Dr. George Trawick is a distinguished former Army officer with over twenty-five years of dedicated service. His career is marked by a rich blend of leadership, technical expertise in information technology, and a deep commitment to professional education. As an energetic and knowledgeable Information Assurance professional, Dr. Trawick has excelled in various roles, most notably in academia.
Currently, he serves as an associate professor and Cyber Security Coordinator at Mississippi State University, a position he has held since August 2020. In this role, he contributes significantly to the Department of Computer Science & Engineering, shaping the next generation of cybersecurity experts.
Summary of the episode
In this episode of the Cybersecurity Guide Podcast, host Steve Bowcut interviews Dr. George Trawick, the cybersecurity coordinator at Mississippi State University. They discuss the cybersecurity education opportunities at MS State, including undergraduate and master’s degree programs in cybersecurity, as well as a new bachelor’s of applied science in cybersecurity.
Dr. Trawick emphasizes the importance of hands-on experience, internships, and industry certifications in preparing students for real-world cybersecurity challenges. He also highlights the research opportunities available at MS State, particularly in the areas of artificial intelligence (AI), unmanned autonomous systems, and robotics.
Dr. Trawick advises students to embrace AI and quantum technologies, as well as to develop a strong understanding of risk and risk management in cybersecurity. The episode concludes with a discussion on recommended resources for students interested in learning more about the cybersecurity industry.
Listen to the episode
Here is a full transcript of the episode
Steve Bowcut:
Thank you for joining us today for the Cybersecurity Guide Podcast. My name is Steve Bowcut. I am a writer and an editor for Cybersecurity Guide and the podcast’s host. We appreciate your listening. Today our guest is Dr. George Trawick, associate professor and cybersecurity coordinator at Mississippi State University, and we’re going to be discussing the cybersecurity education opportunities at MS State. Let me tell you a little bit about Dr. Trawick. Dr. George Trawick is a distinguished former army officer with over 25 years of dedicated service. His career is marked by a rich blend of leadership, technical expertise in information technology, and a deep commitment to professional education. As an energetic and knowledgeable information assurance professional, Dr. Trawick has excelled in various roles, most notably in academia.
Currently, he serves as an associate professor and cybersecurity coordinator at Mississippi State University, a position he has held since August of 2020. In this role, he contributes significantly to the Department of Computer Science and Engineering, shaping the next generation of cybersecurity experts. With that, let me welcome Dr. George Trawick. Welcome George. Thank you for joining me today.
Dr. George Trawick:
And thank you, Steven for having me and giving me the opportunity to talk about cybersecurity education and the great Mississippi State University.
Perfect. Thank you so much. This is going to be a valuable resource for people that are thinking about getting into cybersecurity, learning about cybersecurity, and maybe that’s the career that they want to develop and we just hope to provide them with some resources along the way. And just as a side note here, any resources that you mention, we’ll try and capture those and put those in the show notes so that people from the website can click directly onto those resources. So let’s start with a little bit more about you. I always find it fascinating, as does the audience, to learn about the guests. So tell us specifically how and when did you become interested in cybersecurity?
Not a bad story for us. So the introduction for me was a little bit more laudable I think, than maybe I deserved, but I did do 25 years in the army, and I’ll tell you, started off my career in the infantry, so doing combat arms type stuff. And later in my career, about 10 years in, had a couple of injuries and had to make some career choices. And at the time, this is in the ’90s or late ’80s, early ’90s, I made the choice to go from the combat arms to this thing called information assurance and network security. And that is what actually put me on my path. It was happenstance and I was assigned to go to the Army’s computer science school. That’s where the passion started. Got my first assignment as a network security guy in the army and stayed on that path, but it wasn’t until I actually got into the mission for data and the bigger picture for cybersecurity that the passion really started for me and never looked back.
Interesting. I find that fascinating and probably mostly because I like to draw parallels between physical risks and threats and mitigation strategies and digital assets and the threats and risks and mitigation strategies that you work with in cybersecurity. Did you find a lot of parallels? You were-
Dr. George Trawick:
Absolutely.
Steve Bowcut:
You knew how to protect physical assets and you just take that same knowledge and apply it to digital assets, correct?
