Paul Warner is an assistant professor of information technology at Rowan College at Burlington County.
Paul teaches at the Mount Laurel Campus in Mount Laurel, New Jersey. Faculty profile.
Listen to the episode
Here are the key takeaways
- Teaching philosophy and approach: Warner emphasizes hands-on learning, teamwork, and real-world problem-solving in his teaching. He encourages students to help each other, mirroring workplace dynamics.
- Student research and projects: Students at Rowan College engage in various research projects, including intrusion detection, AI algorithms, and firewall remediation. These projects often involve live environments and real-world scenarios.
- Educational opportunities at Rowan College: The college offers an associate degree in cybersecurity, a 3plus1 program for a degree in computer informatics, and a master’s degree in cybersecurity. They also introduced a cybersecurity certificate for those seeking specific skills without a full degree.
- Online program and workforce development: An online program is proposed for 2024, and there are partnerships with workforce development initiatives. These programs offer flexibility and practical experience for students.
- Experiential learning and industry certifications: The college focuses on experiential learning and aligns its courses with industry certifications, preparing students for the workforce.
The following is a full transcript of the interview:
Steve Bowcut:
Thank you for joining us today for the Cybersecurity Guide Podcast. My name is Steve Bowcut. I’m a writer and an editor for Cybersecurity Guide and the podcast’s host. We appreciate your listening. On today’s show, our guest is Paul Warner, assistant professor of information technology at Rowan College at Burlington County. Paul teaches at the Mount Laurel Campus in Mount Laurel, New Jersey. We’re going to be talking about cybersecurity, educational opportunities at Rowan College. With that, welcome, Paul. Thank you for joining me today.
Paul Warner:
Thank you for being here. This is a great opportunity for me to let folks know what we do at RCBC, and I’m very excited about this and I’m very excited about cybersecurity and where it’s going in the future.
Excellent and I’m looking forward to the conversation. I’m sure this is going to be a great resource for students that have the option of going to Rowan College and so that we can talk about what they might learn as far as cybersecurity is related. So let’s start with you just a little bit. I know that from our previous conversations, you’re a little hesitant to talk about yourself. You’d much rather talk about your students, but tell us a little bit about yourself.
How did you get interested in cybersecurity? Is it something you’ve always been interested in or is it just developed through your either working career or your academic career?
Paul Warner:
So one of the things is I have background in multiple areas, so I officially wanted to become a lawyer.
Steve Bowcut:
Oh, really? Okay.
Paul Warner:
So I migrated here to the US, so when I came here and I realized how costly it was to become a lawyer-
Steve Bowcut:
You changed your mind, okay.
Paul Warner:
I changed my mind and I started at a community college, just like most of our students at RCBC. Most of the times, people would tell you why would you go to a community college that, that’s not the ideal place for you, you should just go to… And I started in New York, so I had opportunity to go to Brooklyn College, NYU, a lot of the top colleges in New York, and I choose to go to a community college, BMCC, Borough of Manhattan Community College and when I started there, I didn’t know exactly what I wanted to do, so like most students, I just started taking a couple math courses and-
And which is in my mind, the best argument for starting at a community college. I did the same thing. If you don’t know exactly what you want to do, start at a community college, try a few different things, different classes and different topics and see what really resonates with you, so go ahead.
Paul Warner:
So I stumbled on computer science, so I started doing computer science and back then programming is not what programming is today. You had to actually learn it in a different way. We actually printed or we were using Pascal and Cobal and Fork, and we had these big plotter printers that we were printing stuff out on.
So I went through my two years with my associate degree in computer science, and then I decided to go to transfer my credit to New York City College of Technology, and they had a bachelor’s in technology program because I wanted to widen my scope on my area in what I was doing and I went ahead there and I started a bachelor’s degree, and I finished my bachelor’s degree in computer technology over there and then I started teaching and I fall in love with teaching and I was teaching mostly Microsoft courses.
I became a Microsoft certified trainer. I was training courses in New York and traveling around the country and doing a lot of different things. I got a job in the field. I started working in the field. I really excelled in the field and then I decided that I’m happily got married and I decided to move to South Jersey, so different career path. I did not want to travel down to New York.
So what happened then is I went ahead and did my master’s in technology and internet security, so that’s where my security world started from. I started teaching at a few colleges in the area, and here I am at RCBC doing cybersecurity. So security was something that I always fall in love with, networking and security.
