Dr. Igor Khokhlov’s primary research interests include applying artificial intelligence and machine learning (AI/ML) techniques in the cybersecurity domain, security of smartphones, usable security and data security and quality.
He also explores vulnerabilities, threats, and attacks on AI/ML-powered systems. Professor Khokhlov’s teaching interests include mobile security, intrusion detection and prevention systems, and AI/ML in cybersecurity.
Before joining Sacred Heart University in 2021, Professor Khokhlov worked as a Postdoctoral Research Scientist at the Department of Software Engineering, Rochester Institute of Technology, New York.
Listen to the full episode
Key takeaways from the interview
- Background and interest in cybersecurity: Dr. Khokhlov’s interest in computers began in childhood, influenced by his father. He pursued electronics in Ukraine and worked as a software developer, where he first encountered security issues. His move to the U.S. and enrollment in a Ph.D. program at RIT shifted his focus to data quality and security, leading him into the cybersecurity field.
- Research and teaching focus: His primary research interests include applying AI and machine learning in cybersecurity, smartphone security, and data security. He explores vulnerabilities in AI/ML systems and teaches mobile security, intrusion detection, and AI/ML in cybersecurity.
- Cybersecurity education at Sacred Heart University: The university offers both undergraduate and graduate programs in cybersecurity, which are relatively new. The programs are part of the School of Computer Science and Engineering and offer a broad understanding of cybersecurity, allowing students to specialize in areas of interest.
- Extracurricular activities and industry connections: Sacred Heart University has a Cybersecurity Club and Women in Cybersecurity group. The program is recognized by the NSA’s National Center of Academic Excellence in Cybersecurity. It also integrates industry input and offers internships to provide real-world experience.
- Future of cybersecurity and AI/ML: Dr. Khokhlov believes AI and ML will play a significant role in the future of cybersecurity. He suggests that students should understand these technologies and stay informed about current trends and vulnerabilities.
- Advice for aspiring cybersecurity professionals: Dr. Khokhlov recommends engaging with cybersecurity literature, online communities, and YouTube channels like Network Chuck and Computerphile. He also emphasizes the importance of understanding social engineering, recommending books by Kevin Mitnick.
Here is a full transcript of the episode
Steve Bowcut: Thank you for joining us today for the Cybersecurity Guide Podcast. My name is Steve Bowcut. I am a writer and an editor for Cybersecurity Guide and the podcast’s host. We appreciate your listening.
Today, our guest is Igor Khokhlov. Igor is an assistant professor of cybersecurity at Sacred Heart University. We’re going to be talking about cybersecurity educational opportunities at Sacred Heart. Let me tell you a little bit about Dr. Khokhlov.
Professor Khokhlov’s primary research interests include applying artificial intelligence and machine learning techniques in the cybersecurity domain, security of smartphones, usable security and data security and quality. He also explores vulnerabilities, threats and attacks on artificial intelligence and machine learning power systems. Professor Khokhlov’s teaching interests include mobile security, intrusion detection and prevention systems and artificial intelligence and machine learning in cybersecurity.
So before joining Sacred Heart in 2021, Professor Khokhlov worked as a postdoctoral research scientist at the Department of Software Engineering, Rochester Institute of Technology in New York. All very impressive stuff and with that welcome Dr. Khokhlov. Thank you for joining me today.
Igor Khokhlov: Hello and thank you for inviting me to your podcast.
Okay. This is going to be fun and interesting. I’m looking forward to this. You’ve really got quite an impressive background, so I think it’ll be informative for our audience to get your perspective on cybersecurity and particularly cybersecurity education.
So let’s start with that and give us an idea of how you first became interested in cybersecurity. Was it like when you were a child it was what you always wanted to do or did you stumble across it in your PhD?
Igor Khokhlov:
I was always interested in computers since my childhood. My father, he was military and he assembled my first computer when I was a child on his own. I don’t know, I was just always into computers. I got my bachelor’s and master’s in electronics back in Ukraine and then I worked as software developer for a while. And during my software developer career back in Ukraine I saw that there are some potential issues with security, but I didn’t know how to address them because it was not my priority at that time.
Then when we moved with my wife to United States and she was accepted to PhD program and I started also PhD program at RIT in computer science. It was computational informational sciences. My thesis was mostly on data quality. And then I figure out that huge portion of data quality in our modern world related to data security. My background in software development, especially for mobile devices and Android devices, gave me that opportunity to develop and shift my thesis into cybersecurity mostly and data security.
