UMUC’s Mansur Hasib Gets Serious About Cyber Education

MansurMansur Hasib, program chair for Cybersecurity Technology, University of Maryland University College (UMUC) Graduate School, and a well-known thought leader in health care technology and cybersecurity, recently won the Cybersecurity Association of Maryland’s (CAMI) People’s Choice Award for lifetime achievement.

Before a sold-out crowd of 250 attendees at the American Visionary Art Museum in Baltimore on March 22, CAMI presented 13 awards to Maryland companies, organizations and individuals judged to have outstanding cybersecurity products, services or programs, or to have made a substantial contribution to Maryland’s cybersecurity industry.

Hasib, who holds a doctorate in cybersecurity and is a former chief information officer with 30 years of public and private sector experience in health care, biotechnology, education, and energy, has always maintained that cybersecurity has three core elements — people, policy and technology. People make the decisions on what technology to use and how to support it. People determine the strategy, they configure the technology, and they use it. Leadership is critical because we need to engage people toward a business purpose and a mission.

Hasib recently spoke to HealthManagement.org and shared his thoughts on cybersecurity governance and offered his insights into how critical cybersecurity education is to Health Information Technology students.

Read the full interview.

Bridging the Gap for Women in Cybersecurity : Five Questions for Loyce Pailen, Director of the University of Maryland University College Center for Security Studies

Women hold 56 percent of all professional jobs in the U.S. workforce, but only 25 percent of IT jobs, according to the National Center for Women and Information Technology. And among women in IT, only 11 percent work in information security, reports the Women’s Society of Cyberjutsu (WSC).

Earlier this month, on March 8, we celebrated International Women’s Day, so there is no better time to explore why this deficit exists and, perhaps, offer some solutions to help expand the pipeline of women in the cybersecurity field.

LoyceUMUC’s Cyber Connections caught up with Dr. Loyce Pailen, director of the Center for Security Studies and a cybersecurity pioneer with more than 35 years of wide-ranging experience in software development, project management, telecommunications, risk management, and network and systems security and administration. She shares her thoughts on the future of women in cybersecurity.

CC: For starters, what keeps you up at night in the cybersecurity space? What should we be focusing on?

LP: During the 2016 presidential election, there was considerable discussion regarding cybersecurity issues that related to email servers, election hacking and nation-state cyber intrusions. As a cyber-professional, I was concerned that the media and politicians tossed around cybersecurity-related stories, terminologies and notions to a general populace that did not understand cybersecurity concepts well enough to make sense of what they were hearing and make intelligent decisions.

For those girls and women inclined toward technology, do not let any imaginary barrier stop you from entering the field. For those women in non-technical fields, embrace cybersecurity and make your positions more valuable to your organization or agency.

Nonetheless, this dilemma was a call-to-action for my second issue of concern, the dearth of skilled individuals to fill current and future cybersecurity workforce needs. Experts say that more than 300,000 jobs exist today—jobs that are vacant because, nationwide, we do not have people with the cybersecurity skills to fill them.

For the future, that number of openings will increase exponentially. For example, results of the eighth Global Information Security Workforce Study (GISWS) indicated that the projected workforce shortage would reach 1.8 million professionals by 2022 (ISC2). And forget about minimum wage jobs. Even at entry level, these are high-paying cybersecurity positions in the public and private sectors.

My concern is that we are not raising our children with the cybersecurity awareness and education required for the digital age in which we live. My call to action was to author a series of fun, illustrated children’s books on cybersecurity so that youngsters—and those who like to read to them—can grow familiar with cyber terms, technologies and careers. Just think where we would be today with cybersecurity workforce needs if Harry Potter were a cybersecurity person!

CC: Tell us a little bit about your career path, as a woman in the field, and the hurdles you’ve overcome?

LP: I’ve been out of the public and private sector for several years now, so some of the hurdles that I experienced in my career path to information technology and cybersecurity have faded. Only recently, I did reflect on the obstacles as I watched the movie “Hidden Figures” about African-American women at NASA entering the field of data processing.

It recalled the days of punched cards, Fortran programming, large mainframes, and the discrimination in the male-dominated field of information technology, and once again it became familiar. But the issues were never insurmountable. Dwelling on those problems tends to stifle one’s growth and productivity.

CC: What do you think canand shouldbe done to expand the cybersecurity pipeline for women and minorities?

LP: My entire career, both in information technology and in software development for a large media company’s circulation systems, has been male-dominated. My current concern after more than 30 years in the cybersecurity industry, it’s disheartening to see, is that the field’s male domination is still the same, and many of the issues that existed early on still occur.

