Dr. Batyr Charyyev is an Assistant Professor in the Computer Science and Engineering Department of the University of Nevada Reno. He received his PhD in Systems Engineering at Stevens Institute of Technology (Hoboken, NJ) in 2022, his MS degree in Computer Science and Engineering from the University of Nevada Reno in 2019, and his BS in Computer Engineering from Middle East Technical University (Ankara, Turkey) in 2017. His research interests include networking, IoT, traffic fingerprinting, security, privacy, network science, and edge computing.
Summary of the episode
In this episode of the Cybersecurity Guide Podcast, host Steve Bowcut interviews Dr. Batyr Charyyev, an assistant professor at the University of Nevada Reno, about cybersecurity education opportunities at UNR. Dr. Charyyev explains his research on traffic fingerprinting, which involves analyzing network traffic data to gain information about devices connected to the internet.
He also discusses the importance of finding one’s interests and skills in cybersecurity, such as programming and understanding fundamental security concepts. Dr. Charyyev highlights emerging trends in the field, including applied machine learning, cloud computing security, and threat intelligence sharing. He emphasizes the need for internships and real-world experience to gain practical skills and advises students to be proactive in seeking opportunities.
Dr. Charyyev also discusses different career paths in cybersecurity, such as cybersecurity educator, penetration tester, security engineer, and cybersecurity analyst. He suggests that early career professionals consider further education, such as bootcamps or online master’s programs, to enhance their knowledge and skills. Dr. Charyyev addresses the challenges of teaching cybersecurity, including motivating students and balancing different skill levels. He envisions the future of cybersecurity education as interdisciplinary, with adaptive curricula, specialized specializations, global collaboration, and increased security awareness.
Listen to the full episode
Transcript of the episode
Steve Bowcut:
Thank you for joining us today for the Cybersecurity Guide Podcast. My name is Steve Bowcut. I am a writer and an editor for Cybersecurity Guide and the podcast’s host. We appreciate your listening. Today, our guest is Dr. Batyr Charyyev. Dr. Charyyev is an assistant professor at the University of Nevada Reno. We’re going to be discussing cybersecurity education opportunities at UNR. Let me tell you a little bit about our guest before we get started with him. Batyr Charyyev is an assistant professor in the computer science and engineering department at the University of Nevada Reno. He received his PhD in systems engineering at Stevens Institute of Technology, which is in Hoboken, New Jersey in 2022, his MS degree in computer science and engineering from the University of Nevada Reno in 2019 and his BS in computer engineering from Middle East Technical University in Ankara, Turkey in 2017.
His research interests include networking, IoT, traffic fingerprinting, security, privacy, network science and edge computing. And a couple of fun things about Batyr. He likes outdoor activities, hiking, camping, so he lives in the Reno area, that’s the perfect place to live. But he also did not have an internet connection until he was 17 and he bought his first personal computer when he was 18. So his childhood was probably a little different than typical children growing up in America today. So maybe we’ll get him to talk about that a little bit. So with that, welcome, Batyr. Thank you for joining me today.
Batyr Charyyev:
Hey. Thank you so much for inviting me. It’s good to be here.
Steve Bowcut:
Yeah. This is going to be fun. So a couple of things before we get started here. So when I looked at your bio and it talked about one of your research interests is traffic fingerprinting, I thought, well, do I even know what that is? So let’s get you to explain that. What exactly is that?
Batyr Charyyev:
Yeah, sure. So basically traffic fingerprinting is a method that I used in my PhD studies. So basically traffic fingerprinting, so like every device which connects to the internet, I don’t know, it might be a personal computer, your cell phone or I don’t know, your smart TV, your Ring doorbell, smart devices, all of them connect to internet and when they make a connection, they generate some network traffic data, right? Because they are communicating with other devices through network traffic data.