Got it and so when you went for your graduate degree, then you would just recognize that’s something that you love and that there was a need for that, is that a fair?
Paul Warner:
Yes, yes, yes. So technology has been very, very good to me. I have seen my career financially, a satisfactory career that I have. I’m very happy. I’m always smiling. Most people, I always tell my students I don’t worry about a job because I could step out there and basically apply and get a job almost anywhere because I have the background and I told them the same thing, once you put in the time you learn the stuff, you’ll be fine.
Right. Excellent. All right. So fast forward to now, currently, to the degree that you have the ability to do research, being a full-time instructor or are there topics that you’re currently researching or your students are currently researching that you can share with us?
Paul Warner:
Yes. So currently we get a grant, RCBC gets grants, and we do offer a student research project. So some of the projects we’ve offered so far, we’ve been offering projects for the last, I’ve been at RCBC for the better half of five years.
So we’ve been offering SRS, which is student research project for the better half of four years, four and a half years and currently, and our students have done research in stuff on working with companies like Lockheed, which sponsored the project, cybersecurity ops, and a lot of different companies. Some of them I would not name because a lot of our students get positions working for contractors or for the federal government, and they really can’t say too much of what they do.
Steve Bowcut:
Oh, okay. Understood.
Paul Warner:
Sometimes you’re limited to say certain things. So one of the things that they’re working on currently right now is intrusion detection and improve intrusion preventing system, so another student is working on ChatGPT and AI algorithms and how that works-
Associated with security? I mean, I know there’s a lot of buzz in the media right now about how ChatGPT could be used for… That adversaries, could use it in the tax.
Paul Warner:
Yes. Another group of our student is working on firewall remediation, vulnerabilities and remediation, so they actually work on… All of these students are working in live environment. They’re working in live environment. They have live firewalls.
So we use Fortinet Firewalls, which is one of the top firewalls in the market today that they work on and they have to configure it, set it up, and another group of students is building the infrastructure so that, that firewall could sit behind and then what they do is they do offense and defensive testing on the environment.
So it’s live, so if the students don’t configure the environment properly, then the other group of students get to break into the environment and then they have to say, okay, what did I do to get into the environment and those other students have to go and fix what’s going on in the environment.
Steve Bowcut:
Very good.
Paul Warner:
And it’s all live. So it’s a research project. So one of the great things about RCBC, the president of the college, they’re very supportive, so they have actually give the STEM department cybersecurity com sci specifically. So we have our own private network, and our private network is designed specifically for the students to work in and give them real world hands-on experience.
That’s what our advisory board, which is our industry partners, professionals that are on the board, they advise because they, later on we probably talk about the skill gap, how do they get to know actually what really goes on instead of watching a video or just going through a simulation, they actually do it live.
Steve Bowcut:
And that is so valuable, that is awesome.
Paul Warner:
So when employers come in to talk to our students and our students explain to them what they do and show them what they do, a lot of our students get opportunities, let’s put it that way.
Okay, good and that’s good to know. All right and let’s talk about the educational opportunities at Rowan College. So what degree programs, certificates, those kinds of things, what’s available for a student who’s already decided that they want to study cybersecurity and eventually work in cybersecurity? What kind of opportunities will they find there?
Paul Warner:
So first of all, what we advise our students to do is to meet with an advisor. Our advising department, they have some type of algorithm they use that will help direct you to your best career path that you would choose.
Let’s say someone chooses cybersecurity, what we do is we would, as a faculty and staff, we would introduce ourselves to those students. When they come in, we’ll get to know them, our instructors get to know them as they go through the courses. So let me talk about the opportunities we have, right?
Steve Bowcut:
Please.
Paul Warner:
We have an associate degree that you’re going to get in cybersecurity. That associate degree can help you go through the 3plus1 program that we have at Rowan. So we do have a 3plus1 program at Rowan, and you get a degree in computer informatics. Now, Rowan also has a master’s degree in cybersecurity. So within five and a half years, you could walk out of school with a master’s degree in cybersecurity if you take our pathway.
We’ve just introduced a cybersecurity certificate, which is a specific certificate for individuals that have already a degree or people that want to change jobs that don’t want an entire degree. You could come and do those specific courses, it’s accredited certificate, so you get credits for those certificates and let’s say, “Hey, you know what? I want to move forward and finish my associate degree in cybersecurity,” you can go ahead and do that because those classes or those courses that are part of the certificate are part of the cybersecurity program.