The gender and racial imbalance was evident to me in workshop sessions I attended at a recent 2017 Black Women in Computing (BWIC) Conference at Howard University, where continuing racial concerns in the technology and cybersecurity fields dominated the conversations of up-and-coming female computer scientists.

I recently witnessed an amusing incident at the 2017 RSA Conference in San Francisco that underscored the male domination of cybersecurity. Possibly the largest conference in the cybersecurity arena with 40,000 attendees, the male domination was so overwhelming that the lines to the men’s restroom stretched down long hallways and, for once, women experienced no lines at all. I found this a refreshing turnaround from the traditional.

In its own way, the lines illustrated the male domination of the cyber field. More realistically though, I believe a quick analysis of each conference-speaker’s gender would also accentuate the imbalance.

CC: So, why do you think we are we still at this juncture?

LP: Unfortunately, outside of the fact that we have not done well educating our youth, I am not sure why, because it seems that when society wants to instill something in children’s minds and produce positive habits, we find a way.

Likewise, in the 1980s my daughter was influenced by the major campaigns directed at schoolchildren to “never smoke” or to “stop smoking.” She became part of a generation that never adopted the cigarette habit and that convinced their parents to stop smoking. I was a target of her campaign and it worked.

Connected with this behavior modification concept, the “CSI Effect” from the popular television show “CSI: Crime Scene Investigation” proved to have a profound impact on careers related to forensics science. So, why can’t we lobby for and create TV shows and campaigns that would be just as effective to support existing STEM, WIT, WIC, BWIC and other such efforts?

Rather than merely being consumers of tech products, we need to instill interest in their underlying technologies. And we need to fire-up the interest in cybersecurity for girls and other minorities.

CC: What advice and encouragement would you offer women entering the cybersecurity field?

LP: My advice for anyone entering the cybersecurity field is simply to embrace the multi-disciplinary and global nature of the careers in this arena. Of course, there is a need for highly technical workers who understand concepts like secure software development, secure systems, networking and cloud computing, access control, incident handling and cyber defense.

However, cybersecurity is part of everyone’s job nowadays. Individuals in the fields of human resources, accounting and finance, law, health care, marketing, management and the like all have an obligation to understand the impact of cybersecurity on their careers.

For those girls and women inclined toward technology, do not let any imaginary barrier stop you from entering the field. For those women in non-technical fields, embrace cybersecurity and make your positions more valuable to your organization or agency. I encourage them to seek education, training and certification opportunities to “bolt-on” cybersecurity knowledge and learning that will enhance their current careers.

Public Policy Forum Hosted by UMUC Focuses on Personal Data and State Infrastructure

The University of Maryland University College (UMUC) recently hosted the Maryland Cybersecurity Council’s public policy forum on cybersecurity, which featured questions and answers from public and private sector experts on personal data collection and privacy protection, and infrastructure protection and incidence response.

The Dec. 6 event, organized by the Maryland Cybersecurity Council, featured opening remarks from Maryland Attorney General Brian Frosh and UMUC President Javier Miyares, followed by panel discussions with Allison Lefrak, senior attorney, Privacy and IP Protection, Federal Trade Commission (FTC); Claire Gartland, director, Consumer Privacy Project, Electronic Privacy Center; and Phyllis Schneck, chief cybersecurity official for the Department of Homeland Security (DHS). Maryland State Senator Susan Lee and Michael Greenberger, professor and director, Center for Health and Homeland Security, Carey School of Law, University of Maryland, Baltimore, moderated the panels.

What follows are some session highlights.

Reining in the “Three Vs”

High points of the panel discussion on personal data issues with Lee, Lefrak and Gartland focused on the collection and digitization of data, a top-of-mind concern to many citizens because the amount of data collected has increased due to the proliferation of pervasive communications networks.

The growth of big data, according to Lefrak, results from the “three Vs”—the volume of data that can now be collected; the velocity at which companies can collect, analyze, and harness the power of data; and the wide variety of data that companies can access and analyze.

For its part, the FTC focuses on a three-pronged approach to data protection. Enforcement is key. The agency sends a strong message to companies about the need to protect consumers. The FTC also addresses consumer privacy from a legislative standpoint through its policies. Finally, the agency educates the public to make sure that both businesses and consumers are apprised of the laws around data collection and protection.