Dr. George Trawick:
I tell that same story all the time. When we talk about defense and depth, the army or the military in general has the perfect analogies for it. When we talk about advanced persistent threats and how our adversaries conduct their missions in cyber, there’s absolute parallels to physical combat. Whether you’re talking about a reconnaissance team that does the open reconnaissance initially, well, military has specialized units to do nothing but that. And then you get the breach team who actually does the breaching in the cyber, not always the same people that did the reconnaissance. And the military has a separate units just to do the breaching to get into the system. And then when you get on the other side, you plant your roots. You establish a foothold and then you spread out laterally. Absolutely military parallels all along the way.
Dr. George Trawick:
So Mississippi State has a lot to offer in the computer science, engineering and the cybersecurity domain. Well, right now we have two degree programs specified as cybersecurity. We have an undergraduate degree, bachelor’s degree in cybersecurity, and we have a master’s degree in cybersecurity and operations. Both of those degree programs are NSA designated and it helped us with our Center of Academic Excellence in Cyber Defense and in cybersecurity and operations. So those two degree programs form that foundation for our cybersecurity. But there’s another area, and then we may talk about it a little bit later, we are just now establishing a bachelor’s of applied science in cybersecurity. And for those that don’t know the difference between the bachelor’s of science and applied science, I give this analogy.
The bachelor’s of science in cybersecurity and the computer science and engineering degrees, I like to think of those as the engineers that build, say your car. The engineers that know how the engine runs, knows about the compression ratios, knows all the different compounds that go into making up the metals of the engine. That’s the computer science and engineering program and the bachelor’s of computer science. The applied science cybersecurity degree is the driver, the guy that drives the car. They may know how the engine works. Basically they know when it’s not working, they know how the tires do and the compression and they know about alignments, but they don’t know how to engineer it. But they can drive the car and they understand the rules of the road and the policies and networks and rules and laws that all come around to govern that. Same as the engineers that develop the compounds in the tire. They’re not going to drive the car. They could drive it, they’re not going to win. Two different career fields, but they absolutely rely on one another.
And you still have to have some foundational knowledge of each other’s craft, but they’re absolutely different. So our new bachelor’s of applied science in cybersecurity is we designed it and tailored it to help those that are in community colleges or maybe have an associate’s degree that want to further their education. So we designed this specifically to minimize the number of classes that they had to take in order to catch up to maximize the transfer of credits. Because what we saw was individuals are out there in the workforce now having associates need that next degree and they come looking, but all you have to offer is that bachelor’s of science in cybersecurity, which is a completely different path as I just described. I’m trying to bring the race car driver and finish his degree. So we were having a lot of conflicts, they were just not compatible. So now we have this new degree that they can slide right into and learn how, to keep the analogy going, a better race car driver.
Excellent. Thank you. I love that analogy. That works very well. So if you’re the type of individual who really wants to drive the car in cybersecurity, you want to work in a SOC or you want to actually apply in a defensive role, that’s probably a better degree than someone who wants to design the car or design the mitigation strategy.
Dr. George Trawick:
That better algorithm, that better anomaly detection for a firewall or for an IPS, you want to be down into that level of it versus how do I buy, install, maintain, and operate the IDS?
Steve Bowcut:
Right. Very good. All right.
Dr. George Trawick:
For the outcome of the mission, for the goal of the company.
Dr. George Trawick:
All the time. And one of the reasons I came here, ’cause I was teaching at the National Defense University’s College of Information Cyberspace with mid-career, late career professionals, but I came here because the passion that this state has for cybersecurity. And that’s important because from the governor, lieutenant governor, attorney general, university president, all of them impressed me when I was looking to come here or being recruited to come here. We got top down buy-in for cybersecurity education. So why is that important? Because these clubs and extracurriculars don’t exist if you don’t have the resources to support them and get them started. And we’ve got some of the best support across the nation. So what kind of clubs? We’ve got, oh my gosh, all of them. We have a dedicated cybersecurity club.
Now, I think like most universities, our club here is recovering from COVID. When COVID come along, it just knocked the wind out of a lot of the clubs, the social clubs, the leadership and the institutional knowledge, if you will, of the club left. So now you’ve got all new people and they’re struggling to figure out, well, what does this club to do? But the cybersecurity club, our women in cybersecurity chapter, our AI club, our robotics club, are all coming back together. And what’s even better because we have that top down leadership, we’re working hard to create a community where the students want to come here. Come to the building, hang out here, learn from one another, hang out in the labs. And with that extra leadership urging, that’s starting to happen. So we’ve got a cybersecurity club. They meet formerly once a month, but all the time.
