Dr. Kemal Akkaya, a chaired professor at Florida International University (FIU), discusses his background and research in the field of cybersecurity, starting from his early interest in cryptography and progressing to work on projects like DNS security.
A summary of the episode
Dr. Akkaya provides an overview of CIERTA (Cybersecurity, Privacy and Trustworthy AI Research and Training Center), an interdisciplinary research center at FIU that serves as a hub for cybersecurity research, innovation, and education, collaborating with industry, government, and the community.
Dr. Akkaya discusses the opportunities for undergraduate and graduate students to get involved in cutting-edge cybersecurity research projects at the center, covering areas like 5G security and post-quantum cryptography.
He outlines the key skills and competencies that cybersecurity students should develop, including technical foundations, critical thinking, continuous learning, and effective communication.
Listen to the episode
A full transcript of the interview
Steve Bowcut:
Thank you for joining us today for the Cybersecurity Guide Podcast. My name is Steve Bowcut. I am a writer and an editor for Cybersecurity Guide and the podcast’s host. We appreciate your listening. We are honored to have Dr. Kemal Akkaya, an eminent scholar, chaired professor in the Knight Foundation School of Computing and Information Sciences at Florida International University. Join us on the Cybersecurity Guide podcast today.
The topic for today’s show is Advancing Cybersecurity Education and Research. Let me tell you a little bit about Dr. Aya before we bring him in. Dr. Aya is an IEE fellow. He co-hosts the CIERTA, which is FIU’s Cybersecurity, privacy and Trustworthy AI Research and Training Center. We’ll talk more about that as we get into the topics that I want to discuss.
This CIERTA serves as a hub for interdisciplinary research, innovation and education and cybersecurity with expertise spanning cyber physical systems, IO ot, security and privacy. Dr. Akkaya has published about 300 peer review papers and actively contributes to major industry organizations in including IEEE and ACM.
His leadership at CIERTA is shaping the next generation of cybersecurity professionals through cutting-edge research and industry collaboration. Today he joins us to discuss FIU’s role in cybersecurity education, emerging threats and the future of cybersecurity research. With that, welcome Dr. Akkaya or Kemal, if that’s okay?
Kemal Akkaya:
Yes, sure.
Steve Bowcut:
Thank you for joining us today. We really appreciate you giving some of your time to help our audience understand what’s available at FIU the programs. You have the research that’s going on and I’m sure it will be helpful to some of these students or early to mid career professionals that are looking to find their way through the cybersecurity industry or academia. So let’s start.
Kemal Akkaya:
You’re welcome. Thank you for having me.
Steve Bowcut:
You’re welcome. So let’s start with just a little bit more background information. It’s always interesting to me and to our audience to find out how you got where you are. So what kind of drew you initially into cybersecurity and how has your focus changed over time, if in fact it has?
Kemal Akkaya:
Yes, thank you. This is an interesting question. Indeed. It goes back to probably 25, 30 years ago when I was doing my bachelor’s. Of course there was no cybersecurity subfield. There was 1990s and I was doing my bachelor’s back in Turkey. And so when I graduated I started my master’s and that’s where for the first time I took a course called cryptography and it was not even offered by a computer science department at that time. It was offered by a mathematician.
So that course was fascinating. At that time was very interesting to me because I always wanted to be different. Everybody was doing AI or software development or database at that time. So I just wanted to explore a different topic and indeed I like it. It was very interesting to me. I don’t know the reason and that’s how it started. So I became aware of that field for the first time, but at that time, again, it was just cryptography.
We didn’t have these attacks and internet was just starting. So when I came to US for my PhD, I came to Maryland and in our lab the professor was focusing on cybersecurity as one of his research areas. And I wanted to work on something related to cybersecurity. And of course when you start, you don’t know which topic you pursue, but there is this research projects that they assign you to work for. So I was assigned to a project that was a government project on DNS security.
So probably people are aware of DNS. This is domain name system that provides the IP addresses for the URLs that we use every day. And apparently there was attacks at that time to DNS system. It’s a system based on there are servers and query resolvers. So they wanted to secure the protocol DNS protocol, and they came up with a standard called DNS sec, that’s DNS security.
And it was a standard already at that time, but it was not implemented. So we were asked to implement it, our lab, and I was part of that team. So there was this Java code and it was fascinating. I was very happy to see that it’s a project that is very applicable because it’s something that we are going to help people to secure their DNS queries and we were implementing it.
So that started with the project and I got to know a lot of talented people there in the lab and they were all doing similar cybersecurity projects. And I got exposed to a lot of new stuff and two classes, although in my own dissertation I focused mostly on wireless sensor networks aspects. Later when I graduated and became a faculty that was still in me, I mean this desire to pursue research on cybersecurity. And I started to pursue wireless networking, security protocol security research.
And then I started to get projects and write papers. So that’s how I came today. But I think two years ago when we were writing a paper about the transition of the internet protocols to post-quantum security, one of the protocols, my students, my PhD students told me that it’s DNS. So they were trying to test how to transition DNS security to post-quantum. And I remember those days I said, well, this protocol, I was one of the team members that implemented it.
And now there are other versions of DNS tech and apparently it’s part of some of the operating systems like BSD UNIX systems. They have these are open source and they have DN Ssec implemented and you can use it for testing purposes. So it was nice moment for me to be that the things that were done maybe 20 years ago are now being integrated and used by
Steve Bowcut:
People. Exactly. Well, that is fascinating. That is fascinating. I know for me, sometimes I miss all the historical stuff that gets us to where we are today. So we talk about post quantum computing or post quantum security, that all seems brand new and cutting edge to me.
But I know that it’s been around for a long time and we’ve seen this coming and people have done a lot of research. So that is awesome. Thank you for that. I was also really curious, this CIERTA, so I thought maybe I could get you to talk about Erta mission, why it’s created, what does it do at FIU? What is it?
Kemal Akkaya:
So at FIU, we had a lot of faculty members who are doing research in different sub areas of cybersecurity because cybersecurity is now huge. There are many sub areas and most of them are interdisciplinary. That means we need other experts from different disciplines out of computer science to tackle the problems. So we wanted to bring all these people together so that we can work together easily and tackle bigger problems that have different components, not just technical, but there are social aspects or human aspects of cybersecurity.
So that was the initial goal, to make it an interdisciplinary research center that will facilitate that type of research so that it will allow especially our computer science faculty to expand their research and work with social scientists, policy people, people from business or law so that they can study different aspects of cybersecurity problems.
So that started with that idea and eventually we wanted to become a technology hub in cybersecurity so that we can serve our community. Because Miami is big. There are a lot of companies, a lot of organizations, nonprofits, government organizations. And over the years we observed that they have a lot of needs in cybersecurity because now everything is digital, everything is online.
These organizations or companies, they need security at different levels. And we wanted to work with them to tackle more practical problems, not just stay in theory, but work with so that we can have access to actual practical problems coming from industry, coming from government, and in some cases come up with some commercialization ideas.
So our faculty had a lot of opportunities to jointly apply for patents to their ideas. And we wanted to continue this and make it bigger and ensure that companies and organizations, they come to us whenever they have a problem in cybersecurity and they don’t know what to do, they come to the center and we will guide them, whether it’s consult or consultancy or providing solutions or training.
That was our goal. And one use case for this, just I want to give an example, is the ransomware threats. So a lot of governments organizations here in South Florida, they were attacked by ransomware. These are local city governments, local school districts. It’s very interesting that they are attacked and the attackers are asking for ransom and otherwise they are not able to function their websites. So this became a huge threat that the state of Florida came up with a bill just focusing on ransomware and how to handle those attacks and just guiding these organizations.
So whenever you are attacked, they don’t know what to do because they don’t have enough people. So this is a real need consider just small school district that this was in my neighborhood, they were attacked and they don’t know what to do. And in many cases, they want to hide this from the media because if it leads to media, then it impacts their reputation and so on.
So just for those cases, if they come to our center, then we will let them know how to proceed, whom to contact and what to do. This is part of incident response. So we want to work with them. They want to make sure that we are not isolated from the community. And part of this is creating community for students, our students and professionals, and engage them so that they become part of this. They benefit from the services, they benefit from our faculties expertise. They learn from each other.
We do events so that they socialize and they create friendship. And this is another need here because a lot of students, talented students, they want to do something in cybersecurity, not just taking classes. They want to do training or hands-on projects, or they want to just talk to people, like-minded people. And this center is also targeting that objective. We bring students together and show them that, hey, there is this community that you can become part of and benefit and contribute to.
Steve Bowcut:
That is so awesome. So I want to flesh that out just a little bit because I love the idea that it’s not just an isolated research center. So you’re in your little bubble doing your research, but the community at large is not really benefiting from it until you publish something.
So does this, when you’re trying to bridge academia, the government private industry, is it like workshops or is it more one-on-one where you’ll actually bring someone from let’s say industry or government, maybe an education institution like you mentioned a local school district, you bring them into the center and then you get students involved with them.
So the student is now working directly with the IT folks from the A, B, C school district that, am I painting the right picture there?
Kemal Akkaya:
Yeah, well, there are a number of options that it can be pursued. So number one obviously is our faculty. They are constantly writing proposals to bring funding, and they’ve worked with agencies. So federal agencies or local agencies, they have different expertise in different sub areas of cybersecurity. So they come up, these agencies, they have solicitations to ask for proposals in different areas of need, specific needs. So our faculty write proposals because we have expertise in different sub areas of cybersecurity, as I mentioned.
And when they get those projects, that starts that relationship. And part of that project, they engage students, they work with the agency, they publish papers, and if that includes training component, they provide training opportunities to public. With the industry, it’s a little different. So there are a lot of companies, and some of them are big, some of them small, depending on the need, there may be different opportunities.
So what we do is mostly proactive outreach. So we develop relationships with local industry partners. So either invite them to our campus and have meetings, presentations. We have a tech summit for instance, that they come and they see our research, they talk to our students, our graduate students, and we go visit them. And if they have facilities and we establish this relationship. So it’s not just whenever they have a need or whenever we have a need, they know us, they know that there is this community and this relationship is there already.
And whenever there’s an opportunity, for instance, in the future, we would like to bring that their expertise to our students and we invite them to mentor some senior design projects. So they work with our students and they offer them mentorship, they provide project ideas in cybersecurity, our students work with them, and this creates a synergy.
And in some cases students come up with a patent out of that project. In other cases, some of the bigger companies, they have their own challenges in terms of cybersecurity. They bring it to our faculty and we work together to address those solutions, those issues. And this creates a project. Sometimes it’s a, it’s paid, sometimes it is just for the sake of building that relationship. So it really depends on the organization. We work with local governments. There are a lot of cities and they have IT and cybersecurity needs, they don’t have enough people.
So we have a project funded by a federal agency to work with them and provide training to them. So this is the relationship that we have with them. So we provide training, free training to their staff in cybersecurity. And then whenever we need to write proposals in areas that are different than their needs, but still require their involvement, we can bring them as a partner. So let’s say we want to write a proposal on smart city security and privacy issues, we can easily collaborate with these local city governments because we have that relationship already in place and they support us. So it’s a two-way relationship. Sometimes that we support them, sometimes they support us, whether it’s through our faculty, students or other activities.
The idea here is again, going back to this community. So we have this center and we are here to serve you whatever your needs may be.
Steve Bowcut:
Interesting. I think it would be interesting to look at it from the student’s perspective here a little bit. So it sounds like there’d be some wonderful opportunities for hands-on research. And maybe I need to clarify in my mind, in my mind, I’m envisioning postgraduate students, but maybe that’s not the case. Are these undergrads or They’re all postgraduate students. Okay. What other kinds of projects, I guess are they involved in that you can share with us? We talked about the ransomware in the smart cities. Are there others that you might cite?
Kemal Akkaya:
Yeah, I mean it depends on our faculty’s projects. They have a lot of research projects going on and they can engage students at different levels. So one of the benefits of the Sierra Center is that our faculty, they are active researchers. They are on top of the game. So they know what’s going on, what are the emerging topics, and they teach some of those topics in their courses and they can bring that expertise to our curriculum.
Our cybersecurity curriculum is there, but it needs constant updates based on the needs. So they bring their expertise and we revise the curriculum, whether it’s undergraduate, we have a bachelor’s in cybersecurity and a master’s in cybersecurity. So both they can contribute, but as I said, they can also engage students separately outside of the classroom. A lot of faculty offers paid or volunteer research opportunities for undergraduates. Of course, there are graduate students.
These are supported from the funds as a research assistant or as a fellow. But for undergraduates, it’s a little different. Sometimes there are projects specifically for undergrads. For instance, I run a summer program called REU research Experience for undergrads. And we bring students paid during the summer, like an internship. But there are also projects which require involving undergrad students during the semester fall and spring and paid. Sometimes they work 10 hours and they work with our teams that are graduate students in different projects.
So I mean, I can give you a lot of examples of projects, specific projects just from my lab. But the main idea there is that there are such opportunities. And the reason we provide those opportunities is that we want our students to get further training. It’s not just taking classes, but they engage with our labs and they get to know how research is done and then they are part of a project. They also improve their skills
In terms of many things. For instance, I have a 5G security project, and the goal of this project is to transition 5G systems into supporting post quantum security. Post quantum security is coming when we have quantum computers, some of the existing algorithms for cryptography will be obsolete, and we need to transition to new algorithms that are resilient even against the quantum computers. So there are such algorithms that started by nist US government, and we are testing them.
And part of this testing is testing them on the 5G infrastructure. And we have a number of students who are working with us to do some or help in some of those tests. So we have an infrastructure, we have graduate students and they set up the system, they help set up the system. We are actually creating an open source 5G systems, which is the same as the 5G system that is in use. So whenever you test something, that means it will also work in real life and you deploy it in a telecom operator system. So students are there to, they’re setting up the system and they learn how to do virtual machines and they learn how to deal with these certificates and they learn how to create protocols. So I can go on and on
Steve Bowcut:
And I think that gives us a picture that I was looking for, but it makes me wonder, and maybe we can offer some more practical advice to students if I’m a, let’s just do a hypothetical here. So I’m an under student, I’m interested in cybersecurity and I’m interested in research. So what skills, we talked about the skills that they need. So what skills should these, so a student like that be focused on developing to be successful in industry or in academia, in research? And I know that’s such a broad question, it would kind of depend on exactly what area they want to go into, but is there some way that you can give advice to someone to that hypothetical where they might want to be focused?
Kemal Akkaya:
Yeah, as you said, it’s very broad now. So you need to have a lot of skills if you want to cover most of the areas of cybersecurity. So depending on the subfield of cybersecurity, the skillset might change. But at the minimum, I would think that there are a number of fundamentals. So you call it foundations that they need to have. Unfortunately, the list is huge because cybersecurity is such an area that requires expertise from different domains so that you can protect them.
For instance, first of all, you need to understand this concept of threat modeling. So when there’s a system, how do you attack that system? What are the attack surfaces, what are the vulnerabilities in different systems? So you need to understand that. But once you have it, then there are a lot of other things that you need to know about the domains, about the tools.
So for instance, you need to have a good understanding of what an operating system is, how does it work, what are the networks, how networks communicate through protocols. Of course you need to understand how programming works. And then there are a lot of tools now that we use for different purposes like machine learning, reverse engineering, cryptography, cloud computing.