Can federal and state governments ensure appropriate privacy protection? For starters, according to the panelists, privacy laws and courts need to reflect modern technologies. For example, video protection laws commonly use the phrase, “videotape service provider,” which is an antiquated term in today’s digital world.

The bottom line, from the FTC’s perspective, is that privacy protections are critical to maintain consumer trust. With the transition to a new administration, the state of balance among data collection, consumer privacy and consumer benefit remains to be seen.

Mitigating Large-Scale Cyber Attacks

In the panel discussion on infrastructure protection, Greenberger and Schneck discussed federal and state efforts to secure critical infrastructure and respond to incidents.

How do we bring cybersecurity together with infrastructure protection? Schneck discussed how federal sector-specific agencies work with owners and operators in each sector to develop plans to enhance their security and resiliency.

In light of federal efforts to secure the infrastructure and respond to significant incidents, what should states be doing and how can the federal government and states work in tandem?

“For the federal government, one challenge is that states constitutionally have a lot of power,” Schneck said. “The federal government has to be sensitive to this authority.”

The threat of our adversaries, whether it’s Russia, China, North Korea or Iran, is alive and well. “They are executing with an agility we have yet to enjoy,” Schneck said.

He added, “We can mitigate future attacks through data collection. If we don’t have enough data, then the cyber adversary wins because we lack the situational awareness.

“We can combat cyber attacks by arming our networks, by understanding that when a threat or computer instruction comes in, we know not to run it. It’s as simple as that.”

Cybersecurity Roadtrippers Stop in at UMUC During Their Cross Country Journey

UMUC's Antwan King and Roadtrip Nation

Fellow Roadtripper and current UMUC graduate student Antwan King meets his “cyber” superhero as the group made its way to the Washington, DC area before heading west.

On Friday, December 2, the three participants in Roadtrip Nation’s “Cybersecurity” trip, which kicked off on November 27 in New York City, made their way down to the Washington, D.C. region. During their stop in the D.C. area, a visit that included interviews with cyber leaders and a tour of the National Cryptologic Museum, roadtrippers Mansi Thakar, Emily Cox and UMUC’s own Antwan King rolled into the UMUC Academic Center at Largo to share with family members, supporters, and UMUC faculty and staff their first impressions of the trip, their career aspirations, some life lessons, and what it’s like traveling together in an RV with the cameras rolling. (Roadtrip Nation will produce a documentary about the cross-country journey that will air on public television in spring 2017.)

UMUC's Antwan King

UMUC’s Antwan King kicks off his “cyber” journey.

For UMUC’s King, the visit to DC was especially meaningful because he was able to meet his “cyber superhero,” Michael Echols, CEO of the International Association of Certified ISAOs and former director of the Cyber Joint Programs Management Office at the Department of Homeland Security.

When asked about what this opportunity meant to him, King said, “You wake up every day, you try so hard, and sometimes people tell you “no,” but now I get to talk to the people who can help me define a path and discover what works.”

For the three participants, the trip thus far has been chock full of many unique experiences. However, they all agree that driving the RV stands out as one of the most thrilling. Said Cox, “I’ve never been to any of the cities on the trip, and I’ve never even been in an RV. Now I get to drive it across the country!”

Learn more about Roadtrip Nation at roadtripnation.com and roadtripnation.org. To stay up to date on the journey, follow @RoadtripNation, @UMUC, and #CybersecurityRoadtrip on Twitter.

Roadtrip Nation and UMUC Kick Off Cross Country Cybersecurity Adventure

Roadtrip Nation

UMUC teams up with Roadtrip Nation to shine a light on this century’s most exciting and challenging career field – cybersecurity.

Jobs in the cybersecurity sector have increased by 73 percent over the past five years, making it one of the hottest career fields for America’s students and young adults. Recent headlines about cyber warfare, cyber crime, and cyber espionage demonstrate the need for qualified professionals with the skills to succeed in cybersecurity—a field that is growing 12 times faster than the average American industry.

That’s why career exploration organization Roadtrip Nation and University of Maryland University College (UMUC) are teaming up to send three people interested in cybersecurity on a three-week road trip across the nation. The journey—termed the “Cybersecurity Roadtrip”—will be filmed and produced into a one-hour documentary, set to air on public television in 2017.

The Cybersecurity Roadtrip launched officially on November 27, 2016, in New York City. Next up is a celebratory kickoff event at UMUC and the National Cryptologic Museum in Maryland on December 2. Winding their way across the country with highlighted stops in New Orleans, Austin, and Los Angeles, the road-trippers will book and conduct a slate of in-depth interviews with leaders from different specializations within the cybersecurity field.

