Dr. Abdulbast Abushgra is an assistant professor of cybersecurity at Utica University. He is skilled in MATLAB, analytical skills, information security, algorithms, cryptography, and programming languages. He holds a PhD in computer science and engineering focused on quantum computing from the University of Bridgeport.
Listen to the full episode
Key takeaways from the interview
- Rapid technological advancements: The discussion touches on the rapid pace of technological advancements and the challenges they pose, particularly in areas like self-driving cars and their security implications.
- Cybersecurity education and training: Dr. Abushgra discusses the approach of Utica University’s cybersecurity department in keeping pace with market needs and training students. The department closely collaborates with private-public sectors and consultants to ensure that their curriculum matches market demands.
- Career opportunities for graduates: There is a focus on the positive employment outcomes for students, with many securing jobs quickly after or even before graduating from Utica University.
- Advice for aspiring cybersecurity students: Dr. Abushgra advises students to be prepared for the challenges of choosing a specific area within cybersecurity, as the field is expected to grow and diversify significantly, similar to the evolution of computer science and engineering.
- Future trends in cybersecurity: The interview touches on emerging areas like AI, machine learning, and quantum systems, emphasizing the need for cybersecurity professionals to stay informed and adapt to these changes.
- Overall industry demand: The conversation also highlights the general high demand for trained cybersecurity professionals in the industry.
Here is a full transcript of the episode
Steve Bowcut: Thank you for joining us today for the Cybersecurity Guide Podcast. My name is Steve Bowcut. I’m a writer and an editor for Cybersecurity Guide and the podcast’s host. We appreciate your listening.
On today’s show, our guest is Abdulbast Abushgra. He’s an assistant professor of cybersecurity at Utica University. We’re going to be discussing, of course, cybersecurity education opportunities at Utica. So we’re very thankful that Dr. Abushgra has joined us.
Let me tell you a little bit about him. Dr. Abushgra is skilled in MATLAB, analytical skills, information security, algorithms, cryptography, and programming languages. He holds a PhD in computer science and engineering focused on quantum computing from the University of Bridgeport. With that, welcome, Abdulbast. Thank you for joining me today.
Abdulbast Abushgra: Thank you, Steven. It’s my pleasure.
All right. Well, we sincerely appreciate it. I know the audience is going to appreciate it as well. So before we start talking specifically about Utica and the educational opportunities that a student might find there, let’s learn a little bit more about you.
I like to start with this question. I find the answers fascinating and varied. How did you first become interested in cybersecurity? What did your journey look like?
Abdulbast Abushgra:
First of all, thank you, Steven, for this time and for this question. It’s a great question, by the way. Personally, I like to share this experience with my students, sometimes friends, how I became interested in cybersecurity. It was early 2013 when I was a student pursuing my PhD degree.
I was working on a topic related to generating a secret key, and I found myself… It’s kind of like a topic that I can do better. So I started thinking, “Okay, I’m going to use my skills,” because I like math, I like puzzles. So I never struggled with the math courses since I remember, maybe from, let’s say, middle school, high school, bachelor degree, master degree. I felt like I’m very close to the math, to the numbers, to analyze these functions. I never struggled with them.
On the other hand, maybe I struggled a little bit with the concept. So when you give me maybe an article and just go ahead and analyze it, maybe I struggle a little bit. I’ll spend more time. But with the numbers, I’m okay.
So, this friendship, I start thinking logically how I can interpret this friendship to be something real, because that time, I hadn’t decided yet to go with which topic in my PhD. I find this in couple of months, and I find it okay. It’s okay. I’m good with the cryptography. So let’s go ahead and just maybe describe or maybe explore many of these fundamentals.
After maybe a semester, I decided to go with my dissertation topic, and my supervisor offered me a list. I remember the list contained maybe seven topics. Started with, if I still remember, machine learning, deep learning, big data, some of these topics, but end up with quantum cryptography. And this is in late 2013. So I just focused many times on this list and just, “Okay, I’m not really willing to go with the first, the second, the third, the fourth, and then end up with the seventh.”
