How a university professor’s program trains defense sector employees in cybersecurity

Dr. S. K. Bhaskar, Vice Dean of Computer Information Systems and Technology of the Undergraduate School at UMGC

Dr. S. K. Bhaskar, Vice Dean of Computer Information Systems and Technology of the Undergraduate School at the University of Maryland Global Campus

As cybersecurity plays an increasingly large role in national defense, the need for trained, educated and certified professionals continues to grow. Dr. S. K. Bhaskar, Vice Dean of Computer Information Systems and Technology of the Undergraduate School at the University of Maryland Global Campus, discusses the cybersecurity program at UMGC and his thoughts on the future of cybersecurity certification and education.

What drew you to UMGC?

In 1998, the University of Maryland University Campus (now known as University of Maryland Global Campus, or UMGC) had a long-term vacancy for someone to direct a critical program who had workplace experience as well as an appreciation for the academic side of things. The administrator at what is now UMGC happened to know my dissertation advisor from the University of Maryland – College Park, and he referred them to me.

What prompted you to launch the cybersecurity program at UMGC?

We already had a precursor program to cybersecurity, called “information assurance.” Cybersecurity was a term that was being used everywhere, including the media and congress. We felt that there was a definite niche that we could occupy, so we decided to offer a program with the name “cybersecurity,” which we believed to be the first U.S. undergraduate degree offered in the discipline.

Many of the vendors still trust a neutral, industry-standard certification that verifies that somebody has knowledge and understanding of certain materials.

—Dr. S. K. Bhaskar

How has the program evolved or grown since its inception?

We had a program called “Computer Networks and Security” that emphasized many IT certifications, but the name of the program was not capturing people’s imagination. In 2010, we changed the name of the program to “Computer Networks and Cybersecurity,” and that really attracted the attention of a lot of the education offices on military bases, as well as defense sector contractors. The program allows students to receive academic credit while also preparing to take the certifications included in the DoD 8570 (now 8140) directive, making it very popular on military bases.

How do you see certifications supplementing U.S. commercial degree programs?

I think they work very well together, and the fact that we have a very successful program, which is one of the largest undergraduate programs, speaks to that. We emphasize general networking principles, but we can also tailor it specifically to a particular certification. What we are finding out is that the industry has an immediate need for people who have these certifications. The disadvantage with having only an IT certification is that sometimes you will hit a ceiling. With a complete B.S. degree, you round out all of your skills, including critical thinking and communication. Industry professionals consistently tell us that they want people to have this well-rounded profile.

How will industry demands in the coming decade affect the needs for cybersecurity training, certification, and education?

As long as there are computers and as long as there is code, then there will be a need for cybersecurity, but it is hard to say to at what level it will be needed. People are connecting more and more to the internet in ways that we would never have thought possible a generation ago. Computers are involved in everything in this age of the Internet of Things, and every device connected to the internet brings its own security risks. In the short term, there is a need for cybersecurity and it is still growing. Many of the vendors still trust a neutral, industry-standard certification that verifies that somebody has knowledge and understanding of certain materials. There will still be that sort of need based on certifications, but the nature of the certifications will change. What if tomorrow there is a situation and somebody has hacked into your network? Does the person know what to actually do, right then? This is more of a competency-based model in which one demonstrates understanding by doing. I think that will be a valuable next step to take.

Take advantage of the great financial benefits that the military offers, not only to get an IT certification, but also to complete an undergraduate or graduate education.

—Dr. S. K. Bhaskar

What can Service members working in cybersecurity do to best position themselves to land a civilian job upon separation?

Work with your supervisor to find out what training programs are available, then earn an industry-standard IT certification and keep it active. If you have had military trainings, there are probably IT certifications that are not exactly equal to your training, but very similar. Also, if you have a military background, you either already have a military clearance, or can be cleared very easily, so don’t do anything to jeopardize your clearance status. Finally, take advantage of the great financial benefits that the military offers, not only to get an IT certification, but also to complete an undergraduate or graduate education.

Are there any skill or knowledge gaps that you would like to see addressed through cybersecurity education and testing?

One of the areas where certifications have been less focused is code writing. One could have a very nice firewall that protects the perimeter well, but if you have a poorly created application with a huge cybersecurity vulnerability inside the firewall, then there is a big hole, and if it leads to a big incident, there is no end to the bad publicity that you are going to get. How does one write code that is secure? Or analyze legacy code for possible cybersecurity violations? It would be nice if there were some certifications that were developed to address this area and included on the DoD 8140 list to give them the same prominence.