Kathleen Hyde is the director of Champlain College’s online cybersecurity programs. She also teaches Champlain’s War Games Capstone in the graduate program. Kathleen holds an MBA and a Master of Science in Computer Information Systems and is currently working on her doctoral dissertation.
A summary of the episode
In this episode of the Cybersecurity Guide podcast, host Steve Bowcut interviews Kathleen Hyde, the Director of Champlain College’s online cybersecurity programs. Hyde discusses her background in cybersecurity and how she got interested in the field.
She also provides an overview of the cybersecurity programs offered at Champlain College, including undergraduate and graduate programs, academic certificates, and specializations. Hyde emphasizes the importance of developing power skills, such as problem-solving and communication, in addition to technical knowledge and skills. She also mentions the opportunities for internships and research projects available to students.
Hyde recommends staying informed about industry news, regulations, and global perspectives on cybersecurity. Looking into the future, she predicts that artificial intelligence and quantum computing will play a significant role in shaping the cybersecurity landscape. Hyde advises students to adopt a mindset of lifelong learning and to avoid complacency in the ever-changing field of cybersecurity.
Listen to the episode
Here is a full transcript of the episode
Steve Bowcut:
Thank you for joining us today for the Cybersecurity Guide podcast. My name is Steve Bowcut. I am a writer and an editor for Cybersecurity Guide and the podcast’s host. We appreciate your listening.
Today, our guest is Kathleen Hyde. Kathleen is the Director of Champlain College’s online cybersecurity programs and a professor. She teaches Champlain’s War Games Capstone in the graduate program. Kathleen holds an MBA and a Master of Science and Computer Information Systems and is currently working on her doctoral dissertation. The topic for today is going to be cybersecurity opportunities at Champlain College. With that, welcome, Kathleen. Thank you for joining me today.
Kathleen Hyde:
Hi. Thank you for having me. Glad to be here.
Steve Bowcut:
Well, this is going to be fun. We appreciate your time to help students and mid-career professionals make those academic decisions that they have to make and teach us about what the opportunities are at Champlain College. Before we get into the meat of it and talk about Champlain specifically, I think our audience would probably like to hear more about you. So tell us some of your background and maybe specifically how you got interested in cybersecurity.
Kathleen Hyde:
So, I got interested in cybersecurity kind of by accident, and I should say that I love to say, “By accident,” and that is because like many people who come into cyber, I wasn’t always in cyber, of course, there wasn’t cyber when I was growing up, so to speak. I started out as a news reporter and then became an investigative journalist and then came into IT. So I worked as an IT consultant, information technology consultant, and I was responsible for assisting my clients with their networks, their servers, and their PCs. So then there came this thing called Y2K, and that’s when we really started talking about vulnerabilities and it kind of hit the news, people started talking about it. And then shortly thereafter there was the ILOVEYOU email. And that really kicked things off because there was this acknowledgement that everything that we were doing in information technology was vulnerable and that people were going to exploit those vulnerabilities and use them for their own means, whatever those ends were.
And that really kicked things off because I had to respond very rapidly to the needs of my clients and protecting their networks and their servers and their workstations. So that kicked things off. And then I kind of developed this love for malware, which sounds really crazy, but I absolutely love taking an infected system and hunting down the malware and where it came in and the files that it created and then eradicating it from the system. So that kicked things off. But then as time went on, of course, I started doing some trainings for my clients and talked about the two different kinds of people in the world, the ones who have lost data, the ones who are going to, if you remember that phrase. Things have gotten better with respect to endpoint protection, network protection, better security training. So it’s different now, but we still have that need for cybersecurity. And the thing that really appeals to me about it is that every day is different, and I absolutely love that challenge.
Steve Bowcut:
Interesting. I find that very insightful. But those two early incidents that you mentioned, I too remember both of those and had a very similar reaction, I think, at Y2K. I remember thinking, “Really? It’s that easy to break and the thing is going to break because we didn’t anticipate that the year 2000 was going to come?” So you felt very vulnerable. Things didn’t happen as some people had predicted. And then the ILOVEYOU email was probably the first one that got a lot of traction with people. So I also remember that one as like, “Oh yeah, I’m probably going to open that if that comes to my email and that’s going to make me vulnerable.”