I remember the quantum cryptography. I said, “I’m okay with the quantum.” And my supervisor just said, “Are you sure?” I said, “Yes.” At that time, Steven, I would say going with something related to quantum in that computer science and engineering field is going to be disaster, specifically if we don’t have enough tools and equipment for that. Because at that time, one of these comments that my supervisor said, “If you go now and open your browser, you’ll never see any tools, any codes about quantum, so you’re going to struggle.” I said, “I know that, but I’m going to just try.”
Steve Bowcut:
Yeah. As I understand, I mean, quantum computing and quantum physics has been around for a long time, but the drawback has always been the hardware that was capable of doing the thing. Like for quantum cryptography, having the hardware capable of that has been the drawback. And we’re just now getting to the point where that’s possible. Is that correct?
Abdulbast Abushgra:
Yes, that’s actually correct. Yes. Because for many reasons. If you go back with the reality of quantum computing, back earlier, like maybe 1900, many of these theories after that, just back from 1935, 1939 from Albert Einstein and others. And with some of the famous protocols started maybe in 1984 by some professors from MIT, and then just followed by many of these protocols until today.
So, I started this topic, and I struggled first time. I struggled because I found myself just facing lack of resources except, and focus on this point, except on the physics side.
If you are going to go with the physics, yes, you’re going to see a lot of theories, a lot of fundamentals, maybe some equipment, but as a computer scientist or engineering, it’s not available. I’m not saying in general, but at least in some university institutions. Maybe big companies or some few institutions being interested in this topic for a while.
I started studying physics, back to the quantum computing, to just match up whatever the relationship between the physics and the computer science fundamental. And I figured it out and start with some protocols.
So, back to the question, because I went down a little bit to read the whole basis of security, I figured out, “Oh, wow, it’s amazing how we can just make our system more secure.” And just start again, looking down from the low voltage signal that is the binary production, and then just look at our OSI layers from our devices, switches, routers, and until we convert it to the readable binaries or data, we can just as a human read it. So I start from that time looking and say, “Oh wow, it’s amazing.” And I choose my way, my way is going to be security.
That time I did not consider cybersecurity as my major, but I would say it’s in security. But after maybe a couple of years, I figured out it’s… Because I’m focusing on cryptography in general, computer security in specific. Nowadays, if you look at the standards, regulations, all these fundamentals from the cryptography and information security now under the umbrella of cybersecurity.
If you go back to the NIST or NIST.gov, so it’s going to be… Look at the cybersecurity, you can see maybe the first link or the first criteria that describes the fundamental of cybersecurity is cryptography. Since that time I realized, okay, this is my way and I’m going to do my best to figure it out for others and for myself, for whole nation, the community to see how we can produce and protect our environment systems individuals.
Right. Very good. Thank you for that. I appreciate that. That’s fascinating to me. And like I said, the responses to that question are always varied and that’s why I find that intriguing. So let’s focus a little bit on Utica.
So tell our audience, if you will, what different cybersecurity programs are offered and by program degrees, undergraduate degrees, postgraduate degrees, what’s available at Utica?
Abdulbast Abushgra:
In brief, Utica University, one of maybe the best destination for whose interested in cybersecurity. Back maybe couple of years, cybersecurity at Utica University, one of the top five and still now one of the top 10 programs internationally.
I would say we offer over here at Utica University, a bachelor degree. So this bachelor degree student maybe be skilled and study many specializations start from cyber operations or CyberOps. Cyber operations, it’s more technical.
That means student will be more close and thick person to understand the basics and the whole fundamental of the defensive techniques and procedures of hacking either blue or red teams. Computer programming, and somehow, operating system, flowability assessments, all these maybe end up with the BEN testing procedures and techniques.
We have another specialization too, it’s network forensics and intrusion investigation. This over maybe students list capability to be technical because based on our experience, the school experience, the whole university, we see student interested in cybersecurity, but their capability to go further with the requirement of being a cyber operation technician or others is going to vary, so some of them struggle.