And that’s how I got into that field. So my thesis was mostly about data quality and data security and how to enhance it, how to predict it, how to evaluate data quality and security. And that’s how I shift my interest from software development to cybersecurity. And then you just start to dig in. The beauty of cybersecurity field is that it’s so broad, so versatile. You can focus on software development or you can focus on writing security policies for companies. So it’s like two opposite sides of that spectrum.
Steve Bowcut:
Yes. Interesting. And it looks like that your interests have been… at some point you started to become more and more interested in artificial intelligence and machine learning.
Igor Khokhlov:
Yes. That’s true.
Steve Bowcut:
And coupled with your cybersecurity-
Igor Khokhlov:
I mean, artificial intelligence, it’s very, sorry. It’s very interesting general topic. And then I started to look how I can apply artificial intelligence and machine learning to evaluate cybersecurity and then to improve it. Then I figure out during my postdoc that there are some issues with machine learning algorithms in terms of cybersecurity, which is also very interesting topic.
Steve Bowcut:
That is fascinating. And we’ve got some things that I want to talk about. But towards the end, I’m going to ask you a question about what you think the future is going to look like in cybersecurity. And I’ll be interested to hear how and if artificial intelligence and machine learning in your perspective is going to play a role in cybersecurity in the future. But we’ll hold that until we get to that question.
Igor Khokhlov:
Okay, okay.
Let’s look a little bit, well, let’s talk about Sacred Heart University. So our audience is primarily people who are thinking about getting into cybersecurity or having that be their academic path. And so should they have the opportunity to attend Sacred Heart University, what kind of different cybersecurity programs do you offer there?
Igor Khokhlov:
So we have two programs. There is an undergraduate program, bachelor’s and master’s program. Both programs are relatively young. The graduate program slightly older, one year older. I guess it was started in 2017 or 2018. And undergraduate program started one year later.
So undergraduate program is four years program and graduate program it’s two years program. You can do so-called four plus one. So if students decided to continue and get their master’s instead of having two years, they can finish their master’s in one year. So they can take some classes during their senior year of undergraduate program.
Steve Bowcut:
And how is it structured? Is it part of the computer science department or how is it?
Igor Khokhlov:
Yes, yes. So we are, it’s kind of tricky. So we have colleges in our university and we are part of School of Computer Science and Engineering.
Steve Bowcut:
Okay.
Igor Khokhlov:
We have several programs there. It’s game design, computer science, information technology, cybersecurity. Yes, I guess that’s all of them. And engineering and electrical engineering. And the School of Computer Science and Engineering is a part of [inaudible] College of Business and Technology. So we are together with business financial professors. So it became part, and it’s pretty interesting because cybersecurity can be part of many fields.
Steve Bowcut:
Sure. Right.
Igor Khokhlov:
I would say business, it’s an interesting side of that.
Steve Bowcut:
Yes, that’s true because it’s a broad need across all verticals. And so if you have an interest in a vertical they’re going to have a need for cybersecurity, whatever that vertical is.
Igor Khokhlov:
Currently we are working on, and I’m part of that task force that want to integrate business and technology even more close. Since it’s in our name of our college we want to make it even more tight, more connected.
Steve Bowcut:
Interesting.
Igor Khokhlov:
One of ideas that we circulate is to, for example, have capstone projects where we will have somebody from business side, somebody from engineering side, somebody from cybersecurity side. And then those team projects would be like small startups, which is also very interesting.
Yes, very cool. Okay, so there’s a couple of degree programs, an undergraduate and a graduate degree program. So let’s focus a little bit on extracurricular stuff. So is there clubs, organizations that students can get involved in if that’s-
Igor Khokhlov:
We do have a Cybersecurity Club and also we just started a year ago Women in Cybersecurity. And again, everybody can join. It’s not only limited to women, but that’s something. So our credit program was designated by National Security Agency. It’s called, I just pulled it up to read it more. So it’s called National Center of Academic Excellence in Cybersecurity, NCIE program.
It’s funded by NSA. And there are three programs, three directions, cyber defense, cyber research and cyber operations. And our graduate program got designation in Cyber Defense. And we also plan to get this designation in future for undergraduate program. So it’s very interesting. So when students graduate they also get the certificate that our program got this designation and it makes more attractive for potential employers.
