Dr. Lance Fiondella is a professor of Electrical and Computer Engineering at the University of Massachusetts Dartmouth and the director of the UMass Dartmouth Cybersecurity Center.
Summary of the episode
Dr. Fiondella says cybersecurity is about being reliable and tough: plan, handle problems, bounce back, and adjust. It needs strong tech skills, teamwork across subjects like engineering and policy, and good talking skills. He says to do this work to help make the world safer, steadier, and more peaceful.
Listen to the episode
Read a full transcript of the episode
Steve Bowcut:
Welcome to the Cybersecurity Guide Podcast, where we explore the program’s people and pathways shaping the future of the cybersecurity workforce. I’m your host, Steven Bowcut, and we appreciate your listening.
Today, we are joined by Dr. Lance Fiondella. Dr. Fiondella is a professor of electrical and computer engineering at the University of Massachusetts Dartmouth and the director of the UMass Dartmouth Cybersecurity Center, which is an NSA-DHS National Center of Academic Excellence in Cyber Research. And we’ll talk about that a little bit when we get going.
Dr. Fiondella joined UMass at Artmouth in 2013 and has built an impressive career focused on systems and software reliability, security, and resilience. He has published more than 190 peer-reviewed journal articles and conference papers, and he has received over $7.5 million in external research funding as a principal investigator, including a prestigious NSF Career Award.
On today’s episode, we will talk about his career journey, the research culture at UMass at Dartmouth, what it means to lead a Center of Academic Excellence in cybersecurity, and the educational opportunities available for students who want to pursue cybersecurity, secure software engineering, and reliability engineering. And with that, Dr. Fiandela, welcome to the show.
Lance Fiondella:
Thanks for having me. It’s great to be here.
Steve Bowcut:
All right, we appreciate it. I know the audience is going to enjoy this and I’m looking forward to it. So as we like to do on the show, let’s start with one kind of background and career path.
I think it helps our audience understand what’s available when they hear from our various guests how they got to where they are today. So tell us a little bit about your professional and academic journey.
Lance Fiondella:
Yeah, well, there’s always a story behind every academic path, and usually it’s not what you expect. There’s always failures and detours along the way. And I think that’s very important for the listeners to understand the pathway to especially advanced degrees going from a bachelor’s degree to master’s and PhD studies, you don’t have to do it all at once.
Many people will return to study after some other experiences, typically work experience. And that was my case. I completed my undergraduate degree at a state university in Connecticut, Eastern Connecticut State University, and I worked with my bachelor’s degree briefly.
I was working for the name of the institution. It was a state government institution. It was the Connecticut State Department Labor Office of Research. Now that’s a mouthful.
Steve Bowcut:
Yes, it is.
Lance Fiondella:
And I can say that I was enjoying myself learning in computing, teaching myself different tools and technologies of the day, but I also saw I missed my teachers. It’s strange to say, and I know some would laugh at such a comment, but I missed learning from those with knowledge.
And so I made the choice to let go of that job. I was fortunate I was young enough. I didn’t have as many commitments as working folks with families, mortgages and car loans and all that had, although it’s feasible. And I decided to go back to school.
And so after a very brief less than one year of employment, I returned to pursue my master’s. And after completing my master’s, I thought about my options. My options were stay and do a PhD or go back to that particular workplace. And the only workplace I could envision was the one I had been.
And there were certain aspects of that employment environment that I thought, I don’t want that. Let me continue. And it was really an aspect of it was exploring, just broadening my horizons. A bachelor’s degree teaches you a set of skills that will make you employable. Typically, in engineering, you’re learning design skills that help you build something that your employer can then sell for a profit, but it isn’t necessarily a complete set of knowledge.
So the master’s degree was really broadening my horizons. And then beyond that, it was thinking about the options. And really, I tell many of my own students who are considering whether to pursue a PhD, some PhDs get rich, but not everybody. And so really it’s the intellectual freedom that the PhD grants, especially as a professor, that’s the beauty of the job.
