Cybersecurity Guide

  • Bootcamps
  • Degrees
    • Associate in Cybersecurity
    • Bachelor’s in Cybersecurity
    • Master’s in Cybersecurity
    • Graduate Certificate
    • Cybersecurity Analytics Degree
    • Computer science with cybersecurity emphasis
    • MBA in cybersecurity
    • phd in cybersecurity
    • Cybersecurity law degree
  • Online
    • Online Certificate in Cybersecurity
    • online bachelor’s in cybersecurity
    • online IT degree
    • online master’s in cybersecurity
    • Online master’s in information security
    • online phd in cybersecurity
  • CERTIFICATIONS
    • Certified Information Systems Auditor (CISA)
    • Certified Ethical Hacker (CEH)
    • Certified Information Security Systems Professional (CISSP)
    • Certified Information Security Manager (CISM)
    • Digital Forensics Certifications
    • Security+
    • CompTIA Advanced Security Practitioner (CASP+)
    • Certified Network Defender (CND)
    • OSCP
    • CRISC
    • Pen Testing
    • CTIA
    • Cryptography
    • Malware Analyst
  • CAREER GUIDES
    • Security Engineer
    • Chief Information Security Officer
    • Security Analyst
    • Computer Forensics
    • Security Consultant
    • Digital Forensics
    • Cryptographer
    • Security Administrator
    • Penetration Tester
    • Security Software Developer
    • Security Specialist
    • Security Code Auditor
    • Security Architect
    • Malware Analyst
    • Data Protection Officer
    • Cybercrime Investigator
    • Cryptanalyst
    • Security Incident Responder
    • Chief Privacy Officer
    • Risk Manager
    • Network Administrator
    • Business InfoSec Officer
    • Information Security Manager
  • States
    • Alabama
    • Alaska
    • Arizona
    • Arkansas
    • California
    • Colorado
    • Connecticut
    • Delaware
    • Florida
    • Georgia
    • Hawaii
    • Idaho
    • Illinois
    • Indiana
    • Iowa
    • Kansas
    • Kentucky
    • Louisiana
    • Maine
    • Maryland
    • Massachusetts
    • Michigan
    • Minnesota
    • Mississippi
    • Missouri
    • Montana
    • Nebraska
    • Nevada
    • New Hampshire
    • New Jersey
    • New Mexico
    • New York
    • North Carolina
    • North Dakota
    • Ohio
    • Oklahoma
    • Oregon
    • Pennsylvania
    • Rhode Island
    • South Carolina
    • South Dakota
    • Tennessee
    • Texas
    • Utah
    • Vermont
    • Virginia
    • Washington
    • Washington, DC
    • Wisconsin
    • West Virginia
    • Wyoming
  • Podcast
  • Resource Center
    • Centers for Academic Excellence
    • Job Guide
    • Veteran’s Guide
    • Women’s Guide
    • Internship Guide
    • Security Clearance Guide
    • Ethical Hacker Guide
    • Coding for Cybersecurity Guide
    • Cybersecurity 101
    • Student Guide to Internet Safety
    • Scholarship Guide
    • Cybersecurity Math Guide
    • Small Business Guide
    • Cybersecurity for K-12 students
    • Career Networking Guide
    • What is a Cyber Range?
    • Code Like a Hacker
    • Reacting to a Cyber Incident
    • Introduction to Cyber Defense
    • Cybersecurity Courses Online
    • Recommended Reading
    • Phishing Attacks
    • Cybersecurity Responsibility
    • How to Get Into Cybersecurity
    • Cyberwarfare
    • Cybersecurity Insurance
    • Job Interview Prep
    • Readiness Economy
    • Is Cyber a Good Career?
    • What is CyberCorps?
    • DEI in Cyber
    • NIST and Small Business
  • Research
    • AI and Cybersecurity
    • Holiday Hacks
    • Jobs Report
  • Industries
    • Financial Sector
    • Insurance Sector
    • Healthcare Sector
    • Environmental Sector
    • Energy Sector
    • Government Sector
    • Transportation Sector
    • Food and Ag Sector

An interview with James Banfield

Last updated: November 15, 2023

James Banfield is an associate professor at Eastern Michigan University. He has earned a Ph.D. in Information Assurance, an M.S. in Information Assurance, and a B.S. in Network Information Technology Administration, all from Eastern Michigan University.

