In this episode with Dr. Jeremy Straub, an associate professor at North Dakota State University, we talk about cybersecurity education opportunities at NDSU.
At the top of the episode, Straub discusses his background and interest in cybersecurity, particularly in the application of AI to cybersecurity. He also provides an overview of the cybersecurity programs offered at NDSU, including undergraduate certificates, bachelor’s degrees, and graduate degrees.
Then, Straub emphasizes the importance of hands-on experience and engagement with the cybersecurity community, and highlights the research opportunities available to students. He also discusses the need for continuous learning and keeping up with the evolving cybersecurity landscape.
What does the future of cybersecurity look like? Straub predicts that automation will play a significant role in the future of cybersecurity and advises students to develop programming skills and stay updated on the latest developments in the field.
Listen to the episode
A transcript of the full episode
Thank you for joining us today for the Cybersecurity Guide Podcast. My name is Steve Bowcut. I am a writer and an editor for Cybersecurity Guide and the podcast’s host. We appreciate your listening.
Today, our guest is Jeremy Straub, associate professor at North Dakota State University. We’re going to be discussing cybersecurity education opportunities at NDSU. Before I bring Dr. Straub in, let me read you his bio so you can understand some of his background and we’ll talk more about him once we bring him on. But Jeremy Straub is an associate professor in the Department of Computer Science at North Dakota State University. He holds a PhD in scientific computing and MS, and an MBA, and two BS degrees. He has published over 40 journal articles and over 120 full conference papers.
In addition to making numerous other conference presentations, Straub’s research spans the continuum between technology development, commercialization, and policy. In particular, his research has recently focused on AI applied to cybersecurity, robotic command and control, aerospace command, and 3D printing assurance. Jeremy is a member of several technical societies and has served as a track or session chair for numerous conferences. And so with that, let me welcome, welcome Dr. Straub. Thank you for joining me today.
Well, thanks for having me on your show, Steven.
All right. Well, I’m looking forward to this. This is an impressive background and I did a little research into your background, and you’re an impressive individual with a lot of experience, so I’m going to try and extract some of that for our readers or for our listeners. So let’s start letting the audience know you a little better. So tell us how you first became interested in cybersecurity. Had you always since a kid or did it happen during your PhD or somewhere in between?
Well, I think I’ve always had some interest in cybersecurity. Certainly the terminology we use to describe it has changed a lot, but it was something that at different points during my education I got involved in. I did some coursework related to it at the bachelor’s level. I did some more at the master’s level. Not a whole lot at the PhD level, but the thing that really has kind of gotten me into it on a nearly full-time basis right now, and again, most of the research that I do right now relates to AI and cybersecurity.
Most of the teaching that I do right now is cybersecurity courses. Certainly, there’s a few other odds and ends that I do, but the vast majority of what I’m working on right now relates to cybersecurity. And the nexus to that for me was the use of AI for different cyber challenges and actually looking at how AI can be used to defend systems.
AI can be used to test systems to figure out whether they need to be updated, need to be enhanced in terms of their defenses, and really just the different ways that different AI technologies can enhance the security of organizations, whether it’s looking for threats, actively looking for vulnerabilities and so forth. So that’s kind of what got me into cybersecurity is that I was doing a lot during my PhD related to robotic command and control. And it turns out that the technologies at the very low level that you need to do a lot of the cyber decision-making are very similar to the technologies you need to do robotic command and control.
So it was kind of a neat pathway to actually getting into a very specialized area in cybersecurity. And then again, I had some existing background more generally that I was able to draw upon, but I’ve really been kind of focusing on broadening my horizons in that area over the last six or seven years as I’ve been doing more and more cybersecurity and as we’ve been sending up our cybersecurity programs and offerings at NDSU.
Interesting. I want to explore that idea of AI in cybersecurity just a little bit. And really, I just want to… It’s something that’s fascinating to me and anybody that’s in the industry has read a ton about that, but most of what I’ve read has been published in the last 12 months. I mean, it’s quite recent. How long have you been researching AI as it relates to cybersecurity? Is that quite recent or has it been a number of years?