So basically, network traffic fingerprinting is analyzing those data in order to have more information. For example, you analyze the traffic data generated, for example, in your house and you can say, hey, what kind of devices exist in your house, for example? So basically you have a network, you analyze the traffic generated by the network and you can have more information like, what kind of devices attach it? Are they acting like a normal? So for example, you don’t want your smart, I don’t know, smart TV to, I don’t know, every device in the network, you want your smart TV just to show your, I don’t know, video streams, right? So basically it can be used for network management, it can be used for intrusion detection, et cetera. So basically that’s right.
Steve Bowcut:
Okay. So maybe if I recap, what I think I understand you’re saying, so you would create this fingerprint of a network, like a home or a business or an office or some network, and then you would be able to compare that against others or at least watch that for anomalies that may indicate a problem?
Batyr Charyyev:
Yeah, exactly. You’ll create the fingerprints of the devices and by using the traffic data you can see, hey, this device is attached to the network. Okay, if this device is attached to the network, is it behaving as expected in terms of the traffic data, in terms of network connectivity? So [inaudible 00:04:11]-
Steve Bowcut:
So a practical application of that might be like a cybersecurity vendor would have a solution that he would sell to people and, or businesses and they would use that technology or that process?
Batyr Charyyev:
So for example, the traffic fingerprinting is used for different purposes, like operating system fingerprinting. For example, if you’re watching, let’s say a video on some internet and they pop up messages like, “Hey, your Mac needs to be updated.” Et cetera. So how do they know you are watching through mac? So basically through traffic they are saying that, “Hey, it looks like this belongs to the operating system Mac.” Or it is Linux or it is some other thing or another one. Sometimes they might say, “Hey, your mobile device iPhone needs upgrade.” Or something like that. How they know you are using an iPhone? So it basically they are fingerprinting your traffic that is generated by the device and they’re saying to you, “Hey, basically your device is mobile like an iPhone.”
Steve Bowcut:
Okay. So it’s broader than just security, it’s used for lots of applications. [inaudible 00:05:23]
Batyr Charyyev:
Yeah, it’s a lot of applications, but my main focus is for network management basically to see what type of devices attached to the network and at the same time, intrusion detection, a normal detection. Are they behaving as expected based on the traffic data.
Steve Bowcut:
Okay, awesome. Thank you. All right, so let’s get back on track here. And this has to do with your upbringing as a child, but I like to ask the guests, and I think our audience finds this fascinating. So what is your journey to end up where you’re at in cybersecurity? What did that look like? And obviously, it probably started not when you were a teenager, so it started sometime after that. So what was that like for you? How did you get interested in cybersecurity?
Batyr Charyyev:
Yeah, so as you said, it didn’t start as I was teenager. So when I was a teenager, I don’t know, I didn’t have a personal computer or internet connectivity. So when I was a kid, I was playing with the sticks and stones.
Steve Bowcut:
Here we go. Just like the old days. Okay.
Batyr Charyyev:
Yeah, like the old days, we were playing with the kids on the, I don’t know, outside sector and it was good. But yeah, so people from my country, I’m basically from Turkmenistan. When we do college studies, our undergrads, people usually go to Turkey or Russia. And I went to Turkey to do my undergrads and initially I start as a, what you call? In a biology major. Then basically, I had a brother as well studying in Turkey, so he basically said, “I think you can do better.” Because the biology major that I’m at, the university which I’m attending to as a biology major, it was not that good university, it was okay university. So he told me like, “Hey, I think you can attend to better universities.” And basically he was studying in a Middle East Technical university. So at that time it was around, rank in the worldwide ranking was around 86 at that time.
So he said, “You should try to attend to this college and try to basically get into one of the programs in this college.” And then okay. So I prepared for their exams and a year later I started as a computer engineer at Middle East Technical University. And when I picked between what you call degrees, my brother called me again, he’s making the applications. He called me like, “Hey, you want to do civil engineering or computer science? Electrical engineering, you can’t do it. You cannot finish it.” Because electrical engineering was really hard at that university. And the top students from Turkey, everyone comes to that program and he said, “Basically, you will not be able to finish it. So I will suggest to go with the computer science and the civil engineering, make your choice.” And at that time I didn’t know what is a civil engineering is. I’m like, “What is it? What is that? What they…” And I’m like, “Yeah, I think I can go with the computer engineering, at least I know computer. I play a game there.”