Yes, there are challenges. Yes, there are students in difficulty, and a good professor should also be one who’s ready to reach out and help those kinds of students, but the intellectual freedom to pursue research problems across a broad spectrum as opposed to what an industry employer might expect of that research, the individual with those research skills.
So that was my path, at least the bachelor’s to master’s and PhD. Again, I can elaborate on that going forward and as we discuss.
Steve Bowcut:
And it is a fascinating story. And I think the part that the audience, hopefully, I hope that the audience, what they’ll take away from that, at least with what we’ve talked about so far, is that it doesn’t …
In fact, rarely is it just this clean path from, oh, I’m going to go to university and I’m going to get my bachelor’s degree and then my master’s and my PhD.
I’ve talked to lots and lots of professors and have lots of them on the show. And I would have to say that that’s the minority, the people that say, “Yep, I decided right in the beginning what I wanted to major in, and it was cybersecurity, and I went and got my degree, and then I got my master’s and my PhD, and now I’m a professor.” In fact, I don’t remember anybody ever describing anything like that.
It normally has some twists and some turns and some start overs and some change my mind of those kinds of things along the way. And I think it’s important for people who are starting on this path to understand that that’s okay to do that. So thank you. I really do appreciate that insight there.
Let’s talk about the National Center for Academic Excellence. And maybe just to begin with, just a high level overview, you are the director of that center. So tell us what your vision is for that. What do you want that to become or what do you want the center to do? What does it achieve?
Lance Fiondella:
Well, in many cases, a center, for those who don’t necessarily understand research and academia, again, going back to the whole beauty of being a professor and the academic environment, there is that freedom, which means there’s also the factor of it can sometimes turn into trying to herd cats.
So if one doesn’t want to experience the frustration of trying to herd cats, that is really, I regard a center as an umbrella for like- minded individuals to gather under. Not because it’s raining, but because it’s a shared shelter from … It’s a place to come together and collaborate.
It’s really, whether it has physical infrastructure or computing infrastructure or other resources, that’s important. But what’s more important is the people, both the faculty and the students and the community. What’s our mission? So like many cybersecurity centers we have, because we are a research center, we went through the designation pathway for research.
Now, the Centers for Academic Excellence offer various tracks, and those are documented on the CAE website. I can certainly provide links, but I believe many of your previous speakers have also mentioned that there is a educational track, there is a research track, and there’s the cyber operations track. So each of these designations has documented requirements.
We compile massive amounts of paperwork, I would say, of over the 400 pages of documentation we assembled, over half of that was CVs. Thankfully, they revised the process, but all paperwork processes aside and their potential for improvement, let me speak to the vision.
So my vision for the center, again, was here’s a place for faculty to collaborate across departments. And that isn’t always the case at many institutions.
Some schools are large and you can find all of the collaborators in any department you would ever want within your own institution, but that doesn’t necessarily offer the opportunity to cross-pollinate, as they say, and share knowledge across institutions where perspectives are different.
But from a more technical standpoint in cybersecurity, my vision was informed by participation in a specific government research projects program review where I saw robotics and AI-enabled robotics.
Specifically, the program was designed to assure the safety of these systems by assuring the machine learning components that provided some capability within those systems. For example, computer vision or navigation or communication.
Now, the field of adversarial machine learning is very congruent with the attacks and defenses that one sees in traditional cybersecurity, whether it be against hardware or software or humans. So the various frameworks that describe the how to attack and how to defend that inform good system building and testing.
So it was this experience that made me realize a forward-looking center should seek to educate students and future employees of companies, academia, and government on not just a classroom full of computers where we can provision virtual machines and practice our hacking skills and then tear down those virtual machines, but robotics.
So in the field of robotics where the AI and machine learning technologies are enabling autonomous systems to enter into society where if they’re not safe could lead to harm or unintended consequences, we need a community-based approach to the design of these systems.
People in the community need to have a level of awareness of the consequences of machine learning not being trained on the environments in which they’re operating, and there are technical techniques to overcome those issues.
So based on this experience, we acquired various robotic platforms, Air, Landsea, we don’t have any specific space assets, but many universities have their own satellites and such. We hope to one day, and I do have colleagues that collaborate with other institutions, but to be able to pack your own satellite or design your own satellite or a ground robot that might think Tesla as an example.