He teaches in the B.S. Information Assurance and Cyber Defense program. This program emphasizes the design, integration, administration, hardening, and protection of all types of computer information systems and network infrastructures in modern cyber environments. Faculty page

Key takeaways from the interview

  • Teaching philosophy: He encourages his students to pursue their passions in cybersecurity for success and satisfaction, rather than solely focusing on job opportunities and salaries​​.
  • Research interests: Banfield’s research includes Industrial and Medical IoT security, human-centric security approaches, and the development of self-learning intrusion detection systems using machine learning​​.
  • Usable security: He emphasizes the importance of usable security in organizations, advocating for security solutions that accommodate human behavior and are integrated from the initial stages of product development​​.
  • Student training: The majority of his students are expected to work in blue-team roles, focusing on defense, with some evolving into purple-team roles that combine offensive and defensive strategies. His courses provide practical, hands-on experience in cybersecurity​​.
  • Recommended readings: Banfield suggests “The Art Of Exploitation” by Jon Erickson and “The Network Security Bible” by Eric Cole as essential readings for students interested in cybersecurity.
Cybersecurity Guide
Why did you first become interested in cybersecurity?


James Banfield
I started working in IT in 1984. That would have been my junior year of high school. This was back when computers were very rare, and there wasn’t one in every business office. I found myself helping people set up networks and even teaching them why they are needed. My father was running a company at the time, and seeing 30 or more people stand in line to use a printer drove me nuts. I helped them stand up their first print center. 

Then in the mid-nineties, the whole world landscape changed as the Internet started to become the thing that it is today. For many, however, security was still an afterthought, but not for the companies I worked for. We were managing websites for ford.com, nike.com, whitecastle.com, and the like. We were at the forefront of brand protection.

Those early experiences eventually turned into a 36-year career as an executive and educator in the IT/security field.

During this period, I became interested in understanding how a hacker thought—asking myself what I would do if I were an adversary. I developed a love for pen testing.  

Cybersecurity Guide
As we have conducted interviews with cybersecurity experts such as you, we have begun to identify a trend. Many of the leaders in cybersecurity today serendipitously came to the discipline. They didn’t set out to build a career in cybersecurity; rather, their interest in cybersecurity grew as the threats we all experience today increased.

James Banfield
I think that is very common, and in many ways, that describes my experience as well. 

Cybersecurity Guide
Is it fair to say that this serendipitously backing into cybersecurity is one thing you are trying to change with programs like the one you teach at Eastern Michigan University?


James Banfield
Absolutely! I try to instill in my students the idea that success follows doing what you love. About 25 percent of students come to my program because of the job opportunity and salary potential they perceive the Information Assurance and Cyber Defense program will afford them. This is a fine reason, but it’s not the best reason. I tell them to chase their passion. Then they can have success and enjoy what they do at the same time. 

Cybersecurity Guide
In your current role, do you have the ability to work on independent or discretionary research? If so, what research are you involved in?


James Banfield
I do have research opportunities, but it can be a challenge. I currently have two Ph.D. students. I try to align my research with theirs so we can work together. 

As an example, I am interested in Industrial IoT (Internet-of-Things), and one of my Ph.D. students is interested in medical IoT. So, we are working together where it makes sense to do so.

One of the things that capture my time most is human security; which most call usable security. You can build the greatest, wonderful security solutions in the world, but if people don’t adhere to best practices, it is not going to save the company any money. You can tell people all day long not to click on certain things, but often they will anyway, right?

I am performing a lot of research trying to help people succeed in adopting secure behavior. I am looking beyond information awareness to look at risky behavior and ask questions like, “why wouldn’t someone comply with corporate security policy?” What would have to happen for them to comply with the policies, and what technologies can help with that?

I am also interested in finding applications for machine learning in security. We all know that hackers are continually developing new exploits and deploying them before we can develop a patch. That’s just the world we live in right now.

A simple example of an application for machine learning might be in an intrusion detection system. An IDS compares activity patterns as they happen across a network against a database of known malicious behavior. I am working with a couple of my students on a self-learning IDS. The idea is to teach the IDS how to identify anomalous behavior even if it has not been seen before. This way, you don’t have to wait for a security vendor to update your database or send a patch.

Cybersecurity Guide
Can we talk a little more about your interest in usable security? I think our readers will find that interesting.


James Banfield
Certainly. The idea is that for security to be effective, it must be usable by the organization’s people. It goes beyond the set of rules that humans must follow to stay safe and comply with policy. And while that is important, useable security means trusting and engaging your people. They have to do their jobs, so build security solutions that will accommodate human behavior and not work against it. 

At another level, usable security includes security-by-design principles as well. We have the technology to build all kinds of beautiful devices, programs, and apps, but security can’t be an afterthought. It must be baked-in. 

With medical edge IoT, for example, we have the ability to apply pain management remotely. A doctor can check a patient’s vitals and remotely inject the medicines he prescribes. Now imagine what could happen if malicious hackers were able to take control of that type of equipment. 
Security must be considered at the very outset of product development, and it must consider what humans, even legitimate users, can and will do. 

Cybersecurity Guide
Let’s turn to your students. What kinds of things are they interested in when they come to your program?


James Banfield
We see what most schools that teach cybersecurity courses see; students that show up wanting to be a pentester. They want to hack things, but they’re not interested in breaking the law. 