Steve Bowcut:
Sure,
Batyr Charyyev:
Yeah, sure. Then I will write computer engineering as a first choice, civil engineering as a second choice. And that’s how I got into computer engineering. And after that it started, so basically like a journey in computer engineering. I even decided to quit it because I mean we used to have labs and when you go to the lab, you have 10 minutes in the last session of the lab, you have 10 minutes of a quiz, you need to write a small program, et cetera. And I was looking around, people were typing really fast and I’m looking in a keyboard, where is the A, where is the P, et cetera.
Steve Bowcut:
That’s true. Because you didn’t grow up on a keyboard.
Batyr Charyyev:
I know. And I’m like, maybe I should quit the computer engineering because I’m not doing it that good. But after the working hard, et cetera, I was able to finish it like an honor student. Then I said, okay, I think right now I need to go to do the master’s because right after you finish the college, most of the time you don’t have no idea what you will do. And at that time, the military service is something like two years in our country. And I said, I’m not going to do military service for two years. It’s like two years of a gap in your resume. So I said, I will better go to the, what do you call it? A master’s degree, pursue a master’s degree because if you’re still student, they don’t take you to the, what do you call it? Military.
So I found the master’s program at UNR. Thankfully they accepted me and I started my master’s degree here. So basically here my master’s thesis focus on the data corruption when we are transferring it in HBC platforms. But my advisor also wanted to shift his interest towards, what do you call it? Internet of Things. And he bought bunch of devices. And the summertime, basically no one was setting up the devices they were supposed to, in other PhD, supposed to set up the test bed, collect some data, et cetera. So basically that was not moving forward and I’m just out of my interest I wanted to build that test bed. I collected some data. And so basically, I was interested in Internet of Things. And after that I moved to the New Jersey to continue my PhD. And from there I started to look at the network traffic data of the Internet of Things just to analyze is it possible to differentiate the devices? Is it possible to, what do you call? Detect some kind of intrusion, malicious activity in the IoT devices?
So that was my main what do you call it? Fox during my PhD. And it was, what do you call it? A hot topic because everyone asked, “Hey, I have a Ring doorbell in my house, or I have a baby monitor in my house. Is it secure? Is it privacy concerning, et cetera?” And that was a hot topic, so there was a lot of what do you call it? Things to do. And basically I dived into that area and it helped me real well. And after getting my PhD, I just joined as an assistant professor to UNR, so I came back.
Steve Bowcut:
Excellent. Okay. So it really wasn’t until your PhD program that you identified cybersecurity as a major focus for your education, correct?
Batyr Charyyev:
Yeah, exactly. You try different things and you pick something that you’re good at.
Steve Bowcut:
Excellent. Okay. So with that, I think it’d be interesting to hear your perspective. So what kinds of skills and knowledge do students need to succeed in cybersecurity? Do they need to be programmers? Do they need to have high math skills? All of the students that are just starting their cybersecurity education, they’re all trying to decide, well, what do I need to focus on? What classes do I need to take? So from your perspective, having gone through this process, what skills and knowledge should students be focused on?
Batyr Charyyev:
Yeah, it’s good question. So I think first of all, they need to identify what they like, what they’re good at. So for example, as I said, I use a network traffic fingerprinting for security and privacy purposes. So I was good at it, but there was also some topics for which I wasn’t good at. For example, in security in general, what I’m trying to say, it’s a broad spectrum. So there exists hardware security, network security, application security. So you need to identify what you are good at it. And after that I think you need to dive into that area. So that’s the first thing in terms of the… You need to find your interest and the thing that you’re good at it. And in terms of technical skills, like programming or at least scripting, I think is important because you don’t want to do everything manually.