Okay, interesting. And that may be the answer to my next question because I wanted to ask you about, if you look at both the degree programs and the clubs and extracurricular stuff, what would you say makes your school cybersecurity program unique?
Igor Khokhlov:
I would say it’s a lot of things like atmosphere in the college itself. It’s very friendly. Professors are very open. It’s a young program so we focus on developing this program, which is also, I would say maybe a benefit.
That could be a benefit. I think young programs, from my experience, young programs are often more focused on more current mitigation solutions and more current threats because they don’t have an established curriculum that they’ve been teaching the same thing for 10 years. If it’s a relatively new program, it’s going to be focused on or built around current concerns, right?
Igor Khokhlov:
Yes, this is true. And we have young professors, myself, for example, that try to follow current trends in cybersecurity plus our coach. So we have several campuses, main campus, and we have West Campus. West Campus, it’s a former headquarters of General Electric. And our classes are in those West Campus, which is just nearby main campus. There are shuttles go each five minutes and it’s like four minutes drive. And we have all the new equipment.
We have Cybersecurity Lab. We have Artificial Intelligence Lab. We have Virtual Reality and Augmented Reality Lab. We have Idea lab, which is engineering things like we have certain printers, different tools like soldering equipment, computers where students can just go and even do something for their hobbies. I was using Idea Lab for my hobbies as well, and it’s completely free for students and faculties. And we want to build, and we started doing this previous year as well, around this idea of Cybersecurity Club. So students can come, like say on Thursday evening and do something that they are interested in.
For example, one week it would be cybersecurity, another week it would be something engineering, so like hackathons. So all those things. So we try to build this community. And again, our program is growing so it’s more and more students. Those students are interested in this Cybersecurity Club. So it’s evolving. And I would say in year or two it would be bigger and bigger.
So is there anything that you can point to that is specifically designed to help your students be prepared for real world cybersecurity challenges?
Igor Khokhlov:
I would say right now, again, certifications, but there’s something that they should go for probably after several years in the program. There are some certificates that can be earned only after a few years working in industry. But for students who, prospective students or those who are interested in cybersecurity, I would say just reading cybersecurity-like literature.
There is communities on Reddit, for example, related to cybersecurity that I’m reading. YouTube, YouTubers, very interested ones that I’m getting new information from as well. And again, it’s all versatile. Somebody can be more interested in cryptography and it’s completely a separate field or somebody can be interested in networking, which is, nowadays, it’s very hard to be expert in all fields.
What our program gives, it gives broad spectrum understanding and then students can deepen their knowledge in a particular field. Or once they get into the industry, they can grow in that field as well in that direction.
Cool. So do you get input from industry that you build into your curriculum? Do you have any mechanism for that? Like an industry board or some way of gathering information from industry and what they’re looking for in students?
Igor Khokhlov:
Yes, we do have board industry board so we know what industry interested in. We also have adjuncts who are working in industry and then teaching in the evenings. So they also current in, know current trends in industry. And again, we are, as professors, we are interested in new trends so we try to follow. Plus I’m currently working with one of the company, it’s called Teach Beyond.
It’s a leading, it’s a very big company in education. It’s a Canada-based company and they are interested in interns. I’m trying to facilitate. So currently they have three students from our program that work as interns for them. So they try to do real stuff. Plus, part of our undergrad program students are required to have internship to graduate. So that’s something that they have to go through. So they inevitably would be in industry, at least know how it works.
Perfect. All right, thank you. Is there anything else that you can think of that you do that helps keep the curriculum up to date as far as the latest trends? And I know you talked about your interest in the latest trends and so I’m sure you’ve got your ear to the ground as they say, what’s coming down the pike as far as new threats and vulnerabilities and that kind of thing. Is there anything else that you could think of that you do?
Igor Khokhlov:
Not really. I would say everything else is pretty standard. Again, we encourage students to explore new current trends. Plus, it’s really up to professor. In my classes, for example, I introduced new topics, interesting topics like current topics, current issues. I tried to follow what happened in cybersecurity world, what current issue there.
Plus, for graduate programs, for example, since it’s graduate program, students have to know how to do research. In my classes, they’re required to explore the research and different modern topics and do presentation in some advanced classes to write a small paper about some topic that they chose in cybersecurity field. So that’s something.