Steve Bowcut:
Right. Excellent.
Paul Warner:
Number three. Number three, we don’t have a fully online program as yet, but have proposed a fully online program that will probably start in the Spring of 2024. The certificate program will start in the Fall of 2023 and we also partner up with WDI. So let’s say someone says, “You know what? I don’t want to do the whole certificate program right now. I want to work, I just want one or two certificates.” They can actually go with WDI, which is RCBC Workforce Development.
They can work with Workforce Development. Workforce Development will give them that class. Once they get the certificate, let’s say a month or two after they decided, “Hey, you know what? I want to do the certificate programs,” we accept those credits into our program. So of course, there’s a minimum amount that we accept that you have to do in the credited side.
Also, the other thing is we partner up now with the Career Standard Department at RCBC. One of the big things that we are looking at right now, one of the biggest initiatives that we are working with right now is experiential learning.
So they have experiential learning courses that they’re building that would actually give the student, some people would call it now internship. They would have somewhat… We call it experiential learning, somewhat of an internship they would have with real employers or employer based job responsibilities and what they would do is, they would get credits. So they have a class specifically designed for that, if the students want to go that way.
So together with our student research project, our certificate program, our associate degree, or 3plus1 degree, and we are also working on partnership with 2plus2 with other schools, we’re also, for those that don’t know, we are also a Center of Academic Excellence in Cybersecurity, which means that our program has passed a rigorous test by the NSA, which is the Federal Government Agency that says, “Hey, look, your program has met the rigorous standards for you to be recognized to teach cybersecurity.” So we are well on our way to do the things that our industry partners are looking for and the skillset that they’re looking for so that our students would get what they need.
On top of that, all of our courses relate to industry-based certifications. So that is very important for people to know. All of our courses directly relates to industry-based certification, so when you take a course at RCBC, any one of our cyber course, you can actually say, “Hey, look, I have the knowledge set to go and actually take the certifications.”
Now, one of the initiatives that we are working on right now is as soon as those students finish those courses at the school, we are working on, see if we could get a grant initiative so that they don’t have to pay for those certifications, because some of the students are challenged with money to buy the vouchers for those certifications.
So as of this semester, we were granted a grant. We are using grant funding, and some of the students are going to get the opportunity to get a free voucher and to take the certification. So these are things that we are working on at RCBC, that folks don’t know about, and I like to let folks know the great things that we have going on at RCBC.
And that’s really huge because I know a lot of employers, they want those industry certifications. Even if you have a degree, they still want you to have a certain set of industry certifications and if you can be working on both of those at the same time while you’re attending college, then that’s an excellent way to do it and there again, if you can swing it so the student doesn’t have to even pay for the certification, taking, sitting for that test, then that’s even better. Now you’ve mentioned your Workforce Development and your industry partners a couple of times, and I’d like to explore that a little bit.
So industry globally, of course, is clamoring that there’s a skills gap, a shortage of cybersecurity workers and so I’m always interested to explore a little bit what academia is doing to help fill that void. Just explain to us what you’re doing, different classes that you’re teaching, or just what do you do to help students be in the best position to fill this void, this need there is for skilled cybersecurity workers?
Paul Warner:
So one of the things I always do in my classroom, and I encourage all the other faculty to do it, which most of them do, is treat the classroom like work. You treat the classroom as a work environment. So let me say some of the things we do in the classroom, hands-on, we focus a lot on hands-on, right. Team building and teamwork, because no individual is an island.
So one of the things I do in my classroom is if a student have an issue, I actually ask them or I recommend, or I select another students to help that student out, so they’re getting real world experience. So it’s like if a customer calls and say, “Hey, look, I have a problem with my system,” what do you do? They get the experience of walking their peers through that, all right. The other thing is, if there’s an issue, all right, how do you solve the issue, right?
There’s no one person that’s going to give you 100 percent of the answer. Okay. So how do you go about doing that? So we incorporate research into the class. So if there’s an issue that the students is having, they could actually go to the internet, look it up, how to solve it and resolve it.
If they can’t, that’s when I would step in and say, “Okay, good. You’ve exhausted all your resources. Let me show you how to do it,” and then once you take them through that training, they now learn, they can now take that experience, all right, that they just had and transition it so when they go to an interview or they’re being asked a question, “So tell me what you’ve done, tell me how you’ve done what you’ve done?” They can now walk that employer through or that interviewer through the step that they take to solve issues, all right.
