by Kevin Dicciani
Imagine you’re driving home from work. You approach the highway, turn onto the on-ramp, and merge into traffic. A current of brisk air funnels through your open windows. Sunlight glints off your windshield. A song you enjoy plays on the radio. All is well, though not for long. You see, someone has implanted malware in your vehicle via its Bluetooth connection, and it’s going to lock down the accelerator and disable the braking system once your car reaches the speed of 65 mph. But you have no idea you’ve been hacked. So, oblivious, you turn up the volume and focus on the road ahead. You hit the gas. The speedometer climbs. And fate decides what happens next.
This nightmare scenario isn’t the result of an overactive imagination, nor is it the plot of a dystopian novel: It’s a reality, a terrifying one at that, and one the men and women who work in cybersecurity are tasked with combating every single day. Yet given that nowadays someone can hack practically everything you own, these types of scenarios outweigh the number of professionals who can stop them from coming to life with increasing and dreadful regularity.
To balance the scales, beginning in fall 2019, Chestnut Hill College will offer a Master of Science in cybersecurity. The 20-monthlong program affords students the opportunity to study under leading cybersecurity experts and acquire the skills needed to embark on a successful career in one of the country’s most critical and fastest-growing job sectors. Students who complete the master’s program, the College’s first fully online academic offering, will gain the ability to protect citizens, businesses, and national infrastructure from the escalating threat of cybercrime.
William “B.J.” Cunningham, Ph.D., the dean of the College’s School of Graduate Studies and an expert on terrorism and political violence, said that students enrolled in the program will work and learn in a dynamic learning environment. They’ll take classes online and study under subject matter experts who have extensive working experience in the field of cybersecurity. Following graduation, graduates will be market ready and prepared to defend a multitude of enterprises against cyberattacks.
“Really, if you’re coming up nowadays, whether you’re an undergraduate or a grad student, it seems like it’s the field to enter,” he said. “There are massive amounts of unsecured data out there in everything you can imagine and in every industry: government, education, health care, banking, credit cards — anything related to personal data or intellectual property.
“That’s what creates vulnerabilities. Cybersecurity is all about the movement of information, and that movement of information across boundaries, across networks, and across the internet creates opportunities for cybercrime, like espionage, data theft, ransomware, malware, and so on.”
The master’s program was designed and developed with the assistance of cybersecurity experts from both industry and government. Its curriculum follows the academic guidelines established by the United States Department of Homeland Security and the National Security Agency in partnership with both the National Initiative for Cybersecurity Education and the National Institute of Standards and Technology. The 10 courses in the program cover topics ranging from cybersecurity laws and regulations to cyber espionage, terrorism, and war. Students are required to take two classes a semester, for a total of five semesters, and therefore can earn a master’s degree in 20 months.
Government agencies created the academic standards for cybersecurity so that colleges and universities could prepare students to begin working in the field immediately after graduation. The concerted effort to promote cybersecurity across higher education is due to two important reasons: an overabundance of jobs and a lack of capable workers to fill the openings. In 2016, Cisco released a report that found there were more than one million jobs available in cybersecurity, an industry that is expected to be worth $170 billion by 2020. And, according to the U.S. Bureau of Labor Statistics, the projected rate of growth in the field through 2026 is roughly 28 percent.
“It’s the perfect convergence of lack of supply of eligible workers and a high demand for them,” Cunningham said.
This is a sentiment echoed by Pamela King, M.A., instructor of digital forensics at the College. King was instrumental in developing the master’s program and the undergraduate cybersecurity major, the latter the College added to the curriculum in fall 2018. She was formerly employed by the FBI’s Computer Analysis Response Team, a unit that provides digital forensic services to local, state, and federal agencies to assist in investigations.
“Students are going to have the ability to find jobs and lucrative careers — they’re not going to get a degree and never be able to use it,” King said. “They’re immediately going to be able to go into the field and start working and using their skills.”
A small sampling of the careers available in cybersecurity includes security analyst, software developer, incident responder, cryptographer, and forensic expert. According to ZipRecruiter, the average annual salary of a cybersecurity professional is $96,185 a year. That’s $50,000 more than the national average of $44,564, as per the Bureau of Labor Statistics.
The need for cybersecurity professionals will only continue to grow, too. As modern life increasingly moves online, the technological leaps taken rise in proportion to the number of potential cyberattacks they incur. This equation doesn’t account for the advancements continually being made in artificial intelligence, either. AI will soon achieve goals once thought impossible for humans, but it can also be weaponized by individuals, terrorists, and governments. As you can see, this is an awfully sharp double-edged sword. On one hand, these innovations allow industries to make revolutionary strides for the benefit of human beings and our planet, and they also guarantee that cybersecurity will always need highly skilled workers. On the other hand, mankind is wading into murky waters, and nobody knows how deep these waters run or what exactly lives down at the bottom, hidden from both our foresight and our imagination.
