Processing Your Payment

Please do not leave this page until complete. This can take a few moments.

October 30, 2023 Focus: Cybersecurity

Amid increasing demand, CT colleges in arms race to add cybersecurity programs, faculty

PHOTO | CONTRIBUTED Quinnipiac University runs a summer cybersecurity workshop as part of its offerings in the growing area of study.

With thousands of cybersecurity job openings around the state — and entry-level positions that can command a six-figure starting salary — training the next generation of security engineers is a key challenge for Connecticut.

Colleges around the state say the fast-changing curriculum, difficulty of retaining expert faculty, importance of linking closely to industry, and looming challenge of AI make cybersecurity one of the most dynamic fields in education right now.

Another challenge is the ever-widening circle of people who need to be trained in combating cyberattacks.

Benjamin Fuller

“It’s ​not ​going ​to ​be ​good ​enough ​for ​there ​to ​be 10% ​or ​15% ​of ​computer ​scientists ​who ​fix ​everybody ​else’s ​problems,” said Benjamin Fuller, an associate professor in the computer science department at the University of Connecticut.

“We’re ​trying ​to ​make ​a ​push ​to ​all ​of ​our ​majors, ​everybody ​who’s ​touching ​software, ​that ​this ​is ​something ​that ​you ​have ​to ​be ​aware ​of ​too,” Fuller said.

In 2019, UConn opened its Altschuler Cybersecurity Lab, funded by a major donation from the Altschuler family and designed by Fuller, dedicated to a hands-on approach to information-security issues.

Every computer science major is required to attend a foundational course at the lab.

“We ​do ​a ​whirlwind ​tour ​of ​the ​most ​important ​things ​that ​you ​are ​likely ​to ​run ​across ​as ​a ​professional ​where ​cybersecurity ​matters,” Fuller said.

Fuller says student enrollment increases 20% to 25% each year. Of 1,600 undergrads in the computer science department, around 300 are cybersecurity specialists.

“We’ve ​gone ​from ​having ​three ​or ​four ​dedicated ​courses ​in ​cybersecurity ​to ​around 10 ​or 11 ​right ​now,” he said. “Similarly, ​we’ve ​gone ​from ​having ​probably ​five ​faculty whose ​primary ​area ​is ​cybersecurity ​to 10 ​or 11.”

He says the growth has allowed UConn to diversify its offerings within the cybersecurity concentration.

“I ​just ​met ​with ​a ​student ​who ​wants ​to ​do ​AI ​data ​analytics ​and ​cybersecurity,” he said. “​I ​have ​another ​student ​who ​wants ​to ​do ​just ​the ​math ​behind ​cybersecurity, ​and ​that’s ​a ​totally ​viable ​career, ​too. ​We ​have ​enough ​offerings ​where ​we’re ​training ​different ​types ​of ​people ​now.”

That diversity extends beyond the computer science department.

Stephen ​Fitzgerald

“IT is the backbone of every business now. It’s a huge area of vulnerability,” said Stephen ​Fitzgerald, ​an ​instructor-in-residence ​at the ​UConn School of Business, and academic ​director ​for ​the ​analytics ​and ​information ​management major.

“We’ve ​all ​been ​trying ​to ​address ​​the ​interdisciplinary ​nature ​of ​cybersecurity,” he said. “Our ​(computer science) ​folks ​do ​a ​great ​job ​at ​focusing ​on ​the ​foundation ​of ​computers, ​how ​they ​talk ​to ​one ​another, ​how ​they ​work.”

But an estimated 88% of data breaches involve some level of human interaction.

“And so a ​lot ​of ​it ​is ​faulty ​process ​that ​people ​can ​take ​advantage ​of,” said Fitzgerald. “Like ​the ​password ​controls ​that ​you ​have ​to ​log ​into ​your ​website ​or ​to ​your ​email. ​These ​have ​to ​be ​done ​correctly, ​because ​if ​they’re ​not, ​that’s ​how ​people ​get ​in.”

That means business professionals from many different fields need to have a grounding in cybersecurity.

For instance, Fitzgerald points out that licensure for CPAs is about to evolve to include competence in information security.

“We’ve ​also ​opened ​a ​lot ​of ​these ​classes ​to ​other ​areas ​of ​the ​university, ​and ​we’re ​seeing ​growth ​in ​all ​of ​the ​minors,” he said. “People ​come ​at ​it ​from ​all ​different ​angles.”

Reaching industry

Karen Bellnier

Karen Bellnier at Mitchell College is widening the circle even further. She’s spent this year standing up a Digital Innovation Hub at the small New London school; the primary goal of the center is looking outward beyond the college walls to the needs of local companies.

“We’re ​really ​looking ​to ​establish ​relationships ​with ​area ​employers ​to ​support ​their ​recruitment ​and ​retention ​challenges,” she said.

