Threat Level: Constant
Brian Levine says the UMass Cybersecurity Institute’s work is “security for the common good.”
Make no mistake, we live in an increasingly interconnected world, and the technology that makes that possible is always under threat from those who would mine, expose, and exploit data — often in life-altering ways. So while it’s no surprise that the cybersecurity field is rife with job opportunity, exactly how much opportunity (a half-million open jobs nationally, according to one study) may still raise eyebrows. Area universities with cybersecurity degree programs hope those statistics also raise interest in a challenging field that offers good pay and the chance to do some truly meaningful work.
It’s impossible to envision a world that doesn’t need cybersecurity, Brian Levine said, and that’s not exactly good news.
“I don’t think there’s any way this will go away, unfortunately,” he said, after listing common threats ranging from malware and ransomware attacks to massive breaches of consumer data. “It’s an ever-present problem. So what we do here is really important.”
He was referring to the UMass Cybersecurity Institute on the Amherst campus, which launched in 2015 with the mission of advancing what it calls “security for the common good,” said Levine, the institute’s director. For example, he has worked over the past decade to build tools used by law enforcement around the country — and the world — on cases of internet-based child sexual abuse (for example, the sharing of exploitative photographs).
“That’s a privacy issue, and a forensics issue,” he said, stressing that the institute’s researchers never lose focus on the human benefits of their work — in other words, it’s never just a technical exercise.
“The courses we offer are influenced by research that we do,” he went on. “We have a lot of pride in moving the research we’re doing into the classroom.”
That high-impact work is appealing to many who enter this profession, but one of the most obvious draws is the career opportunity. Matt Smith, director of Cybersecurity programs at Bay Path University, noted that a half-million jobs in cybersecurity are open across the U.S. — more than 20,000 of them in New England, and roughly two-thirds of those (13,389, according to the national CyberSeek research project) in Massachusetts — the 12th-highest total among all U.S. states.
“The industry is changing so rapidly.Turn on the news — one day they’re talking about ransomware, another day it’s the Colonial Pipeline attack … it’s all about security. So, workforce in this industry is in demand.”
“The industry is changing so rapidly,” Smith said. “Turn on the news — one day they’re talking about ransomware, another day it’s the Colonial Pipeline attack … it’s all about security. So, workforce in this industry is in demand.”
That’s the other side of the ‘bad news’ coin — at least for people who want to make a career of defending against threats that will only continue. “It’s real job security, with high starting salaries. You’re going to retain employment and have opportunities to upscale.”
Reflecting the many different niches in cybersecurity, Bay Path offers three undergraduate degrees in the field — digital forensics and incident response, information assurance, and risk management — as well as a master’s degree in cybersecurity management.
“We renew the courses every time we go live, sometimes two times a year,” Smith said. “Every time it’s being presented to another cohort, we look at the information being presented and decide if it’s still applicable, or how it can be improved upon.”
Matt Smith says the constantly evolving nature of threats means job security and advancement opportunities for today’s cybersecurity professionals.
For example, “the Colonial Pipeline incident hadn’t happened two years ago — so, let’s talk about that this year and remove something else from the course. We’re always going through the courses, tweaking them, fine-tuning them, and I think that sets us apart from other universities. We handpick the material we incorporate, and we update it, and we use the best forensic software we can.”
And that’s a challenge, said Beverly Benson, Cybersecurity program director for the American Women’s College, Bay Path’s all-online arm, which offers intensive, accelerated versions of the undergraduate cybersecurity programs taught at the main campus.
“I am constantly doing research on threats, making sure my curriculum and content is fresh, because the reality is, those individuals who are trying to attack systems, they don’t take vacations,” she told BusinessWest. “We need to stay abreast of everything to make sure students are getting as up-to-date a curriculum as possible.”
The industry’s constantly evolving nature makes it attractive to many career seekers, she added.
“It’s not a repetitive type of field. There may be a framework to adhere to, but as technology advances, so does the work that needs to be done. Our world is becoming more connected and interconnected, and data is everything. Think about the gadgets in our homes — even washing machines, dryers, and stoves are connected to the internet. We need people to understand how to keep that data safe.”
For that reason, Benson went on, “cybersecurity touches everyone, whether it’s healthcare, financial services, food service, the travel industry, the Department of Defense, you name it. We’re a very interconnected world, and we’re able to do things faster because of data — so we need to protect that data, whether it’s at rest, in transit, or in use.”
Levine listed a number of ways the cybersecurity research — and classwork — at UMass affects real people.
“One professor looks at ensuring that people have censorship-free access to information on the internet, which can be very important if you’re a dissident in a country that has censored or filtered it,” he said. “Another professor works with differential privacy, and his technology is being used by the U.S. Census.”
That term refers to technology that allows the government, corporations, or anyone else to release statistical information while not exposing people’s individual data.
“It’s not a repetitive type of field. There may be a framework to adhere to, but as technology advances, so does the work that needs to be done. Our world is becoming more connected and interconnected, and data is everything.”
