Interested in a Career in Cybersecurity? Set Your Sights on Leadership Skills

The skills you need for a successful career in cybersecurity may not be the ones you think. A common misperception about cybersecurity is that you cannot enter the field without being a STEM major with the technical acumen to code, hack, and write scripts.

When Professor Mansur Hasib talks to aspiring cybersecurity professionals who lament their liberal arts degrees, he reminds them that his bachelor’s degree is in economics and politics and his master’s degree is in political science.

Hasib, who is program chair of the Cybersecurity Technology program in The Graduate School at University of Maryland University College (UMUC), explains that “cybersecurity is a vast field in which anyone can find their passion in some aspect.”

Contrary to what you may read in the news, the majority of cybersecurity failures relate to shortcomings in leadership and governance, not technology. Cybersecurity needs professionals with the leadership skills and experience to manage an organization. Organizational leaders in cybersecurity with experience in management can understand cybersecurity at a business level. They have the ability to understand the holistic and interdisciplinary nature of cybersecurity.

“Without a balanced strategy of technology, policy, and people, your organization will not succeed,” said Hasib. “If you don’t know who to hire, how to engage people, how to develop a strategy based on the brainpower of everyone in the organization, and how to build high-performing teams, your organization will fail.”

A Message to Recruiters: Look for Candidates with Soft Skills

While cyber career aspirants should invest in gaining leadership and management skills, cybersecurity recruiters would be wise to consider a broader background when hiring—notably soft skills such as leadership, communication, and teachability, not just technical aptitude.

Organizations that focus on hiring coders and “tech jockeys” miss the boat. “We have a huge leadership void in the field,” said Hasib. “When you look at all the breaches, it may appear as if it was a technology issue, but it was almost always never the technology. It was leadership and strategy that was lacking.” Recruiters should be looking at what a candidate can learn and whether they have the capacity for perpetual, perennial learning and innovation.

Learn more about the skills you need to launch a career in cybersecurity and gain additional insight from UMUC’s Mansur Hasib:

Combating Ransomware Attacks: The Reasons for Their Rise and the Ways We Can Prevent Them

As has been widely reported, a new wave of cyberattacks has hit Europe, possibly a reprise of the widespread ransomware assault in May that affected 150 countries.

Ransomware, typically delivered via malicious email or infected third-party websites, is a family of malware that either blocks access to a PC, server, or mobile device or encrypts all the data stored on that machine. Similar to a kidnapping or hijacking with a ransom demanded in return for release, the perpetrator of a ransomware attack takes possession of valuable data or files belonging to individuals or businesses and then demands payment in the form of electronic currency called “Bitcoin” for their return.

According to a report earlier this year by NBC News writer Herb Weisbaum, citing the FBI, ransomware payments for 2016 are expected to hit a billion dollars compared to the $24 million paid in 2015. And that figure is expected to rise, with more victims and more money lost. Why the dramatic rise?

  1. Easier access to technology. Criminals have increased access to sophisticated technology to conduct these attacks. Even highly sophisticated tools developed by NSA and other similar advanced tools are now in the hands of criminals. Also, criminals are making continuous improvements to such technology, and have banded together to turn this type of crime into an organized business.
  2. Increased profitability. The business of ransomware has become highly profitable. Therefore, highly talented programmers are choosing to make this their profession— and they are making a lot of money in this way.
  3. Organizations are lagging in innovation. Arguably, the most important reason is that individuals and organizations are not paying attention to continuous improvement or innovation in the technology they use or the protection systems they have in place. Without innovation, such individuals become sitting ducks. Without innovation, regardless of how good your technology is, hackers will eventually get in. Because the probability of a higher payout with organizations is greater, criminals are targeting organizations at a higher rate. However, everyday computer users are also being targeted.

Shegoftah Nasreen Queen (SNQ), Bangla Service, Voice of America, recently interviewed Dr. Mansur Hasib, program chair, Cybersecurity Technology, The Graduate School at the University of Maryland University College, to learn more about the reasons for the rise and solutions for combating this pervasive cyber threat. Read the full interview.

The Internet of Things Is Changing the Way We Live—Should We Be Worried?

The Internet of Things (IoT) is on the rise, and so are the threats associated with the interconnectedness of our devices. Eighty four percent of organizations that have adopted IoT report experiencing at least one IoT-related security breach—and 93 percent of executives expect IoT security breaches to occur in the future—according to a February 2017 Aruba Networks study. Malware, spyware, and human error are the most common problems the study also reported.