So we offer all these levels, just like if you are interested in cybersecurity, so it depends on you. So you have the first year, just try to discover yourself, try to maybe measure your skills to see if you fit. For example, the most technical aspect in cybersecurity to be like, for example, information security officer, cybersecurity analyst, or you’re going to be maybe something else, still valuable, still interesting rule in the market as a network forensics or cybercrime and fraud investigation.
So we offer all these three categories and student be advised to choose one of them based on their experience, whatever they like to be in future. Some of them to be in private sector, others maybe willing to go with the public sector, some of them governmental agencies like for example, CIA or FBI. We offer all these techniques, and by the way, we cover the whole material needed to be ready to join the real world.
So what do we mean by the real world is going to be like to ignore how a student after graduating from the university to start looking for another certification or training. So we try to ignore that. We try to just avoid that. To just provide all these techniques, labs, hands-on, materials, all these skills provided in these specializations under the cybersecurity department plus-
Okay, and I think you just answered that question. So it is a cybersecurity degree with different specializations or is it like a computer science degree with a specialization in cybersecurity? Is it a cybersecurity degree?
Abdulbast Abushgra:
It’s a cybersecurity degree with a multi-specialization.
Steve Bowcut:
Multi-specialization.
Abdulbast Abushgra:
Yes.
Perfect. Thank you. Appreciate that. So let’s try and paint a picture if we can, for a student who’s thinking about coming to school there, what their life might look like in regards to their academic and even extracurricular stuff.
So are there clubs or organizations, events, those kinds of things that a student could anticipate being involved in?
Abdulbast Abushgra:
Oh, yeah. The cybersecurity department initiated for a long time a cyber club. So this cyber club led and managed by students who is in cybersecurity department. This club has many events, conferences, activities, the whole year, even in the summer. The cybersecurity students being busy all the time. Multi-activity events just applied.
Cybersecurity faculty only provide recommendations or maybe the guideline to provide more stability to these students to manage these clubs. But yes, we offer cybersecurity club, so student happy with that, enjoying these activities, hacking the box or just doing some activities on the dark web or all these environments.
Okay, excellent. So is there anything else that you can think of that makes your cybersecurity program unique?
Abdulbast Abushgra:
This is a great question. Yes, it’s… In my opinion, and if I’m correct about that, cybersecurity at Utica University, born with different elements that specified as an… Let’s say, good chances to just grow cybersecurity maybe back to more than 10 years.
What I mean by that? Cybersecurity at Utica University, born with the criminal justice department. So as you know, back days and we just shared this conversation with many of these specialists and instructors in this field, so. Cybersecurity maybe back days is not the cybersecurity that we know today.
Cybersecurity, it’s much bigger, more interesting topic. If you look at the market now, 0% unemployment. Anybody think about cybersecurity. Why? Because the market still need more cybersecurity specialist or at least anybody fill this gap or role in the market, and still growing and never stopped.
Cybersecurity at Utica just partnered with the technical aspect that we call the technical side that we share any computer fundamentals, engineering aspects with the students.
As I mentioned earlier, it’s a cyber operation specializations. We have network forensics that is close to another department, another section that provide more details, more skillset to build a good foundation for those students who are willing to work in this area. Also, as I mentioned, criminal justice studies. We are partners with these studies to share with our students to be in this field. Finally, now we provide another section, and this is available under one school, it’s cybersecurity management.
Cybersecurity management provide another technique, another skillset to who’s willing to be in this field but with, let’s say, not much interest to go with computer skills as in programming languages or web application development or all these skills. So you don’t need to go with the encryption or decryptions.
You don’t need to go with what is the SSL or HTTPS or all these crazy stuff. So you only have to be willing to work with the team, understanding the risk management, understanding the techniques that we as a cybersecurity trying to do with our system or infrastructure.
Interesting. Okay. I always find this concept a little puzzling, actually. So with cybersecurity, it’s a very dynamic field. Things are changing all of the time, right? Now, but the fundamentals are pretty consistent.