No, I mean, I think without going back through and doing the math, I mean I certainly did one or two papers related to topics specifically related to intrusion detection while I was a PhD student. So that’s seven, eight, nine years ago. I’m pretty sure I did something related to it. I’m not if it ever actually got published, but something when I was doing my master’s degree, I did something in that same space. Again, we may never have actually set that in for publication, but certainly did some technical work on it.
So I’ve been kind of, again, doing stuff in this area for, I don’t know, 10, 11, 12 years, give or take. And again, it’s gotten a lot more pronounced recently. Again, just as I’ve had more and more ability to set my focus on the different areas that I’m particularly interested in and certainly aligns so well with what we’re doing in terms of building out the cybersecurity programs at NDSU.
So I’ve been able to really get more and more and more into just doing cyber stuff, doing AI, applied to cybersecurity research, and as I mentioned, doing a lot of cybersecurity teaching. So it’s been something that has been a moving thing for me over time, but certainly it’s something I’ve been doing for quite some time.
I would’ve guessed that that’s what your answer was going to be because it seems like, from my perspective anyway, that ChatGPT and some of those technologies have drawn a lot of interest from the general public into AI and what it can do. But in reality, AI has been around a while now. And AI and cybersecurity is not really a new concept. It’s just probably getting more publicity now than it has in the past. So let’s turn our focus towards North Dakota State University and help our audience understand the different cybersecurity programs that you offer, undergraduate programs, advanced degrees, what can they expect to find?
Yeah. No, that’s a great question. It’s a bit of a laundry list. I like to say we’re getting so many that sometimes I kind of go through and I just start rattling them off. So I’ll try to go really slowly and explain a little bit about each of them to make it so we’re not jumping around so much. So I’m going to start from the lowest level academically. So the most intro program that we have is a undergraduate certificate in cybersecurity.
Again, the student takes a few undergraduate courses. They get the certificate right away. That’s something that, again, somebody that’s in another undergraduate program, somebody that’s in one of our topically related undergraduate programs, or somebody that maybe already has a bachelor’s degree and doesn’t want to get into graduate level coursework, but wants a credential in cybersecurity…
So that’s the easiest and certainly smallest in terms of the coursework required of our programs. I should also say we have a number of other undergraduate certificates in our computer sciences and computer science or computing related programs and all kinds of topics. And one of the neat things that we’ve done recently is we’ve actually made a stackable credential set that in particular takes students towards a bachelor’s degree in computer science.
So there’s a number of these certificates that are available towards that, which are all kind of equivalent to the one in cybersecurity and that require the student to take a few courses and they can be issued kind of independent of enrollment and a degree program. Again, you can be enrolled in the degree program if you want to, or you can just do the certificates as a one-off.
Then at the bachelor’s level, we have a Bachelor of Science in Cybersecurity. That’s something that has just started this fall semester. We have a bachelor of science in computer science. We also have a Bachelor of Science in Software Engineering that is within the Computer Science Department. And then our Electrical and Computer Engineering Department has a Bachelor of Science in Computer engineering that, again, would be something that people related to computing technology might be interested in.
Our business college actually has a Bachelor of Science in Management Information Systems, again, which might be of interest to people depending on what their particular focus would be. And again, any of these degree programs except… Well, even including the Bachelor of Science and Cybersecurity because they could take the undergraduate certificate as part of that program, but they compare any of those BS degrees with the undergraduate certificate in cybersecurity if they wanted to show a particular focus in that area.
We then move into our graduate programs, and just like at the bachelor’s level, we have a graduate certificate in cybersecurity that is the lowest coursework required credential that we have at the graduate level that requires students to take four courses in cybersecurity. Three of those are required courses. One of those is an elective. And again, anybody that has completed their bachelor’s degree can do that. The courses are designed to be able to pull from a variety of different disciplines of background knowledge and to be very accessible for people that may want to add some cybersecurity knowledge to a particular field that they’re already working in or maybe are looking at this as a way to help them transitioning fields or whatnot.
And then we move up to the master’s degree level. We have a Master’s of Science in Computer Science and then we have a Master’s of Science in Software and Security Engineering. And then at the PhD level, we have a PhD in Computer Science and a PhD in Software and Security Engineering. And in both the master’s and the PhD, students can pursue cybersecurity as a research topic if they want to, in addition to taking a wide number of cybersecurity related courses towards either of those programs, if that’s the direction they want to go.
