Raymond Albert is a Professor of Practice in Cybersecurity and the Director of Assumption University Cybersecurity Program. LinkedIn profile
Key takeaways from the interview
- Academia-industry interplay in cybersecurity: He highlights the crucial role of academia and industry in advancing cybersecurity understanding and practical applications, with academia extending knowledge boundaries and industry as the proving ground for cybersecurity solutions.
- Addressing cybersecurity workforce shortage: Albert suggests that the shortage stems from rapid technological advancement and advocates for increased cybersecurity awareness and education at all age levels, especially in K-12 education.
- Personal cybersecurity awareness: He notes a general misunderstanding about personal cybersecurity, stressing the importance of comprehensive education, sound password practices, and data sharing/privacy.
- Advice for aspiring cybersecurity professionals: Albert encourages starting exploration in cybersecurity early and emphasizes the field’s diversity and opportunities across various industries.
- Emerging areas in cybersecurity research: He anticipates significant research in AI and ML applications in cybersecurity, advanced cryptography, and homomorphic encryption in the next 5-10 years.
Can you explain how your background in computer science lead to your involvement in cyber-related issues? Have you always been interested in cybersecurity? Do you remember when and where that interest started?
My interest in cybersecurity stems from my initial interest in computer science. When cybersecurity was still in its infancy, I started my exploration and developed a passion for the pursuit of computer science in the late 1970’s.
My interest in computer science continued to flourish through two decades until about 2002 when I was invited to participate in a special program led by Eugene “Spaf” Spafford and his colleagues at Purdue University’s Center for Education and Research in Information Assurance and Security (CERIAS).
The federally-funded program focused on retooling computer science faculty to become proficient in cybersecurity (then information assurance), capable of conducting cybersecurity research, preparing cybersecurity curriculum, and establishing cybersecurity degree programs of study at their respective home institutions.
Since that experience, my passion and interest in cybersecurity has continued to grow stronger and contributed to my efforts with many university and collegiate colleagues to establish multiple cybersecurity degree programs that empower through education the next generation of cybersecurity professionals.
You are the director of the cybersecurity program at Assumption College. Can you explain some of the program’s activities?
I am proud to have been selected to lead the design, implementation, and oversight of the Assumption College’s cybersecurity program and virtual cybersecurity center.
As program director, my efforts are focused on ensuring these programs achieve their respective missions of offering coursework leading to a Bachelor of Science in Cybersecurity that is aligned with National Security Agency (NSA)/Department of Homeland Security (DHS) curricular standards as defined by the National Center for Academic Excellence (CAE) Cyber Defense Education (CDE) program; increasing minority participation in cybersecurity-related careers; supporting college-wide initiatives and projects related to cybersecurity; establishing a program of research in cybersecurity; and serving as a local, regional, and national resource for cybersecurity resources. These programs actively seek partnerships and collaborations with various organizations to engage in numerous outreach efforts as well create opportunities for students.
Students enrolled in Assumption College’s Bachelor of Science in Cybersecurity are encouraged and supported in their preparation and participation in national cybersecurity conferences, competitions, internships, and community service/outreach.
What kinds of cybersecurity research is happening at Assumption College?
Students are currently engaged in educational outreach to K-12 populations and federally-funded research opportunities are being explored to support greater efforts in this direction. Among these are establishment of cutting-edge defensive cybersecurity competitions for high school students, targeted at raising their awareness and interest in cybersecurity.
What do you think is the most exciting thing happening in the cybersecurity research realm? And/or what kinds of research is the most alarming?
One of the most fascinating areas of cybersecurity research on the horizon is in the area of Artificial Intelligence (AI) and Machine Learning (ML), particularly in their application to cybersecurity, and corresponding effects on data privacy issues.
I believe this to be the most alarming field of research as there is so little of such being conducted. Much more research is needed to develop a better understanding of the effects on individuals and societies before such technologies become widely deployed.
The rate of technological advancement, particularly in our country, has exceeded society’s ability to fully comprehend its ramifications, establish new norms, and appropriately adjust societal support mechanisms including governance and law. Until such time when these issues are adequately addressed, we are living in the rough and tumble “wild west” era of cybersecurity.
Assumption’s cybersecurity program endeavors to educate the next generation of leaders and architects in cybersecurity, who possess technical expertise and practical training to help secure, develop, and sustain the cyberspace ecosystem.
In regards to cyber-related issues, how important is the interplay between academia and industry? What kinds of things result from that relationship?
As significant components of modern civilization, academia, and industry, each play a significant role in supporting humanity achieve the “right balance” of competing cybersecurity themes. For example, approaches to achieving the right balance between accessibility and security are known by cybersecurity academicians and professionals alike who know the challenges involved.