Cryptography, how that works. So the fundamentals are consistent, but the methods of the threat actors will change because they’re always trying to stay ahead of the defenders.
And the tools that are available on the market for defending are always changing because it’s one company trying to find a better way, I don’t know, a better mousetrap, a better way of defending their system.
So is that a challenge for teaching cybersecurity? And if so, either way, how do you prepare your students for real-world cybersecurity challenges when the real-world environment seems to be in flux? Or do you just focus on the fundamentals?
Abdulbast Abushgra:
Steven, this is a $1 million question. This is an amazing question, I would just say. Every single class and course and semester I say that to my students, we have to be prepared well, because whatever we have today in our hand is going to be not worth it to have it tomorrow.
As you mentioned, so cybersecurity growing and based on my expectation, it’s not stopping here or there. It’s going to be keep growing as long as the digital era is growing, the number of internet users growing, the number of IP addresses growing, the number of IOTs devices growing.
So yes, it’s a headache. And unfortunately, when I speak with some people out of this field, they cannot realize what I’m talking about. So when I say we struggle as a cybersecurity faculty or instructors just to prepare a course. They’re going to say, “Wow, how?” Yes, because every single semester we are going to prepare something else new.
For example, we cannot just build our courses based on something not valid. For example, if I’m going to talk about this specific example about operating systems. Now, who can just work on Windows 7 or Windows XP? It’s out of our time now. So we are out of it.
So we going to just work in something better. So that’s why, as you mentioned, applications that work today, it might be not tomorrow. Our instruction to show student how to use network for specific routers or switches, it could be not a good idea to work with it tomorrow.
Yes, it’s a struggling. And the good thing, as you mentioned, we keep the fundamental clear for our students. Some of these fundamentals, we keep using it every single day. The theory of that is going to be maybe similar or with the small improvements, but we still keep doing that.
For example, when you talk about like networking or the layers of these networking. So we can just see the improvement in our infrastructure every single time, but again, way back to the basis, we teach our students to know the OSI, the old fashioned networking.
And it’s going to be our pleasure to show them how this can work, because this can help them to understand how the back of the frame just working from the lower layers to the uppers and so on. And this can be applied with all these courses that we just covered, the fundamental.
But the question now, how? How we can make our courses up to date with something just to change every time. And this is a hard work time. We keep in touch with all the news from the conferences, journals. We keep in touch with the GitHub platforms, whatever invented or something new.
I remember a couple of semesters we were discussing something about security related to the IOT from there and here, and one student asked this question about the self self-driving cars, and this was the topic. And I believe the first experiment was in Arizona, if I remember.
So the student tell me, “Okay, it’s nice technology and there are a lot of threats to impact this functionality, but my question, if an accident happened, so how we can build our decision based on who’s the victim, who was the guilty about that?” So I said, “Oh wow, okay, I believe we still behind this one.” So again, at that time and I just get back to my computer and start searching about it and I didn’t get any answer.
I said, “Okay, this is a good topic to just think about it now.” It’s technology, it’s still new and I believe even the government cannot cover some of these because as I mentioned, technology is just running. If you think about to stop somewhere, you’re going to be late after that. So we have to just think about it every single minute.
Steve Bowcut:
Yeah. And as you’ve alluded to a few times now, the industry, generally speaking, is clamoring for more trained cybersecurity people. It’s a big deal, the skills gap or the shortage that is in cybersecurity.
So it’d be interesting to understand how Utica or academia in general is responding to that message from industry. Do you have an industry advisory board or a governmental advisory board that kind of tells you this is what we need for cybersecurity trained people and then you build your curriculum, or at least it has influence in your curriculum? Does that go on?
Abdulbast Abushgra:
Yes. Utica University, specifically the cybersecurity department, being for a while, just to close to the market. And we have many ambassadors, many consultants just being close with those private-public sectors, big companies or even small private companies.
We just collect our data from different aspects regardless of if they’re going to hire or just to train our students. We collect this data to see how we are doing with our production. Our production matches what is needed in the market or not. Absolutely. So we are close.