Healthcare is one such industry that runs the risk of falling victim to cyberattacks. When a patient receives a pacemaker today, for example, data on the device can be accessed through a wireless connection. This enables doctors to monitor the condition of the patient’s heart, collect data, and intervene should they detect an issue with his or her pacemaker. This will reduce treatment time and ultimately save lives. But this “smart” pacemaker is also an open door for hackers, who can steal the data it’s transmitting or seize control of the pacemaker and, by extension, the patient’s heart.
“When the hospitals and the doctors created these systems to have online access to the patient, it was all done with the best of intentions, right?” Cunningham said. “We want to monitor a person’s heart to make sure he or she is doing okay, and, hey, we can do it remotely. Fantastic, you know? But the downside is, and this is what I learned studying terrorism for the last 20 years, any system you build, people can find a way around it.”
Having worked in cybersecurity, King knows the types of risks that lie in wait as the world rushes headlong into the future. As such, when she assisted in creating the program, she incorporated into its curriculum her knowledge of the present and imminent technological threats that society faces.
King said the graduate program’s curriculum takes a well-balanced approach to cybersecurity, adding that it presents a “more holistic view” of the field. Rather than being as technical as an engineering major, it occupies a middle ground that is at once broad and general, yet sweeping in its overview. But there is a certain degree of technical savvy required in the program, as cybersecurity is a computer science discipline. Classes and coursework never give total preference to one concentration over another, King said. By striking this equilibrium, students have the chance to learn a variety of topics in cybersecurity while still having the freedom to focus on one particular area in which they’re interested.
“For example, maybe I do management and administration risk assessment, or maybe I write policy and user guidelines and end-user agreements, all so I can pursue more of a management or a social role in the field and something less hard science,” King said.
Presenting the master’s program in an online format came with a range of benefits, most notably whom the College could attract to teach its classes. As most of the subject matter experts have full-time jobs, and they sometimes work upwards of 80 hours a week and travel often, a standard or a hybrid program would’ve dramatically shrunk the pool of available faculty. But when the College decided to base the program entirely online, King said that it was able to lure some of the industry’s most experienced professionals to come and join the program to teach.
“So the idea was like, ‘Wow, if we open this up online, we take away geographic boundaries,’ and that’s what technology is all about,” King said. “And that’s what cybersecurity is facing — the lack of geographical boundaries — because hacking is all over the world. Shouldn’t learning not have geographic boundaries, too?”
King said the subject matter experts have worked in the field of cybersecurity, either in government, military, or infrastructure protection. Many of those working in the commercial industry have a government or a military background as well.
“These people have been around the block — they’re the real deal,” King said. “And we want our students to get the best education possible, and they’ll get it from these experts because their knowledge is high-level, it’s current. So it’s such a benefit to the students to have that type of access to these types of experts, who all share one thing in common, which is they want to take what they know and pass it on to the next generation.”
Instituting the master’s program was a logical move for the College. For one, Cunningham said, students have continued to show a great deal of interest in the field ever since the College added cybersecurity to its undergraduate curriculum. A majority of them already possess a strong computer acumen, and most are familiar with the question of how to protect oneself from personal data theft and other nefarious online behavior. Their knowledge of this newfangled criminality, and their propensity to safeguard themselves against it, makes them prime candidates for a career in cybersecurity. Cunningham said the program targets three types of prospective students: information technology and computer science students, individuals with law enforcement or military backgrounds, and those who are simply looking to change careers.
Speaking of the IT students, Cunningham said that if they had obtained an undergraduate degree in computer science or information systems management, they would be “really well suited” for the program. For those with police or military backgrounds, Cunningham said that earning a master’s degree in cybersecurity can be an alluring and profitable career opportunity. They might want to upgrade their skills, earn a promotion within their existing company, or begin their careers anew. Finally, the individuals looking to switch careers may have always wanted to work in cybersecurity, but never had a realistic point of entry to the industry.
“We wanted the program to be accessible for people who weren’t computer science majors, but at the same time, we also wanted it to be a good program for people who already have the expertise and now just want to focus on cybersecurity,” King said.
Cunningham and King are optimistic about the online cybersecurity master’s program. They believe it will provide students with a unique education and experience and, in usual Chestnut Hill College fashion, make them “ready for any good work.” The two are also certain that a spectrum of career possibilities will unfold before graduates the second they receive their diplomas. By then, they’ll be ready to enter the virtual fog of the cyberwar and advance toward its digital frontlines, on which they’ll serve with honor and spirit, protecting the world from those who wish to bring it harm.