7 minute read

Moving Target

Next Article
Your Letters

Your Letters

MOVINGFocused on opportunity and student success, Utica’s cybersecurity programs are keeping pace with a rapidly changing industry. TARGET.

When Andrew Carr arrived at Utica University as a student almost twenty years ago, the 9/11 terror attacks were still fresh in everyone’s mind. The profound effect that the resulting global war on terror had on American society resonated deeply within the domain of law enforcement education. Newer fields like cybersecurity, still in its infancy on that fateful day in 2001, largely followed the course of these historical currents. Now an assistant professor and director of Utica’s master’s program in cybersecurity, Carr was in the founding cohort of the cybersecurity major when it launched in 2007. At that time, the program was laser-focused on national security, and with good reason. “Utica University students sought careers in law enforcement or intelligence to help defend against threats to our way of life. At the time, the public sector was typically the main employer of cybersecurity professionals and terrorism was everyone’s main concern,” says Carr. “The private sector was not a significant focus of Utica’s cybersecurity program in those early days.” Part of the reason for this was the establishment of the Department of Homeland Security and other institutional resources created as a direct response to 9/11, such as the National Counterterrorism Center and the Directorate of National Intelligence. The federal government needed a large cadre of skilled, highly trained professionals to bring these new agencies online and pursue the goal of keeping America safe. Other concerns drove the public sector’s call for cybersecurity professionals as well. As methods and practices became more sophisticated, law enforcement agencies were increasingly turning to digital forensics to aid in the fight against white collar crime, child trafficking, and other domestic threats. The cybersecurity curriculum at Utica was designed in large measure to prepare students to meet this demand.

26

Leslie Corbo and Andrew Carr have been instrumental in developing Utica’s cybersecurity program to meet today’s demands.

Carr’s own experience underscores this dynamic. As a student, he completed an internship with the Utica Police Department under the supervision of his now-colleague Professor Anthony Martino. His first job was as a computer evidence specialist at Onondaga County’s Wallie Howard Jr. Center for Forensic Sciences in Syracuse. “Many of the people I graduated with currently hold positions in government at both the federal and state level,” Carr says. Dr. Leslie Corbo, associate professor of cybersecurity and director of the undergraduate program, began her career in the private sector working for a global defense contractor. When she arrived at Utica as an adjunct in 2012, an important focus of the program was on cyberwarfare and intelligence collection in support of the U.S. Department of Defense. “The government was focused on finding and shutting down resources used to fund terrorism. That focus was at the forefront of our program, and our students were supporting military and law enforcement installations. Our curriculum prepared graduates for work in government entities and defense contractors,” says Corbo.

The Big Shift

But as the years passed, the focus of cybersecurity gradually began to shift. While counterterrorism and national defense remain important priorities, the private sector has increasingly emerged as the terrain upon which many cybersecurity battles are fought in the modern era. With the monumental growth in commercial activity via the Internet over the past two decades and an ever-greater reliance on digital technologies to support day-today operations, private businesses and non-profits have become the targets of a growing onslaught of highly sophisticated cyberattacks by shadowy criminal enterprises and non-state actors. This has prompted a dramatic increase in private sector demand for qualified cybersecurity professionals capable of meeting

27

these threats head-on. “Cybersecurity is no longer a career almost exclusively housed in government agencies and defense contractors. Every organization needs cybersecurity,” says Corbo. This is not something that can be addressed by a single employee or a handful of consultants, she says. Private enterprises now need a range of capabilities, including incident response teams, network defenders, cloud security specialists, threat analysts, and employees who can assess and manage risk in their cybersecurity space. “Organizations of all sizes are investing in in-house cybersecurity departments with their own threat hunting and forensics teams,” Carr says. “The number of open positions for private sector cybersecurity employees is now more than ten times that of the public sector.” The tactics are changing as well. Now more than ever before, ransomware is becoming the weapon of choice for cyber criminals. “Ransomware has changed the landscape of cyber threats significantly, and now every organization must be aware of and prepare for cybersecurity incidents and the threat of data theft. Average ransoms are now in the millions of dollars,” says Carr. Ransomware attacks are not limited to larger organizations. Targets run the gamut from small physician’s offices to Fortune 100 companies, and the number of attacks is steadily increasing – the average number of cyber attacks and data breaches rose more than 15% in 2021 over the previous year, according to Forbes.

A New Focus

The cybersecurity program at Utica University has leaned into this change in focus, updating the curriculum to better prepare students for an amorphous, ever-evolving battle. “Both the undergraduate and the graduate cybersecurity programs have undergone complete overhauls

Corbo and Carr, along with Stephanie Nesbitt, Dean of Business and Justice and Associate Professor of Risk Management and Insurance, brainstorm ways to improve coursework for students.

28

“We’re asking employers the simple question, what do you want in a new employee with your organization?”

Leslie Corbo, D.Sc. Associate Professor of Cybersecurity

to focus on the skills necessary for careers in the private sector. The curriculum is now focused on preparing students for roles that are highly rewarding and in high demand,” Carr says. Corbo describes a proactive process of listening to industry experts and potential employers to determine what skills and capabilities are in demand. “We’re asking the simple question, what do you want in a new employee with your organization? We’ve used supply and heat maps to determine what job openings are available, and what skillsets and knowledge these jobs require. From there, we’ve developed a top-notch program with specializations that reflect current needs,” she says. The list of specializations now includes digital forensics and incident response, cybersecurity operations, and cybercrime and fraud investigations. In addition, the program has integrated a suite of exercises and digital badging from the industry-leading RangeForce training platform as well as certifications from CompTIA. Also, the program leadership and most of the faculty come from long careers in both the public and private sectors. They remain active in their pre-existing professional networks and are able to keep their finger on the pulse of what’s needed in the real world.

Soft Skills

Carr says a key part of the program is developing skills that are transferrable between jobs, industries, and sectors. Technical skills are important, but they vary from position to position. Employers are also looking for what he refers to as “soft skills”: perseverance, adaptability, and good communication skills. This last item is particularly important in the private sector. “Much of the work involves relaying technical information to non-technical people,” says Carr. “Our students need to be able to properly convey cybersecurity risks and resolutions to these people in a way that they can understand so they can take appropriate action. You can be the best analyst in the world, but if you lack those interpersonal skills, you won’t be valuable to your organization.” “Many times, cybersecurity practitioners act as the conduit between the technical and non-technical teams,” Corbo says. “We need to be able to speak both languages. Many employers tell us how much they appreciate our students’ ‘soft skills’. The students work on these skills from day one, and it shows.” Like many programs at Utica University, the cybersecurity major and master’s program have managed to keep pace with a rapidly changing industry by focusing on new career opportunities as they emerge. More than anything else, it demonstrates the strength of Utica’s mission and the salience of its promise to prepare students for a future beyond their imagining. “Early on, many of our students wanted to help save the world,” says Carr. “This was noble then and remains so today. But many now realize that there are more opportunities for success and advancement in the private sector, at a compensation scale that dwarfs that of the public sector, and so students are being drawn toward that path. Our job is to get students career-ready, and we will do whatever it takes to accomplish that, even if that means rewriting our entire program again and again in the years ahead.” 

29

This article is from: