Ken Dewey retired from the Air Force before entering academia. He is currently the director of the cybersecurity program at Rose State College. Dewey is also a faculty member in the computer information technology department and the principal investigator for a cybersecurity grant from the National Science Foundation. LinkedIn profile.
What was your early career like, and how did that lead you to cybersecurity?
Well initially, believe it or not, I actually thought education was a waste of time. Nobody in my entire family had gone to college, and I joined the Air Force right out of high school. In 1990, I was actually over in the Persian Gulf War. And if you knew anything about that war, there was really no internet back then. There was really no geek squad, no nothing.
But we did have a couple of computers at Riyadh Air Base where I was stationed with the military. Someone played a game on the colonel’s machine and got infected with a virus. So imagine the single computer controlling the whole Air Force goes down. And what do you do? Well, I had played with computers on my own, and I spent the next 48 hours, and I rewrote the software. And when I was done, it worked. It wasn’t great, but it did work. And the colonel was like, and I was a jet engine mechanic at the time, and he’s like, “Why are you fixing jet engines?” I’m like, “That’s my job.” He goes, “Okay.” And he left.
Well, I came back from the war, and literally the first hour back, I got a phone call from the colonel’s office saying, “You don’t work on airplanes anymore. You get over here and work with computers.” My boss didn’t believe me. So that colonel called my boss and said, “He’s leaving. He’ll never be back.” So really that’s what originally got me started more in-depth into computers.
Then in 2003, our president here at Rose State, Dr. Cook was at some conference here in Oklahoma City, and Dr. Sujeet Shinoi was speaking about how we need to expand cybersecurity. So I think the conference was on a Friday. I got a phone call Saturday morning from the president of the college saying, “Hey Ken, what are you doing next week for the entire next year.” I’m like, “I don’t know. What am I doing?”
Well, they sent me up to the University of Tulsa to get — at that point — my second master’s degree in cybersecurity. I went through the Cyber Corps program for the most part at University of Tulsa, and then took that knowledge and brought it here to Rose State College, and started teaching it at the associate’s level. So that’s really how I got started, and have never turned back.
That’s a pretty amazing story. What a way to get in there. What are your current interests? What kinds of courses are you teaching and what are you working on?
First of all, I teach at the associate’s level, but the majority of our program is geared after the classes I took at the University of Tulsa at the master’s level. So I teach a digital forensics course. It’s a lot more in-depth than most. I teach a cryptography course. And I didn’t dumb them down, but what I did was I made them more in-depth for beginning learners. So I can take someone who really has no background in math, and teach them basic cryptography.
So my favorite courses are digital forensics, cryptography, ethical hacking, that type of stuff. So I really, really enjoy that. A lot of hands-on labs. A couple of years ago, Apple was basically being researched because they were tracking everything we do with our iPhones. Well, it’s true. They were, and they still are. Everybody is. It’s basically location services and exit data, stuff like that.
So I make projects. Whenever there’s a new news article about something, I go ahead and make a project so my students have to figure it out. So digital forensics projects, internet of things. I mean, everything’s going that way now.
I did a project at my house. I have a lot of security cameras, plus the complete network. But every now and then my camera would go offline, and I could never figure out why. Well, I did a project called an internet of things project where I did multiple scans on my home network, and provided it to my students so they could see all the different devices, and all the configurations, and how it was all set up.
And one of my students contacted me, and she’s like, “Hey, why are your printer and your camera on the same IP address?” I said, “No they’re not. I wouldn’t do that.” Well what it was is the printer I had set up years earlier with a static IP address, but then as I started adding devices, I was using DHCP, and then the camera ended up getting that address. So whenever I hit print, my camera would go offline. So it was kind of funny that a student actually found the problem I was having.
Another thing we’ve also been doing is a lot more with Raspberry Pis. I just got 40 new Raspberry Pis this week. They’re cheap. We have a cyber lounge here where students can go in, spend time, work on homework, work together and get tutoring. We have a camera outside the door just so we know who’s at the door, and that’s all powered by a Raspberry Pi that some students configured.
We did two different helium balloon projects where we launched weather balloons basically that had Raspberry Pis attached to them. I think the first one went up to 101,000 feet and recorded video. And it was just a really cool project all done by students using Raspberry Pis. We worked in conjunction with Mid-Del Technology Center, where my wife happens to work, because she has students in high school who are also getting college credit. So they did a magic mirror Raspberry Pi, they did a robot car Raspberry Pi, just lots of different stuff.
Even with all the adapters and cables, you’re going to spend about $70. So you can’t do much better than that. So we did a Raspberry Pi summer camp two years ago where we had a bunch of people come here, and we provided them all with the Raspberry Pis. They just got to learn the basics. Then they got to take them home with them. So it’s really a cool thing that if you got no money and you want to learn, you can do it.
Something I’m getting ready to do is — I have mini-blinds in my house, like we all probably have. Well, why can’t I control them with a Raspberry Pi? I should be able to turn them, raising them up and down. So that’s one of my things I’ll be working on very soon. I just haven’t done it yet.
So now we watch what’s happening in the world, and we try to stay up with the technology. My school is really awesome that if I want to buy something new, I can and then play with it and figure out how it works, and then get the students involved. So yeah, that’s kind of where we’re at at this point.
We just hired some new faculty members here to help do this more. We have 330 enrolled right now — and that is a crazy number of students. A lot of them are first-time students, but I also have a student who already has his master’s degree, and can’t find a job. So they’re here with me learning about cybersecurity. So we just try to make it interesting for them.
From your perspective, since you are teaching and working with associate’s degree students, how does an associate’s degree prepare students for a career in cybersecurity? What are some of the opportunities, or what do some of your students do once they leave your program?
Well, I’ll tell you. Tinker Air Force Base is right across the street from my school. If you climb to the top of my building, you see it. We’re that close to it. Well, a lot of their IT work is done by contractors, and there’s multiple contracting companies.
About a year ago, first of all, the people that work at the contractor companies are my students anyway. But they came over and they said, “Ken, we need students.” So they are hiring my students even before they finish their degree. As long as they have some of the classes and some background in it, they really don’t need any hands-on experience. They do have to get a CompTIA Security Plus certification. Now that’s a DOD requirement. But they are taking my students even before they finish.
Dell’s across town. Dell actually took two of our students that were on their very first semester. We’re talking they took some classes at the tech center, and enrolled in classes here, and Dell took them immediately. So getting jobs, it’s amazing. They’re taking everybody I have.
Well, that’s great. Yeah, that’s pretty amazing. Can you explain just the funding from the National Science Foundation for Rose State College? And it sounds like there’s a cybersecurity scholarship program. Can you just kind of walk us through how all of that works and the partnership with the National Science Foundation?
We’ve had two National Science Foundation grants. The first one was in 2006 and it lasted until 2010, and then the second one picked up where that left off, and has now ended. So we do not currently have one, but we’re actually right in the middle of applying for it again. I’m going to tell you about what we did, and what we’re planning on doing.
It was a scholarship program that fully funded people to get their associate’s degree in cybersecurity. Now they did have to meet financial need guidelines as stipulated by the government. They have to fill out the FAFSA and prove their need. We provided scholarships of up to 24 students a year for two full years to get their degree. So we did that. And it provided tuition, fees, stipends of up to $3,600 a year, so you can go to school for free.
The scholarship takes people who can’t afford the school, can’t afford to pay, and it pays for their education, gives them a stipend to live off, and allows them to complete the program. We ran that program for about 11 years when that grant finally ended, but during that time we also had grants through CSEC, which is the Cybersecurity Educational Consortium. We were one of the founding members and it was run out of the University of Tulsa. We were in that one for about 11 years as well.
Millions of dollars went through that grant. That provided everything from summer camps, in 2017, I think we did six different summer camps for over 300 people here at Rose State. We had teachers, we had elementary school students, we had high school students. We also had a grant through GenCyber, which was from the NSA. That’s basically a generation cyber summer camp where at that point we bring in teachers and elementary and high school students, and teach them the basics in cybersecurity.
So we’ve had lots of grants along the years, and this was only a few of them — the NSF, the CSEC, and the GenCyber — we’ve had others as well. So lots of opportunities there. And we are applying right now to renew our NSF grant. It’s actually due this month so fingers crossed, we will potentially be offering it again this fall.
Is cybersecurity becoming a mainstream concern? And how do you talk about it with your students?
Okay. First of all, there’s a saying that if you’ve haven’t been hacked, either you don’t know it or it’s happening soon.
I ran a consulting business for many, many years, and I took care of a group of gyms. It was a nationwide gym program and I took care of the ones here in Oklahoma.
And when they first hired me, they didn’t know anything about what they were doing. They literally knew nothing. So they said, “Hey, can you come look at our network?” So I went to look at their network. And one of the locations happened to be next door to a GameStop. So no big deal, so I logged into the network, and I asked, “Do you have WiFi?” Which obviously they did because they had some of the gym equipment connected to it.
So then I asked, “Is it password protected?” And they said, “Oh no, we’re not worried about it. It’s just the gym equipment. We’re not worried about it.” So I logged into their wireless, and it was amazing. The entire GameStop next door, all of their equipment was running off this gym’s WiFi. So I showed it to them, like, “Why are they doing that?” I said, “Because you’re letting them.”
See, the problem is people don’t realize that they need security. Okay? If you have an open WiFi, someone’s going to take advantage of it. I don’t care if you’re a home user. Another client of mine, it was a romance author and publicist, and she had a problem with her network. So I went to her location to see what was going on. And she had basically a connection to Cox at that time. We’re talking back in the early 2000s. She had a connection to Cox, but there was no security on it. It was really just a switch directly connected to Cox.
I asked her, “Why don’t you have a router with a firewall?” And she goes, “I don’t need one.” Well, I went home that night, and I remotely connected into her network because there was no security. And I called her up. I said, “Hey Nancy, I see you’re reviewing such and such a book from this author.” And she’s like, “How do you know that?” I said, “It’s on your screen. I can see your entire computer system because you have no security.” So she’s like, “Could you come back tomorrow morning?”
So the problem is so many places offer free WiFi now. Like Buffalo Wild Wings, for instance. I installed a bunch of wireless on Buffalo Wild Wings. So people are going to use it, people are going to try to exploit it. If I’m a bad guy, am I going to do it from my home? Heck no. I’m going to go to some public WiFi, and try to exploit from that point.
So it’s really the home user because I could be driving on your street, connecting to your WiFi, stealing your data. It’s the small business owner that’s providing the free WiFi but that doesn’t know what they’re doing. It’s the corporations, Target, TJ Maxx. I mean, every company we can think of has gotten broken into. TJ Maxx was through an air conditioning contractor who didn’t secure their network correctly. So you never really know. It’s everybody.
We offered a program here for small businesses where you could come in and learn the basics of cybersecurity and what you need to do. Do you have a virus scanner installed? Do you run Windows updates? Stuff like that. Cybersecurity needs to be everybody’s concern. But I say it needs to be, but the problem is we got an older generation that barely can use their phone or their laptop. So we really need to take it as the younger generation, but not really younger anymore, but the younger generation needs to go take care of the older generation, and help them change their passwords, get a firewall, do stuff like that. So yeah, it’s going to be much more than it is now.
The next question is a two-parter: What’s the best career advice you’ve ever received, and what advice do you give to students?
Well as I said originally, I actually thought education was a waste of time. No one in my family ever went. But I tell you, once I started learning, I was shocked. I mean, Rose State, believe it or not, was the very first school when I came back from Desert Storm to offer me a financial aid — a Desert Storm scholarship. So I got a scholarship, started going to school.
And I tell people, I don’t care what class you take, just take something and you’re going to learn something. I don’t care if it’s biology, you’re going to learn something in basically every class. So never stop learning.
I also try to impress on my students to” figure it out.”
I make recordings for every one of my lectures, and I tell them before you contact me, ask Google. Google probably knows the answer. Now I teach a Python programming course. I never took a Python course because there was no course. I teach Java programming. There was no Java course when I started teaching it. So you just have to figure things out. So that’s the biggest advice for students.
What kinds of books or papers or videos do you recommend for people who are getting interested in cybersecurity? Where should they get started?
Okay, well I really got started because I was on a flight to a conference in DC and the flight was delayed nine hours. So I was really bored. So I happened to have an audio book called @War by Shane Harris on my phone. So I listened to it. And literally that was, what, three, four years ago now, I don’t know, a couple of years ago. But I have not stopped listening since that point.
I attended a conference in Las Vegas and Brian Krebs was there. Brian Krebs is an excellent cybersecurity author. He wrote a book called Spam Nation, which is absolutely amazing, all about the dark web and all that other stuff.