It’s widely accepted that the number of IoT security breaches will only grow in the near future. To quote a 2016 Forrester Research report: “When smart thermostats alone exceed one million devices, it’s not hard to imagine a vulnerability that can easily exceed the scale of other common web vulnerabilities, especially if multiple IoT solutions include the same open source component.”

IoT affects everyone, not just large corporations with industrial equipment. From smart thermostats to smart refrigerators, dishwashers, and washers and dryers, we’re all part of the landscape and vulnerable to threats.

What are we to make of the proliferation of the IoT and how concerned should we be?

For answers, read the white paper by Balakrishnan Dasarathy, UMUC collegiate professor and program chair for information assurance, The Graduate School.

Bridging the Gap for Women in Cybersecurity : Five Questions for Loyce Pailen, Director of the University of Maryland University College Center for Security Studies

Women hold 56 percent of all professional jobs in the U.S. workforce, but only 25 percent of IT jobs, according to the National Center for Women and Information Technology. And among women in IT, only 11 percent work in information security, reports the Women’s Society of Cyberjutsu (WSC).

Earlier this month, on March 8, we celebrated International Women’s Day, so there is no better time to explore why this deficit exists and, perhaps, offer some solutions to help expand the pipeline of women in the cybersecurity field.

LoyceUMUC’s Cyber Connections caught up with Dr. Loyce Pailen, director of the Center for Security Studies and a cybersecurity pioneer with more than 35 years of wide-ranging experience in software development, project management, telecommunications, risk management, and network and systems security and administration. She shares her thoughts on the future of women in cybersecurity.

CC: For starters, what keeps you up at night in the cybersecurity space? What should we be focusing on?

LP: During the 2016 presidential election, there was considerable discussion regarding cybersecurity issues that related to email servers, election hacking and nation-state cyber intrusions. As a cyber-professional, I was concerned that the media and politicians tossed around cybersecurity-related stories, terminologies and notions to a general populace that did not understand cybersecurity concepts well enough to make sense of what they were hearing and make intelligent decisions.

For those girls and women inclined toward technology, do not let any imaginary barrier stop you from entering the field. For those women in non-technical fields, embrace cybersecurity and make your positions more valuable to your organization or agency.

Nonetheless, this dilemma was a call-to-action for my second issue of concern, the dearth of skilled individuals to fill current and future cybersecurity workforce needs. Experts say that more than 300,000 jobs exist today—jobs that are vacant because, nationwide, we do not have people with the cybersecurity skills to fill them.

For the future, that number of openings will increase exponentially. For example, results of the eighth Global Information Security Workforce Study (GISWS) indicated that the projected workforce shortage would reach 1.8 million professionals by 2022 (ISC2). And forget about minimum wage jobs. Even at entry level, these are high-paying cybersecurity positions in the public and private sectors.

My concern is that we are not raising our children with the cybersecurity awareness and education required for the digital age in which we live. My call to action was to author a series of fun, illustrated children’s books on cybersecurity so that youngsters—and those who like to read to them—can grow familiar with cyber terms, technologies and careers. Just think where we would be today with cybersecurity workforce needs if Harry Potter were a cybersecurity person!

CC: Tell us a little bit about your career path, as a woman in the field, and the hurdles you’ve overcome?

LP: I’ve been out of the public and private sector for several years now, so some of the hurdles that I experienced in my career path to information technology and cybersecurity have faded. Only recently, I did reflect on the obstacles as I watched the movie “Hidden Figures” about African-American women at NASA entering the field of data processing.

It recalled the days of punched cards, Fortran programming, large mainframes, and the discrimination in the male-dominated field of information technology, and once again it became familiar. But the issues were never insurmountable. Dwelling on those problems tends to stifle one’s growth and productivity.

CC: What do you think canand shouldbe done to expand the cybersecurity pipeline for women and minorities?

LP: My entire career, both in information technology and in software development for a large media company’s circulation systems, has been male-dominated. My current concern after more than 30 years in the cybersecurity industry, it’s disheartening to see, is that the field’s male domination is still the same, and many of the issues that existed early on still occur.

The gender and racial imbalance was evident to me in workshop sessions I attended at a recent 2017 Black Women in Computing (BWIC) Conference at Howard University, where continuing racial concerns in the technology and cybersecurity fields dominated the conversations of up-and-coming female computer scientists.