“One problem with studies that collect information about you and release it later is the possibility that someone’s personal details can be inferred by looking at the data set,” Levine said, noting that differential-privacy measures ‘fuzz’ the information so the statistics are accurate, but don’t reveal information about any one person.
“We have courses on what some people call ‘ethical hacking’ — how to analyze a computer for its vulnerabilities and learn to defend those vulnerabilities. It’s teaching students to be white hats,” he explained, adding that other classes delve into reverse-engineering security, digital forensics, ethics and law, and securing distributed systems — which, these days, means cryptocurrency.
“Cryptocurrencies are one of the hardest challenges — no one is in charge, and people are exchanging things of value,” Levine said, adding that, whatever the topic, UMass brings in experts with practical experience in the field to teach students. “We don’t want everything taught from an ivory-tower point of view. And we want to teach techniques that will survive past graduation in a quickly evolving field. It’s not just computer science.”
At the American Women’s College, Benson said the average age of a cybersecurity student is 35, many no doubt drawn by the expansive opportunities in the field. “We have career changers, we have people in IT fields who are looking to specialize, and some are new to it, looking to learn more about cybersecurity and join the workforce.”
She’s also gratified that the program is making a small dent in what is currently a male-dominated workforce, to the tune of 80%. Part of the pitch, she said, is the reality that work in this field is wildly varied.
“We have the opportunity to demystify cybersecurity,” she said. “I explain to our women that cybersecurity is more than someone being in a basement coding. Part of cybersecurity is things like risk management, which can be a more consultative approach, helping someone understand assets, risks, and how to protect against vulnerabilities. Those are not technical skills; those are essential business skills.”
Smith agreed. “This hits on financial services, healthcare, government, you name it. Every industry has been affected in one way or another by cybersecurity.”
He should know, having worked in a number of sectors, ranging from the Pentagon to the financial-services world, and he often calls on professionals who actually work in those fields to bring their real-world expertise to Bay Path students. “A lot of programs are computer-science-driven; they’re experts in coding and programming. When you jump into cybersecurity, it’s a different animal.”
Introducing more women into the field, and all the sectors it influences, would be a healthy development, he said.
“I’m the program director, but also their cheerleader,” Benson agreed. “They know my motto is ‘dare to dream,’ and having a diverse workforce will bring about diversity of thought, diversity of problem solving, diversity in the ways people will collaborate. And I think that’s so needed.”
Another needed element is networking and making connections in the field early, Smith said. Many Bay Path students take advantage of a Mass Cyber Center mentorship program, working with large companies like Baystate Health, Travelers Insurance, and MassMutual.
“Networking doesn’t happen only when you go to conferences,” he said in explaining the value of such programs. “And most employers, after an internship, offer something on the spot — they’ll say, ‘please, when can you start?’”
That’s huge for new graduates, who typically enter the work world in significant debt. “We’re one of the industries that actually tackles that cohesively. We’re actually getting them employed at a very high-level-paying job, thus cutting down on student debt,” Smith noted, adding that a graduate’s employer will often pay for further education as well.
Speaking of connecting students with careers, the UMass Cybersecurity Institute recently secured a renewal of its CyberCorps Scholarship for Service program, sponsored by the National Science Foundation, which began in 2015.
The latest grant will support approximately 31 scholars at the undergraduate and graduate levels in the university’s computer science and electrical and computer engineering degree programs by offering them full tuition and fees, a stipend ranging from $25,000 per year for undergraduates to $34,000 per year for graduate students, and a professional-development fund for one to three years of their degree program. In addition, students complete an internship at a federal agency during the summers and, upon graduation, work full-time at a federal agency in a cybersecurity role for one to three years at full pay and benefits. Then they’re free to move on, but many don’t.
“We’ve done this for 34 students already, and the vast majority have stayed in the government after their service period is up,” Levine said, noting that federal opportunities range from working at the Pentagon to protecting land and wildlife with the Environmental Protection Agency; from tracking down cybercriminals with the FBI to joining the Cybersecurity and Infrastructure Security Agency, which swoops in to manage ransomware attacks.
“This program will help create a new generation of cybersecurity professionals and researchers to address novel and challenging problems facing society,” said Sanjay Raman, dean of the College of Engineering at UMass Amherst. “These students will help to modernize the executive-branch workforce, advance science and technology at government laboratories, and secure our national defense.”
It’s that kind of real-world impact that inspires those who teach the next generation of cybersecurity pros.
“This is why I get up in the morning,” said Bay Path’s Smith, who worked in counterintelligence around the time of 9/11 and remembers how the world changed. “We did a lot of things to protect our country, and I’m proud of that. Now, I want to give back to the students and help them pick up some of the stuff I’ve learned, so they can excel in a workforce that’s begging for anybody with interest in their field.”
His job, and that of his department, is to stay at the forefront of developments in the field — and, again, they are constant — and continue to hone and evolve the program so it remains relevant and on the cutting edge.
“We want our students to stand out in the industry and get hired,” he said. “And we’ve been very fortunate — our students are landing some amazing jobs.”
Joseph Bednar can be reached at [email protected]