So we all started to realize that there are threat actors out there who will not play by any rules. They’ll do whatever they can to steal your data and that our data is valuable. I think there was a long period of time when many of us didn’t give enough thought to the idea that our data was worth stealing. And sometimes maybe for any individual it’s not, but if you get enough data that you’ve accumulated, then it becomes very valuable. So thank you for that. I appreciate that. So let’s focus a little bit on Champlain College. So tell us what are the different cybersecurity programs, undergraduate, postgraduate, how does it all work?
Kathleen Hyde:
Oh, boy, that could take a long time.
Steve Bowcut:
Okay. That means there must be a lot to it, good.
Kathleen Hyde:
There is because we’ve been in the online space for a long time. I think it’s our 30th anniversary. And cybersecurity, of course, is something that we have been doing for a long time as well. So we actually have undergraduate and graduate programs. We have academic certificates, both at the undergraduate level and the graduate level. So I’ll start off with the undergraduate. We have several undergraduate certificates. Those are kind of our entry level for people who aren’t quite sure that they want to get a full degree in cybersecurity or maybe they have a degree already in information technology or information systems and they want to add some cyber to that and they want to have some knowledge and skills related to cyber. So we have those certificates. And then we have our bachelor’s in cybersecurity. And that really is the, I would say, program that we’re most recognized for because it is CAE. And that’s also the one that we also have our high ratings for. We just recently got a number one rating in the country for our online cybersecurity degree. So-
Steve Bowcut:
Excellent.
Kathleen Hyde:
… exciting things. So we have our cyber degree in the undergrad space, and we also have a degree program called computer forensics and digital investigations. And a lot of times people think, “Well, that’s just only digital forensics.” And what I like to say is that our cyber students take some of those digital forensics courses and our digital forensic students take some of our cyber courses because they really are interrelated, especially when you start talking about incident response.
Steve Bowcut:
Yeah, I would certainly think so, yeah, that they’re interrelated, yes.
Kathleen Hyde:
Absolutely. And then at the graduate level, we have a master’s in information security and we have actually two different kind of specializations or focus areas that students can go into. One of those is operations, so that’s the doing. The other side is the management. So we have information security operations, information security management. And then we have a master’s in information technology that has a bunch of different certificates. And one of those certificates is a digital forensics incident response certificate. So that’s the specialization. We also have a cybersecurity certificate at the graduate level, and that’s a three-core series, so nine credits. That’s part of our NBA. So it’s got a very different audience than our information security master’s program. Of course, we have our master’s in digital forensics. I’m going to keep going because we have one more, and that’s a new one-
Steve Bowcut:
Please.
Kathleen Hyde:
… that is our master’s in cybersecurity analytics. And we just started that this fall. And that is just absolutely exciting to me that we were able to bring that to market, so to speak, so quickly because it was less than a year that we went from concept to actually offering the program.
Steve Bowcut:
Excellent. Thank you so much. Now, obviously, our audience is not going to remember all of that, so I guess we would recommend that they go to, and is it online.champlain.edu? Is that-
Kathleen Hyde:
That is correct.
Steve Bowcut:
… how we’re going to get to the landing page and from there you can just look at all the different programs and explore from there. And I love that you pointed out that you’ve been doing online. So you’ve been doing online before online was cool, which is-
Kathleen Hyde:
Absolutely.
Steve Bowcut:
… kind of a benefit. So-
Kathleen Hyde:
We’re not a new kid.
Steve Bowcut:
… Champlain is veteran of this. Exactly. You didn’t get forced into this because of COVID, you were doing this long before COVID.
Kathleen Hyde:
Correct.
Steve Bowcut:
Very good.
Kathleen Hyde:
Experience, that’s what we’re all about.
Steve Bowcut:
All right. Well, thank you for that. Is there anything other than what you’ve talked about so far that you feel makes your cybersecurity programs unique?
Kathleen Hyde:
That’s actually a great question and I almost feel like I have to answer that with a question, which is do I have to just pick one thing?
Steve Bowcut:
How about the most important thing, the most unique thing, the most attractive thing?
Kathleen Hyde:
These are not in any priority, but I’m just going to bring them up. So first of all, I just mentioned that about the cybersecurity analytics program, and I think it’s important for me to highlight the fact that we are incredibly agile. And that, to me, is something that is incredibly important in cybersecurity. So we can respond to industry needs by creating new programs very quickly.