You have some kind of data you want to analyze, let’s say, or if you want to automate things, you need at least some kind of scripting. I’m not saying that be a really good programmer, but know some kind of scripting of programming. And the other thing is the fundamental security concepts like, hey, what is encryption? What is a decryption? Or where is authentication, et cetera? So basically if you want to expand your knowledge in security, eventually you will need to do your own research. And you basically have to have some ideas about the basic security concepts like encryption, decryption, authentication, access control, et cetera. And those, you can learn it yourself, but those are offered in, what do you call it? Core courses in CS programs like for example, I’m teaching computer networks and they exist like security in the computer networks. And we talk about the encryption, we talk about decryption or authentication, et cetera.
Not any, but most of the core courses in a computer science go over those fundamental concepts about security. And after that, as I said, you identify your focus, you want to focus on hardware security, you want to focus on a mobile application security, or you want to focus on network security. And after that, you start expanding your knowledge in that area. For example, mine is a network security. So you take classes related to networking, you try to understand how the protocols work, what might be their security flows, et cetera. And so basically I think that’s the skills and the direction that might be interesting.
Steve Bowcut
Excellent.
Batyr Charyyev:
That might be important for students.
Steve Bowcut:
Excellent. Thank you for that. So now let’s zoom out a little bit and let’s try and identify maybe some emerging trends. And by that, I guess what I mean is either in cybersecurity education or in the field of cybersecurity for students once they graduate, are there trends that you’ve identified like quantum computing or AI or other things that you may have identified that students should at least have on their radar?
Batyr Charyyev:
Yeah, sure. So yeah, as you said, AI and quantum computing, those are what do you call it? Important for cybersecurity. And for example, some people might say, “Hey, I’m interested in machine learning and I’m interested in cybersecurity as well, but I don’t know which one to pursue.” Well, use applied machine learning in a cybersecurity. So that’s I think the one of emerging trends, like applied machine learning in a cybersecurity, how we can detect intrusion detection with the machine learning models, for example.
Or you might say, “Hey, I’m interested in a cloud computing and cybersecurity.” Then cloud computing in a, security in a cloud computing, for example. But other than that, the cybersecurity field is becoming more interdisciplinary, I think in my observation. So basically, field like machine learning and security or cloud computing and security, they are kind of merging. And on top of it, like a new technologies, for example, blockchain for security, some people might say, “Hey, I’m interested in new technologies as well, like blockchain for security or Internet of Things for security, Internet of Things, security, cybersecurity.
And other than this, not traditional, but other than this fields, I think like threat intelligence sharing, basically… We have the data, the data is a lot, abundant in these days. So basically, we might have threat data from bunch of different companies. Can we share those data and can we come up with the more robust solutions? Or for example, ransomware attacks. For example, my brother was, what do you call it? He was in a medical school and once he came and, “We didn’t do any work today, we couldn’t do any work.” Because their system basically was in a ransomware attacked and couldn’t do anything about it.
So I think ransomware attacks are important. And another thing is, as you said, like quantum computing, everyone is focused on quantum computing, but if it can, what do you call it? Make a progress in quantum computing then what will be the cybersecurity like? What about the encryption, decryption? Because core idea is encryption and decryption, core idea is it takes a lot of resources, a lot of years to hack something. So with the quantum computing, if everything is going to be fast, then what will be the cybersecurity?
Steve Bowcut, first speaker, show host:
How will we protect data? Exactly. Okay.
Batyr Charyyev:
Yeah. Those areas might be interesting emerging trends, I think.
Steve Bowcut:
Interesting. Thank you. So in the industry, we often talk about an industry academia gap, a skills gap. Sometimes it’s referred to essentially it’s just idea that industry is sometimes saying, we can’t find enough people to do the things that we need them to do in cybersecurity. And so I’m just wondering at UNR, how do you make sure that you’re teaching your students what they need to know so that they’re going to know what they need to know to work for the employers that need to hire them? I mean, you get input from the employers. How do you work that?