The students are getting together all the time. They’re planning to do CTFs, capture the flag events, pack the box events. They’re teaching each other specific tool sets so that they can do these type of events. The robotics club just finished a hack challenge with it, basically turning docile robots into battle bots.
Steve Bowcut:
Very good.
Dr. George Trawick:
[inaudible 00:12:04]. Our women in cyber chapter, another one that took just a big punch because of COVID, but they’ve come back like a phoenix and we’ve had a couple of great speakers come in and then they’re getting involved. The clubs are starting to get synergy between one another. So there’s so much going on with our club and extracurricular activities because we’re really trying to build that culture of networking and learning from one another. And then when students graduate, they’ve got this network that they can lean on and they’re proud to know. So there’s so much energy going on here, especially with our extracurriculars that I’m really excited you asked that question.
That is very nice to hear. And thank you for pointing out that perspective because it’s really true and I’ve seen it across the nation with people that I’ve interviewed, and it’s tenuous for those types of clubs because students are learning from each other just in the best of circumstances. You’ve got people that are coming in and then four years later they’re gone. It’s like a football team. You develop the best team, but you have to remember that your players are only going to be with you for a short period of time. And so as students come through these clubs or these organizations, even in the best of circumstances, it’s a little bit tenuous to keep all that tribal knowledge filtering down. And then you have something like COVID that just decimate the whole thing and you lose a couple of years. So you really are starting from scratch again.
So I appreciate you pointing that out because it is so critical. That’s where many students are going to do their best learning, is in that type of an environment. They can sit in class and they can take notes and they can listen to the lecture, and I’m sure you’re a great lecturer, but it’s when they’re sitting next to their peer in a club environment and they say, “Oh, check this out, I can do this. Have you ever seen that?” That’s where they do the real learning.
Dr. George Trawick:
That’s right.
Steve Bowcut:
So that’s awesome.
Dr. George Trawick:
That’s where the passion gets fired up.
Steve Bowcut:
Exactly.
Dr. George Trawick:
It’s from that passion, did the learning happen. In the classroom, you’re going to listen, you’re going to learn and maybe go on your own, but it’s when you get that passion or even a competition between you and your colleague or your classmate, that’s where that fire really kicks off and we’re building a fire.
That is awesome. All right, so university does something they do a little bit different than anybody else. So what makes Mississippi State unique in your cybersecurity program or programs?
Dr. George Trawick:
What makes us the most unique? A little bit harder to answer, again, because we’re coming together and really rebuilding from COVID, but I would tell you one thing that makes us different is our Center of Academic Excellence designations from the NSA and the rigor that we put into our curriculum and the delivery of the curriculum and the assessments so that we can improve. I don’t know that that makes us different because there’s a lot of universities that will work really hard to make that happen, but we work really hard to achieve and maintain these designations because they’re that important. And it gives us a great framework to make sure that we’re delivering the best, I hate to say it this way, the best product to our students, the best curriculum, the best education, because this is the gold standard to put your programs against.
So from that, I think that might be it, but I could also say what makes us different is the top down buy-in that we have. And I can’t say what others have, but I know that this is something special, having done all the years in the army and trying to get leadership to buy into anything holistically. And then seeing the energy that we have here, I say from the department head straight down.
I agree. And that makes so much difference. If a program, whether it’s cybersecurity or any other program, if they’re always trying to fight for resources, fight for space, fight for attention, it really hampers the program. But if you’ve got leadership who’s already bought into the idea that this is important, that makes all the difference in the world. And speaking of uniqueness, one of the things that you said earlier, and I was going to comment then and I didn’t, but it’s relatively unique. It’s not wholly unique, but it’s relatively unique for universities to actually offer a cybersecurity degree. We’re seeing it more and more now. I’ve been doing this for years and it used to be very rare. Oh yeah, we teach cybersecurity, it’s part of our computer science degree, and you can have a specialization in cybersecurity. It wasn’t actually a cybersecurity degree, but there you do.
And if I had to choose whether I was going to graduate with a computer science degree with an emphasis on cybersecurity or an actual cybersecurity degree and I wanted to work in cybersecurity, I would certainly choose the latter. So I think in some sense, that makes you a bit unique as well.
Dr. George Trawick:
And I can agree and say that other universities are coming in that direction as well. Especially it’s more of us go and become designated by the NSA as a Center of Academic Excellence or others try to align their programs of study to it. You start to see the need to have the language aligned properly as well. I can’t say that I’m teaching you cybersecurity if it’s not mentioned anywhere-
Steve Bowcut:
Yeah, exactly.
