Fifteen Cyber Questions
When three middle school students asked me about cybersecurity, I couldn’t shut up.
A few weeks ago, a trio of 8th graders from Eastern Middle School in Silver Springs, Maryland, were doing a project for their Media class. The task was to conduct and record an interview with a professional by asking questions about themselves, their work, and their connection to a topic. The winning documentaries will be showcased online later in the year on C-Spans Website. Their topic was cybersecurity. The students searched on Google for the top cybersecurity and data privacy experts, and miraculously, my name was one of the names that appeared.
It was a great meeting and interview. I told the students that their questions were the type of questions educators love to hear from such a young group. Part of learning about technology is understanding the benefits of technology and solving the problems that new technologies may bring about.
After the interview, I told the students I would send them a copy of my answers, albeit a more concise and informed version of my ramblings. Other students, as well as adults, could learn from this discussion.
1. What got you interested in a career in cybersecurity and cybersecurity education?
This is a good question! The answer to that is two-fold. I became a teacher because my natural talent, communicating with people, would best serve the people of my community as a teacher. I had a lot to tell them to help them through their career. My second path will be offputting to some of you. I did not choose cybersecurity; cybersecurity chose me. Let me explain. I was introduced to telecommunications way back in the 70s. Communication technology is the only career I ever worked in. During that vast time, my job slowly morphed into cybersecurity. At Time Warner in the 1990s, I was a network analyst and disaster recovery manager. Nowhere in my job description did the word cyber appear. But if you read my duties, it describes the Security+ certification. We did not have the language for that at the time.
2. How does cyber security work? Did it have the same purpose when it was developed as it has today?
Cybersecurity was not a singular development. Like all technologies, it is a product of other technologies and developments. In other words, it was an organic growth. When things grow organically, they move along with their environment, adopting as it goes along, dependent on the day’s social, political, and technological advances. But even though it adjusts to the future, based on human input and habits, it cannot predict the future. It is important to know technology does not lead, it reacts to what society gives it. It is a counter-puncher, a very powerful counter puncher, but a counter puncher no more.
The technology runs at a pace faster than we can control it. This goes back to purposeful development. It never told us its purpose; it was just reacting and adjusting. We need to catch up on the technology because it was not intended, purposeful or planned. We are trying to catch up and embed safety into a system not designed and developed for data safety or the rules and laws of privacy regulation. We now have an entire industry trying to catch up to the technology. Hence the shortage of professionals and the dire state of cyber safety.
To illustrate the organic growth of cybersecurity, consider the evolution of automobiles. Initially, cars were designed simply to get from point A to point B, with little thought for passenger safety. As cars became faster and more common, the number of accidents increased. Society soon realized that speed without safety was a dangerous oversight. Thus began the race to retrofit cars with seatbelts, airbags, and other safety measures — additions that were not part of the original design but became essential as the understanding of their importance in the environment of busy, high-speed roads grew. Similarly, as our reliance on digital infrastructure accelerated, the need for cybersecurity emerged to safeguard the information highways we so frequently travel. Just as the automotive industry had to adapt to incorporate safety standards, the tech world is now playing catch-up, reinforcing the digital realm with security measures to protect users against the high-speed risks of the information era.
3. How has the rise of technology yielded data breaches and heightened the need for cyber security in recent years?
For the same reasons that I noted above, the rapid rise in technology was matched inch-by-inch, with the rise in criminal opportunities that the same rise presented. This is the bad part of technology! The person who invented the plane created the plane crash, and the person who invented the car also developed pollution. I am making these broad, almost metaphorical strokes here, but you get the point.
4. How much has data theft impacted the world, and how has it changed throughout the past two decades?
Identity theft, blackmail, financial theft, and a host of other ills because of data theft, has caused consumers to pay 10.2 billion dollars because of fraud last year (2022).
Data theft has indeed become a costly global epidemic, impacting not only financial but also personal and national security. Over the past two decades, the landscape of this threat has dramatically shifted due to the exponential increase in digital data creation and consumption. In the early 2000s, data theft was primarily a concern for large corporations and governments, but as the internet became more integrated into everyday life, the risk spread to small businesses and individuals. Cybercriminals have become more sophisticated, leveraging advanced technology to carry out large-scale breaches, ransomware attacks, and identity theft operations that can go undetected for months or even years.