So if students are comfortable with these concepts, then it will be very easy for them to have build cybersecurity skills on top of these. Because now the domain, you know the tools and you can understand the attacks, you can understand the defense, you can understand on how to securely design a system. You can understand how to track and see what happens when there’s an attack. And from this, they can specialize. So once they have these foundations, they can specialize on different aspects.
And for that, there are a lot of industry certifications they can choose to get those industry certifications. And unfortunately this is very important today to have those certifications on their cv. So some of them might focus on, let’s say IT security. Some of them might focus on privacy, some of them might be just incident response or some of them just forensics. So there are a lot of different pathways depending on their desire I would say.
But apart from these technical skills, what I have witnessed over the years is that there are some soft skills which are very important for cybersecurity as well. And one of the things is obviously critical thinking, and this is true for our computer scientists. So that’s a broad skill that we try to inject this in colleges anyway, regardless of the discipline. But I think for cybersecurity, two items. One is the continuous learning. So it’s a field that is changing every day. So you need to be always up to date. So you cannot stop learning. You need to be aware of the new attacks. There are new attacks coming every day, new solutions and new tools, new standards. So they need to know that the learning does not stop. Of course, fundamentals, they should continue learning. And even myself, I mean I’m learning every day and it’s a nice thing.
The other thing is the ability to communicate the importance of cybersecurity to layman because human aspect is the weak link. And when you want to communicate people what happened or why should do this, why should they do this or that, they need to have those skills to be able to convince them. Otherwise, if you talk too technical, they don’t understand. And if your message is not well taken, then it’s a risk because you are protecting a system and part of that system is the human link.
And if they are vulnerable, then your system will always be vulnerable. And I see this also for a communicating the importance of cybersecurity to your managers or to administrators, to people that are at the upper admin level. So if you are in a company or government, doesn’t matter, cybersecurity is something that does not bring funding or money to you, but it’s something that you need to have anyway to protect yourself.
But a lot of companies or government organizations, they don’t want to invest in it because it requires resources. So how do you convince those leaders and convince them that cybersecurity is important and we need to do this. That requires interesting communication skills because the way you present it makes a big difference. And I think if they have these skills, that will be an advantage. I mean it a soft skill, right? Be an advantage compared to a person who’s really technically very powerful, but they are not able to communicate with the leaders in the right way.
Steve Bowcut:
I love your answer because every time I think I’ve asked this question, I ask this question a lot or something similar to this. When I talk to academics like yourself and always continuous education and communication, they’re always in the top one or two or five.
So hopefully the students are hearing that message. That is certainly important. I wanted to broaden our view here a little bit. I think we’ve talked about maybe we’ve covered this as much as we need to, but I wanted to get your perspective on the biggest challenges and therefore the biggest research priorities. So we’ve talked about post quantum security, we’ve mentioned AI a couple of times. Are those the biggest challenges that inform or set research priorities or are there other things?
Kemal Akkaya:
Yeah, I think there are a number of challenges that I would think are important to address one of them that we already discussed quantum computers. So in five to 10 years probably we will have those computers and the protocols that we use on internet, like this TLS protocol that is securing our HTTP communication depends on algorithms like RSA or ECC.
These will not be resistant against quantum computers, so we need to replace them. But we also still need efficient quantum post quantum cryptography algorithms. There are standards, but there are also fears that they can be broken. In fact, these standards were established through a competition. NIST was organizing this competition.
So they receive these algorithms as part of the competition, and then there are finalists and they pick among the finalists. So some of the algorithms during that period were broken. So you can have a post quantum algorithm, but if it’s broken, then everything is broken. So they are also considering this hybrid approach where if the algorithm is broken, we can still function. So there are hybrid approaches of keeping post quantum and today’s security algorithms together.
