Christopher Mitchiner is the executive director of the Cyber Institute at the University of North Georgia. LinkedIn profile.
Listen to the full episode:
Key takeaways from the interview
- UNG’s unique educational model: UNG, part of the six senior military college consortium, offers a balanced academic and discipline-building environment. It’s not mandatory for students in the Corps of Cadets to join the military.
- Partnerships and opportunities: UNG has strong ties with the federal government and industry, receiving significant grants from the NSA. This fosters opportunities like internships and scholarships, leading to careers in agencies like the NSA, CIA, FBI, or in industries like Mercedes-Benz and Home Depot.
- Educational focus: The university offers undergraduate and graduate programs in cybersecurity, emphasizing practical experience and industry interaction. Their Cyber Hawk Club, for example, engages in real-world cybersecurity challenges provided by industry partners.
- Career path guidance: UNG emphasizes the importance of gaining experience in federal agencies before pursuing higher-level industry positions. This approach helps students build a solid foundation of practical skills.
- Reading and conference recommendations: Mitchiner recommends “Ghost in the Wires” for understanding the attacker’s perspective and “Secrets and Lies” for defense strategies. He also suggests attending the National Cyber Summit in Huntsville, Alabama.
- Future of cybersecurity: Mitchiner predicts significant cyber events targeting financial institutions in the near future, stressing the need for skilled professionals in this evolving landscape.
Here is a full transcript of the episode
Steve Bowcut: Welcome to the Cybersecurity Guide podcast. My name is Steve Bowcut. I’m a writer and editor for Cybersecurity Guide and the podcast’s host. Thank you for joining me today. We appreciate your listening. Today our guest is Chris Mitchiner.
Chris is the executive director for cyber at the University of North Georgia. The topic today, we’re going to be discussing educational opportunities for cybersecurity students at the University of North Georgia. Welcome, Chris. Thank you for joining me today.
Chris Mitchiner: Thank you very much for the invitation. I appreciate it, Steven.
Okay, thank you. Appreciate your time and I think this is going to be fun and interesting. To get started, I thought it might be a good idea if you could tell our audience a little bit about UNG, its role, and its mission, because I think it is a little bit unique different than most other universities that students might be considering.
Chris Mitchiner:
Yes, thank you. North Georgia is a great university here at the foothills of the Appalachian Trail leading north. We are also part of the six senior military college consortium. Those can include Texas A&M, Virginia Tech, Citadel, Norwich, Virginia Military Institute, and, of course, UNG. The student base of the Corps of Cadets is about a thousand, and the civilian-based population of the institution is about 16,000. There’s a big difference.
One of the beautiful things about the University of North Georgia is students who come into the Corps of Cadets are not required to go into the military. It’s more used as a discipline-building desire to make sure students stay in a rigorous type of academic and social development process.
Interesting. Okay. It has a large contingent of ROTC and military-minded folks, but certainly not anywhere near even the majority. I mean, it’s relatively small compared to the overall student population.
But it’s larger than other universities it sounds like, or that relationship is such that there’s more at UNG than other universities. From what you’re telling me… and correct me if this is wrong… so the whole environment is a little more structured militaresque, if that’s such a word than you might find at another university. Is that a fair statement?
Chris Mitchiner:
It is. It’s based on a little bit more of a structured developmental process, so that if you want to come in and have somewhat of a controlled environment that is structured and gets you in shape, develops you just outside of your academic studies, you have that ability.
Awesome. I like that… a lot. All right. Let’s explore a little bit UNG’S relationship with the US federal government or large industry as it relates to cybersecurity. What’s the role that UNG plays with these entities?
Chris Mitchiner:
Well, the university received a very large grant from the National Security Agency to begin to build a pipeline of students that would go into the federal government. I currently run that grant, so within that grant, our students have the ability to come into the university, receive internships, scholarships as they develop their skills within cybersecurity with the understanding that when they graduate, they have a job waiting on them within the federal government, be it the National Security Agency, the CIA, the FBI. All of those opportunities exist for them.
Also, within the institute, we have our civilian side, if you will, and largely that is run out of what is called the FinTech corridor coming out of Atlanta. Out of Atlanta is Mercedes-Benz, it’s Home Depot, very large financial organizations. We partner with them as well so that every student who graduates here has the opportunity to seek a job either within industry or within the federal government.
Awesome. It sounds like it’s a great place to go to school if you’re serious about cybersecurity and maybe particularly if your interest lies in maybe working for the federal government and one of the intelligence agencies in a cybersecurity role.