Batyr Charyyev:
Yeah, exactly. So the same question is also asked by the students. So if you are teaching, for example, let’s say computer networks and you came to the network security aspect of things and students like you have that impression like, “Hey, where I’m going to use this in industry?” Because the students after, right after graduating, they will look for jobs or go to the graduate programs, et cetera. And you have that impression from students like, “Hey, am I going to use this in industry? Is it going to be useful for me?” So as a teacher or as a lecturer, you try to first of all try to keep yourself updating your curriculum. So whatever you are teaching, you are trying to update that curriculum, update your syllabus, et cetera, to match, trying to match at least to the industry emerging technologies. And at the same time, hands-on experience like homeworks or class projects, et cetera.
All those things are designed to give students to have a hands-on experience on a cybersecurity. And on top of it, also involving some students. You cannot involve everyone, but some students in your, for example, research going on in your lab, for example. Personally I have two students which I selected from my computer networks class and invite them to my lab to work on the research topics that I’m working on. So trying to provide as much experience as possible in terms of homeworks, projects or I don’t know, inviting them to your lab, et cetera, will help students I think. And also we have, for example, in terms of UNR, we have a cybersecurity center. So basically, in a cybersecurity center, it’s a center that brings together cross-disciplinary teams from different departments, and they are working on a emerging cybersecurity problems. And at the same time, cybersecurity center has a lot of other teams, teams of students focusing on different things.
Basically, and the cybersecurity center also arranges workshops, collaborates with the industry, arranging workshops, hackathons. So recently for example, we had the biggest little hackathon, or we have the UNR cybersecurity workshops, conferences. And in that, basically we invite the people from the industry to collaborate and at the same time, to guide our students what should be they focusing on, what should they pay attention to, what is emerging trend in a cybersecurity, et cetera. So that’s basically what as a UNR, what we are doing in terms of to at least reduce a gap between the industry and academia in terms of cybersecurity.
Steve Bowcut:
Excellent. Great. Thank you. And I think we may have covered this already. So I wanted to ask about cybersecurity career paths. And you’ve already mentioned hardware, software, IoT, so those are all areas that need people with cybersecurity expertise and competency. So are there others that you can think of? Other career paths? I mean, I guess just what comes to my mind is students can go to work in a SOC, right? So you may end up sitting in front of a computer screen in a SOC or maybe that’s not for you. Maybe you’re more interested in threat intelligence or risk management, those kinds of things. So do you have any more to contribute on that?
Batyr Charyyev:
Yeah, sure. So yeah, in terms of career path, as you said, people interests change. So some people might not be good at hardware or even if they’re good at they don’t want to do it.
Steve Bowcut:
Sure..
Batyr Charyyev:
You might say, hey, I’m interested more in teaching. So one career path might be cybersecurity educator or trainer. And another path might be, for example, penetration tester. If they are interested in, what do you call ethical, like a hacking, basically such things. So penetration tester might be interest in career path. And the other one is a security engineer. So let’s say someone is developing a mobile application or some kind of cloud application. So basically you can focus on a security aspect of the things, like how I can make this mobile application that you’re developing more secure.
Or someone might be interested in a cybersecurity as a cybersecurity analyst, as you said, basically some kind of attack is happening and can you detect that attacks or even after you detect it, can you make analysis in terms of how to prevent those attacks? So basically such career paths I think exists that might be interested to the people just who just started the cybersecurity or one thing that came to my mind is a cybersecurity auditor, like auditing, compliance, frameworks, et cetera. So maybe you are good in those things. So those are I think the different career path that do not overlap that much and might be interesting for people with the different interests.
Steve Bowcut:
Perfect. Thank you. So internships and real world experience, how important are they? And do you have any advice for students that are… Do they need to be looking for internships and real world experience and as they get close to graduating or what’s been your experience there?
Batyr Charyyev:
So I think internship and real world experience is really important, especially if you want to go to industry, it’s really important. And unfortunately, there is no easy way of getting internship, at least based on my experience. And what I will suggest to students who are struggling with the finding internships or real world experience, first of all, be proactive. If you go reach out to people, be bold. I mean, don’t be afraid to send emails to the recruiters, don’t be afraid to send emails to the, what do you call? Hiring managers, et cetera. It doesn’t mean that flood them with the emails, but reach out to them, because no one will bring you the internship and say, “Hey, you should do this internship in this company.” No one will say that. You should bold, you should be proactive and you should apply it yourself. And the second thing, do research like, who has what kind of internships, who has, I don’t know, all kind of opportunities.
