Dr. Sajal Das is the Curators’ Distinguished Professor of Computer Science and Daniel St. Clair Endowed Chair at the Missouri University of Science and Technology.
Dr. Das earned a PhD in Computer Science from the University of Central Florida, Orlando, an MS in Computer Science and Automation from the Indian Institute of Science at Bangalore, and a BS in Computer Science and Engineering from Calcutta University, India.
His research interests include cyber physical systems, security and privacy, smart environments, IoT, wireless sensor networks, mobile and pervasive computing, machine learning, big data analytics, parallel and cloud computing, social networks, systems biology, graph theory, and game theory.
Listen to the episode
Here are the key points
- Shift to cybersecurity research: Dr. Das’s interest in cybersecurity was significantly influenced by the events of September 11, 2001. This led him to pivot his research towards cybersecurity and cyber-physical security, focusing on creating secure infrastructures and protecting information assets and society.
- Pervasively secure infrastructures project: Funded by the National Science Foundation, this project aimed to integrate computational problem-solving skills, data analytics, networking, and community computing to detect security threats in real-time.
- Current research focus: Dr. Das currently works on cyber-physical security, particularly in securing critical infrastructures like smart grids, healthcare systems, and transportation. He emphasizes the importance of securing these systems against cyber threats, including potential attacks on IoT devices and wireless networks.
- Educational opportunities at Missouri S&T: Dr. Das discusses the various cybersecurity educational programs available at Missouri S&T, including undergraduate and graduate courses, certifications, and research opportunities in cybersecurity. He highlights the importance of building a strong foundation in computer science and problem-solving skills for students interested in cybersecurity.
- Industry and academia collaboration: The podcast touches on the collaboration between academia and industry in shaping cybersecurity education. Missouri S&T has an industry advisory board that provides input on curriculum development, ensuring that the courses meet the evolving needs of the cybersecurity industry.
- Advice for students: Dr. Das advises students to focus on building strong fundamentals in computer science and to be adaptable in their skills. He stresses the importance of being prepared for emerging threats and vulnerabilities in the cybersecurity field.
The following is a full transcript of the show:
Steve Bowcut:
Thank you for joining us today for the Cybersecurity Guide Podcast. My name is Steve Bowcut. I’m a writer and an editor for Cybersecurity Guide, and the podcast’s host. We appreciate your listening.
On today’s show, our guest is Dr. Sajal Das is the Curators’ Distinguished Professor of Computer Science and Daniel St. Clair Endowed Chair at the Missouri University of Science and Technology. We’re going to be discussing cybersecurity educational opportunities at Missouri S&T. Before I introduce him, let me tell you a little bit about Dr. Das.
Dr. Das earned a PhD in Computer Science from the University of Central Florida, Orlando, an MS in Computer Science and Automation from the Indian Institute of Science at Bangalore, and a BS in Computer Science and Engineering from Calcutta University, India.
His research interests include cyber physical systems, security and privacy, smart environments, IoT, wireless sensor networks, mobile and pervasive computing, machine learning, big data analytics, parallel and cloud computing, social networks, systems biology, graph theory, and game theory. And all of those topics sound fascinating to me, as well. With that, Sajal, thank you for joining me today.
Sajal Das:
Thank you. It’s my pleasure.
Alright. So Sajal, tell us a little bit about yourself. Help our audience understand how you first became interested in cybersecurity. Have you always been interested in cybersecurity, or is that a recent development in your academic pursuits?
Sajal Das:
I have been actually working on cybersecurity and related topics for the last couple of decades.
Steve Bowcut:
Okay.
Sajal Das:
I have been in academics for more than three decades. Initially I was working mostly on high performance computing, parallel and distributed computing, and graph theory. Mostly problem solving and algorithms design in the first decade of my academic career. But then, September 11, 2001 was actually a wake-up call for me.
This should not be taken as a derogatory research. 911 really woke me up. What am I doing in my research? I’m designing algorithms and solving computational problems, but what good are they for? We have a lot of algorithms on cryptography, we know how to encrypt messages, but why is it not that our society is secure? Nor our infrastructures, right?
Thus 911 actually triggered me to ponder into cybersecurity, or cyber-physical security in general. The best way I thought was, “Okay, let me write a proposal on security to the National Science Foundation to get a grant,” so we can pursue cutting-edge research and hire students and researchers, right?
The proposal I wrote to the NSF was on “Pervasively Secure Infrastructures: Integrating Smart Sensing, Data Mining, Pervasive Networking, and Community Computing.” We got the project funded very luckily, it was a 1.5 million dollar project.