Wow. I don’t know that I did expect all of that. So would you say that North Dakota State University has more to offer in regards to cybersecurity than a typical state university?
Well, I think a lot of schools are getting into cybersecurity. So right now, really we’re the zeal. Obviously, it’s a very high growth area. So I’m not sure there necessarily is a typical university to compare to anymore. But certainly we’re really trying to build out as much content as we can, something that’s really important to our region, to our state in terms of the positions that are open and trying to help meet those needs within the workforce.
So we’re trying to build out as much as we can in this area and really try to meet students at whatever their needs are for education, whether it’s at the bachelor’s level whether it’s the short certificate at the undergraduate level, whether it’s something at the graduate level, either again the certificate or one of the degree programs. And so we are trying to provide as comprehensive of a set of options as we can.
We actually have two new programs planned for next year as well. We’re hoping to have a Bachelor of Science and Information Technology and a Bachelor of Science and Data Science released in the near future. Again, that BSIT, I believe, is scheduled for next year, the Bachelor of Science and Data Science. Again, we’re hoping to get it done as soon as possible as well.
Okay. Well, I want to ask you about… And I want to spend some time talking about what makes your program or programs unique, but before we go there, now we focus on what’s available academically. So the other half of that equation for students that are thinking about making an education institution choice is what is extracurricular? What does that look like? Are there clubs and events and organizations related to cybersecurity that students can get involved in?
That’s a great question as well, Steven. And we do have a lot of things students can get involved in extracurricularly. There are a number of student organizations that do things related to cybersecurity. We have the primary student organization, the largest student organization related to cybersecurity is our cybersecurity student association. There’s also a Women in Cybersecurity chapter at NDSU. We have ACM chapter at NDSU as well as a variety of other organizations related to electrical and computer engineering and MIS degrees as well.
Again, all of those organizations have some interest and relation to cybersecurity. Obviously, our Cybersecurity Student association and Women in Cybersecurity Chapter are going to be most directly topically related to it just because that’s kind of their key focus. But we do an awful lot in terms of extracurricular opportunities for students. We have a very active group of students that participate every year in the National Cyber League competition.
We take students all over the country to other cyber competitions. We just had students down in Huntsville at the National Cyber Summit Cyber Cup that did really well. We’ve taken them out to a variety of capture the flag events at BSides conferences around the country. Again, just a wide ranging set of opportunities for students whether they want to do something like National Cyber League from the comfort of their home or the comfort of one of our computing labs, or if they prefer to see the sites and also attend a conference or participate in a cybersecurity competition.
We really are equipped to help students in any way along that spectrum. And again, there’s just so many neat opportunities for students to get engaged. And we’re looking at expanding that too with additional speakers and a lot of other activities that we’re working on building out even right now.
Great. Okay. From my perspective, I think we’ve identified one thing that makes NDSU unique and I know you were modest in your answer before, but I think the breadth of the programs that you offer is exceptional. But is there anything else that makes your program or programs unique?
Well, I think certainly the level of engagement is a big thing for us. We’re also doing a variety of funded research in the cybersecurity area, both in the education space and related to technical work. And that’s something that students have an opportunity to get involved in. And so again, I think really the combination of all of those things is what makes the program unique. Just the way that those pieces fit together between the research, between the teaching, between the extracurricular activities. And again, all things that students can get involved in and hopefully are quite synergistic in terms of what they produce for the student in terms of getting some hands-on experience, getting some classroom knowledge. And again, being able to bring those together and then demonstrate those through a cybersecurity competition or something similar to that.
Steve Bowcut, first speaker and show host:
Very good. All right. So one thing a student is always concerned about is are they going to be prepared to go to work when they graduate? So talk to us a little bit about NDSU and how you prepare students for real world cybersecurity challenges. There’s understanding the technologies and then there’s how to get along and be successful in the real world in that field.
Yeah. That’s another great question, Steven. Of course, obviously students are going to school with a goal in mind. They’re not necessarily planning to be perpetual students, nor do most people have the flexibility of just exploring technologies for the sake of exploring them for the rest of their life as much fun as that might be. So it is really a focus of ours to try to get students to have real useful skills right off the completion of their degree program.
