Provost Bolman has dedicated his career to educating technologists who will shape and better our community through the innovations they help create. As someone who cares greatly about learning, his work at The University of Advancing Technology
(UAT) has had a theme of providing students with exceptional moments and growth through the skills that their professors possess as they create learning spaces.
As a technologist, he has worked to create a university where the culture of innovation is celebrated. Students learn the tools, techniques, concepts, and responsibilities of applying technology in ways that lift human society. Faculty profile
Here are the key takeaways
- Early Interest in cybersecurity: Bolman’s interest in cybersecurity began in the 1990s, influenced by the Y2K phenomenon and the emergence of network security. He was involved in virtual reality and leading-edge technology at UAT.
- Pioneering cybersecurity education: Recognizing the importance of network security, UAT was among the first universities to offer programs in this field. The curriculum included network security and attracted students interested in solving complex problems.
- Evolution of cybersecurity: Bolman notes the shift from basic network security to a comprehensive cybersecurity field, now a respected profession with standards and significant industry events.
- UAT’s cybersecurity degrees: UAT offers various cybersecurity-related degrees, including classic cybersecurity, forensics, and operations, available at bachelor’s, master’s, and certificate levels. The programs are designed to be accessible to students from diverse educational backgrounds.
- Curriculum relevance and trends: UAT keeps its curriculum relevant by adapting 25% of it in real-time to include current trends and developments, like incorporating ELK Stack technology.
- Recommended cybersecurity resources: Bolman suggests following NIST publications and using specific search terms related to cybersecurity. He also recommends attending conferences like DEFCON and Blackhat.
How did you first become interested in cybersecurity, and how did that experience lead you to where you are now?
In the nineties, I was involved in the university’s virtual reality work and leading-edge technology exploration. We offered some degree programs in network engineering. Through my research, I began to hear more and more about a thing called network security.
Much of this discussion was growing from the Y2K phenomenon. People were concerned about how we were going to make sure the brand-new dot com infrastructure would stand on its legs when Y2K happens and what it will look like in the future.
I started to track the future trends to keep an eye on network security and discovered that a subculture that included some brilliant computer thinkers was being developed.
The cyber professionals of the nineties were some of the first people to be writing code in the eighties. Their attitude was that it’s a new world out there, and they wanted to be a part of creating it. No one, except these guys, was even thinking about security. No one else saw the potential risks.
Through my work at the UAT, I met some of the early cyber professionals about the same time they were talking about starting some of the earliest industry conferences — specifically, DEFCON and Blackhat.
Knowing that it was too early for many people even to understand what network security was all about, we decided to create a program around it and be one of the first universities to teach it.
We had our network certificate programs at that time, so we added courses in securing those networks.
Unlike now, when hacking has a very negative connotation, a hacker was someone knowledgeable and creative in those days. We started to attract students that, more than just wanting to learn about computers, were puzzle solvers.
It took a while for our program to grow. Many people still did not understand what we were doing, and high school counselors didn’t yet know how to talk about network security.
Of course, now network security has evolved into cybersecurity, and it’s a respected profession with standards and major industry events around it.
Is there, or has there been, a predominant area of cybersecurity interest throughout your career?
Yes. For me, what’s been the most interesting has been the evolution of security. At first, it was just a vague concept that we needed to plug some holes and put some protection around networks. Then the questions became about how to build a workforce to support a growing industry.
Now we find ourselves in a place where cybersecurity is a part of everyone’s life. I have always been intrigued with how you make these underpinnings of our society secure so that people can have faith and trust in it — and it still works for them.
We are constantly being probed at the consumer level, spider bots are crawling the web looking for vulnerabilities, and AI has been infused into the technology. There is much to be concerned about.
At the enterprise level, we recognize an explosion of IoT devices, many of which are vulnerable. Understanding how to help people stay ahead of everything coming their way without them just throwing up their hands to say, “I didn’t sign up for this.”
A good example of new vulnerabilities that nobody would have believed possible a few years ago is the recent ransomware attacks on K12 and mid-sized medical facilities. But that’s very much the landscape we have right now.
UAT offers several cybersecurity-related degrees. Can you describe those for our readers?
We have a variety of offerings. We have bachelor’s degrees, master’s degrees, and certificates.
Our degrees fall into three different categories. There is a classic cybersecurity degree that trains you to be a cybersecurity professional. It covers how to design a secure and effective network, build recovery plans, and make incident responses.
We offer a forensics degree. Here we focus on the investigation after an attack occurs — what kinds of evidence to look for and how to analyze it. It addresses how to recover different types of media, so it is still valid for evidentiary purposes.
We also offer an operations degree. This one is designed for the individual who wants to be skilled in security but plans to design and run networks. They will have the knowledge to do this securely.
We offer all three of these flavors at the bachelor’s, master’s, and certificate levels. At the master’s level, students are focused on an audit from a manager’s perspective.
An interesting thing we do at the master’s level is that we have designed the program so that a student with a bachelor’s degree in, really anything — let’s say business — but wants to work in cybersecurity can be successful in our master’s program. It’s a novel approach. The master’s degree is quite technical, but a student doesn’t need a ton of technical background to succeed.
Can you describe the process you use to keep these programs relevant to an ever-changing cyber threatscape?