So that’s a challenge. I think that will come. The other thing also, I mentioned the human link is the weakest link and a lot of attacks happen because one employee, they opened an email or click on a link that is malicious. So it’s about their training. And this is not easy, unfortunately, still it’s a problem. And finally, I would say that usable security is important because now security is, I think we did a good job convince the people and communities that this is needed.
We need to invest in the security so it will be part of our lives. But at the same time, it’s also not convenient to use cybersecurity because it introduces extra overhead. So you need to enter these passwords or two-factor authentication and it might be slower. So a lot of inconvenience and people, researchers are looking for ways to come up solutions that are usable.
That means you can still use them and they are secure, but you don’t need to put extra effort for security. You don’t need to put extra passwords or whatever. In all systems, this is a problem. So there is a big desire right now to get rid of passwords, for instance. I mean, we maintain a lot of passwords and a lot of people, they use similar same passwords and they need to update them. So it is a huge headache.
And if we can find a solution that does not require using passwords, then it will be very convenient for people. So that’s another research area Under privacy and trustworthy AI, also, there are a lot of things going on. So I would say privacy is also very important. It’s different than security. It’s the ability for you to protect your data and control, manage your data, not just keep your data confidential, but also to make the decision about your data.
So there is this huge, we are producing huge data and there is this push from AI coming. So the AI models, they need data, they consume data for their training, and that means that your data will be used by different parties in the future. And that creates a lot of legal issues. So did you consent? Did you give permission for your data to be used? A lot of companies are using your data, you’re not aware of it.
And even if you give consent that they will not use your data or share your data with other parties. Indirectly they are doing this. So there is this regulation aspect of it, but eventually what we will need is can we do this AI training without exposing your data? So we call this sometimes encrypted computing or privacy preserving computing. That means you encrypt your data so that people will not have access to it, but they can still use your data to do computations and your data still stays encrypted.
We call it homomorphic encryption. And they get the output, but they don’t see your data. So they can get your data, train the AI models, they don’t see your data, but they can get the trained model eventually as an output. So there are technologies called them privacy enhancing technologies. And I know that the government wanted to invest in these technologies like homomorphic encryption or secure multi-party computation.
These are sophisticated technologies, but they are very slow. So compared to the cases where you do the computation with the clear tax data and not encrypted data, these are still much slower. And if you imagine the training of the LLMs, we call ’em this large language models like check GPT, they’re using billions of parameters and they use a lot of data. So if you imagine that case, that data encrypted and you’re trying to train on that data that will take centuries.
So there is a push to improve the performance of these technologies. I think that will be, that’s one of the challenges. And it’s an active research area in privacy, especially from the AI perspective. Now that these LLMs, they just go to websites, open websites, and they scrap data and you may not be aware of it. So you have a website and those companies are using the data available there just to train their models.
We have this lawsuit from New York Times to open ai. They use their archives to train their models and they didn’t get permission. And they are open. AI is just claiming that, Hey, that’s public. Exactly. So that’s of course an interesting discussion. But the point that I’m trying to make is that, hey, there’s a lot of data there and some of them are open. How do you ensure that when we are using that data, we are not exposing and we are using it in the right way for training? So that is something coming up.
Steve Bowcut:
Interesting. So let me, we’re about out of time, but I do want to leave with a couple of different questions and maybe we can kind of squish them together here into in a single topic. But you’ve got some expertise in cyber physical systems and iot. I wanted to hear you talk about that and maybe what advancements you foresee in the future.
But along with that, I think it’s important for our audience to understand what specifically, or as specific as you could tell us, FIU is doing to prepare the next generation of cybersecurity professionals to be able to tackle these challenges that we’ve just talked about.
Kemal Akkaya:
So for the first part of your question, cyber physical systems or iot, they are part of many critical applications, part of critical infrastructure. So cyber physical systems is a broad term used, but it means, for instance, your power grid. Your power grid depends, is a cyber physical system. It depends on a technology called scada. And it uses a lot of communication protocols, a lot of data. And similarly, this is the case for autonomous vehicles, airplanes or manufacturing.