So whether it’s involvement with research where students are working in a capacity and really in a format that could be very similar to what a research or development team in industry might look like, that’s one big area. Another big area of course is the cyber competitions. A lot of these competitions are created by people in the computing industry and the cybersecurity industry specifically to help students learn the skills that they find to be valuable and to help them measure the skills, to help them make a hiring decision as well.
National Cyber League produces these documents called scouting reports for students at the end of the competition each year. And those, again, are designed to flow directly into specific work roles and students’ qualifications for those work roles. And so, again, that’s part of the way that we look at that. The other big thing that we like to do is bring in people from the local community and have them talk to students about what they’re doing.
We sponsor a number of different activities. We recently hosted the Fargo-Moorhead Information Security group on campus. We also participate in a variety of locations that moves from month-to-month where it’s located and try to get the students to participate in that. We’re hosting actually this upcoming Saturday, a Fargo BSides conference, cybersecurity conference. And again, we’ll have a lot of people from industry and from the local community at that as well. A great opportunity for students to hear again about what they’re doing, what their day consists of in regards to their cybersecurity careers in addition to the neat technical topics that they’re talking about.
So we do try to bring a lot of people from the community onto campus and to try to get students as involved as possible in the local cybersecurity and local computing communities to try to make it. So it’s a pretty good transition when they’re done with their degree. They have a pretty good idea of what the next step would be and how they can be preparing for that next step as they’re completing their degree as well.
Very good. All right, so let’s change our focus here a little bit. And for those students who are just excited about sinking their teeth into some research opportunities, talk to us about that. Are there research opportunities or projects they can be involved in and if so, in that undergraduate level or just at the postgraduate level. How does that work?
Again, another great question. We do have a lot of opportunities for students to get involved in research and development activities and it varies a little bit from year to year in terms of exactly what activities are offered. Typically, we have students that are working on research projects on campus over the summer. We have funded research from a variety of federal sponsors. We also work with some other university sponsors and some commercial sponsors as well of research. And so we have projects from all of those different perspectives that students may be able to get involved in. And then potentially may find a career path even out of the work that they’re getting involved in.
So that’s a really big thing for us. And again, it’s something that we are already doing a lot of, but it’s an area where we really hope to grow as we’re continuing to grow the program. In fact, the biggest challenge on that side of things is usually that we don’t have quite enough students for the opportunities. So as we grow the cybersecurity program and have more students coming on board from that, we then can grow the opportunities from the funded research side when we have more people to support them.
So again, I think from a student perspective, it’s a good problem to have because it means that there are readily available opportunities for students that want to get involved in those types of things. Obviously, every funding source has certain restrictions on who can participate as you’d expect in this space, whether it’s certain background criteria or for some of our federal sponsors citizenship or permanent residency requirements. But again, I can’t think of too many cases where there was a student that said, “Hey, I want to work on something.”
I don’t think we’ve ever necessarily said no. Usually even if students have their own idea of something that they want to work on that relates topically, we can help them get set up with that. We have some great internal funding programs on campus as well, and through our North Dakota EPSCoR and some other sources where sometimes we can find a little bit of money to help students actually pursue something that is a cool idea related to a research focus that we have somebody that can provide them some good guidance on, but really let them take the reins and charge forward in their own direction as well.
So there’s certainly a lot of opportunities for that, and that really is a very big thing to us is to make those available. Again, I know I mentioned that in response to one of your previous questions as well, but I do think that that level of involvement in all of these different things is something that really is one of the benefits of our program. So it’s something that we’re really concerned about making sure those opportunities are available.
Excellent. All right. So most academics that I speak with at some point in the conversation they’ll express, I don’t know concern, but it’s a challenge I think often to keep the curriculum up to date because the threats are evolving so quickly. The landscape, the cyber landscape and the security landscape is changing so quickly. And you’ve talked about your engagement of people from the industry and the cybersecurity community and that’s probably part of the answer, but is there anything else that you do to keep the curriculum current and relevant to what’s going on in the industry right now?
Well, that certainly is a challenge. I mean, cybersecurity, and to a lesser extent, all of computing is a really rapidly growing field compared to some more traditional disciplines that they just don’t have as much movement. What makes it so tricky in a lot of the computing related fields too, is that a lot of the growth is actually outside academia. It’s Googles, it’s Microsofts, it’s the Palo Alto Networks and other companies of the world that are actually making a lot of the innovation in this space.