Steve Bowcut:
And I love that because we all needed to learn the blocking and tackling. So you’ve got to have the foundation, the fundamentals, but where is our interest? Our interest isn’t the latest thing that we just read about on the Internet, the latest threat, the latest vulnerability. So it’s great that you can put those things together, teach the blocking and tackling, the fundamentals, but how that relates to current and new emerging threats and technologies. That’s very cool.
Igor Khokhlov:
Yes, I try to facilitate conversation in the class and after class since we use also technology discussion groups in our education, computer system so they can ask questions, answer those questions and I encourage them by giving them extra points.
Steve Bowcut:
Very good.
Igor Khokhlov:
We do that, yes.
Blessed extra points! We love that. All right, so there’s a couple of, we’re wrapping up here, a couple of fun questions that I wanted to ask. And one is, if you were to build a cybersecurity reading list, and you don’t have to restrict yourself to just things that you can read, but books, papers, lectures, YouTube channels, even conferences, are there any recommendations that you would give to someone who’s thinking about getting an education in cybersecurity that would help them?
Igor Khokhlov:
Yes, definitely. There is two topics that I’m interested in, technical, obviously. And for those, there is two YouTube channel that I’m subscribed to and it gives current topics. One of them called Network Chuck and it’s pretty famous. He has 3.2 million subscribers.
Steve Bowcut:
Oh my! Okay.
Igor Khokhlov:
And another one, computer file, computer field, I don’t know how to pronounce it correctly, to be honest. This channel has 2.3 million subscribers.
Steve Bowcut:
Okay.
Igor Khokhlov:
And they provide very interesting insights on modern trends on cryptography. They have high level explanation and low level explanation with many details, which is very good.
Steve Bowcut:
Exactly.
Igor Khokhlov:
And another field that I’m interested in cybersecurity, it’s social engineering. One of my favorite authors, it’s Kevin Mitnick, it’s a hacker. So he wrote multiple books and probably that’s his books when I was in high school, even in middle school, I read his books, made me interested in cybersecurity in general. But then again, all those online societies, communities, cybersecurity on Reddit. So everything that makes you interested in cybersecurity I would say would be good enough.
Right. Very good. Thank you for that. Let’s see. So here’s our last question, and this is almost purely fun, but I think it is an instructive question as well. We’ll ask you to kind of dust off your crystal ball and look into the future. And as I said at the beginning, I’m particularly interested in this question for you because of your interest and knowledge in artificial intelligence and machine learning. So if you were to look into the future, five years, 10 years, whatever you want, what do you think the industry’s going to look like? Will AI and ML have an impact on that? And what can students be doing today to prepare themselves for the future?
Igor Khokhlov:
So I believe, definitely, AI and machine learning would play a significant major role in future in industry especially. And it would be already machine learning powers, cybersecurity tools like intrusion detection systems, antiviruses and all the things. Now, obviously, development of let’s say Chat GPT.
Also, probably some policies would be written by artificial intelligence as well, which brings us to the problem where it’s algorithms so they are vulnerable as well. For example, Chat GPT is vulnerable for social engineering attacks. That’s something that students can read about, for example. So it would be more and more significant. And probably digging into those algorithms to at least understand how they work would be very beneficial for prospective students. Because many, many right now treat them as some magic black box without understanding that it may be pretty often it doesn’t understand what it’s doing.
It just approximating the information, which leads to a different sorts of problem. And I believe that it’ll create new opportunities for employment, some new jobs that we even couldn’t think of right now, in the future. So something like happened to Industrial Revolution, some job opportunities.
Steve Bowcut:
And I love that way of looking at it because it’s not going away. So you may as well embrace it and understand it, right?
Igor Khokhlov:
Yes, yes, yes. It’s inevitable. It’ll happen. We just need to work around it, right?
Steve Bowcut:
Yes, exactly. Okay. All right. Well, this has been fascinating, Igor. Thank you so much.
Igor Khokhlov:
Thank you.
Steve Bowcut:
I really appreciate you spending some time with us today and I’m sure our audience is going to find this fascinating as well. So thank you and a big thanks to our listeners for being with us. And please remember to subscribe and review if you find this podcast interesting. And join us next time for another episode of the Cybersecurity Guide Podcast.