And we can do that because we have streamlined our curriculum approval and development processes. Now, that’s probably not exciting for anybody who is outside higher ed, but if you are in higher ed and you have ever brought a brand new program from start to finish, you know that sometimes that takes years, right? That’s not something that we have in our vocabulary Champlain College Online.
Steve Bowcut:
It’s not going to work for cybersecurity.
Kathleen Hyde:
Absolutely not.
Steve Bowcut:
It’s two years to get the curriculum developed. That problem has come and gone.
Kathleen Hyde:
So that I think is one of our unique factors is that we can look at the industry, look at what the needs are, work with our industry partners because we’re constantly listening to our partners. We have organizations called truED partners, and we’re constantly getting feedback from them on what are their needs, what are they looking for to hire those skills, those qualifications of their new hires when they’re putting out those job postings. And all of that funnels back through to me and to our team. And that allows us to constantly look at our programs and assess, “Are we in the right place? Are we teaching the right things? What is that next thing that we are going to need to bring in and teach? For example, having a course on quantum computing.” That is something that we’ve had now for several years in our curriculum.
And our cyber students can take that course so that they can understand what’s going to be happening with quantum, how that’s going to impact the industry. So that’s unique. I also think that what’s unique is the fact that our instructors are professionals who are working in the industry. That’s a requirement for our instructors. So they are knowing what’s happening because they’re working a day job, so to speak, sometimes that’s 24 by seven in cyber, but they’re working a job where they’re doing incident response, they’re doing compliance, they’re looking at risk management, and then they’re able to bring those examples into the classroom and speak from experience. So it’s not just, “Oh, this happened 30 years ago.” This is, “Yesterday, I had this problem and I encountered it. This is how I had to solve it, or this is what the risk was with it and how we prioritized it.” So I think that brings a different look and feel to our classroom and also to what we ask our students to do for their assignments because we’re asking them to do things that they’re going to do in the field.
Steve Bowcut:
I love that. I love that you’re teaching real world. It’s not just theory. So it’s practical application of what’s actually happening in the world of cybersecurity as the students are learning it. That’s fantastic. And this is a bit of a pivot, this question here, and for an online college or university, the answer to this may be different than if you were going to a campus for your education, but I’d like to probe a little bit about cybersecurity, extracurricular things that your students might get involved with. So some universities, they have teams and clubs and organizations, and they do these camps that they attend and that kind of thing. So if I was a student at Champlain Online, to what degree can I be involved in those kinds of things?
Kathleen Hyde:
I think it’s important to point out that a lot of our students are working adults or they’re students who have other commitments in their lives. So that’s really important to know and that impacts what they’re able to do, quote-unquote, after hours to be involved in additional organizations, clubs, things like that because some of them are taking care of children, some of them are taking care of parents. That really impacts it. But we do have a lot of things that they can take part in. Specifically, we offer a lot of cybersecurity-related events. We do a symposium in the fall, the Leahy Symposium that takes place on campus.
And I’ve been involved in that several different times where we’re talking about cybersecurity, we’re looking at what that looks like, what’s happening in the industry, what’s coming along. We also hold webinars for our students and also for the public at large where we bring in our subject matter experts and we’re talking about cybersecurity, things that are happening in cybersecurity, ways to protect yourself. We have a student chapter of WiCyS, and of course, I’m a member of Women in Cybersecurity as well. So students can be involved in that. And we also have a cybersecurity club on campus and they have a Discord. So that’s another opportunity for our students to be able to join in the fun and the activities in cyber.
Steve Bowcut:
Okay, excellent. So probably to whatever degree I wanted to be involved, I could, but oftentimes, I may want to come home and spend time with my children as opposed to doing some extracurricular things.
Kathleen Hyde:
Or you’re going to be working on homework.
Steve Bowcut:
Yeah, well, that’s true, getting the homework done. Hopefully, finding some time for the kids in there. So that’s important. And you didn’t mention research programs or internships, which kind of builds off of that. Are there those kinds of opportunities available?
Kathleen Hyde:
There are. A lot of people are surprised in the online space. They think, “Oh my goodness, how am I going to do an internship?” And I actually strongly encourage students in the cybersecurity program and CFDI program to do internships, actually, any tech program. If you can do an internship, that is going to be a great benefit to you, especially as a student. If you have no experience, if you are a career changer, that’s going to give you experience. And in my experience of working with those students who are doing the internships with us, a good number of them are actually offered full-time positions during the internship. So, that’s also a way to get your foot in the door and build out your resume, but it may also lead to a job offer. So we have several different internships. We have one that’s solely focused on digital forensics because those are a little bit different with respect to what you can discuss in the online classroom and what they’re working on.
