University of Maryland Global Campus (UMGC) faculty offered insights and advice on technology trends and job opportunities during the recent 鈥淐ybersecurity Here and Beyond鈥 webinar event open to the general public.
Faculty panelists also discussed bad actors, ethical hacking and how aligning curriculum with workforce needs and emerging technology helps close the cybersecurity skills gap. The Oct. 12 event was hosted by 兔子先生and moderated by Loyce Pailen, senior director of the university鈥檚 Center for Security Studies.
鈥淢ost jobs in cybersecurity are offensive, such as penetration testers, and defensive, such as analysts defending networks,鈥 said Jesse Varsalone, collegiate associate professor of cybersecurity technology. 鈥淚n curriculum, teaching offensive tactics helps students learn how an attacker works and exposes them to the importance of forensics.鈥
Forensics examinations鈥攐r knowing where and when a hacker gets on the system鈥攊s key to understanding how to be a better defender. 鈥淟ooking at event logs, scheduled tasks and registries for certain entries are tactics that we emphasize,鈥 Varsalone said.
Ethical hacking is also a big part of the cybersecurity workforce.
鈥淐ompanies depend on ethical hackers to identify vulnerabilities on their systems so that they can implement the right safeguards to secure their systems,鈥 said James Robertson, program director of Cyber Operations master鈥檚 degree program at UMGC.听
Robertson discussed the disconnect between what is sometimes taught in university cybersecurity programs and the skills needed in the workforce. He emphasized the critical need to mesh curriculum with the Cybersecurity and Infrastructure and Security (CISA) to narrow that cyber workforce gap.
鈥淎 cyber operator, for example, must be able to collect information, exploit targets of interest, navigate networks and do forensic analysis,鈥 he said. 鈥淭here's a certain skillset that goes with that role and we must make sure we're aligned with this skillset so that our students are studying these areas.鈥
In addition to technical roles, Robertson said there is a need to develop more聽cyber policy聽thought leaders.
鈥淲e must promote a greater understanding of how to manage cybersecurity analysts, which will be important over the next few years as we start using more artificial intelligence (AI) and machine learning (ML) to identify attacks,鈥 he said.
Participants at the event agreed that AI has been a significant enhancement to cybersecurity.
鈥淭raditional cyber controls, such as demilitarized zone (DMZ) networks and multiple firewalls, which all companies implement to secure their systems, have evolved over the years with the introduction of AI and machine learning tools in the fight against cyberattacks,鈥 said Patrick Appiah-Kubi, program director for UMGC鈥檚 Cloud Computing, Cybersecurity and Computer Networking.听
He noted that cloud security has improved with the use of AI and machine learning tools and has prompted a shift in cybersecurity programs, adding a new focus on AI, machine learning and cloud security.
鈥淚 see a lot of companies making strides in social engineering and tools that help identify unusual behaviors, even on the part of users determining if it鈥檚 the user doing something or an attacker,鈥 said Appiah-Kubi. As a trend, cybersecurity has progressed with newer skills and newer technologies and newer opportunities in education.
A main area of cybersecurity in need of improvement is security controls for devices connected to the internet, according to Varsalone.
鈥淚f you take a look at my house, I have Alexa devices, a garage door opener, a thermostat 鈥 all devices connected to the Internet,鈥 he said. 鈥淎ll of these connected devices are harder to control because so many different types and functions are being added to the game.鈥
While stressing that 鈥渢here is no magic bullet,鈥 Varsalone pointed to the National Institute of Standards and Technology (NIST) Framework for cybersecurity standards as a starting point as companies work to reduce cybersecurity risk to critical infrastructure and industrial control systems.
One of the greatest future threats, according to Appiah-Kubi, will target industrial control systems, critical infrastructure and data.
鈥淚magine if an attacker takes control of the air traffic control system or if an attacker injects a poisonous liquid through a water treatment system,鈥 he warned.
Robertson, head of the Cyber Operations program, added that these types of threats will dovetail with political and geopolitical issues. 鈥淪tate actors attacking infrastructure will bring about the rise of smart cities and the automated analysis of everything through AI based systems,鈥 he predicted.
Share This