Dr. George Trawick:
In classes or our programs. So words matter.
And I like when you talked about your applied science degree because I wanted to talk a little bit about what makes Mississippi State… How you go about preparing students for real world cybersecurity challenges. And I think that’s one of the ways you do it, is that it’s one thing to learn these things in theory, but that doesn’t really prepare you to work in the cybersecurity environment. It takes more than just understanding the theory behind attack vectors or mitigation strategies or that kind of thing. So talk to us about that.
Dr. George Trawick:
You look behind the curtain a little bit, Steve. So as a cybersecurity coordinator, one of the things that I’ve had going in the back of my head was getting that applied science degree out there and then the students that we are able to attract, some of those will be guys and gals that are out there in the workforce doing it right now. Now imagine having those students in the same classes with freshmen and sophomore that’s never seen it before. And now that classmate that you’re working with can answer their questions about what’s out there in the workforce. It is a tiny bit, but it’s something special that we’re trying to do. Let me tell you what we’re doing to prepare students for real world work. That’s one.
The other piece that we’re working really hard here is to get a total package for our students. There’s so many students going to graduate across the nation with a computer science or even say a cybersecurity degree. What I want to do is take that population and for my students, they also need experience. Every resume, you got to have some experience. So we’re working really hard to build out partnerships for internships for our students.
Steve Bowcut:
Oh, very good.
Dr. George Trawick:
So that number of students that are doing internships every summer is growing and growing and I’m getting more and more opportunities. A lot of it has to do with DOD. The Center of Academic Excellence designation brings us the ability to have scholarship for service with the NSA, Department of Defense scholarships, which brings these internships opportunities as well. So the education, getting the degree, getting some form of hands-on experience through internships, co-ops or the capture of flag events, if we can rack up enough of them. The next one is certifications. And this is a big one that a lot of universities aren’t focused on yet. So I’m focused on building a certification machine, a self-sustaining…
There’s no way of self-sustaining the cost, but where students are leading and teaching each other in workshops to get after industry level certifications, Security+, CEH, CCNA, some entry level certifications so that when they graduate, they have the education, they’ve got some level of experience with an internship, and they’ve got a certification. That’s the big three that I look at to try to differentiate our students from all the other cyber students that are graduating across the nation.
I just wanted to comment. That is actually a very smart thing for you to do because as I speak with employers across the nation, what I’m finding is that they’re all putting more emphasis on certifications than they did a decade ago. It was always a degree, well, do you have the degree? And then the certifications were for people who didn’t have the degree, but more and more what I’m seeing, employers, they want you to have the degree, but they also want you to have some certification because if you don’t, when you get hired, they’re going to say, “Okay, well you’ve got six months to get this certification.”
Dr. George Trawick:
That’s right.
Steve Bowcut:
“We’ll hire you now, but we still want you to get this certification.” So if you come to them with that certification in hand, that’s going to mean a lot to them.
Dr. George Trawick:
It really does. And there’s a whole other set of theories about hiring and do I bring you on, get you trained, and then you leave, or do I bring you on and train? So there’s all those other considerations. I’ve been a hiring manager. I’ve hired dozens of cybersecurity professionals, so I know what’s on that side, what the hiring managers are looking for, and I’ve gone out and talked to the industry around Mississippi. And when I was up in DC, me and my colleagues went out, “What are you looking for from our graduates?” And certifications are there. It shows a couple of things to the employer. One, that you can apply some of the theory that you have. There’s that piece that you’ve got that energy above and beyond to go get this because they’re not easy. You’ve got to put in and dedicate your extra time and maybe some resources to getting that and maintaining it. So the Security+, that’s important, but getting it and having it also demonstrates a couple other things to a potential employer. So that’s another reason why they’re important.
Let me add one more though, because the one other area that I’m pushing for is to get our students security clearance. A lot of our students go into government, state, local and federal, and it’s a big hurdle for the clearance. So being a designated center, we’ve got access to jobs and internships that can instantiate a clearance for our students. What I’m going to try to do or what we’re doing as a university is to build and maintain ability to do classified work, which will allow us to start working toward getting our students a clearance early on. It takes a long time, but if we can establish it here and possibly even get them a clearance by the time they graduate, holy, that’s it. The employers are going to come looking, running to them.
