Georgia Tech Alumni Magazine features the new school (p.14) and also includes the alumni association’s inaugural 40 Under 40 list of accomplished alumni. Kabir Barday, CS 09 and CEO of OneTrust, is among the group. You can read about his journey leading a company that provides a privacy, security and third-party risk technology platform to more than 3,000 companies. Also take a peek at the rest of the alumni group with this interactive graphic developed by the College of Computing. 

Engaging members of the community is a key part of our success and I have been talking with faculty, students, and alumni about the plans for the school and their involvement. We will continue that discussion in an upcoming faculty meeting. Don’t worry if you do not have a formal appointment in the school. Almost no one will for several months yet. Please consider this an open invitation to attend these meetings. At a more informal level, I will borrow an excellent idea from the other GT Computing school chairs. I have asked Kenya Payton, the assistant to the chair, to schedule weekly open office hours with the chair every Friday. No agenda. No committee assignments to report. Just a chance to ask and answer questions and share thoughts about how the school should develop (deliberately!)   

Sincerely,     

Richard DeMillo
Charlotte B. and Roger C. Warren Chair of Computing
Chair, School of Cybersecurity and Privacy  

Visit me at www.demillo.com
Follow me on Twitter @rad_atl and @richde     

Chair’s Message | What Does It Mean to Be a School?

Oct. 16, 2020

Dear GT Cybersecurity and Privacy community,  

An academic school represents Georgia Tech’s permanent commitment to students and alumni to build a community of learners and advancing innovation. My hope is that the School of Cybersecurity and Privacy will squarely focus on this vision. A top goal must be to offer degrees and other credentials that map to new careers and roles in the cybersecurity industry. The culture we embrace now will be shared with new and current students, alumni, professors, and partners who will come to think of SCP as their home at Georgia Tech. 

We will shape the school to draw in professionals at all levels skilled in technology, business, policy and practice. We will provide specialized training and credentials for professionals to succeed in their existing or new career paths and help fill the 400K+ vacant cybersecurity jobs in the United States.  

Is this ambitious? Yes, but Georgia Tech and the College of Computing have national credibility earned by a long history of educational innovation. I look forward to discussing with you how SCP fits into the Institute’s plans for continuing to influence the course of higher education. 

If you’ve followed the growth of Cybersecurity and Privacy at Georgia Tech over the last two decades, you already know about our commitment to shaping the field. The MS in Cybersecurity was established in 2002 and the Online MS in Cybersecurity (OMS Cybersecurity) will turn 2 years old in January. Combined they will enroll almost 1,000 students. 

The ECE Thread in Cybersecurity opens a highly regarded degree to undergraduates. Cybersecurity students in Computer Science combine threads to match their career interests. Ph.D. students across the campus take courses in cybersecurity and privacy. Along with these degrees, we are committed to future course offerings that bolster cybersecurity undergraduate education in the School of Public Policy and the Sam Nunn School of International Affairs. Georgia Tech Professional Education offers cybersecurity courses and certificates to mid-career professionals. SCP will give us the opportunity to build on all these programs.  

This summer, Rahim Millious became OMS Cybersecurity’s first graduate. Rahim’s story is an example of how Georgia Tech is already shaping the industry landscape.   

In Rahim’s own words: “More than ever, individuals share a massive amount of data, and without the advances in cybersecurity to go along with the advances in technology, there will be an ever-growing gap, which puts everyone at risk.”  

From our vantage point at the beginning of this venture in the Fall of 2020, it’s hard to imagine a stronger case for a school dedicated to cybersecurity and privacy, but I’m sure that the hundreds of alumni who will follow Rahim will in their own voices lend support for the vision of the school.  

I spoke with the GT Computing Advisory Board Thursday outlining some of the prospects and goals we have for the new school and was encouraged by their engagement. I will share their thoughts with you in subsequent messages from the chair. Let me tell you, however, that Dean Isbell’s advisors are enthusiastic.  

We must think creatively and be deliberate in fostering partnerships with faculty, students, and industry to build the appropriate curriculum to train cybersecurity’s future practitioners and leaders. Towards that effort, the new school’s executive committee, led by School of Computer Science Professor Mustaque Ahamad, and a newly established advisory board for the school, led by GT Computing alumna Phyllis Schneck, Vice President and Chief Information Security Officer at Northrop Grumman, will be crucial to this process. 

Students, as we know, are at the heart of all our activities, and this month we are sharing some of the experiences of students in the cybersecurity degree programs as part of National Cybersecurity Awareness Month. We are posting these to GaTechCyber on Twitter. Give us a follow and learn more about what our students are learning.  

And please join us for what is sure to be an electric panel discussion on Oct. 22 on “Creating a Cybersecurity Culture in an Organization”. Join on BlueJeans on Thursday, Oct. 22, 2020, 10:30 – 11:30 AM EDT. 

Sincerely,    

Richard DeMillo  
Charlotte B. and Roger C. Warren Chair of Computing 
Chair, School of Cybersecurity and Privacy  

 

Visit me at www.demillo.com  

Follow me on Twitter @rad_atl and @richde  

Chair’s Message | Welcome to a New Type of Academic Unit

Oct. 9, 2020 

Dear GT Cybersecurity and Privacy community, 

The School of Cybersecurity and Privacy (SCP) was announced this September. SCP is Georgia Tech’s newest (and in many ways its most ambitious) academic department. I have the privilege and responsibility of serving as interim chair.   

We will meet new students and develop new programs even as we build on existing strengths. Georgia Tech’s commitment to cybersecurity predates the term, extending back more than 20 years to the Sam Nunn Forum which drew attention to the vulnerabilities of emerging financial computerized financial systems. In the intervening years, it’s become more important than ever to prepare and equip future professionals to help keep safe our personal and national interests.   

There is much work ahead of us to establish the school and to create a truly inclusive model for an academic unit that reaches every corner of the institute and leverages our combined strengths. We are positioned well as we prepare to advance our leadership in cybersecurity and privacy.  

I invite everyone who is interested in the mission and work to get in touch with us. I will share a chair’s message on a weekly basis and the school will communicate regularly about Georgia Tech’s new investment in cybersecurity and privacy through all our channels. Find out more ways to engage.   

What’s in store for this month:   

Over the next couple of weeks, an executive committee will be appointed to begin creating the committees and processes that all academic departments need. We will launch an industrial advisory board to focus on our ties to commercial, government, and educational stakeholders. We will also begin identifying research and academic faculty members whose work will form the foundation for growth. Seed funding and support for R&D projects will be provided by GTRI. If you are interested in meeting with Dr. Lee Lerner, the CTO of GTRI’s Cyber Lab, contact the chair’s office for an appointment to discuss your interests. Finally, as we prepare for an eventual return to post-pandemic campus operations, SCP will move into its new home on the 9th Floor of the Coda Building.  

Parting thoughts:   

Take a minute to read about the school’s announcement and some insight from institute and Atlanta leaders on why the new school is vital.   

Also, through a bit of good timing, the announcement of the school coincided with U.S. News & World Report’s first college rankings for cybersecurity and computer science undergraduate programs. Our placements in both (#1 and #5 respectively) bode well for attracting future students and establishing more degree offerings.    

Rankings without context though mean little. We developed an interactive graphic to show some context. Explore for yourself how we fare among our peers, not only in rankings, but tuition costs. Hint: Our value proposition is unmatched.   

Sincerely,   

Richard DeMillo
Charlotte B. and Roger C. Warren Chair of Computing 
Chair, School of Cybersecurity and Privacy    

Visit me at www.demillo.com 

Follow me on Twitter @rad_atl and @richde