Keeping our curriculum relevant is something we are always focused on. We achieve this by how we design our curriculum. We leave about 25 percent of our curriculum open for courses that are developed in real-time.
Of course, we cover all the stuff that always needs to be included; the foundational ideas and the fundamentals. But, we have a block of time that is intentionally left in flux. Our lead faculty then identify what trends or new developments need to be dropped into the courses to keep them current.
An example of this happened recently. Last summer, we held advisor meetings with Bishop Fox, Avertium (Terra Verde), and a few other companies. One of the things they suggested is that we incorporate ELK Stack technology into our curriculum. They said nobody is doing that, but they see it as a coming trend.
Our first conversation about this was in June of 2020. Within a semester and a half, we had designed the curriculum and dropped it into one of our courses.
Regarding your cybersecurity programs, are there options for students to learn on-campus, online, or a combination of offline and online?
The education we offer has, historically, been provided as a traditional experience. Students come to campus, enjoy the quad, live in the dorms, and for cybersecurity students, spend time in our on-campus SOC.
That being said, about three years ago, we launched an initiative to structure an environment where — for every class — students could choose between in-person attendance, live stream remote attendance, or asynchronous viewing.
When the pandemic hit, we watched as everyone else had to figure out how to do what we were already doing. All we had to do was turn off the live in-person option. The rest was already in place.
It is interesting that just a few years ago, online students had to make some sacrifices, such as not participating in warfare range exercises or work in the SOC. But today, much of that is virtual, both at school and in the workplace.
If you were to build a cybersecurity reading list, what would be your top picks? (this could be books, papers, or lectures)
I would suggest that students follow everything NIST puts out about cybersecurity.
Beyond that, I like to offer recommended search terms as a reading list. Search for keywords like “cybersecurity” or “AI.” Try “cybersecurity in the cloud” or “cybersecurity in AWS,” “cybersecurity in AI,” or “cybersecurity frameworks and tool kits.”
By using these search terms, you will see what people in the industry are talking about. For someone thinking of entering the industry, spend a few hours performing these searches and pin some of the results to your feeds.
Publications are great, but searches can sometimes bring back more current results.
I would also recommend attending, when possible, conferences like DEFCON and Blackhat. It can be a little pricey, but these are great ways to learn about what goes on in cybersecurity if you can afford it.
These two conferences happen sequentially and are both in Las Vegas. Blackhat is purely professional, and DEFCON is the fun version of that. Often it is the same people attending and presenting, but they take off the collared shirt after Blackhat and put on their black tee shirt for DEFCON.
What do you think the cybersecurity industry or landscape will look like in five years? Ten years? And what do you think students today can do to best prepare for that future?
Some of the changes we will see over the next five years will be related to our current pandemic. Nearly everyone has the bandwidth needed to work remotely now. We’ve spent the entire pandemic ironing out the wrinkles of how we work and learn remotely. The remote connection interfaces are much better now, and we’ve become accustomed to it.
Some things are better done in person. Collaboration interaction isn’t quite there yet, but the economies of working and learning from home are becoming evident.
I had a professor on our staff once that was a brilliant forensics person. The challenge we had was that at any time, she could get a phone call and need to immediately grab her go bag and jet off to some foreign location for an investigation.
I would scramble to find someone to cover her classes. But, in today’s world, jet lag notwithstanding, she could run a course from nearly anywhere she was working.
So, I think, post-pandemic we will see much less travel and much more remote work and learning.
The other thing about the future that I find interesting is the explosion of internet-connected devices we can expect — and many of these IoT devices will be tied to AI. By all accounts, by 2025 — which is not that far away — the average number of connected devices that each person will be walking around with is about 15.
So, as big a deal as it is now, security will only become a much bigger deal in the future, if only because of the increased number of entry points. I also tell students to keep a close eye on 5G. It will only accelerate security issues.
If our readers could have only one takeaway from this interview, what do you hope it will be?
Okay. If I had to boil it all down to one takeaway, it would be that I want students and prospective students to understand the UAT experience. It is more about getting a holistic, well-rounded security technology education than a singular focus on just one aspect.
To be sure, we teach all the requisite skills to be good at IT, and code protocols, and Java, and everything else you will need. But beyond that, we want our students to have an immersive experience that will allow them to take what they’ve learned and create something of value.
You will be pushed to build a cyber solution, then deploy it, then get feedback — over and over again. Earning a degree from us isn’t about completing 30 or 40 courses; it’s about bringing everything together, not just when you’re a senior, but starting with your first semester. It’s an iterative process of continual improvement.
It’s interesting that when I first started working on our education model, I stumbled across a book by a guy named Antoine de Saint-Exupéry. He was a French airmail pilot during the second world war. He wrote a great book called “Wind, Sand and Stars”. In one chapter, he talks about how he would make a great pilot. He would have them begin by building a paper airplane, then a box plane, and bigger and bigger until they build a jet fighter. He said that to be an excellent pilot, you first need to understand airplanes and how they work.
Frank Lloyd Wright had a parallel idea for teaching architects. I believe the same thing applies to learning to build with technology. It’s an iterative process from the very beginning.
Thank you so much for your time. I have sincerely enjoyed talking with you. Have a great day!