And then we have a general tech internship, and that is where our software development as well as our cyber students can take an internship and they can receive credit for doing that as well. So that’s the internship component. With respect to research, our students do their research primarily in their senior seminar projects. The project is basically a project that you pitch to your senior seminar instructor, it’s then improved, and then you work on that project for 15 weeks and then you’re developing that project, you’re presenting it to your peers. So that’s an opportunity for research. And then I’ve got to say this is going to tease this out here right now, but I am expecting in the next year that we are going to have additional research opportunities for our students. I can’t say much more than that, but I’m going to say watch our website because I am expecting another new degree program coming soon.
Steve Bowcut:
Excellent. Well, that’s exciting. All right. Well, thank you for that little preview. We appreciate that. Earlier you had mentioned input that you get from industry partners to help build your curriculum and make sure your curriculum is current, which I think is just super important. Is there anything else that you can think of that you do to help make sure that your students receive real-world cybersecurity, that they’re prepared for the real-world cybersecurity challenges that they’ll face when they go to work?
Kathleen Hyde:
One of the things that I think is so absolutely critical for students to understand now is that it’s important to have knowledge, it’s important to have skills. But when we really start dialing in on what those skills are, it’s not necessarily what you would think that they would be. So do you need deep knowledge of, say, Wireshark, or do you need deep knowledge of a particular tool that is used for monitoring events, let’s say? You can have that, but a lot of employers are looking for what I heard earlier this year referred to as power skills. We used to call them soft skills, but those are the skills that you really want to develop because they’re the ones that are going to help you in your career, not just today, not as you’re building out that career and figuring out what it’s going to be shaped like and what you want for yourself in the career, but three years, five years down the road. Those power skills are incredibly important because the industry changes all the time.
What its needs are today are going to be different tomorrow if we have a new zero-day. So, if you can learn to problem solve, that is going to be an incredible skill for you to have. That’s one of the things that we teach you in our courses at Champlain College Online. So we combine that foundational knowledge of, “How does something work? Why does it work this way?” And then we layer on top of that, “Here’s how to use a tool.” And we’re using industry tools, “Here’s how to use a tool, here’s how to select a tool.” And then we’re saying, “Okay, but we’re going to throw you a curveball.” And we’re going to say, “How do you have to solve this real-world situation or problem and what are you going to do about it?” And that may be something that you weren’t expecting.
So you have to take that knowledge, you have to take those skills, and then you have to apply them. And that, I think, is invaluable because if you’re only gaining the knowledge, that’s one component. If you’re only gaining the skills, a lot of people will say, “Well, how are you going to prepare me to pass a certification exam?” Well, academic programs are not training programs. There’s a distinction. And we take the best of both worlds, put it into our courses. So you could take our courses and then be preparing yourself to go sit for an industry certification exam, wonderful thing, but you’re going to understand how things work and then you’re going to be able to problem solve and then communicate that to everybody in an organization because that, again, is another one of those power skills that it’s one thing to know how to use something and to know what’s happening.
But if you have an incident in your organization, you’re going to have to talk to the employees about it. You’re going to have to talk to, potentially, the customers about it, and you’re certainly going to have to talk to the C-suite about it. Those are all different conversations that you have to have.
Steve Bowcut:
Including regulators in today’s environment.
Kathleen Hyde:
Absolutely.
Steve Bowcut:
You also need to talk to the regulators about it in many industries. I love that. Being more versatile, adaptable, that’s really going to build your career. It doesn’t happen a lot, but once in a while, I’ll run across someone who’s very expert in a particular tool in a particular environment. And that’s a wonderful thing as long as you always want to work for that employer doing that thing. But if the threats change, now that tool is no longer as effective as it needs to be, so you need a broader knowledge than just how to use that particular tool very well. So excellent.
Thank you for pointing that out. I appreciate it. All right, so we’re about out of time. There’s a couple of questions left, they’re kind of fun, but they’re important questions. If you were to put together your top picks for what we might call the cybersecurity reading list, for lack of a better term, but it could be books, papers, websites, videos, lectures, any resources that you can provide to our audience. And we will put links to whatever’s applicable. We’ll put links in our show notes that they can follow. So is there anything that you could think of along those lines?