Supported by a state grant from Connecticut’s Tech Talent Accelerator, and federal funding from the Department of Education, the hub offers primarily online classes, many of which are short and self-paced, allowing people who are working to earn professional certifications like those offered by CompTIA, the Computing Technology Industry Association.

She sees not only cybersecurity professionals coming in for training, but others arriving from paths like network management or compliance work — particularly in a region rich in government contractors.

Bellnier says the certifications she offers will also roll out to Mitchell’s undergrad students, so they can finish their degrees with industry-standard qualifications.

UConn’s Altschuler Cybersecurity Lab, which teaches students about internet threats, opened in 2019.

Fairfield University is another recipient of a Tech Talent grant, which will be used in a partnership with local companies, including Pitney Bowes, to develop a ​curriculum ​of hands-on cybersecurity activities.

Mirco Speretta

Mirco Speretta, Fairfield’s director of cybersecurity programs, says they’ll ​be ​delivered ​in ​a summer workshop format that will then be ​embedded ​into the ​curriculum.

“Cybersecurity ​is ​one ​of ​the ​most ​dynamic ​fields,” he said. “I ​think ​everyone ​feels ​like ​they ​are ​in ​catch-up ​mode.”

Fairfield first introduced cybersecurity courses in 2015, and launched its master’s degree in the field three years ago. Speretta says many graduate students are taking the course part-time alongside their careers.

The School of Engineering last year launched a Security Operations Center, which serves a dual purpose. It helps monitor the university’s own network against cyberattacks, and provides a real-time training environment for undergraduate students.

Offense and defense

Vahid Behzadan

“Our curriculum is highly dynamic,” says Vahid Behzadan at the University of New Haven. Active academic research, he says, “is one ​of ​the ​ways ​we ​keep ​our ​curriculum ​and ​our ​body ​of ​knowledge ​alive.”

​In addition to his teaching position, Behzadan is also ​the ​director ​of ​a ​research ​lab ​at UNH called ​Secure ​and ​Assured ​Intelligent ​Learning (SAIL).

“My ​research ​team, ​Ph.D. ​students ​and ​graduate ​students ​work ​on ​problems ​at the ​intersection ​of ​AI ​and ​cybersecurity,” he said.

He says while networks and operating systems tend to retain the same types of features over time, what is changing fastest about the field is the level of interconnectivity — including the Internet of Things and our reliance on cloud services — introducing many more vulnerability points.

He urges his students to think both offensively and defensively about cybersecurity.

“The ​defender ​needs ​to ​make ​sure ​that ​every ​possible ​entry ​point, ​every ​possible ​vulnerability ​is ​patched, ​and ​everything ​on ​the ​network ​is ​being ​monitored ​proactively,” he explained. “​On ​the ​offensive ​side, ​the ​adversary ​needs ​to ​find ​one ​open ​door, ​one ​vulnerability ​to ​compromise ​the ​system.”

His department offers a course in ethical hacking, and the university fields an active and successful hacking team that competes against other institutions.

Behzadan and others point to artificial intelligence as the next big frontier in cybersecurity.

Robin Chataut

“We ​must ​adapt ​our ​program ​to ​address ​all ​these ​evolving ​challenges ​every ​day,” says Robin Chataut, an assistant professor of cybersecurity and computer science at Quinnipiac University. “To ​stay ​current ​with ​the ​threat ​intelligence, ​we ​​meet ​every ​year ​to ​revise ​our ​course ​content.”

While AI-enabled ​threat ​detection ​presents ​a ​significant opportunity, artificial intelligence is also available to bad actors in ​the ​cyber ​world.

“It’s ​being ​used ​to ​develop ​smart ​malwares ​to ​launch ​the ​zero-day ​attacks ​to ​bypass ​the ​latest ​security ​protocols ​that ​we ​have,” he said. “To ​prepare ​our ​students ​for ​the ​future, ​every ​program ​must ​incorporate ​AI ​and ​automation.”

Chataut points to faculty expertise as another challenge in such a fast-changing field.

“Finding ​and ​retaining ​those ​qualified ​faculty ​members ​who ​can ​teach ​the most ​up-​to-date ​materials ​is ​kind ​of ​difficult ​for ​us, ​because ​there ​is ​high ​demand ​for ​these ​skilled ​professionals ​in ​the ​cyber ​industry,” he said.

It’s a challenge they solve through the use of adjunct faculty, blending their professional experience with teaching.

The arms-race nature of cybersecurity education might seem daunting, but Fitzgerald, the UConn School of Business professor, offers a hopeful note for students entering the field.

“The ​vulnerability ​you’re ​going ​to ​be ​worried ​about ​is ​not ​available ​yet. The ​problem ​you’re ​going ​to ​solve ​is ​going ​to ​take ​a ​different ​form,” he said. “​But ​if ​you ​know ​the ​basics, ​if ​you ​know ​the ​core ​tenets ​of ​security, ​then ​you’re ​going ​to ​be ​equipped ​to ​deal ​with ​whatever ​it ​happens ​to ​be.”

Sign up for Enews


Order a PDF