I recently witnessed an amusing incident at the 2017 RSA Conference in San Francisco that underscored the male domination of cybersecurity. Possibly the largest conference in the cybersecurity arena with 40,000 attendees, the male domination was so overwhelming that the lines to the men’s restroom stretched down long hallways and, for once, women experienced no lines at all. I found this a refreshing turnaround from the traditional.

In its own way, the lines illustrated the male domination of the cyber field. More realistically though, I believe a quick analysis of each conference-speaker’s gender would also accentuate the imbalance.

CC: So, why do you think we are we still at this juncture?

LP: Unfortunately, outside of the fact that we have not done well educating our youth, I am not sure why, because it seems that when society wants to instill something in children’s minds and produce positive habits, we find a way.

Likewise, in the 1980s my daughter was influenced by the major campaigns directed at schoolchildren to “never smoke” or to “stop smoking.” She became part of a generation that never adopted the cigarette habit and that convinced their parents to stop smoking. I was a target of her campaign and it worked.

Connected with this behavior modification concept, the “CSI Effect” from the popular television show “CSI: Crime Scene Investigation” proved to have a profound impact on careers related to forensics science. So, why can’t we lobby for and create TV shows and campaigns that would be just as effective to support existing STEM, WIT, WIC, BWIC and other such efforts?

Rather than merely being consumers of tech products, we need to instill interest in their underlying technologies. And we need to fire-up the interest in cybersecurity for girls and other minorities.

CC: What advice and encouragement would you offer women entering the cybersecurity field?

LP: My advice for anyone entering the cybersecurity field is simply to embrace the multi-disciplinary and global nature of the careers in this arena. Of course, there is a need for highly technical workers who understand concepts like secure software development, secure systems, networking and cloud computing, access control, incident handling and cyber defense.

However, cybersecurity is part of everyone’s job nowadays. Individuals in the fields of human resources, accounting and finance, law, health care, marketing, management and the like all have an obligation to understand the impact of cybersecurity on their careers.

For those girls and women inclined toward technology, do not let any imaginary barrier stop you from entering the field. For those women in non-technical fields, embrace cybersecurity and make your positions more valuable to your organization or agency. I encourage them to seek education, training and certification opportunities to “bolt-on” cybersecurity knowledge and learning that will enhance their current careers.

Roadtrip Nation and UMUC Kick Off Cross Country Cybersecurity Adventure

Roadtrip Nation

UMUC teams up with Roadtrip Nation to shine a light on this century’s most exciting and challenging career field – cybersecurity.

Jobs in the cybersecurity sector have increased by 73 percent over the past five years, making it one of the hottest career fields for America’s students and young adults. Recent headlines about cyber warfare, cyber crime, and cyber espionage demonstrate the need for qualified professionals with the skills to succeed in cybersecurity—a field that is growing 12 times faster than the average American industry.

That’s why career exploration organization Roadtrip Nation and University of Maryland University College (UMUC) are teaming up to send three people interested in cybersecurity on a three-week road trip across the nation. The journey—termed the “Cybersecurity Roadtrip”—will be filmed and produced into a one-hour documentary, set to air on public television in 2017.

The Cybersecurity Roadtrip launched officially on November 27, 2016, in New York City. Next up is a celebratory kickoff event at UMUC and the National Cryptologic Museum in Maryland on December 2. Winding their way across the country with highlighted stops in New Orleans, Austin, and Los Angeles, the road-trippers will book and conduct a slate of in-depth interviews with leaders from different specializations within the cybersecurity field.

Candidates selected for the opportunity have unique backgrounds and challenges, but all possess a passion for cybersecurity. Mansi Thakar is pursuing a master’s degree in cybersecurity, Emily Cox recently discovered a love for the field after attending an immersive coding boot camp, and Antwan King is enrolled in a master’s program in digital forensics and cyber investigation. On the journey, they expect to find new mentors and explore the diversity of career paths available within the field.

You can learn more about Roadtrip Nation, known for its New York Times best-selling career guide, award-winning documentary television series, and acclaimed classroom curriculum at roadtripnation.com and roadtripnation.org. To stay up to date on the journey, follow @RoadtripNation, @UMUC, and #CybersecurityRoadtrip on Twitter.