All right. Let’s learn a little bit more about you. I’d be interested to know how you became interested in cybersecurity. Is it something you’ve always been interested in and pursued, or did it come later in your career? How did that come about for you?
Chris Mitchiner:
I graduated from this university back in let’s just say a very long time ago-
Steve Bowcut:
Okay.
Chris Mitchiner:
… and was in the Corps of Cadets and became an intelligence officer and spent about 20 some years in the military as an intelligence officer, but never within cyber. I became invested in cyber after I had gotten out of the army because I knew where it was going. It was a very small community at first who was looking at this new thing called cyber. I went and worked for the NSA in Georgia, where I decided to retire, still not knowing how to spell cyber. But I went in because I knew I had experience of what the operational and strategic impacts of how the army operated. I went in learning how to do cyber because I knew what it meant to the C-suite of the army-
Steve Bowcut:
Very good.
Chris Mitchiner:
… and I actually became the explaining to the generals and the senior people, hey, here’s what cyber means. Here’s how it can help you. Then, subsequently, going back and explaining to the cyber folks of, hey, here’s what they need to know.
Steve Bowcut:
Wow. That is amazing, particularly if you look at how things have changed over the last few decades. It seems like cyber is probably one of the things that our military and federal agencies is most focused on now. That seems to be the most likely battlefront, if you will, with other nation-states as we’re kind of competing for our position in the world.
Chris Mitchiner:
It absolutely is going to become the next battlefield, unfortunately.
Interesting. Yeah, unfortunately. All right. Well, thank you for that. I appreciate that. Let’s turn our attention now to why we’re here. Let’s talk about the cybersecurity educational opportunities that a student might find at the University of North Georgia.
Chris Mitchiner:
The University of North Georgia has both an undergrad and a graduate program, specifically in cybersecurity. We have some phenomenal professors here at the university who actually work with the United States Olympic team and who have traveled to Greece, who have traveled around the world to represent the US.
We have those faculty members. When I say you’re getting instruction from top faculty, you are because the university has that talent to coach the United States team. Yes, it’s a phenomenal set of instructors and faculty members who fight to get the top talent and are, in fact, themselves teaching teachers how to instruct in cybersecurity.
Interesting. If I was a young student considering cybersecurity as the direction I want to go in my academic career and considering University of North Georgia, what kinds of projects or teams or clubs or activities could I expect to be involved in?
Chris Mitchiner:
Projects that the students are involved in… We have a Cyber Hawk Club here at the university. The Cyber Hawk teams here at the university have won two national championships and been in the top five in the other three for the past five years. It’s a phenomenal organization. It’s all student-led. They go in on a constant basis, and companies from Atlanta and federal entities will give our club certain problem sets and ask them to solve it for them.
Then, subsequently, we sign very specific non-disclosure agreements so that… Like Mercedes-Benz will give us software and say, “Break it,” and we will go into a controlled environment, break it, put it back together, break it again, and then, ultimately, get that back to Mercedes-Benz as a, hey, here’s how we did it.
There are several capstone exercises between the sophomore, junior, senior year that students will take on to where other agencies will give us software and say, “Hey, go break this, too. Come back to us. Tell us how you did it, and let’s discuss it further.”
Steve Bowcut:
Oh, that would be exciting. That would be an exciting way to get your education.
Chris Mitchiner:
Oh, it’s phenomenal. The students love it.
Yeah. Interesting. Thank you. I want to change our focus a little bit here, kind of going back to what we were talking about before, UNG’s relationship with industry and with agencies. I know that most of industry is kind of clamoring for people with cybersecurity skills.
They use the term a skills gap, where there’s a real need for people with that skill set. I’m interested to learn, that need, that gap, does that affects the curriculum that UNG offers. Are you filling a certain niche, or maybe more broadly, what are you hearing from industry and agencies? What level of education are they looking for new hires, and how do you fill that need?
Chris Mitchiner:
These are all great questions. Within the federal government, that’s where we push the majority of our students. I say that because, A, it’s a guaranteed job, but, B, they learn, they get experience. The large group that come here and look for our master’s students are your Mercedes-Benz, your more high profile, higher paying groups. But they don’t want young men and women who have graduated with their bachelor’s degree.
They want them to have gone out into the world, specifically into the federal government, to be honest with you, and have that experience, how they have learned, what they have gained, so that by the time they get into those higher-level paying organizations, they have some tangible experience with what they’re learning. It’s not just a you get your bachelor’s. You go straight into your master’s. Then you expect somebody to hire you immediately.