Steve Bowcut:
There are lots of jobs where they can’t hire you if you don’t have the clearance. And from the employer’s perspective, I would love to hire you, go get your clearance and come back and talk to me.
Dr. George Trawick:
And that’s why.
Steve Bowcut:
That’s hard to do.
Dr. George Trawick:
That’s why when a student graduates and they get a job, say with the federal government, it’s so much easier once you’re in to move laterally. It’s like you go back to our hacking analogy. You got to get in because they know you’re a known quantity and maybe now you’ve got somebody sponsoring your clearance and you’ve already started it, it’s much easier than I’m going to bring you on. I’ve got to go through the whole process of getting a clearance. I can’t put you on the system until we get that piece done. So if you show up, even if you’ve got an interim and the background investigation’s done, that candidate’s much more valuable than those that they have to start from scratch.
Steve Bowcut:
Absolutely.
Dr. George Trawick:
That’s the fourth one. It’s not here yet, and it may be a year or two down the road, but it’s in our sites.
It’s very forward thinking of you. I think that’s great. So earlier you mentioned internships, and I think internships are just so invaluable. And internships have maybe not a twin sister, but a close cousin, and that would be the research. Are there research opportunities at Mississippi State in cybersecurity?
Dr. George Trawick:
There are. We’ve got several faculty that are dedicated to research, especially in the cyber realm. And for us, it may even make us more unique than others, there’s that nexus between, I’m going to say it, here comes that big word, AI, that nexus between AI and cybersecurity. So we’ve got a lot of energy in our artificial intelligence, large-language model research. We’ve got a couple of patents in what’s called the patent lab and that lab doing AI, large-language model, think ChatGPT, creating our own specialized AI ChatGPT type models that can go after cybersecurity topics and theories. So we’ve got a lot of research in that arena. We’ve got research in unmanned autonomous systems in cybersecurity. So here at Mississippi State, we’ve got one of the largest unmanned aerial system drone fleets in the nation, two of the biggest drones in the nation.
We’ve got the autonomous ground vehicle research effort where we were doing unmanned autonomous ground systems for the army. Think of a Jeep or a Humvee that just goes across unmapped terrain autonomously and the cybersecurity aspects that go along with that. So unmanned aerial systems, we’ve got a strong push in research in that area. Ground autonomous systems, AI chat, GPT and cyber, especially with anomaly detection. And then the one other area that we have that we’re pushing toward now… We talked about the robots. Yeah, we did the robotic piece. So not the unmanned aerial, not the unmanned ground, but just interactive type robotics and cybersecurity.
Steve Bowcut:
Excellent.
Dr. George Trawick:
Those are the three big ones. Of course there’s others with wireless and the spectrum, but those are our big ones that we’re pushing for now.
Excellent. I want to circle back just a little bit here, maybe a half step back. We were talking about real world knowledge or being prepared for real world circumstances. Many educational institutions will have industry partner advisory boards and that kind of thing. Do you do anything like that at Mississippi State where you’re bringing people from industry in and getting their input on what the curriculum should look like?
Dr. George Trawick:
Absolutely. We have a biannual meeting with our industry advisory board, and on that board we’ve got alumni. Most of them are alumni from Microsoft, Google, Amazon, drawing a blank now for the paper industry that’s here and a few others. And they come in, they look at the curriculum, we talk to them about what is industries looking for, not just in the cybersecurity program specifically, but across all of our curriculum? Again, what do they want to see from the graduates from Mississippi State? And maybe it is a computer or software engineer or computer scientist or the cybersecurity or the AI. They give us that feedback on where we should be pointing our curriculum, our research and our interns in order to meet that demand from industry.
And that is so smart, even if I look at it from a regional economic development perspective. So you’ve got students coming to Mississippi State to get their education. If you’re not meeting the demands or fulfilling the requirements of the local employers, then your student’s going to graduate then they’re going to move off and that doesn’t really help your region. But if you get that input from the regional employers, now they can stay where they probably wanted to stay in the first place because that’s where they’re from and get the kinds of jobs that they’re trained to get. So that’s awesome.