Cyber Awareness Month Recap and Launch of Guide to Cyber Experts

We’re kicking off November with a recap of our National Cyber Security Awareness Month postings and an announcement. On Nov. 4 we launched our Guide to Cyber Experts.

First, a little about the guide, which serves as the go-to resource for members of the media covering all facets of cybersecurity. It contains biographies of UMUC faculty experts and their specialized areas of interest. Guide users can find an expert on a wide array of cybersecurity-related topics, view more detailed information about each expert and schedule interviews.

UMUC experts featured in the guide focus on a range of areas, including:

  • Cybersecurity in healthcare and education
  • Legal and policy aspects of cybersecurity
  • Cybersecurity job landscape and careers
  • Cybersecurity and critical infrastructure
  • Computer hacking
  • Internet of Things (IoT)
  • Computer and network forensics
  • Secure software engineering
  • Current threatscape
  • Cybersecurity innovation, governance and digital strategy

And, in case you missed them, each week during the month of October we shared tips, best practices and information to help you protect your data and personal information and become more aware of cybersecurity issues in our daily lives.

  • Week 1: We launched the month with “Hack” to School, a series of tips for middle and high school students―and parents―to help them protect their identity when using smart phones, computers and social media. Check out our top-8 list of security tips and best practices from University of Maryland University College (UMUC) cybersecurity faculty.
  • Week 2: We shared our Five Proverbs to Live By. Remember those sayings you learned growing up? Valorie King, UMUC’s program chair and collegiate associate professor for cybersecurity management and policy (CSIA) advised us that those same proverbs apply to staying safe in cyberspace as well. Find out how the sayings we use to guide our children in the real world also can be applied to helping us steer away from trouble on the Internet.
  • Week 3: We shifted our focus to the professional world by offering 5 Action Items to Secure the Workplace. Cyber threats are increasing in number and sophistication. Balakrishnan Dasarathy, UMUC professor and program chair, cybersecurity and information assurance, discusses the five specific areas where organizations can minimize their vulnerabilities and exposure to threats.
  • Week 4: Finally, as a run-up to the 2016 Presidential Election, Balakrishnan Dasarathy returned to address the question: “Can Our Elections Systems Be Hacked?” What you’ll discover is that a closer examination of our election system gives us a more complete picture of the prospect of a hack and any related trust issues.

To contribute to Cyber Connections, please contact Alex Kasten at alex.kasten@umuc.edu.

Embracing Cybersecurity Awareness

We’re about halfway through National Cyber Security Awareness Month. I wanted to talk about the importance of securing your perimeter of online and network usage. Users tend to assume that security is an on-off switch that can be controlled or activated when and as often as needed. Experts in the cybersecurity industry are aware of this misconception. It is not sufficient to activate anti-malware and anti-virus software updates; it is also eminent to update the underlying operating system — especially when working with cloud and big data-based enterprises, both private and public.

Additional awareness should be embraced and adopted not only on wired but also wireless infrastructure. It is not as easy, but care must be exercised when accessing sites which do not begin with “https” on their URL.

The most important element is self-discipline and caution when browsing sites, downloading files, and accessing unknown or unsure sources of email. Also, training and education should be routinely and continuously conducted to educate users, managers, and IT and system administrators to follow certain password guidelines and schemes.

System recovery, backup, and updates must be routinely performed. Also, additional security algorithms must be used and devised always to combat, lessen, or deter attacks. Users must be aware of pop ups, ads, adware, malware, spyware, social engineering, and shoulder surfing, a way in which people can look over a user’s shoulder to obtain passwords or information they are inputting on their devices.

Always be leery of where you are sending and downloading your private data, especially when using the cloud. As a cloud security expert, I promote awareness of using the cloud as a convenience– but always exercise care and be alert. It is the price we pay for technological civilization. A byproduct of technological civilization and advancement is cybercrime. As we advance our technologies, we must also be prepared to secure these technologies. As such, we must also be prepared to sacrifice convenience. This is a fact.

unnamedDr. Ihssan Alkadi is an adjunct professor at UMUC and is on the faculty at Southeastern Louisiana University in the Computer Science Department. Dr. Alkadi received his B.S. in Computer Science at SLU and went on to earn his M.S. in Systems Science and his Doctoral degree in Computer Science from Louisiana State University (LSU). His areas of expertise include software engineering, and Internet, HTML, and operating systems testing. His research interests include testing in object oriented systems, systems validation, and system verification. His current research is in cloud computing security and cybersecurity.