There’s carhacking village at DEFCON, so there’s certainly opportunities to think about this from an attacker standpoint to secure these for one’s company or for one’s government employer or one’s community more generally.
Steve Bowcut:
That’s so interesting. Go ahead.
Lance Fiondella:
Yeah. So that said, this encompasses not just the traditional computer sciences, but the broad spectrum of electrical engineering because there’s going to be communications, the spectrum on which communications and malware can be delivered.
So trying to include colleagues who could then mentor students on the various technical, the highly interdisciplinary nature of these systems that need to be secured. In general, we talk about members of the community or students being designers, not just consumers of technology.
So think about somebody who can program a cell phone versus somebody who only knows how to use interfaces, somebody who says, “Can you make an app to do that? ” And the answer is probably yes, but you need the user interface design skills as well as the programming skills specific to that phone.
In a similar manner, one would need, and yes, there are bigger picture issues about policy, and I’m not advocating for one or the other, but the present model is that we have these companies that hoover up a lot of data and then turn around and sell us a product. Is that the product we want as a society?
So this is where academia has an opportunity and a great responsibility to potentially help inform communities about how do we design what we actually want if … No, let’s not get too philosophical here about industry produces a product that people will buy. Whether or not it’s good for them is another concept entirely. In contrast, European data privacy, for example, is one often contrasts the two policies.
Steve Bowcut:
And I want to look at it from more of a practical … If I’m a student and I’m looking for a place that I want to get my education, what does it mean if I come across an institution that has this designation? So what does it signify? Are they teaching to certain quality standards or are they teaching certain curriculum that’s approved by the sponsors of the designation? What does it mean in practical terms for students?
Lance Fiondella:
Right. So because this is a research designation, it’s not curriculum-based.
Again, there are a numbered set of requirements, and one of those was having a specified number of faculty who conduct research in areas of cybersecurity broadly defined. So I might regard that as folks who conduct research on specific topics within …
And there is a taxonomy of different subcategories of research that would be considered cybersecurity research, but one can also think that basic research applied to cybersecurity.
For example, we might have a specific researcher who does research on use of machine learning to detect intrusion attempts into networks, but we also have faculty who do good old-fashioned machine learning research that’s more broadly applicable, and we want to be inclusive and we want to encourage participation and mentoring collaborative supervision of the students so that the students can learn from multiple faculty, not just one thesis supervisor, for example. So there is variation in the curriculum.
Certainly there are courses and we did document the courses one provides syllabi, shows that there are relevant topics. There’s a course where there’s some coverage of cryptography, there’s a course where there’s some overview of the threat landscape more broadly, a network security course.
But of course there can be variation from program to program, but really the core requirement for the CAE-R designation, and one can do a simple Google search for CAE designated schools, and the website produces a nice … It has a nice map visualization, and one can filter by the type of designation.
So if you want to find a research designated school, you can filter by research. If you want to find a cyber operations designated school, you can filter by the CO designation, and you can zoom in and click on the pins on that map and get access to the links of those schools and those programs.
So it’s a nice interactive interface for students to explore what’s in their region as well as what’s available throughout the country. There were other requirements we, of course, had to demonstrate that we’re active researchers, we had to document that we have publications in the last five years, not just as faculty, but with our students so that there’s mentorship happening within that publication activities and research that’s ongoing.
So these are some of the elements of what it takes to put together a CAE-R designation application. There’s a renewal process, and we as a community tend to mentor schools who want to go through that process, but find the paperwork processes daunting, so yes.
Steve Bowcut:
Okay. All right. So setting the CAE-R designation aside, let’s talk about UMass, Dartmouth, at more of an elementary level. So what programs in cybersecurity, what degrees in cybersecurity could a potential student expect both undergraduate and graduate levels? And I would be interested also in learning, at what point would they begin to be involved in research?
Lance Fiondella:
So students can start participating in research. I’ve recruited students halfway through their freshman fall course when I-
Steve Bowcut:
Really? Okay.