Candidates selected for the opportunity have unique backgrounds and challenges, but all possess a passion for cybersecurity. Mansi Thakar is pursuing a master’s degree in cybersecurity, Emily Cox recently discovered a love for the field after attending an immersive coding boot camp, and Antwan King is enrolled in a master’s program in digital forensics and cyber investigation. On the journey, they expect to find new mentors and explore the diversity of career paths available within the field.

You can learn more about Roadtrip Nation, known for its New York Times best-selling career guide, award-winning documentary television series, and acclaimed classroom curriculum at roadtripnation.com and roadtripnation.org. To stay up to date on the journey, follow @RoadtripNation, @UMUC, and #CybersecurityRoadtrip on Twitter.

Cyber Awareness Month Recap and Launch of Guide to Cyber Experts

We’re kicking off November with a recap of our National Cyber Security Awareness Month postings and an announcement. On Nov. 4 we launched our Guide to Cyber Experts.

First, a little about the guide, which serves as the go-to resource for members of the media covering all facets of cybersecurity. It contains biographies of UMUC faculty experts and their specialized areas of interest. Guide users can find an expert on a wide array of cybersecurity-related topics, view more detailed information about each expert and schedule interviews.

UMUC experts featured in the guide focus on a range of areas, including:

  • Cybersecurity in healthcare and education
  • Legal and policy aspects of cybersecurity
  • Cybersecurity job landscape and careers
  • Cybersecurity and critical infrastructure
  • Computer hacking
  • Internet of Things (IoT)
  • Computer and network forensics
  • Secure software engineering
  • Current threatscape
  • Cybersecurity innovation, governance and digital strategy

And, in case you missed them, each week during the month of October we shared tips, best practices and information to help you protect your data and personal information and become more aware of cybersecurity issues in our daily lives.

  • Week 1: We launched the month with “Hack” to School, a series of tips for middle and high school students―and parents―to help them protect their identity when using smart phones, computers and social media. Check out our top-8 list of security tips and best practices from University of Maryland University College (UMUC) cybersecurity faculty.
  • Week 2: We shared our Five Proverbs to Live By. Remember those sayings you learned growing up? Valorie King, UMUC’s program chair and collegiate associate professor for cybersecurity management and policy (CSIA) advised us that those same proverbs apply to staying safe in cyberspace as well. Find out how the sayings we use to guide our children in the real world also can be applied to helping us steer away from trouble on the Internet.
  • Week 3: We shifted our focus to the professional world by offering 5 Action Items to Secure the Workplace. Cyber threats are increasing in number and sophistication. Balakrishnan Dasarathy, UMUC professor and program chair, cybersecurity and information assurance, discusses the five specific areas where organizations can minimize their vulnerabilities and exposure to threats.
  • Week 4: Finally, as a run-up to the 2016 Presidential Election, Balakrishnan Dasarathy returned to address the question: “Can Our Elections Systems Be Hacked?” What you’ll discover is that a closer examination of our election system gives us a more complete picture of the prospect of a hack and any related trust issues.

To contribute to Cyber Connections, please contact Alex Kasten at alex.kasten@umuc.edu.

Inaugural Maryland Cybersecurity Council Meeting

On Tuesday, November 10, UMUC hosted the inaugural meeting of the Maryland Cybersecurity Council, which was created by Governor Larry Hogan and is chaired by Attorney General Brian Frosh. The mission of the council is to assist and advise the state on strengthening its critical cyber infrastructure. UMUC is proud to have hosted the first meeting and to be designated to staff and support the council as it conducts its work. It was also a great privilege to welcome the council on behalf of President Miyares and to discuss UMUC’s efforts in building the critical cyber talent needed to protect our state and national information infrastructure.

As the council begins its important work, I believe it is important that the Council not only take into consideration the technical aspects but also consider equally important human, legal, policy and ethical aspects associated with cybersecurity. UMUC is also playing an important role in this effort. In response to the critical shortage of cybersecurity professionals that our state and nation face, UMUC has developed seven different cybersecurity related programs—including policy and technical-related programs—at the undergraduate and graduate levels. And since 2010, more than 4,000 new cyber professionals have graduated from UMUC and more than 8,000 students are currently enrolled.

We are proud of our efforts in this critical area and look forward to producing graduates with the skills to handle the latest and most complex cybersecurity issues facing Maryland and threatening our regional, national and global economy, as well as our national security.