But I tell you that the ones that are the most common with me are the books by the author Steven Levy. He wrote a book called Crypto, which is absolutely amazing because I teach a cryptography course. I tell my students, if you will read this book… I actually make it a required reading for my course now. So in Crypto it goes from the very beginning all the way up into the current day cryptography, but it makes it in story format. So it’s not like a textbook, it’s an actual story. So I had my students read that.
My ethical hacking course, they have to read the Hackers book by Steven Levy. Then he wrote a book called In The Plex all about Google. And he just came out just recently with a book all about Facebook, which I’m on the last chapter right now. So really, really interesting books.
And if you ever wonder what the government is doing, there’s a book called the Pentagon Brain by Annie Jacobsen. An excellent book. They talk about the APT, the advanced persistent threat from China. And it was a really funny story in the book where people from China are basically breaking into US companies all the time. Well, the US, it wasn’t the NSA, but the US broke into the APTs computer systems, and was watching them remotely break into us. So it was like they were watching them break into US companies. It was actually really good knowledge of how they were doing it. So that book, really good there.
And if you ever heard about the Stuxnet virus, well actually, there was a movie called Zero Days, and there’s a book called Countdown to Zero Day by Kim Zetter. It’s an excellent book. Talks about how even though we have a nuclear power plant in Iran that has an air gap. How did they possibly get it infected? And it talked about infecting thumb drives, and leaving them around in hotels. So it’s really super interesting.
And if you like the newer stuff, Elon Musk has an entire list of books that he recommends. And Superintelligence was one I finished reading recently. It was written by Nick Bostrom. But it was one, I said, Elon’s recommended. And he talks about AI and where we’re going. And that’s probably going to lead you to the next question is where are we going in the next few years?
Where do you think cybersecurity will be in 5 years, or 10 years?
AI is such a big deal. Okay? I actually bought a Tesla. I got it literally not even a month ago. I’ll tell you what, that is the coolest car I’ve ever driven in my life. But the AI built into that car is phenomenal. I mean you hear about Google driving cars, but that’s where we’re going.
The coolest thing about this Tesla is, yes, it does drive by itself. It can totally steer, it can do everything. But I do have to keep my hands in the steering wheel. I do have to manipulate it in one way, every 30 seconds or so. But it keeps me perfectly centered on the road. I did not realize that I always hug the middle line when I drive. Which is not a good thing because then the people in the left hand lane, I’m kind of close to them, but the car is making me stay perfectly centered. I mean, it parallel parks for me. It does all this stuff for me that I never thought of.
So what are we going to see in the near future? Obviously we got cars now. We’re going to see more and more of that. And yes, are they going to have accidents? Yes, but we’re going to have accidents ourselves anyway. So AI is going to be such a big deal. I have cameras at home called Nest cams from Google. There’s actually lots of them on the market.
So another cool thing, a couple of years ago now, but Watson, that was the computer that won at Jeopardy. I mean, think about that. If that’s not AI, I don’t know what is. That computer is now being used to basically predict cancer. It’s even doing better than doctors. So it’s just really, really amazing where some of these technologies are going.
A lot of kids nowadays and young people, they live for Snap, they live for TikTok. They live for all these programs, not Facebook anymore, which is kind of funny. But yeah. That’s not real life. But so many of them think it is. And I speak at high schools all over. And I spoke at one, oh, I guess about two months ago now, and I was talking about Snap.
Snapchat says they basically delete your stuff after 10 seconds, but does it? First of all, it might not for up to 30 days. And even if it does, it’s specifically in their terms and agreements that the metadata of your snap, in other words, you sent something to somebody else. So they know how you were holding your phone, whether you had headphones in, all this stuff, all about it is recorded forever. They never delete that.
And all that data is shared with, it talks about third party entities. But the very last statement, which I thought was hilarious, it says “we reserve the right to share our data with all these people, and the general public.” I mean they record your cell phone number, your location data. Years ago we had that commercial, the Verizon guy, can you hear me now. We don’t need that anymore because what’s happening is people are walking around with Snapchat, and it’s recording signal strength, and it’s reporting it directly to Verizon.
So I mean everything you do, every time you use that phone is being reported. And people don’t realize that. And people are making bunches of money off of it. Think about it. What do you pay for Snapchat? Nothing. What do you pay for Facebook? Nothing. Then why are they worth billions of dollars? So that’s kind of interesting.
Thanks again for your time. This has been great.