Lance Fiondella:
Yeah, you see that not only are they curious, they want to go beyond the coursework really. So many students will participate in undergraduate research as early as freshman or sophomore year. We have programs at both the undergraduate and graduate level in two departments, specifically computer science and computer engineering, which is we have two majors within the electrical and computer engineering department.
And so the computer engineering department, we have concentrations and minors for undergraduates, which is a specified set of courses. And at the graduate level, we have certificates. But I want to point out that, of course, in fact, we have an open house this weekend for prospective students after the new year.
It’s usually students who have been accepted. But a lot of times the conversation is, how do I get into cybersecurity? And that’s when I have the honest conversation. I say, are you sure you really want to do this?
And let me explain my own thoughts on whether or not you’d actually enjoy it. So oftentimes folks who work in cybersecurity are doing some kind of test-related activities, but it turns out that some students really just like to build things. They don’t really want to secure them so much as just build things and make fun functionality and technology and toys.
However, I will also tell them that think of it this way. What you’re learning in all of your courses matters. It’s not just this special topics course in your senior year or these specific courses with cybersecurity in the title, because you have to be a good builder of systems to know how to break them.
And so if you like getting down in the weeds with the bits and bytes, whether as a computer science student in your app, design of a compiler or other system application or just web applications, or as a hardware engineer with the physical components or even down to the level of the physics side channel attacks and so on, you probably want to really like those details because otherwise you may not be the best cybersecurity engineer.
You may have to rely on tools that automate some of the processes, but if you don’t have a deep fundamental knowledge of design and test, you may struggle to secure employment at the most prestigious organizations that employ cybersecurity engineers and researchers.
Steve Bowcut:
Very nice. I appreciate that insight. And that might be a good warning for some students who aren’t exactly sure that they want to go into this industry, and maybe if they don’t really like the technical aspects of it, although I do like to point out, and I’ll go ahead and point this out again, that in cybersecurity, cybersecurity is pretty broad and sometimes, and I always use the example of social engineering.
So we need people in cybersecurity that understand social engineering. They may not have the technical knowledge or even acumen that they need to build secure things, kind of what we’ve been talking about, or to do research.
They may not have the desire to do the research, but that’s something else. We still need them in cybersecurity. They may not want to get a research degree, but we still need their input. Is that fair? I mean, do you agree with that?
Lance Fiondella:
Of course. And the reasons why I say the things I do isn’t to discourage students to say, you’re not cut out for something. It’s don’t just be tempted by the supposed advertised $10,000 above baseline for a degree in this major. Do what you like. Do what makes you happy what you find fun because a fun job or will be a career, a job that’s not fun will be a job.
And so it’s more about finding what you like, explore and see what you like. It’s not about the money and it’s not about the … It’s what you like to do.
Steve Bowcut:
Thank you. I appreciate that perspective. I did want to focus again on research opportunities here, and I know that we’ve talked about it and maybe you’ve covered everything there that you think is relevant, but if I was a student, can you give me an idea of the kinds of research projects that I might be able to get involved in if I was to come to school there?
Lance Fiondella:
Yeah. So one item when you talked about programs here at UMass Dartmouth that I wasn’t able to mention in my response to your previous question was we have a National Science Foundation Scholarship for Service Award that runs through the end of 2027 presently. And there are funds. I have openings for PhD students or master’s students.
There is a US citizen requirement and there is a service commitment for that, but it’s a great job. It’s a great way to get one’s foot in the door and it’s only the service duration is proportional to the period of support. So if it was three semesters of scholarship, then it’s a year and a half of doing a government job. But which government job you want, it’s up to you.
So again, those details are on the website and all the other SFS schools in the listeners’ neighborhoods would be on that CAE-R website I mentioned as well, so one can find schools in one’s own part of the world and neighborhood instead of worrying about just UMass Dartmouth. And those opportunities for US citizens are, it’s not just to necessarily work with me, but any of the faculty who mentor these SFS scholars.