We have mostly the accurate, I’m not saying the a hundred percent, but at least we are around the nineties, so we are close to be matching whatever needed.
And the good news and reflection of that, our students being hired right away. So we don’t have any difficult time or concerns about students who maybe graduating from Utica University. We have some examples even before graduating, student gets hired or promised to be hired after graduating.
Excellent. Very good. Thank you. All right. So if I was a student considering going into cybersecurity at Utica, are there some resources that you would point me towards?
It could be books or papers or websites or YouTube videos or conferences I should attend or lectures. Are there any resources that you would have me look at?
Abdulbast Abushgra:
There are many resources. One of them just to be contact with the cybersecurity club as a student. So if you are a student, the first thing, just contact with the cybersecurity club. They’re going to provide you the whole thing, everything that you need or if you have any questions or any things to think about it. Plus, as a cybersecurity faculty, we are available.
So over here we have many lectures available online. We have many other documentations, information we can just provide to anybody, any students. It doesn’t matter from where, close to our campus or far away in California or Florida. We provide all these at the same time to answer your questions.
Okay, excellent. So to wrap up here, looks like we’re about out of time, but I do like to end with this last question, which is kind of a fun question, but there is a purpose behind it.
We’ll ask you to dust off your crystal ball a little bit and look into the future and help students understand what they need to be focused on now so that they’re in the best position to get into the best job or the job that they want in three, five or 10 years, whatever their educational experience is coming to a close. What advice you have along those lines?
Abdulbast Abushgra:
This is great question. And again, I’m going to say whatever… It depends on my philosophy. And I would say it might be right, it might be wrong, but I’m going to say whatever expected. I said something about security awareness a couple of years, and I believe that I hit the ball as you mentioned.
Now I’m going to say something about cybersecurity. Cybersecurity is going to keep growing. And if anybody is interested to get the spot and be in the cybersecurity field, be prepared for that. And you have to be ready for the challenge, the hard time just to be in this field.
What I meant by hard time, it’s not just to be difficult to attend or to be in class or in the workforce in future, it’s hard time to choose which area of cybersecurity. More precisely, cybersecurity in the future is going to be as in computer science, maybe a couple of decades.
We started with the computer science, just one major, if you remember seventies, eighties. Now, computer science, it’s a multi-majors under the umbrella of the computer science, the same as computer engineering.
Now, cybersecurity is going to be the same. It’s going to be a big umbrella. We’re going to see many other maybe departments or sections or divisions under this one because we cannot ignore the growth of AI, machine learning, deep learning and quantum system. Maybe some of students were about, “Okay, what do you mean by quantum system?” Quantum system, one of these maybe expected revolution that we can see in the future. We can flip the whole coin in one time. Our binary system could be now or in future just a quantum system.
And what about the cybersecurity students or whoever working in the cybersecurity? Are you prepared for that? So it’s going to be a challenge to choose your career from now. And again, my advice to anyone, just be prepared. Don’t stick somewhere to say, “I’m okay to set up or configure some devices with the IP addresses.” It’s not enough.
You have to grow up. You have to educate yourself. You have to learn a lot. You have to be engaged with whatever is coming to the market. For example, now we hear every single day about the AI. So how we can see the impact of AI on cybersecurity.
Many journals, many publications now show in the domain related to the AI and the cybersecurity. And I believe we’re going to see the negative and the positive side of that, and we have to prepare ourself for the negative side of that.
Steve Bowcut:
Excellent. Good advice. Thank you very much. Thank you, doctor. I appreciate you being with us today. This has been a blast. Very informative. I’m sure that our audience is going to get a lot out of it, so thank you for your time. I appreciate it.
Abdulbast Abushgra:
Thank you, Steven. Thank you for having me. Thank you.
Steve Bowcut:
You bet. And a big thanks to our listeners for being with us as well. Please remember to subscribe and review if you find this podcast interesting. And join us next time for another episode of the Cybersecurity Guide Podcast.