Kathleen Hyde:
Well, having been a news reporter, I would be remiss if I did not say Krebs on Security.
Steve Bowcut:
Absolutely. Yeah.
Kathleen Hyde:
That would be a huge gaping hole in my list. So definitely that. And then my other recommendations, particularly for students, are a little bit more broad. And I would say that I select those because I don’t subscribe to any one single point of truth when it comes to cybersecurity because you have to look at something very broad and then formulate your own opinions on it. So I do subscribe to some industry mailing list, SC Media, things like that, WIRED, they come into my inbox every day. I give them a quick perusal. Obviously, I subscribe to SANS Institute, give that a quick perusal as well. And then I generally try to stay on top of what is happening at NIST, what are the working groups, what are the special publications that are being launched, and those update dates that are happening? Because so much of what happens in industry relies on those as the frameworks for what is going to be to be that next thing. We’re building things out.
The other thing that I try to do is stay on top of the standards, ISO, when they change. You need to stay on top of that because, again, everything falls in place, at least on the compliance side and what risk assessment and risk management is going to be taking place because of those standards and frameworks. And then the last thing I would say is that if a student were to say, “What is your recommendation?” I’d say, “Don’t only read US news.” And that’s because you have to know what’s happening in Europe with GDPR. You have to know how they are perceiving it because some of that is driving what is happening in the US and it most certainly is driving what is happening in cybersecurity at the large corporations that are global. And that impacts [inaudible 00:24:39].
Steve Bowcut:
A lot of decisions are made that don’t really necessarily pertain to US regulations, but global companies have to worry about more than US regulations. So I’m glad you pointed that out. Excellent. All right, our last question, and this can be a very fun question, but it does have a purpose as well. So we’ll ask you to dust off your crystal ball, look into the future, and give our audience your perspective or your perception of what the cybersecurity landscape might look like, and really, through the lens of if I’m a student or beginning my academic career, what do I need to worry about or what should I know about or have my eye on that’s happening in the future?
Kathleen Hyde:
That is a great question, and I think probably a year ago, I would’ve answered it differently than I’m going to answer it today. A year ago, I probably would’ve said, “It’s going to be a little bit more of the same with this cat and mouse game that we’re playing with our adversaries.” I think that with artificial intelligence that blossomed in the last year, I think that is going to play a larger role in cybersecurity, certainly with respect to automating cybersecurity even more than we have automation today. But I think that AI quantum, those are going to be the next technologies that really shape what cyber is going to look like in the next three to five years. I don’t even want to look at 10 years because so much can change. And certainly, we’ve seen so much change in this last year.
I’m going to say that with respect to students, what can they do to prepare now for the future? It’s going to be those power skills, but it’s a bit of a mindset really. It’s adopting the mindset of a lifelong learner and realizing that you are going to have to change. So, as much as the industry changes, you are going to have to change to adapt to whatever happens in industry. And that means you have to stay abreast of the news. You have to stay abreast of the regulations and the technology to do that. Go to conferences, read. But my biggest suggestion is to not become complacent. And that’s the thing that we would recommend to anybody, if you’re in IT and you’re managing a network, don’t become complacent. You don’t want to have the notifications fall on deaf ears.
But the other thing that I would say, and we’re really good about this in tech, and I think it’s to our detriment, is that whenever some new technology comes along, everybody jumps on it and goes, “It’s going to save us. It’s going to be the thing that makes everything okay, and we won’t need cyber anymore, and there will be no risk.” Don’t fall into that trap. There is no single technology invention that is going to make cybersecurity a thing of the past because software’s still going to have vulnerabilities, networks are still going to have vulnerabilities. So know that if you’re going into cybersecurity, there’s a place for you because we’re still going to have vulnerabilities and we’re still going to need qualified professionals.
Steve Bowcut:
Yeah. Absolutely. I couldn’t agree more. Thank you so much. And, Kathleen, thank you for spending your time with us today. Not only are you a delightful guest, but you brought a lot of knowledge and insight that I’m sure that our audience is going to appreciate and can use. So thank you. I appreciate it.
Kathleen Hyde:
Thank you so much for having me. It was wonderful.
Steve Bowcut:
All right. And a big thanks to our listeners for being with us as well. And please remember to subscribe and review if you find this podcast interesting. And join us next time for another episode of the Cybersecurity Guide podcast.