So it’s not just about going on LinkedIn and going to the jobs tab and looking for jobs. No. Go to the particular company that you are interested. For example, if you are living in Reno, go find a company, a local company in Reno, go to their webpage, go to the career section and look for the jobs that might be suitable for you, opportunity that might be suitable for you and apply. Because from my understanding, people first put the jobs into the career section of their what you call webpage, and from there they put it to the LinkedIn. So basically, till that job getting from the career webpage to the LinkedIn, many people applies. So be the first to apply, go to the career page, apply. And if you are not getting back anything, reach out to the recruiters like, “Hey, I’m interested in this position in your company, and I send my resume, can you give me any suggestions or advice?” And in that case, you will stand out. So I think that is important to be proactive and reach out yourself.
Steve Bowcut:
Yep, I like that. I like that advice, because normally the recruiters are not going to come to you and find you and say, “Here’s an internship, would you be interested?” I mean, that happens. That happens. But for most of us, we need to be proactive and find those opportunities. At least, let people know that you’re interested and available and this is what you can do. So that’s good.
Batyr Charyyev:
Yeah, I mean, yeah, recruiters will reach out to you, but it means that you should be really good. You know what I’m trying to say? You should have impressive resume or you should, when they search for the, I don’t know, students for internship in the cybersecurity sector, you should pop up. In order for you to pop up. You should be active, you should be visible. That’s what I’m trying to say. You should have your LinkedIn, you should have, I don’t know, your webpage, et cetera. You should be visible on the internet when they search for a position or when they search for the candidate, you should pop up and you should stand out. And in order for you to stand out, you should be visible.
Steve Bowcut:
Excellent. Okay. All right. So let’s pivot just a little bit here. Let’s talk about scholarship and funding advice. And this may not be something that you have a lot of expertise in, but you’re in a position that you probably have seen what’s been successful for students. So do you have any advice that you could give students that are seeking a way to fund a cybersecurity education?
Batyr Charyyev:
Yeah. Again, for example, I mean let’s say master’s student or PhD students, and they are, for example, interested in doing the cybersecurity, let’s say. And for example, they might be looking for some kind of funding in order to cover the tuition, et cetera. Again, it comes to being proactive, reaching out. So for example, if you want to do your master’s or graduate studies, reach out to the faculties at the universities and say, “Hey, I’m interested to join to your program. Here’s my resume. Do you have any availability?” If they have some kind of grants, they will fund, they provide you funding. Even if they don’t, they will say, “Hey, currently I don’t have an open position, but if you want to start with their own money, just start.” And with the time, if doing a really great, they will start funding for you. Because no one wants to use a valuable, what you call it? A valuable asset.
If you have a student who joined to your, I don’t know, lab, let’s say, and if he’s or she’s doing really good, then because if that person quits because of the funding, you’ll do everything to find the funding for that person so that he will continue to do a research or do the job in your lab. And another thing is, do your research, go to the webpages of the, I don’t know, the institution that you’re applying and see if they’re providing any funding opportunities. For example, at UNR, we had a scholarship for service. I didn’t know it to be honest. But one of my students emailed me, “Hey, can you write a recommendation letter for this scholarship?” And I’m like, “Hmm, interesting. Do we have such scholarship?”
I didn’t know about it. But what I’m trying to say, the student who made his research found that scholarship. So do your research and apply for the scholarship opportunities. And another thing might be big tech companies. They also have a scholarship programs. So check regularly their webpage like, hey, do they have any scholarship opportunities like Google, Facebook? So they have scholarship programs that you can apply and that you can get some amount of funding for your education. So I think those might be the things to look for.