So for an external student, they would pursue the two-year master’s degree or it would support them for the beginning of their PhD. So I mean, the applications are rolling and I’m accepting applications presently because we’re approaching the end of the grant and hey, I want to spend the funds on deserving students so that they can go be of service to US National Security. And so one could look at the affiliated faculty of the cybersecurity on the UMass Dartmouth Cybersecurity website.
It’s a rather simple. Of course, Google will find it for you, but simply umassd.edu/cybersecurity-center will get you there. Probably just Google UMass Dartmouth Cybersecurity Center and take a look at the faculty affiliated with the center and look at their individual research, both on their personal webpages as maybe take a look at their Google Scholar.
The recent publications, that’s always something I’m advising on because so many people are curious to get into research from outside, whether they’re completing a bachelor’s here in the US or abroad, they need to reach out to the faculty to see what the present projects are and what are the projects going forward.
Because as you know in the US, we in engineering fund our students, our research students. So typically these need to be funded projects going forward and the projects we’ve published, recent papers on may no longer be funded.
So it’s important to try to engage by reading papers, maybe reach out to the graduate students to find out what’s really going on in the lab in terms of what kind of research is going on. But like I said, the affiliated faculty also have grants in their own areas of expertise. So it’s not just the SFS scholarship, but grants that are open to non-US citizens who are interested in cybersecurity.
We can fund them on many of the federal grants at the master’s or PhD level. And of course we use those grants to fund undergraduate researchers as well, but it’s a little trickier to say have an undergrad do a remote summer internship on those kinds of topics. Maybe a high school student wants to shadow and have some experiences.
We on occasion have local students who participate in the research labs, but they would be in the region. So it’s easy for them to come sit in the lab, work with some of the graduate students, get assignments, get feedback, and experience the mentorship in that manner.
Steve Bowcut:
Excellent. Okay, thank you. I appreciate that. Let’s pivot just a little bit. In the biographical information that I read about you at the top of the show, it talked about system and software reliability. So I think it would be interesting to get your perspective on why is reliability a foundational concept in cybersecurity? Why is that important?
Lance Fiondella:
All right. Well, to be honest, I’d never thought of myself specifically as a cybersecurity person, but certainly reliability is relevant. There’s a lot of overlap, especially in software. I mean, reliability has its roots in probability and statistics. And one might have a definition such as probability of failure-free operation for a specified period of time in a specified environment.
Now, we can translate that into math. We can measure failures during testing, and then we can apply models to predict, will it fail in the future? Is the failure rate low enough that we’d actually want to put this into production and sell it to people? Or worse, fly it. So reliability is an enabler of safety.
Reliability and security, especially in software, are also intimately intertwined and heavily overlap. If your software is not secure and you’re able to invoke some kind of failure through exploiting a vulnerability, you will not be reliable.
And reliability may lead to safety issues. So the relationship, in some sense, cybersecurity, machine learning are driving greater attention to the fundamentals, which you often hear older folks complain about. We need to pay attention to the fundamentals.
It’s not just about security, it’s about designing the software well to begin with, to ensure that it doesn’t have the vulnerabilities. But in such a packed curriculum, where do we find time unless we offer a special class, not just on introduction of programming, but secure programming that is secure by design as opposed to after the fact, oh, whoops. It’s not cost-effective, it’s not time-efficient. So there’s many opportunities to draw upon the field of reliability to do better cybersecurity as well.
Steve Bowcut:
Excellent. Thank you. And along with that, and maybe just an extension of that idea, you also emphasized this idea of resilience alongside security. So for our audience who may not have given a lot of time and effort into thinking about resilience in cybersecurity, what that even means, can you define that for us?
Lance Fiondella:
Yeah. So again, as they say, you ask 10 engineers to define something, you get 11 definitions. Very good. Yeah. Thankfully, we use mathematics to provide a common foundation and definition.
So the mathematical models, again, probability and statistically based, and we’ve developed machine learning analogs with various types of time series-based machine learning models, is based on a definition of resilience from the National Academies of Science.
So the National Academies is a very storied institution down the street from the White House. It’s typically patronized by very established professors in their fields. And many of the resilience studies have been done in the context of regional or climate resilience after disasters. So it’s a cross-cutting concept like reliability.