So you really have to be kind of scanning far and wide to keep a good grasp of where things are. Simply waiting for the next edition of the textbook to come out, or even reading all the research papers really isn’t going to keep you up to date with what’s going on in cybersecurity the way it might in other areas. And so one of the big things from my perspective personally, is I really want to be going places and engaging with people that are actually doing active work.
So I spend as much time as I can at different conferences, at different events, talking to people that are actually doing this stuff every day. And that’s where a lot of our partnership opportunities come from as well. But also just great little tidbits of knowledge, things that we can course correct a little bit sometimes in some of the course materials just from having great conversations. Just a few weeks ago, I was at the Billington Cybersecurity conference in DC, which was a really great event. So many people there are doing such important work to protect national security with different elements and different aspects of cybersecurity.
I was having a great conversation there with an individual from a major consulting firm who was telling me a little bit about how they’re changing and restructuring and moving away from services in one area and more into making cybersecurity products. And that concept is something that I’ve been able to actually incorporate in some of our curriculum this semester just in terms of how do we present some of these opportunities and some of these job role aspects to students?
I’ve been able to say, “Well, this is what we would’ve told you two years ago.” There are a lot of places that still do this, but it also turns out that there are companies that are doing this as well. So there’s just great little opportunities to inject some of that material into the curriculum. Again, also provides a lot of opportunities for the extracurricular aspects as well, whether it’s working on research projects or some of the other opportunities for interaction with the professional community as well that are made available to students.
So it’s a really big thing. The other thing I should mention in this area is we’re spending a lot of effort on actually developing our own curriculum in certain areas specifically so we can update it quickly. One of the challenges with using somebody else’s curriculum is you can’t really go in easily and make changes to it. So we’re actually producing for some of our core classes, our own curriculum from the ground up so that we can replace module by module, piece by piece, semester to semester, year to year as it makes sense, the elements of that curriculum.
So that’s a really big thing for us as well. Again, just making it so we can keep the curriculum as current and as accurate and as relevant to the opportunities for students as possible.
Excellent. Thank you. All right. So we’re starting to come up against the clock, but there’s a couple more things that I want to cover with you and these are kind of fun questions. So I would like to ask you to provide for us if whatever comes to your mind, but if you were to put together a reading list, a cybersecurity reading list, and it doesn’t have to just be reading, it could be books, papers, lectures. It could also be YouTube channels or conferences that people should attend.
But what kind of things would you recommend to someone who’s really at the beginning of their academic journey and they want to learn? “Is cybersecurity the right field for me? If I decide to go that direction, what’s my life going to be like?” That kind of thing.
I mean, that’s another great question and I think I have a list that’s longer than our list of degree programs about things I’d recommend that people read. But I know we have a time limit here, so I’ll try to keep it short. I think for people that are just kind of trying to get an idea of what’s going on, certainly there are a few publishers that have a particular focus on cybersecurity. No search press, packet, and similar looking at the books that they provide. They have a number of great introductory books. That would be one place I’d recommend starting.
There’s also a wealth of information available online and a number of websites and YouTube channels that are designed to help people get up to speed. And certainly a lot of the magazines, the traditional, some of them no longer actually print traditional magazines, hard copy magazines anymore, but they still have some great introductory content on their website. And really Google I think is your best friend or Bing or other search engines for this type of stuff where you can look and try to get a really specific answer to a question that you may have and then watch as the pathways open from that.
A lot of the articles that you’ll find will have links to other articles and you can follow that as well. The other thing I’d recommend people do is get an account on LinkedIn and follow some of the particular groups that are focused on cybersecurity on LinkedIn. There’s a ton of them. They also have cybersecurity as a category. In fact, actually there’s cybersecurity, there’s network security and one or two other related categories for the community generated articles.
So you can see a lot of different perspectives on these where they’ll start it out with some headings and a few sentences about each. And then you can see what other people from the broader community think about it. And the beauty of this, of course, is you click right on their name and you can send them a message. I mean, you can either engage with them via their page or if you’re a premium subscriber or you’re connected to them, you can send them a direct message.
