You know that new app everyone’s talking about? Be careful, you could get hacked if you download it. And watch yourself if you use an ATM at the gas station, pay any bills online, or even open an email, because your digital data could be at risk.
Do these warnings sound familiar? It’s hard to get away from them, but as more of our lives move online, the importance of cybersecurity grows.
It’s an intense challenge for the good guys and gals working to stay a step ahead of new age ne’er-do-wells who want to do damage with your personal data. But with challenge comes opportunity, as there are currently close to 2,000 cybersecurity job openings in Nevada alone and a national need of more than 300,000 trained workers.
UNLV’s College of Engineering has heeded the call in recent years, creating a Cybersecurity Center to coordinate research, education, and workforce development efforts in the booming field. The center’s efforts include an information assurance concentration through its computer science department for aspiring cyber detectives, giving them the skills they need to become leaders in cyber defense.
In June, the program earned high praise from the federal government as it was designated a National Center for Academic Excellence in Cyber Defense Education. The honor, given by the National Security Agency and Department of Homeland Security, recognizes robust university programs in cybersecurity research and education, including those programs’ efforts to address a severe workforce shortage in the field.
To learn how UNLV is advancing cybersecurity education – including the nuances of training students to stay a step ahead in a high-stress, rapidly evolving environment – we caught up with computer science professor Juyeon Jo, a leading expert on cybersecurity and coordinator of UNLV’s information assurance program.
UNLV received a seal of approval from the federal government as a top choice program in cybersecurity. How will this designation help UNLV build its research and education efforts?
Nationally, there are so many cybersecurity education programs with different specialties and focuses, which can make it difficult for students to choose a qualified program.
This designation puts UNLV – the only four-year institution in Nevada to earn it – on the radar of those who look for high-quality cybersecurity education.
Though the field of cybersecurity is growing, many new graduates who want to get into the cybersecurity field struggle despite the presence of so many job vacancies. The old adage really plays in this field: "Without experience, they cannot get a job. Without a job, they cannot get experience."
Although nothing can substitute real-world experience, designated institutions are the closest alternative in breaking this chicken-and-egg cycle. The recognition is not made of just coursework. It offers a combination of all foundational courses, virtual labs, physical labs, internships, cyber competitions, student clubs, certifications, community engagements, seminars, advanced research, etc. That's why the graduates of recognized programs are highly valued.
The recognition isn’t just a big deal for student recruitment; it will also make UNLV more competitive in funding processes and open a door to more funding opportunities. This designation isn’t just for computer science, it’s for the university, so anyone from the UNLV community can benefit from it.
What's the biggest challenge you face in preparing students for careers in cybersecurity?
Cybersecurity is a rapidly changing field. New high-profile attacks decorate the news headlines almost every week, and it’s so important to keep up with the new developments to ensure systems are properly protected.
At the same time, understanding the foundational knowledge and applying it thoroughly is just as important. It’s one thing to talk about the newest attacks to look cool, but what’s the point of defeating a new attack that has just a 0.1% chance of wreaking havoc, while in the process ignoring traditional “boring” attacks with a 99.9% chance? The fundamentals are important, and there’s so much for our students to learn over four years.
In cybersecurity, hands-on skills in a real environment is also critically important. It may seem easy to detect an attack in a lab environment, but in the real world, cyber attacks may not be that obvious and one solution certainly does not fit all.
The cost of a mistake is huge, potentially costing companies millions or even putting them out of business. This is why we try to create robust programs that incorporate coursework and internships, community engagement, and more.
UNLV's academic program in cybersecurity is interdisciplinary, with engineering and computer science blended with elements of law, public policy, and business. Why is this important?
When people hear about cybersecurity, they usually think about hackers, websites, or computers.
In reality, cybersecurity covers everything necessary to keep a users' data safe and keep systems running. This includes physical security, fire suppression, business continuity, compliance, auditing, human factors, policies, and more.
There is no set of rules hackers turn to achieve their goals; they’ll do whatever is necessary. If there is a weak point, the bad guys will exploit it, which stretches beyond a computer terminal and may include physically installing a backdoor on a USB drive or even dumpster diving. Systems security requires a holistic approach, not just from one aspect. Thus cybersecurity is interdisciplinary by nature.
The cybersecurity workforce is struggling to keep up with the demand. Why is it difficult to generate interest in this field, and how is UNLV succeeding here?
For years, there was a big gap between cybersecurity workforce demand and supply, with very few cybersecurity professionals earning a formal education in cybersecurity. Many in the field built their skills through self-learning or on-the-job training. This isn’t as much of an issue today.
What we’re seeing now is companies struggling to fill cybersecurity positions at more advanced professional levels, not at the novice level. So the challenge for candidates is how to get past the novice stage and enter the job market for experienced professionals. Our students, with the federal designation, have a leg up in this transition over students from non-designated institutions. The seal of approval can give the companies assurance and make them feel more comfortable in hiring our graduates.
When we recruit, we also look for students outside of computer science. The demand for computer science graduates is hot and they can get a high-paying job very easily. This creates an internal competition with cybersecurity, but as an interdisciplinary domain we don't need to stick to computer science. We broaden our reach to other departments, and we’re exploring new interdisciplinary programs possibilities in the field.
News of threats and data breaches in business, government, and even utilities pop up daily. As soon as solutions are devised, new challenges arise. How do cybersecurity professionals stay ahead?
This is a very challenging field. New attacks are coming up all the time, and new defense methods are developed periodically. Success requires constant training, research, and self-learning.
It’s important to note that cybersecurity is a community effort, and the community of cybersecurity peers finds a solution rather quickly when an attack occurs. So, the fight process is usually the other way around, i.e., as soon as new attacks are devised, new solutions arise. And a lot of these processes are automated, for example, through patch management. The job for the cybersecurity professionals requires making sure that these processes work properly.
Why should large and small business, nonprofits, and governments prioritize cybersecurity?
A cyber attack is a bit like a car accident. Until an accident happens, everything looks ok. But if you have a 50/50 chance of a car accident when you leave your house in the morning, what would you do?
Many organizations are not paying enough attention to cybersecurity and have a false belief that they won't become a victim. But when it happens, there are severe consequences. If critical data falls into the wrong hands or becomes unavailable, businesses cannot function properly, financial damage occurs, and companies may go out of business.
The tide is turning though, and the demand for professionals at all levels, particularly senior levels, is evidence of that. We’re proud to play a role in developing a more robust cybersecurity workforce and knowledge base for Nevada.