Dr. George Trawick:
That’s a good point. I haven’t been here that long, but talking with those that have, Mississippi in general, but graduates suffer from what they call the brain drain. Graduates come here, there’s no opportunities for them or they’re not meeting their demand here so they leave and they go off and leave the state. And so the state, again, from the top down are working to solve that problem, but there is that chicken and an egg. You got to have the industry to feed, but they’re not going to come. But we’re working diligently to make that happen. And the advisory board is exactly that way, so we know that our graduates can meet the demands of the regional [inaudible 00:30:02]
And that’s an important aspect that you just pointed out. It is chicken and egg because if you’re an employer and you’re thinking about opening a facility in Mississippi, one of the things you want to know is, well, what’s my talent pool going to look like? What kinds of educational opportunities are available in that area? That becomes critical in that decision-making process. So that’s very good. All right, so we’re about out of time. I’ve got a couple of questions, and these are mostly fun questions. The first one is, if you were to put together your top picks for a cybersecurity reading list, and I say reading list, but it doesn’t have to be reading. It could be podcasts or websites or YouTube videos or books or papers or lectures. But where would you point students who want to learn more, not necessarily more about cybersecurity, they’re going to learn that when they come to school, but about the industry and if it’s the kind of work they really want to do, that kind of thing, where would you point-
Dr. George Trawick:
Well, there’s so much out there though, right?
Steve Bowcut:
Yeah, I know.
Dr. George Trawick:
And it’s like, okay, well, it depends on, well, where does your passion lie? I’ll tell you what, the very first book that I read and it’s probably on all of our reading lists, and that’s The Cuckoo’s Egg. It really was one of the first ones that was recommended to me back in the early ’90s when I was coming in. I basically asked the same question, it’s that who’d done it of cybersecurity before we even knew what the internet looked like? But I would say there’s so many. The Ghost in the Wires. Any one of Kevin Mitnick’s books, that was probably the second one that I read, was The Art of Invisibility.
You’ll find this interesting, but both of those two are almost always mentioned. When I ask cybersecurity educational professionals about this question, they almost always come back with both of those. And I think it was because it is foundational for a lot of us. Those were two of the first books that I ever read on cybersecurity. So I think it’s foundational for-
Dr. George Trawick:
I think it is. It ends up there. So if you want to get outside of that realm a little bit, some of the others that influenced me, Playing to the Edge by Michael Hayden is another one that talks about the decision making piece from the leadership from a CISO, from the chief information security officer, from the driver. Go back to the analogy, the race car driver and how do you look at the landscape and make decisions and stay within the policy rules and regulations of cyber? I told you about The Art of Deception, but there are so many. But you got to at least get those four in there. Ghost in the Wires is another one. Ghost Fleet is-
Steve Bowcut:
Ghost Fleet?
Dr. George Trawick:
Ghost Fleet.
Steve Bowcut:
Okay.
Dr. George Trawick:
It’s a fanciful book of the next major war.
Steve Bowcut:
Very good.
Dr. George Trawick:
But the cyber implications of managing warfare in the next major conflict.
Steve Bowcut:
Okay, excellent.
Dr. George Trawick:
With some fanciful weapons and half true, half believable scenarios. But if you get beyond the storyline, there’s a lot of great learning that goes with that book as well.
Excellent. So we’ll put links to these resources in the show notes so that people can click on those and go directly to those. And our last question here is literally just a fun question, but there is a purpose behind it. And so what I want you to do is dust off your crystal ball a little bit, look into the future and tell us what you think the cybersecurity industry or the cybersecurity landscape will look like in five years or 10 years there at some future point. And the purpose behind the question is to help students think about or at least get them thinking about what they need to do now to prepare for… Because they’re not going to graduate next week or next year if they’re just starting now. It’s going to be some time, a number of years before they enter the workforce. So what do they need to be thinking about now?
Dr. George Trawick:
Wow, great question. Obviously AI, embrace it, figure it out. Don’t shy away from it. We’re in a weird spot right now with students and educators and trying to figure out how much they should bring in, how much they should use. I would say AI. Quantum.
Steve Bowcut:
Very good.
Dr. George Trawick:
It’s another fanciable thing, but learn it, start understanding it and how it’s going to apply five to 10 years from now. But AI, absolutely, large-language models, understanding the data science piece of the world we live in. Probably those are the big three. Don’t wait to start getting to know that. There’s another side. There’s going to be obsolescence on things that we’ve been doing for so long that are going to become obsolete because of AI automation. So I would be cautious not to spend too much time in the old school stuff. Look forward to five to 10 years and what type of things we should be studying and learning about so that they’re properly ready when that time comes when you graduate. So AI.
Steve Bowcut:
Excellent.