It can be applied to many engineering and scientific social science domains as well. So it’s not just cyber resilience, there’s this broader concept of resilience. And so the traditional definition of resilience is broken down into four primary stages.
There is the planning stage where we prepare to, essentially, if we experience some undesirable disruption, we aren’t totally disabled, which would be unreliability. So it’s maintaining a desired level of performance instead of simply working or failed a binary type model.
The second stage is the absorb stage where think about it like a boxer, you’re always amazed how many punches they can take without falling down. If you can’t take a punch, you got a glass jaw, you get knocked out.
But the ability to absorb that shock or stress and not degrade below a specified level of performance that is one’s ability to quote fight through whatever bad thing is happening in the cyber domain, it might be hostile, intentional attacks.
And then there’s the recovery stage. How does one recover? What actions can one take to recover, restore the performance to the previous nominal performance level or even stronger than before?
And then the final stage is the adaptation stage where there’s this kind of lessons learned. Now, despite the National Academies being such a storied institution, I find this definition to be lacking. We don’t divide it. We don’t only try to adapt when after the bad thing has happened. We’re adapting all the time.
There’s a matrix of whose job is it to adapt? Whose job is it to plan? Whose job is it to absorb? And what are the system requirements? Who are the humans? What are they doing? So I think there’s many opportunities to develop theories surrounding organizational resilience, the processes by which we ensure system and process resilience, talk about supply chain resilience.
So cyber resilience is just one of many domains to which the concept of resilience, psychological resilience, how to help a veteran or somebody struggling with mental health, how to help a child struggling with their academics.
It’s applicable to so many fields and to try to put it on a mathematical foundation and then have interdisciplinary collaborations. We’ve done some work in the area of cyber resilience, but again, the thought that we can do good in so many areas of science, including the social sciences and engineering here with this concept drives my excitement about this topic.
Steve Bowcut:
Excellent. Thank you. All right. So I wanted to ask you about interdisciplinary collaboration. And I think what I’m going after with this question is, or in fact, this is interesting because earlier you talked about cross-pollination, like institutional cross-pollination.
So if we take that same idea and we focus on the various disciplines and the cross-pollination or the collaboration that can and should be happening, can you talk about that a little bit about engineering, computer science, policy, social sciences? And I know you’ve mentioned this a little bit earlier in the show.
Is there any more that you can elaborate about the importance of this kind of collaboration and what students could expect to see at UMass Dartmouth?
Lance Fiondella:
Yeah, so it’s an excellent question. And obviously one area where we need to do a better job, not just as academics, but as a country is we do the technical aspects and we do the social aspects a lot of times in isolations.
And I’m not just talking about the social engineering component, and I was smiling when you were talking about the social sciences students. I think we’d have an interesting ethics of trying to do social engineering, but that you’d have to get your IRB approvals, the institutional.
When humans are involved and you’re being deceptive to show the gains and the benefits of the research. But a course in social engineering and defense, that would be fascinating and how to get it approved by one’s university and attract participation and think about it from an organizational standpoint, whether it’s coders giving up the passwords to certain secure parts of their software or otherwise, just organizational security.
But I mean more broadly, like you said, policy and the social sciences, because the methods of research differ and the timelines, the incentives, when there’s humans involved, you need to look at the incentives. Engineers, we fund our students, we publish lots of papers.
Social scientists like to take their time, write a very detailed thought-provoking manuscript. So the timelines may not align if they’re not interested in funding and just ideas, the incentives don’t drive a good collaboration model.
But one thing I really want to emphasize for this audience is where we need to do a better job is with international policy and protecting those who are most vulnerable in our society, specifically children and the elderly. Children may be victims of various forms of online criminal activity. Adults, educated adults can be.
The best of us can be tricked at times, but the elderly can be maybe overly trusting or not have a family member who’s going to look out there at financial wellbeing and the lack of international jurisdiction and the protections.
We bleed billions of dollars and it’s sadly offset onto the private citizen and we need to do a better job as a nation educating and working for the organizations responsible for protecting especially these populations and developing the technologies to make it easier to do so.