But that’s a great way to interact with people as well and to begin to build those connections, particularly for somebody that wants to get into the industry, build, not only reading and hearing what they say, but actually beginning to interact with them and beginning to get some recognition of your own presence for a student or for somebody that maybe is transitioning between career fields can be a really powerful thing when you’re looking for jobs.
Again, there’s a lot of jobs out there in cybersecurity, and so most people that are skilled and are looking for a job don’t have difficulty finding it. Obviously, the job market is getting a little bit tighter now than it’s been in the recent past. But I think, again, figuring out what skills are applicable to the type of job that you want to do as opposed to just taking the job that meets the skillset that you have can be a really big thing in terms of quality of life, again, figuring out what’s important to the individual and how do you find a position that lets you do whatever it is you consider to be important, and then building up your skillset for that.
And particularly for students in college and for students in high school that have the luxury of being able to do some of this stuff on their own time while they’re also doing coursework and maybe working part-time job, but they may have a little bit more free time than people later in their career. It’s an excellent time to be learning about what those opportunities are and preparing to pursue them. So that would be the big thing I would focus on in that area.
Very good. Thank you. I appreciate that. Jeremy, my final question is a lot of fun, but it serves a valuable purpose. Lots of students, I think they stress out a lot about making sure that they’re prepared for the future. And so I think it’s helpful for someone with your perspective on the other end of that. So you’ve been doing this for a number of years. If you could offer your perception of what the cybersecurity industry may look like in five years or 10 years and what students can do specifically today to prepare for that future.
And again, Steven, that’s another great question. I think 5 years and 10 years, we’re going to see heavy automation of the cybersecurity industry. And it really comes down to a very, very simple fact, which is that if your adversary is using an automation tool and you’re simply not going to be acting at the same speed as they are. If you’re trying to defend against an attacker where the attacker is moving at the speed of the computer and the defender is moving at the speed of the human in the keyboard, there’s a big, big difference there. And it means that in some cases, an attack can be complete. They can compromise, whatever they want to compromise, collect whatever data they want to collect, broken whatever system they want to break while the human is still trying to gather the situational awareness necessary to respond.
So I really see the future of cybersecurity as heavily automated. And again, I think there’s a single kind of major force, which I just mentioned that’s going to drive us there. And this is a common misconception. People hear automation and they think, “Oh, that means there’s going to be no jobs in the area.” I don’t think that’s the case at all. The more that we have tools, the more we need people to make those tools, the more that we need people that understand how those tools work to oversee them to make sure that they’re working correctly to test them.
So in a lot of fields, this may mean that you need to learn a different skillset, right? If you are working in Field X and your field is becoming automated, you may need to learn some computing skills to keep up in your own field. The beauty in the computing field is that the skills that you’re learning whether you’re the person that’s doing the cybersecurity work or the person that’s working with the AI system to have it do the cybersecurity work are actually pretty close.
So the one thing I would say for people that are trying to do cybersecurity and maybe staying away from programming a little bit is to make sure you have a good background in programming. You’re going to use it even if all you’re doing is the IT side or the cyber side, whether it’s making scripts to automate tasks or a lot of other things. But when automation comes in and you’re actually helping work with, develop that, et cetera, those automation tools, that programming knowledge is going to be important.
So building up that programming knowledge I think is absolutely critical to future proofing yourself in cybersecurity. And then just keeping up with the latest developments and programming and the latest developments, of course, in the cybersecurity technologies as well, it’s a lot harder to get back up to speed than it is to stay with the pack. And so those would be my two biggest recommendations for students, again, to make sure they have some good programming skills coming out of school, and then to just make sure that they don’t let themselves get left behind, get into a particular job role, and put the blinders on and stop looking at what’s going on in other adjacent areas.
Because of course, the next job, the next step in their career may not be in that exact same field that they’ve started in. So, again, keeping that kind of broad outlook, participating in community events, going to conferences, going to other places, trainings, et cetera, where you can learn more about it and keep up to date is really important in this field.
Excellent. Thank you so much. That’s great advice. Well, we are out of time, but, Jeremy, thank you so much. This has been fascinating for me. I’m sure that our audience is going to eat this up, and we appreciate you spending some time with us today.
Well, thanks for having me, Steven.
All right. And a big thanks to our listeners for being with us. Please remember to subscribe if you find this podcast interesting. And join us next time for another episode of the Cybersecurity Guide Podcast.