The repercussions extend beyond immediate financial loss. The cost includes the long-term damage to credit scores, the emotional toll on victims, and the substantial resources spent on recovering from such incidents. The ripple effects can alter consumer behavior, as trust in digital transactions is undermined, prompting increased investments in cybersecurity measures. Companies now regularly update their systems, conduct regular security audits, and educate employees about phishing and other cyber threats. For individuals, it’s no longer a question of if their data will be compromised, but when and to what extent. The collective awakening to these threats has fueled the growth of an entire industry dedicated to cybersecurity, reshaping how we approach data protection and privacy in an increasingly interconnected world.
5. How have cyber security programs developed within the past 20 years?
I am assuming you are speaking about educational programs. CyberPatriot has been the largest contributer of the rise in interest in cybersecurity. For many years it was the only game in town, but there are other groups and organizations that are giving them tough competition. CTF are being sponcored and popping up all over the place. That is a sure way to gain interest. However, we are still falling behind where we need to be.
CyberPatriot indeed spearheaded the surge in cybersecurity awareness, particularly among the youth, setting a precedent for education and engagement in the field. These programs have evolved from niche competitions to a diverse array of initiatives aimed at cultivating the next generation of cybersecurity professionals. Capture The Flag (CTF) competitions have proliferated, offering hands-on experiences that challenge participants to solve complex security problems in real-time, thereby sharpening their skills and fueling their passion for the field.
However, despite these advances, the gap between the number of skilled professionals and the demand for cybersecurity expertise continues to widen. The threat landscape is evolving at a breakneck speed, with adversaries leveraging artificial intelligence and machine learning to carry out attacks. This has instigated an arms race of sorts, with cybersecurity programs not only aiming to educate but also to innovate, developing new ways to detect, respond, and preempt cyber threats. As industries and governments acknowledge the importance of robust cybersecurity measures, these programs are also shifting focus towards resilience — preparing systems and people to withstand and recover from cyber incidents. Yet, the challenge remains to scale these educational initiatives to outpace the ever-growing and changing cyber threats, ensuring that we are not just catching up, but getting ahead.
6. How have new technology and new technical advancements affected cyber security and has it brought positive or negative effects?
Obviously, technology has positive and negative effects. There are new ways of encryption that is tougher to crack. However, AI is being leveraged by both sides. Breaches can be detected easier, but there are still Zero day exploits, and the skills gap that will keep us on the negative side for the most part.
The advent of new technologies has indeed been a double-edged sword for cybersecurity. On one hand, advancements such as stronger encryption methods have fortified the barriers protecting sensitive data, making it increasingly difficult for unauthorized entities to penetrate defenses. The deployment of Artificial Intelligence (AI) and Machine Learning (ML) has revolutionized the detection and mitigation of threats, automating the identification of anomalous behavior and enabling rapid response to potential breaches.
On the flip side, these very technologies have also armed adversaries with sophisticated tools to discover and exploit vulnerabilities before they can be patched — these are the already mentioned, dreaded Zero-day exploits. Moreover, the complexity of new technologies often outpaces the ability of organizations to effectively implement and manage them, contributing to the cybersecurity skills gap. This shortage of qualified professionals means that despite having advanced tools at our disposal, there remains a deficit in the human expertise required to leverage these tools to their full potential. Consequently, while technology marches forward, offering new means of defense, it also presents new opportunities for attack, underscoring the perpetual cat-and-mouse game that is cybersecurity.
7. How do you think that cyber security can be strengthened across the board? (against data breaches and theft and other areas)
Patching systems, Control access points, cyber hygiene, multilayered security, best practices, these are all good ideas to implement. To bolster cybersecurity holistically, a multifaceted strategy is essential. Regularly updating and patching systems ensure that known vulnerabilities are addressed before they can be exploited. Controlling access points acts as the first line of defense, preventing unauthorized entry through stringent authentication and authorization protocols.
Cyber hygiene — educating and instilling good habits among users — reduces the risk of breaches from human error. Layering security measures, from firewalls and antivirus software to intrusion detection systems, creates a complex barrier that is more difficult for cyber threats to penetrate. Finally, adhering to established best practices provides a structured approach to security, ensuring that all potential weaknesses are covered. Together, these strategies create a robust security posture capable of withstanding the evolving threats in cyberspace.
8. What are some of the best ways to inform people about the importance of a cybersecurity?
As an educator, I have to ensure that students are taught about cyber safety in pre-school. Some kids learn how to use a computer before then. Also, cybersecurity should be paert of common core. It has to be embedded across all courses, just as reading and writing is. Cybersecurity is actualy that important.