Dr. George Trawick:
And quantum, probably the two big ones.
Steve Bowcut:
All of those will change how we do what we do and that’s across industries as well. So I’ll give you just a little example and hopefully this can relate to the students who are thinking about getting to cybersecurity, but professionally, I’m a journalist and so AI, ChatGPT has really disrupted journalism because it writes. It’s one of the things that it does. And so a lot of people complain about that, and I would always advise people, don’t complain about it, embrace it.
Dr. George Trawick:
Embrace it.
Steve Bowcut:
Use it to your advantage. All it really does is it changes the writer’s role. And it is a significant change, but instead of the constructing each sentence, now you’re becoming the editor. Let ChatGPT put the body together and now you become the editor, not the writer, but you’re still deciding what it is the piece is going to say. So the point being there, the same thing would happen in cybersecurity. Learn to embrace it. Use it to your advantage because certainly your adversaries are using it.
Dr. George Trawick:
Absolutely.
Steve Bowcut:
You need to understand how they’re using it, what they can and can’t do with AI, the impact that it has on the industry. So that’s great advice actually.
Dr. George Trawick:
It’s a lot. Every change in technology that we’ve had, the criminals embrace it, our adversaries embrace it first to see how best they can exploit it and find the vulnerabilities, and we drag our feet, not wanting-
Steve Bowcut:
And you have to know how they’re doing that.
Dr. George Trawick:
Not wanting to get out there. Let me say one more thing that all students, all of us could do, and I wish I’d have done earlier, understand risk and risk management. Cybersecurity is all about risk and risk management, and how do we maintain the ability to do a mission in a risk environment? So if students can get out front and understand risk and threats and vulnerabilities and countermeasures and mitigations, understand that framework, then everything else they learn, they can hang on one of those hooks of that framework instead of getting all the pieces and parts and then I introduce this idea of risk and risk management to them, and then it’s a little bit more chaotic.
Thank you for pointing that out. And we could do a whole show just on risk and risk management that I would love to do sometime, but not only will it help students in cybersecurity and understanding their role there, but helps people in life. There are so many people who don’t understand probability, criticality. If you don’t grasp those things, you can get swayed by the news media. If you hear about a particular threat that’s happening and you’re hearing about it all the time, in your mind, you start to think, oh, it happens all the time. No, it means you’re hearing about it all the time. It doesn’t mean that it’s happening all the time. And the criticality, it seems like a terrible thing, but if the criticality is low, then all right, so it happens a lot. It’s not that big of a deal, but vice versa, if the criticality is high and it could happen once in a while, then that’s something you need to pay attention to. So it’s a whole nother discussion, but I appreciate…
Dr. George Trawick:
Yeah, it is, but it is cyber. I tell my students when I do the introduction, you do risk management every single day.
Steve Bowcut:
We all do.
Dr. George Trawick:
You make risk decisions every single day, you just don’t know how it breaks apart. And that’s how I introduce it to them. And once they can start, I do this every day. It’s going to rain, I need an umbrella, or I don’t walk or I do walk. And once they can see, oh, those are risk decisions. This change up the threat, the vulnerability to impact the criticality to things that we’re teaching you. And the light is beautiful when the light comes on when they see that. So absolutely, look at that risk as how we do things and everything they learn from here forward will have some substance to how they apply it when they get out of school or in every day.
Steve Bowcut:
Exactly. I certainly agree. Thank you for that. All right. So we are out of time, but thank you, George. I really appreciate you giving some time with us today to provide this resource for students and it’s very valuable and I appreciate it.
Dr. George Trawick:
Well thanks Steven, and thanks for giving me the opportunity to showcase Mississippi State’s wonderful computer science program and cybersecurity program, and I look forward to maybe having some new students come in.
Steve Bowcut:
There you go. Let’s hope that’s how it works.
Dr. George Trawick:
All right.
Steve Bowcut:
All right.
Dr. George Trawick:
I’ll let you know.
Steve Bowcut:
Yes, please do.
Dr. George Trawick:
If I get in students that, I heard about you.
Steve Bowcut:
I heard it on the podcast. There you go. Let us know.
Dr. George Trawick:
Absolutely, get a plug back. Absolutely.
Steve Bowcut:
Perfect. A big thanks to our listeners for being with us as well. And please remember to subscribe and review if you find this podcast interesting. And join us next time for another episode of the Cybersecurity Guide Podcast.