They want you to have graduated, gone out, gotten experience, and then come into those high-paying roles because they want you to have that failure, how you got past it. When you come to them, if you come to them without experience, they’re most likely going to say, hey, we’ll start you low, and you start at some of those newer jobs that have just started that aren’t as high-paying so that you learn and you gain experience.
Steve Bowcut:
Interesting. Okay. That’s fascinating. Maybe the preferred track would be bachelor’s degree, a few years in a federal agency, back to a master’s degree, and then you’re in a good position for those very senior or leadership roles in a large industry.
Chris Mitchiner:
Absolutely.
Okay. Interesting. Thank you. Let’s focus now again on that student, a freshman a sophomore, or a junior, and they’re deciding what direction they want to go in cybersecurity. If you were to put together your top picks, maybe we could call it a reading list, books, papers, lectures, but even websites or conferences, where would you direct people to do a little research on their own?
Chris Mitchiner:
I would tell you the first two books that I would listen to either in a podcast or an ebook type of environment would be Ghost in the Wires.
Steve Bowcut:
Okay.
Chris Mitchiner:
It’s a phenomenal story, and it kind of gives you an understanding of the threat perspective. Students really like hearing, here’s how the bad guy got in. Then the reverse perspective is Secrets and Lies, and that kind of gives you a perspective of not as the attacker, but as the defender. So you get two perspectives, one of how to break into networks and affect fill-in-the-blank. Then, subsequently, how to anticipate a threat actor breaking into your systems and how to defend it, so you’re not just getting one perspective over the other.
Steve Bowcut:
Very good. Yeah.
Chris Mitchiner:
A conference that I would tell you is probably the best conference that I have been to is the National Cyber Summit in Huntsville, Alabama. It has all the new technologies. It has everybody who’s developed code or is developing code or is writing a program or solving a problem. That is the place to go.
Excellent. Very good. Useful information. We’ll make sure and put links to those in our show notes, so people that listen to this podcast or read the show notes can click and go right to them.
All right. Lastly, I’d like to end up with kind of a fun question, but I think it can be useful to students is dust off your crystal ball and tell us what you think the future might look like in five years or 10 years or whatever period of time you’d think you’d like to. But what do you see coming around the bend in the future for cybersecurity?
Chris Mitchiner:
I will tell you, I see quite a few significant events that are going to happen on the financial side. Everybody’s finances will be impacted because there’s going to be attacks on big banks, Wall Street. I have the feeling that something’s going to happen there because you see the evolution of a simple cyber attack to gain a certain amount of money at the lower level, so it doesn’t get advertised.
But we’re going to see a significant event on financial institutions and it’s going to be Marvelesque, if you will, and its importance because there’s just no telling, at this point, how many countries will be involved. Of course, everybody’s going to say, it wasn’t us.
Steve Bowcut:
Sure.
Chris Mitchiner:
We didn’t do it. Unfortunately, the financial institutions across the world are going to be the ones that are going to bear the brunt of the next cyber event.
Steve Bowcut:
Interesting. That’s an interesting perspective, and I certainly wouldn’t disagree with that because I know it seems like more and more we’re hearing about that the financial institutions are the focus of the threat actors along with critical infrastructure, I’d have to say. But I think more and more we’re seeing financial institutions being… and not just for financial gain from the threat actors, but I’m talking about nation-states who have realized that that’s really the way to cripple an opponent is to attack their financial centers. That certainly makes sense.
Chris Mitchiner:
They’re also going to be able to cover their trails so much better, so that everybody’s going to have the ability to say, hey, it wasn’t me. I don’t know who did it.
Steve Bowcut:
Yeah. That’s always the most frustrating part with that kind of asymmetrical warfare, right? You really don’t know. You really can’t say for sure. The attribution is just so difficult. Seldom can you say for sure who’s doing that kind of thing.
All right. Well, thank you so much for your time. That’s all the time that we have. We appreciate you taking part of your day and spending it with us. I know this is going to be a great resource for students who are thinking about where they may want to get their cybersecurity education. It sounds like UNG might be something that they should consider seriously, so thank you. I appreciate it.
Chris Mitchiner:
All right. Thank you for your time, Steven.
Steve Bowcut:
You bet. Also, I’d like to thank our audience for being with us today, and please remember to subscribe and review if you find this podcast interesting. Join us next time for another episode of the Cybersecurity Guide podcast.