Steve Bowcut:
Perfect. Okay. So as a cybersecurity educator, so what are the biggest challenges that you face in teaching cybersecurity, and how do you address those challenges?
Batyr Charyyev:
So yeah, as educator, the biggest, what do you call it? A challenge, I think is motivating the students. The thing, because when you go to class and if you have, I don’t know, 20, 30, 40 people, you see that after certain amount of time you see that some students get listened to you still, some students are not listening to you, they are lost. So in order to get their attention, you need to somehow motivate them. And that’s, I think the main challenge. And to motivate them, the thing that I usually do is I try to give the examples about the impact of the thing that we are learning.
So I don’t know, let’s say if we are talking about then denial-of-service attacks, I talk about how this denial-of-service of attacks impacts negatively the whole economy or what big tech companies or what the industry is doing in terms of the denial-of-service attacks to prevent them so that they will have an idea like, “Hey, the thing that I’m learning is important, it has a really negative impact or it has a really good impact in general, and it is a real problem, which is also tried to be solved by the industry as well. So the thing that I’m learning is important, and I should better listen to this, whatever that being discuss it.”
And other than motivation is a limited resources. So some students might need what you call extra time or I don’t know, for example, if all the students doing individual projects, let’s say, and if they want to discuss you about the details of the project, you should allocate your time for that. So I mean, if this class is huge, it’s not that easy, but what I’m trying to say, if needed, you need to allocate extra office hours, extra time in order to meet their requirements. And in that sense, I think like a more educators or more TAs will help in order to be available for students who need some extra knowledge. And other than that is a balance between the students. Some students are really good, the programming, I don’t know from 10 years, you were 10 years old, but some students just started.
Some students might not be even in the computer science fields, they might be in, I don’t know, some kind of other fields like biology, I don’t know, math, et cetera. And they’re not that good about the coding or they’re not good at grasping what we are talking because they’re not familiar with the field. So trying to keep balance between them is important. Because if you go to technical, the students with a really good background, they will be interested, but the other students will be lost. If you go not that much technical, in that case, the students with the technical background, they will say, “Oh, it’s a boring class. I ordered the know this stuff.” And they’ll start the computer and they’re writing something else. But keeping that balance between the students are the challenge, I think.
Steve Bowcut:
Yeah. I can imagine that that would be very difficult. Thank you.
Batyr Charyyev:
I know.
Steve Bowcut:
So let’s imagine in our mind somebody who’s say, gone through a bachelor of science degree in computer science or a related field. And so they’re either got a job or they’re looking for a job, so we’ll call them an early career professional. So what advice would you have for someone like that who wants to advance in their career? Do they need more education? Do they need just to get more experience, maybe a bootcamp, one of those accelerated programs, professional certificates or certifications, anything advice you would give that way?
Batyr Charyyev:
Yeah, so basically for early career professionals, you need to somehow, what do you call it? Develop, improve yourself. So it might be either through bootcamps. Personally, I didn’t do it, but I know people who did it and they say like, “Hey, we go over the bootcamp, it’s a six months, what do you call it? Like a journey. And after that you get ready for the, what do you call it? For the industry, and you find a job.” That’s what they say. But from my observations also, if you go into bootcamp, some people, they eventually go back to education because I personally know people who went to bootcamp and they feel that they don’t know some aspect of the computer science, like I don’t know, data structures, algorithms, et cetera. And they know tools, some tools, some technologies, some methods, et cetera, that might be what do you call it? Necessary to do the job. But when they try to shift their job to move to some other job or to some other field, they a little bit struggle.
And there is always a, what do you call it? A thread of layoff. Because on paper it looks like you don’t have a degree. So basically, you are the first person to go, that’s what I understand. And so basically they eventually go back to education to improve their what you call it? Basic understanding about computer science, because it’s not the job you will do in industry, it’s not just about the things that you learn in a bootcamp. You might need to adapt yourself for different projects. So the basic computer science knowledge is necessary. So bootcamp is good. It’s like a short, what do you call it? A fast solution. And on top of it, I think there is, what do you call it? Education aspect of the things. I think the basic concepts like data structures, algorithms, how computers works, operating systems. So basically I think you need to have some knowledge about those things because those are I think basics.
