Cyber security expert Dr. Dale Meyerrose delivers the opening keynote address at the Northeast Collegiate Cyber Defense Competition on Friday, March 20.
By: Diane Stirling
Syracuse University and the School of Information Studies (iSchool) welcomed about 150 students from 10 Northeastern colleges this weekend for a cyber-sleuthing activity – the 2015 Northeast Collegiate Cyber Defense competition.
Teams are participating from the University of Maine, University of New Hampshire, Northeastern University, the University of Massachusetts at Amherst, SUNY Polytechnic, Alfred State University, the University at Buffalo, Champlain College, and the Rochester Institute of Technology, along with the iSchool’s own team.
iSchool Assistant Professor of Practice Bahram Attaie, who led the initiative to host this year’s competition and who took a team of iSchoolers to last year’s contest in New Hampshire, said the competition reflects the family-like attributes of the cybersecurity profession. It’s also a characteristic reflected in the NECCDC organization, he added. “I feel this NECCDC is a great supportive family,” he said in his welcome address. “I really love being involved, and my students love being involved because while we compete with each other, we’re very supportive of each other.”
That sense of camaraderie was echoed by Syracuse University’s Sam Scozzafava, Interim Chief Information Officer and Vice President for Information Technology and Services, as well as the keynote speaker, Dr. Dale Meyerrose.
Scozzafava, offering a welcome to Syracuse, noted the importance of the field to today’s world. He also said that while all the schools in the competition sent their best and brightest students to compete, “It’s also great to know that we’re all in this for a common cause; bettering our position to protect critical networks in our organizations and businesses.”
A People Business
The theme of cybersecurity as a people industry, as much as a technical-skills one, was the central point made by cybersecurity expert Meyerrose, as well. He noted that while students who are studying cybersecurity may be focused mainly on developing the technical skill set needed to work in the industry, they are also likely to find that their success in the field eventually also will rest on their people skills.
Meyerrose told them, “Most folks at this conference are probably very technically oriented and technically focused, but the work of cybersecurity is about people. In all likelihood, whoever succeeds here may not be the most brilliant, and may not be most perceptive team, but it will be the team that works best together, and that’s the way it is in the real cybersecurity world.”
Four Kinds of People
The iSchool doctoral graduate and adjunct faculty member then spoke about the four kinds of people that comprise the elements of the cybersecurity industry. There are the “evil-doers,” who will launch attacks and try to thwart your systems and networks; there are the people who employ you; and those you work with, which he labeled as the “insiders.”
Also a big part of the equation includes the other people with different types of talents in an organization who will end up being part of its cybersecurity team, such as data scientists, engineers, and attorneys. Contrary to what many believe, others with these diverse skills will bring their capacities to a cyber-risk situation, he said. Ultimately, it is the team, and the team atmosphere that prevails within an organization, that will determine the success of efforts against cyberattacks, he added.
Cybersecurity teams today put a focus on “continuous monitoring” within organizations, he said, and that also extends to the involvement of people. “You need continuous monitoring of the network and of all the people involved, with regard to your partners, with regard to your organization, and your processes. Do you watch the network for changes? No, you watch for changes in anything that might affect the network,” he advised.
He also suggested that young folks considering a cybersecurity career should orient their thinking to an understanding of how their futures are “all about choices,” Meyerrose said. “Not only do choices have consequences, but choices are an important part of how you build teams, and how you figure out what needs to be done. The most effective leaders among people in business are those that don’t believe that things happen to them, but that they make things happen in their environment. I hope our young folks coming out of the education system have that orientation in mind–not that you’re coming out here [into the industry] to sense and react, but that you’re coming out here to form and shape. Those will be the ones to decide what the new handheld is, what new device gets connected, or how monitoring of health will be done through cyber, and all those kinds of things in the future.”
As for what’s ahead in the cybersecurity profession, Dr. Meyerrose noted, “We have to continually attract the right kind of people into this business, because it’s critical not only for our universities but it’s critical for our businesses and our country. We need the best and brightest, and I’m committed to doing that for a long time,” the adjunct professor concluded.