So they use a lot of data, they use sensors to collect data, communicate, send commands, and iot. Similarly, they collect data and they communicate that data to cloud. So there has been a lot of research on how to ensure that that communication is secure. But I think we are now entering in a new phase where these systems will become much smarter with AI. So they will have the capability of doing decisions by processing the data because they will have access to that compute power. And in the past they were mostly, they have limited resources, so we didn’t really impose a lot of AI on them.
But now that AI is available and we have improvements, they will have those capabilities. So I am thinking that we may even able to bring the power of LLMs large language models to those systems, making them autonomous. That means they will be able to collect data, share data and make decisions themselves without any human intervention.
If they use LLMs, they use those large language models. And this means that you need to ensure these LLMs, they are secure and they know what they are doing. They are responsible, they are ethical and put mechanisms to ensure that if something happens, you have backups. So this is good and bad. I mean, LLMs will bring a lot of flexibility to the systems, but at the same time, when you are able to compromise some of those systems, then you can use LLMs to attack to these systems as well. So there’s always this risk in cybersecurity. But
Steve Bowcut:
Yeah, that’s interesting. Something I was reading just the other day, and I’ll just get your quick opinion on this. So I think, and particularly in cyber physical systems, they’re starting to look at this idea of bounded data. So it’s an LLM, it’s a lot of data there. It’s a large language model, but it’s bounded, right? So we only want you to look at this set of data. Are there cybersecurity, are there security benefits in doing that?
Kemal Akkaya:
Yeah, probably referring to the customization, fine tuning of some LLM. So you just train them based on that domain data, so they learn about that domain in a very good way become, and that helps in your decision making. But I mean you can still interact with an LLM and you can teach that LLM, some other stuff
If you compromise it. I think that there are still possibilities to do tax. And there’s this area called adversarial AI that is, I think, emerging. You can attack those systems during training or during querying in many ways. And LMS are not exceptions. So they are still AI models and there will be risks. So the third part of your question, how do we prepare next generation? So I guess we had a lot of discussion on what we did, what we are doing here.
So part of Sierra, we have this pool of talent faculty who have expertise. As I said, we are trying to bring emerging topics to our curriculum. So if there are new stuff, we are coming up with new courses so that our students will have the opportunity to learn those new topics. And I think this is because our faculty, our active researchers, so they know what’s going on so they can quickly bring that expertise to our students.
Steve Bowcut:
As you pointed out, and I think this is a fascinating point that we probably need to highlight here for our audience, is that that’s one of the benefits of a research university is that, and you may have workshops where you bring industry in and hear what their problems are, but probably more than that, you’re engaged with these people because you’re doing the research. So you’re like first line and understanding what the problems are. You don’t so much have to just listen because actually involved in the research.
Kemal Akkaya:
Yeah, I think that that eventually becomes part of their training. So yes, they are taking classes, but once they are engaged with our faculty and our research projects, then that adds a lot of value to their training because they now have access to state of the art tools, state of the art solutions and expertise. And they can do a lot of hands-on practice as part of those projects. And also they become part of this network.
I mean, they get to know other people very good. They get to know graduate students. And over the years I see that they learn better from each other. Even if the faculty does not have time to sit down and train these students, they come to lab and they sit there and they interact with people. That’s enough. They learn naturally. So the keyword here is the engagement. They come and become part of this community and eventually they will excel. They will grow, they will improve their skills, and it will make them ready for their career.
Steve Bowcut:
Yes. Excellent. Well, we are out of time, but this has been a fascinating discussion. Thank you so much for sharing part of your day with us and with our audience. We sincerely appreciate it.
Kemal Akkaya:
Well, thank you for inviting me. I really enjoyed the conversation.
Steve Bowcut:
It was fun. And a big thanks to our listeners for being with us. And please remember to subscribe and review if you find this podcast interesting. And join us next time for another episode of the Cybersecurity Guide Podcast.