As I recall, the job opportunity for pure red-team is about 5 percent. We train our students on some offensive strategies, but we are not trying to make them full-on hackers. The job market won’t support that.

Most of our kids are going to end up blue-team, administering/securing servers or websites. They will evolve to purple-team in their careers with experience. 

We give them practical experience on both sides of security, however. We divide classes into roles; in one team build a secure website, and the other tries to break it. Then the knowledge is applied in tandem at upper levels of course work. All of this is done hands-on.

Students sometimes come to the program with misconceptions about cybersecurity. They may have watched too many CSI episodes and expect something like that will be their work environment. 
We have a couple of classes designed specifically to help identify those that don’t yet have the basics needed to succeed. One is on networking, and the other is an intro to security. If a student can’t get a B- in those classes, they are prevented from continuing at that point. We don’t want students to spend time and money on something they may not be well suited for. 

Cybersecurity Guide
To wrap things up, if you were to build a cybersecurity reading list, what would be your top picks? That could be books, papers, lectures, what do you recommend?


James Banfield
The Art Of Exploitation. It’s by Jon Erickson. There are a couple of editions out now. It dives into that world of ethical hacking we discussed earlier. 

Eric Cole wrote one I really like. He is actively involved with the SANS Technology Institute (STI) and SANS. It’s called The Network Security Bible. He does a great job of explaining the foundations of network security in this book. I tell my students to buy it. It’s the book you keep on your shelf when you’re working.

I love Hack This Site. It’s a fun place to test your skills.

I sometimes refer students to Cybrary or Udemy. These are both excellent training sites. 

Cybersecurity Guide
Thank you so much for your time today. I have enjoyed speaking with you.

James Banfield
You’re welcome. It was nice to meet you.

Related resources

  • Michigan’s definitive directory of cybersecurity education
  • How to respond to cyber hacks and security breaches
  • What is cyber defense? An introduction
  • Internet safety resources for students
  • Highly recommended: A cybersecurity reading list

Primary Sidebar

  • Online Programs
    • Master’s
    • Bachelor’s
    • Bootcamps & Certificates
Sponsored Ad
cybersecurityguide.org is an advertising-supported site. Clicking in this box will show you programs related to your search from schools that compensate us. This compensation does not influence our school rankings, resource guides, or other information published on this site.
  • CERTIFICATIONS
    • Azure
    • CASP+
    • CCNA
    • CEH
    • CISA
    • CISM
    • CISSP
    • CRISC
    • Cryptography
    • CTIA
    • CND
    • Forensics
    • Malware Analyst
    • OSCP
    • Pen Testing
    • Security+
  • CAREERS
    • Security Engineer
    • Chief Information Security Officer
    • Security Analyst
    • Computer Forensics
    • Security Consultant
    • Digital Forensics
    • Cryptographer
    • Security Administrator
    • Penetration Tester
    • Security Software Developer
    • Security Specialist
    • Security Code Auditor
    • Security Architect
    • Malware Analyst
    • Data Protection Officer
    • Cybercrime Investigator
    • Cryptanalyst
    • Security Incident Responder
    • Chief Privacy Officer
    • Risk Manager
    • Network Administrator
    • Business InfoSec Officer
    • Information Security Manager
    • Cyber Operations Specialist
  • RESOURCE CENTER
    • Centers for Academic Excellence
    • Job Guide
    • Veteran’s Guide
    • Women’s Guide
    • Internship Guide
    • Security Clearance Guide
    • Ethical Hacker Guide
    • Coding for Cybersecurity Guide
    • Cybersecurity 101
    • Student Guide to Internet Safety
    • Scholarship Guide
    • Cybersecurity Math Guide
    • Small Business Guide
    • Cybersecurity for K-12 Students
    • Career Networking Guide
    • What is a Cyber Range?
    • Code Like a Hacker
    • Reacting to a Cyber Incident
    • Introduction to Cyber Defense
    • Cybersecurity Courses Online
    • Recommended Reading
    • Phishing Attacks
    • Cybersecurity Responsibility
    • How to Get Into Cybersecurity
    • Cyberwarfare
    • Cybersecurity Insurance
    • Job Interview Prep
    • Readiness Economy
    • Is Cyber a Good Career?
    • What is CyberCorps?
    • DEI in Cyber
    • NIST and Small Business
  • RESEARCH
    • AI and Cybersecurity
    • Holiday Hacks
    • Jobs Report
  • INDUSTRIES
    • Financial Sector
    • Insurance Sector
    • Healthcare Sector
    • Environmental Sector
    • Energy Sector
    • Government Sector
    • Transportation Sector
    • Food and Agriculture Sector
Cybersecurity Guide
  • Home
  • Campus Programs
  • About Us
  • Popular Careers
  • Online Programs
  • Terms of Use
  • Resources
  • Programs By State
  • Privacy Policy

Copyright © 2025 · Cybersecurity Guide · All Rights Reserved