But sadly, all the emerging technologies will be used for harm as well as good. And so it’s an arms race of how do we keep up with, say, for example, broad based on generative AI. So it’s just going to get worse, but this is one of the challenges is if we’re going to be community-based, how do we build systems that protect people, not just in our country, but not internationally?
How do we think about design more holistically for all members of our community?
Steve Bowcut:
Excellent. Thank you. So a couple more questions before … We’re about out of time, but there’s a couple questions that I think would be really interesting for our audience to get your perspective on. And the first one is what specific skills or competencies do you think would be most valuable over the next five to 10 years?
So if you’re a student and you’re thinking about your potential academic career path, what should they be thinking about in terms of the skills that they need to develop that’ll be in this field of cybersecurity that would be most beneficial for them going forward?
Lance Fiondella:
Yeah, I will try to answer that holistically. I know some people want to say which courses or-
Steve Bowcut:
Yeah, tell me this one and
Lance Fiondella:
That one. Just tell me what course I need to take to get the job is not the answer I want to give or major in physics, major in computer science. I mean, there’s so many ways to succeed. Really what I want to emphasize is foundational skills that all generations we have to learn.
The style of learning and the technologies available, the so- called elephant in the room right now in academia is large language models and say, for example, quote, cheating on homeworks, exams in every aspect of one’s coursework.
Now, we need to take a more permissive approach as instructors and work with the students because, for example, if you want to just plug in the simple question to your intro programming course, it will probably spit out working code, but did you learn anything? If you want to go on to more advanced courses that require those fundamentals, you’re shooting yourself in the foot.
So instead using the technology to just get one’s homework done as quickly as possible so one can go hang out with one’s friends and maximize one’s social time, well, they’ll have jobs for those folks too.
But I would like to emphasize the fundamentals that are reading and writing and communication, both that is written and spoken because we have knowledge, well, we might hallucinate, but we don’t hallucinate large language models.
And therefore, despite our fears of being rendered obsolete by these technologies, by having a foundationation experience and core knowledge and essentially that embodied intelligence that we have as humans, living beings, use that to our advantage.
Don’t let the fear of being rendered left behind scare one. Writing is such a skill and so is communication. So it’s those quote soft skills, the time management, finding balance and work and life and the happiness and all those things.
It’s a continuous learning process for each of us at all stages of our career and education.
Steve Bowcut:
Yeah. Excellent. All right, so let’s end with a final advice, and maybe you’ve given us all the advice that you want to share today, but I want to give you the opportunity.
If there’s anything else that you would, if you’re sitting in front of a student who’s thinking about cybersecurity as a potential career path, so from your perspective in academia, what kind of advice would you give them?
Lance Fiondella:
Oh, I would say there are many well-paying jobs in society, but think about to what end, you have one life. Offensive or defensive cyber is not the end goal. Yes, we need methods to secure our infrastructure and protect our citizens and the services in society, but is that the end goal?
And there will be overlap in other spaces of international conflict.What are the end goals? How are we developing not just a more secure world, but a stable and peaceful world where people from different backgrounds can find commonality and live in harmony?
I know that sounds all rosy, but again, there’s so much dark and bad, doom and gloom when it comes to cybersecurity. Focus on what the end goal is for the people in society, not just the technology, and who are we serving?
Steve Bowcut:
I like that. Thank you very much. I appreciate that. And we are out of time, but Dr. Biandella, thank you so much for sharing part of your day with our audience. We sincerely appreciate it.
Lance Fiondella:
Yeah, thanks for allowing me to share some thoughts.
Steve Bowcut:
It was great. It really was. And that brings us to an end of today’s episode of the Cybersecurity Guide Podcast.
We’d like to thank our guest, Dr. Lance Fiondella, for sharing his insights into cybersecurity research, secure and reliable systems development and academic pathways available to UMass Dartmouth students.
And as always, thank you for listening. If you enjoyed this episode, please subscribe, leave a review, and share it with someone who might benefit from the conversation. And until next time, stay curious, stay informed, and stay secure.