And in order to get those, what do you call it? Skills, I think you need to have some educational background. So starting with the, I don’t know, a master’s program might be helpful or at least with some certificate program. For example, at UNR we have, for example, if you’re an undergrad student and if you’re majoring in biology, let’s say, we have minor in computer science or we have complete the online master’s program at UNR. So basically if you are attending, if you are not in Reno, you can basically take online master’s program in cybersecurity. So we have it.
Additionally, we have master’s and PhD programs as well. But online master’s program in cybersecurity, minor in a computer science for undergrads, I think you can… Basically the people who are just starting can take those programs. And we are also providing the cybersecurity certificate, such a program. Basically you took a couple of classes and you get a cybersecurity certificate. So that might be interesting, that might be useful to show that, hey, I have some knowledge about cybersecurity. Here’s my certificate, which I obtained from this institution.
So basically it says that, hey, this person is knowledgeable about cybersecurity. And other than what do you call it? Educational or training aspect of the things, you need to love it, to be honest. For example, personally I tried the hardware security. I worked on a trust platform module and believe me this much amount of, what do you call it? Documentation. On summer, I printed everything. I went over it, I understand it, but I wasn’t comfortable with it. So then I realized that hey, I’m not good at it, first of all. And the second of all, I don’t like reading this much of documentation. I don’t love it. So that’s like a combination of you don’t love it and you are not good at it basically means that hey, I mean-
Steve Bowcut:
Not a good fit.
Batyr Charyyev:
Not a good fit. So basically what I’m trying to say, try to find the aspect of the cybersecurity that you love and that you’re good at it and pursue that. And in order to pursue it, it might be either through bootcamps, a lot of them, and it might be through education, like traditional undergrad, bachelor’s, et cetera. And if you cannot attend it in person, there exists online master’s program, at least in our institution, UNR, online master’s program in cybersecurity. But I’m pretty sure that other institutions also have such programs. So looking for such, what do you call programs might be useful for just starting people.
Steve Bowcut:
Perfect. All right. So we’re about out of time. I do like to end with kind of a fun question. We ask you to dust off your crystal ball and look into the future a little bit. So how do you envision the future of cybersecurity education given the directions that we’re headed now? What do you think the future’s going to look like?
Batyr Charyyev:
So yeah, I think cybersecurity in general is growing. So I think in the future it’ll be interdisciplinary. So I think it’ll not be just about computer science, it’ll not be just about the math. I think we will have other fields which will… I think cybersecurity in general will be interdisciplinary field. And also based on that we need to have adaptive curriculums because it’s growing so fast, technology growing so fast. So basically, depending on what is being right now trend, we need to update the curricula adaptively. And also with this grow, I think the cybersecurity specializations will emerge.
For example, network security guy or cloud security guy, application security guy. So basically I think there will be specializations in a cybersecurity in general. And the global collaboration because in the cybersecurity, in terms of the methods, in terms of the data, we need collaboration with the different institutions. We need collaboration with the industry so that to better prepare the young generation for the industry and for different cybersecurity challenges. And I think increased security awareness. Because right now I think most people have some kind of smart device like Ring doorbell or I don’t know, smart TVs, et cetera, and connect to internet. So those things propose what we call cybersecurity threat. And people should be aware about the existing cybersecurity challenges in existing cybersecurity threats. So increasing the awareness of the people in general, that might be one aspect of the education.
Steve Bowcut:
Yeah. Very good. All right. Well, thank you. Batyr, this has been a lot of fun and you’ve provided us a wealth of information. So thank you so much. I appreciate you spending some time with us today.
Batyr Charyyev:
Thank you so much for inviting me.
Steve Bowcut:
You bet. And a big thanks to our listeners for being with us. And please remember to subscribe and review if you find this podcast interesting. And join us next time for another episode of the Cybersecurity Guide Podcast.