The other thing is the complexity. So cybersecurity, people look at cybersecurity as, oh, this stuff is very challenging, it’s very hard, it’s very complicated. One of the things we do is we design our labs so that our students get the real world feel for it. Okay, well, how do you get somebody’s password? What do you do? So we set up an environment where we show them, okay, good, let’s see how you compromise somebody machine. Let’s create an exploit, or let’s create a virus and we do this in an isolated environment for the public, people that are listening, right?
Steve Bowcut:
Sure.
Paul Warner:
We don’t do this on people’s real machines. So we have our environment that we have set up. So they will send dummy emails or files or whatever the case may be, and that person will click on that, and then they would take control of that person’s machine and when that person’s logging, then they’ll either go to their browser, take all their browser cache, get their passwords, log in as that person. So we actually do it in a way where they actually get to see it happening real.
Steve Bowcut:
Perfect.
Paul Warner:
All right, so that experience that they’re getting, it’s very valuable, all right and it transitions into the real world.
Right and I love that. I love that you’re teaching some of the soft skills, if you will, that people need to be successful in the workplace. If they can learn those things in the classroom, showing up on time, working hard, learning to work in a team environment, learning to mentor your peers, those are all things that’ll be hugely valuable for students once they get into the workplace, and therefore, hugely valuable for the employers who are hiring people that come through your program, so that’s awesome.
Paul Warner:
So to piggyback on that, we also invite in our library department to teach the students how to write, how to write proper papers, how to write proper reports because in technology, you have to produce reports and how do you write those reports, how do you properly summarize those reports, what do you do? So those are all the things that we teach them.
Also, we have Career Center comes in there and Career Center does a lot of activities with our kids, a lot of activities. So we teach them resume writing, how to interview, what to put on your resume, how to highlight your skills, all of those things we teach them as they go through our program.
Very good. All right. Let me just pivot here a little bit. If you were to make some recommendations for a student who’s thinking about getting into cybersecurity that that’s the path they may want to pursue, what kinds of reading list would you recommend? So, books, papers, lectures, YouTube channels, conferences. Where would you direct students to learn more about cybersecurity?
Paul Warner:
So one of the things about cybersecurity and resources that you get is some people go to YouTube, a lot of people go to a lot of different places, there’s no one specific area that I could send someone to but what I highly recommend is that you go to sites that are legitimate sites, sites that when you go to those sites, you know they’re monitored or you know they are well established sites that would not give you fictitious information.
Steve Bowcut:
Right.
Paul Warner:
You can go to a site and they’ll tell you about cybersecurity, but out there is so much information and you go to a site and you hit that site and you get information, and before you know it, you’re doing something on your computer base on that information, and then you get compromised.
Steve Bowcut:
That’s absolutely so important. We live in the information age, and I think the challenge for many of us now is to learn how to vet the information. It’s not, I mean, access to information, we all have more information than we can possibly digest. So the skill is learning how to vet the information that’s out there, make sure it’s accurate and useful, so very good. I like that.
Paul Warner:
And one of the sites I normally advise any individual to go to is a site called sans.org, S-A-N-S.org. All right and you could go slash security dash resources. I could put it in the chat, so you can get that. Let me see-
Steve Bowcut:
Nope, I’ve got it.
Paul Warner:
Yeah. All right. Slash security slash resources and what that does is it’s going to give you, that’s a recognizable site that will tell you about cybersecurity. It’ll give you communities you can join. All right, so anybody that’s interested, and you know that anything you take from this site is not going to be anything that’s going to compromise you or harm you in any way, shape, or form. The other thing that we do, our students, not me, our students do cyber awareness training.
Steve Bowcut:
Oh, good.
Paul Warner:
And if we have our Cybersecurity Club, so the cybersecurity club is the club that sponsors the training and the training that they are well, everybody know them for is their password awareness training, where they teach people how to use passwords, what to do with passwords, what not to do with passwords, what’s a weak password, what’s a strong password, how you can test the password, all right.
So they take you through all of those steps and show you how to do that. We do publish that from time to time, so if you go to our website, which is rcbc.edu/cybersecurity, we have a lot of resources on our page, and then you get to see all the stuff that we do and all the different things that we are doing there. So we do put that out there. So we have our club, we have resources, we do enter competitions.