Academia is best suited to extending the boundaries of our understanding of cybersecurity problems and solutions. Industry, on the other hand, serves as the proving ground for long-term adoption of cybersecurity products and services. Academia and industry, in my mind, are mutually supportive and co-dependent. The nature and richness of the relationships between them directly affects their respective ability to be successful.
Two examples where academia and industry can work together, synergistically, to achieve results that exceed the sum of their respective efforts are industry-funded academic research and support for student internship opportunities.
Cybersecurity Guide is dedicated to bringing more attention to the need for well-trained cybersecurity professionals. From your vantage point, why is there a shortage of people with the right kinds of skills to help deal with cybersecurity threats?
I believe the cybersecurity workforce shortage is fundamentally due to the rate of technological advancement exceeding humanity’s ability to keep pace. Much more can be done to raise awareness and interest in cybersecurity at all age levels, especially in primary and secondary education.
Much more can also be done to promote availability of cybersecurity higher education opportunities, such as Assumption College’s residential and online Bachelor of Science in Cybersecurity degree programs.
What’s the best way to deal with the shortage of cyber professionals?
The most effective way in which to address the shortage of cyber professionals is for academia, industry, and government to collaborate to effectively address the shortage.
Much more can be done, including, for example, greater adoption of introductory cybersecurity educational opportunities across the full K-12 education spectrum, greater efforts to raise awareness of the diversity of cybersecurity roles and applicable employment sectors, promote and support interest in cybersecurity by traditionally underrepresented populations, and greater incentives to entice and retain cybersecurity professionals.
What do you think is the most obvious thing about personal cybersecurity that most people don’t understand or implement?
It is difficult to overstate the extreme range of understanding – and misunderstanding – that exists among technology users today. Given the rate of technological growth over the past decade, those over 35 years of age, most often have learned about personal cybersecurity through one or more “painful learning experiences”, such as having been victimized through identity theft.
Similarly, those under 35 years of age, given the lack of available formal technology education, including basic cybersecurity literacy, have learned about personal cybersecurity through what they hear and observe from friends and social media.
If I had to choose, one of the most obvious aspects of personal cybersecurity that all could benefit from, would be the importance of a comprehensive liberal arts education and establishing sound password and data sharing/privacy practices. Given that so many people do not understand, value, and/or implement sound password and data sharing/privacy practices, they constitute the weakest link in the cybersecurity chain. As such, they are most targeted by hackers.
Do you have any advice or guidance for students or young professionals interested in starting a career in cybersecurity?
Start your exploration and pursuit of cybersecurity today. Cybersecurity, as a professional endeavor, is still very much in its infancy and presents a very rich and fertile environment for personal growth and advancement. I also advise students to avoid discounting their aptitude and ability to be successful in cybersecurity as it is a very diverse field with wide-ranging opportunities spanning many industries and employment sectors.
The first cybersecurity-related course I explored was in introductory computer programming and I explored it simply because I had no clue what programming was about. This led to advanced study in computer science and eventually to advanced study in cybersecurity.
Whether for curiosity’s sake or out of fairness to oneself, everyone should at least explore an introductory cybersecurity course or educational offering to discover their own cybersecurity aptitude and ability.
What do you see becoming the biggest areas of cybersecurity research in the next 5 to 10 years?
I believe three of the greatest areas of future cybersecurity research on the horizon are in the area of Artificial Intelligence (AI) and Machine Learning (ML), particularly in their application to cybersecurity, and the area of advanced cryptography, particularly in the development of new cryptographic algorithms that will be resistant to cryptanalytic and brute force attacks in the future age of quantum computing, and the area of homographic encryption that promises to provide secure access to essential data while ensuring data privacy.
These areas continue to spark much thought and discussion among cybersecurity professionals.
Relatedly, what trends do you see developing over the next 5 to 10 years in the cybersecurity industry, especially with regard to career opportunities?
Thanks to efforts by the National Institute of Standards and Technology (NIST) and others to establish a consensus-based cybersecurity workforce framework, there will now be increased consistency in cybersecurity position titles and corresponding work function lists.
Increased consistency will, in turn, contribute to a clearer understanding of cybersecurity career opportunities in the wide variety of employment sectors. Prior cybersecurity workforce and career opportunity projections continue to be eclipsed by more recent estimates.
I believe the most lucrative cybersecurity career opportunities will be in those areas projected to exhibit the greatest need and/or the greatest positive impact on cybersecurity for society. This also includes career opportunities associated with future cybersecurity research as well as those that are best positioned to address the most vexing cybersecurity challenges, including basic personal cybersecurity literacy.
Career opportunities associated with defining cybersecurity policy and laws and those associated with cybersecurity education, promise greater cybersecurity for all, and will therefore also abound.