Raising awareness about cybersecurity is crucial and should begin as early as possible. Introducing cyber safety concepts in pre-school capitalizes on the curiosity children exhibit when they first interact with technology. This early education can form the foundation of a lifelong understanding and respect for the digital world. By integrating cybersecurity education into the common core curriculum, we ensure that it becomes a staple of general knowledge, akin to reading and writing. This integration would not only prepare students to protect themselves but also to foster a mindset where cybersecurity considerations are as automatic as looking both ways before crossing the street. In a world where technology is ubiquitous, understanding the principles of cyber safety is indeed paramount.
9. Do certain electronics have better defenses for data privacy? Are data security apps reliable?
Cloud services are a good way to protect files, understanding threats and vulnerabilities go a long way also. Certain electronics and applications do indeed come with more robust defenses for data privacy, often due to the manufacturer’s focus on security and the inclusion of advanced features such as encryption and biometric authentication. Cloud services offer a level of security for file protection that is continuously updated to counteract emerging threats, which can be more effective than local storage solutions that may not receive regular updates. Additionally, the reliability of data security apps largely depends on their design and the reputation of their developers. A thorough understanding of potential threats and vulnerabilities is essential for users to navigate the digital world safely. By staying informed and vigilant, individuals and organizations can significantly strengthen their defense against breaches and data loss.
10. How easy is it for a person to learn how to hack and deal major damages to cyber security?
It is very easy. There are programs being sold on the dark web that can cause DoS attacks, like in Florida a few years ago, when a 16 year old took down one of the largest school distric in America. There is information all over the web for people and AI is right there to help. So, if a person is determined, they can become very destructive with little or no training at hacking.
If you look up the 20 greatest hackers of all time, I bet not one of them took any official or structured class on cybersecurity. They did not need to. The barrier to entry for hacking has indeed lowered significantly with the proliferation of tools and information readily available online. While once a realm of expertise only for the dedicated or academically trained, today’s interconnected digital world and the dark web marketplaces provide software and tutorials that enable even novices to launch serious cyber attacks, like Denial of Service (DoS).
The incident in Florida is a testament to this accessibility, showcasing how a teenager could disrupt an entire school district’s operations. Moreover, artificial intelligence (AI) platforms can now assist in identifying vulnerabilities and automating certain tasks that were traditionally done manually by hackers. This democratization of hacking knowledge underscores the need for robust cybersecurity measures and education at all levels to counteract these risks. It’s a stark reminder that while formal education in cybersecurity is invaluable, the practical knowledge to exploit or protect systems can be acquired outside traditional learning environments.
11. There are several cybersecurity companies out there. How are they different and how are they similar?
Space, industrial, governmental, cybersecurity companies often specialize in different sectors, such as space, industrial operations, or government services, tailoring their expertise to the unique challenges and requirements of these domains. For instance, space cybersecurity firms focus on protecting assets in orbit and related ground infrastructure, dealing with highly specialized threats like jamming and spoofing.
Industrial cybersecurity companies safeguard critical infrastructure and manufacturing processes, which require resilience against disruptions and espionage. Governmental cybersecurity firms are well-versed in nation-state threats and the protection of sensitive data.
Despite these specializations, all cybersecurity companies share a common goal: to protect their clients from cyber threats and ensure the confidentiality, integrity, and availability of data. They employ similar tools and techniques, such as threat detection, firewalls, and intrusion prevention systems, but adapt their implementation to the specific needs of the sector they serve.
12. How should we spread awareness about cyber security and data privacy issues to the general public?
To spread awareness about cybersecurity and data privacy, educational campaigns should be integrated into media, school curricula, and workplace training, emphasizing the importance of protecting personal information and the consequences of data breaches.
13. How can people learn how to protect themselves from data breaches?
People can protect themselves from data breaches by adopting strong, unique passwords, enabling two-factor authentication, staying informed about the latest security threats, and being cautious about sharing personal information online.
14. How have the focuses of cyber security changed in the past 20 years?
Over the past 20 years, the focus of cybersecurity has shifted from defending perimeters to securing networks and information wherever it resides, acknowledging that threats are both external and internal, sophisticated, and ever-changing.
15. How has your work impacted the way we live and think today?
My work has heightened awareness of cybersecurity’s importance, influencing countless individuals and organizations to prioritize data protection and adopt a more security-conscious mindset in their daily digital interactions. I conssider you young men as part of the impact I am making, and I hope that as you mature, you to will also reach out to our next generations, and leave gold nuggets of knowledge with them. Thank you for inviting me, fellas!