We do a lot of different things at the school. So if someone is interested in joining or coming to RCBC and they want to participate in any of the hacking competitions, they can send me an email. My email is on the page right there. Say, “Hey, Professor Warner, I see that you guys have whatever going on. I’m interested in coming to RCBC.”
Once they’re enrolled, they let me know, and I could get them being part of whatever club or whatever we have going on and if they want to visit and take a tour and see what we have, to verify that what I’m saying to them is what it is, I’m happy, schedule it with the advising department, and I’m happy to take them on a tour in our campus, because I like to show what we do.
Yes and you do it very well. Thank you for that. We’ve got one question left, and this one is kind of a fun question, but we ask you to dust off your crystal ball and look down in the future, look into the future and let students know what they need to prepare for in five years or 10 years, whatever you think. I mean, is it AI, is it threat intelligence? If you were just starting now, knowing what you know now, what would you focus on?
Paul Warner:
Well, cybersecurity. I would tell a student, cybersecurity is everything, all right and let’s say you want to become an analyst, right, I’m not this technical person, I don’t want to do all of this fancy computer programming and all of this kind of stuff. You could be an analyst, and these are all entry level job.
You can be an auditor, all right, but let’s say that you want to be the person that gets your hands dirty and do all this stuff. You could be incident response or intrusion detection agent. You could be a code analysis, where you can analyze codes. You could work on a red team, you could work on a blue team. So the future of cybersecurity is not limited to just AI. AI is one of the hardest thing right now, but somebody has to design that program.
Somebody has to test the program, somebody has to put data into the program, somebody has to do all of these things, and it has to make sure that all of these things are what, legitimate. It’s not something that you could just put in there. So one of the things I always tell students is the future of cybersecurity is in every area, all right.
Your local water authority, if somebody hack into that system, they could change whatever is going on in that system and before you know it, the whole water system is contaminated. These are all things that could happen. So if you’re a nurse, half of the equipment that you use at some point in time is integrated into technology, before somebody break into one of those systems and alter something, what happens to that patient? So it’s everything out there. The person that works in the elevator, you might be elevator technician.
What if you have to go to companies as a contractor and they give you access to their system to fix their elevators? You may do something on your machine. Your machine may get compromised, that would eventually trigger something and the back door into the company system. So you have to understand how to secure your system. So you may have to take a course in cybersecurity to understand how to use it, or you may have to train your other technicians in how to fix that.
So cybersecurity is everything. So for me to say there’s one specific direction, now there’s very hot areas like AI is hot right now, right. Intrusion detection is hot right now. Vulnerability analysis or penetration testing, these are all things we teach right now. Compliance, compliance is huge. We teach courses in compliance. We teach cybersecurity, which teaches you compliance. We do tabletop exercises.
We do all of these stuff with our students, so when they go out there, they have a diverse background, and then they can now walk in and say, okay, good. I could go into an entry level job as a cybersecurity specialist, as a crime analysis. We teach computer forensics so they understand how to use… Somebody, do something on their computer, how do you go and investigate to see what’s going on? How do you grab that information to prove that you know what, you did this. That’s where that comes into that section. Intrusion and intrusion detection and incident.
Let’s say you’re going to be an incident analysis. So we teach them how to use a firewall, how to understand an IDS, an IPS, how to capture when somebody’s trying to come into your system to do something, whatever, somebody put a virus on the system, how can you detect that before it does damage?
These are the things that we teach our students and of course, the auditor part of it, that’s where the writing skills comes in, that’s where understanding, because I may be the technical person, I could give you all the information you need, but you have to put that information together so that you what, your stakeholders, all the people that you’re working for, could understand what’s going on, all right and then now we teach… They can now go in and say, “Hey, look, let me audit to see if your systems are compliant, if they’re not compliant.” So we teach them all of that.
Steve Bowcut:
Yep. Very good. Excellent. Thank you so much and I must say I love your passion for what you do.
Paul Warner:
Well, thank you. Thank you.
Steve Bowcut:
That is awesome. We are out of time, but I want to thank you so much for spending part of your day with us today. This is very informative. I’m sure that our audience is going to find this informative and learn from it. So thank you so much, and a big thanks to our listeners for being with us. Please remember to subscribe and review if you find this podcast interesting and join us next time for another episode of the Cybersecurity Guide Podcast.