This project aimed to integrate our computational problem solving skills such as data analytics, networking skills, computer and communication networking such as wireless and sensor networks, and distributed computing. The challenge was – can we detect significant events like a security threat in real time in a distributed manner.
So that was our project. In those days, nobody was talking much about AI, machine learning or data analytics, but we actually did all of those things. We called community computing, similar to today’s cloud computing..
Steve Bowcut:
Oh, very good.
Sajal Das:
The objective was that things happen in the real world in many different sporadic ways, and how do you connect the dots? And then make a conclusion and inference that this actually is a security threat, this is an anomaly. Right?
That was our triggering point. Getting back to your question on cybersecurity, we wanted to show how to build a system, a pervasive infrastructure that will make our society more secure? Cybersecurity is a much broader concept in my opinion. It’s not just securing your bank account or your information assets in a computer. So the question is, how do you secure information assets, infrastructures, people, and the society, right?
Steve Bowcut:
Very good.
Sajal Das:
Thus 2001 was a triggering point of my research. We started looking into how to integrate various research that I do in computer science and engineering to secure infrastructures, people’s lives, information assets, and all these things in daily life.
Excellent. So that was over 20 years ago now. So let’s fast-forward to today. So what can you tell us about what you’re currently researching or working on?
Sajal Das:
So in terms of this…you mentioned in my bio cyber-physical systems and security. Basically, I do a merger called cyber-physical security that deals with physical environments like critical infrastructures. It could be a building, smart grid, or smart transportation. Most of them have a lot of cyber components like sensors, IoT devices, cloud, and all, right?
So systems are very tightly coupled between the physical system and the cyber system. Challenges are how to secure these systems, how to make dependable and reliable decisions which will favor the system’s operation in a reliable and robust manner. Those are the kind of things that I do nowadays. I look at security from that angle.
For example, securing a smart grid or energy. Securing smart health is another important example. Nowadays, there can be wearable and implantable devices on our body to monitor and track health conditions. Since most of this information is being communicated through wireless, an adversary can tap this information and can put malware in the cyber domain and that can create havoc.
For example, somebody has a pacemaker which has a wireless transmitter that connects to the doctors office and the hospitals through an app. And somebody can inject malware to create artificial rhythm causing someone to die.
So you see we look into smart healthcare, smart transportation, smart building, smart energy, etc. And look security from a system and networking perspective, assuming that cryptographic techniques are there, encryption techniques are there. But that’s not enough. If that was enough, every system would be protected.
Very good. And I think I’ve detected a through-line or a thread, but let me just pose that in the form of a question.
It seems like infrastructure has kind of been the through-line or the thread of your academic career. Is that fair to say? Or is there something else that’s been a little bit more prominent?
Sajal Das:
It’s a good question. The thread in my research has beenl problem solving. We solve problems. That is, whenever we sense there’s an interesting research problem and question that we need to address from computational point of view, from mathematical point of view, from algorithm point of view, we jump into it.
Now, if the problem is very fundamental, then it manifests in many different ways for many different applications. Right? So if we know how to solve a problem and how to define a problem, whether that problem is securing an infrastructure, securing a network system, or securing an information database, or data security application, it doesn’t matter. The same fundamental problem cuts through various domains and applications.
Steve Bowcut:
Interesting-
Sajal Das:
The common thread is basically to dig deeper and find problems that are significant to solve. And solving which will have a significant impact – economic impact, social impact, scientific impact. That’s what we look at.
I find that answer fascinating because that fits so perfectly well with…You were talking about your interest in cyber-physical systems. The threats and the vulnerabilities in cyber-physical systems are the most impactful for humans, right?
Sajal Das:
Yes.
Steve Bowcut:
So the problems that you’re solving or that you’re focused on are those that are the most impactful.
Sajal Das:
They impact our lives…
Steve Bowcut:
Losing your data, it could be a big deal to lose your data, but to have your pacemaker stop is a bigger deal.
Sajal Das:
So basically how to improve our quality of life. How to make our life and society secure and safe.
Steve Bowcut:
Interesting.
Sajal Das:
That’s the broader goal. But then we need to solve a lot of fundamental questions and problems. But posing that way is easy to convey the message to the people, right?
Right. Okay.
Let me just pivot a little bit here. So the reason that we have you on the show is to help students understand what educational opportunities await them should they decide to go to Missouri S&T. So talk to us about that a little bit. What kinds of programs, degree programs, certificates, those kinds of things, would be available?
Sajal Das:
That’s a very good question because a university does not exist without students. They’re our main stakeholders and customers, right? So we need to educate them, teach them, and help build a fundamental background and foundation.
And in terms of cybersecurity, we have quite a few courses at the undergraduate level and at the graduate level, both Masters and PhD. We have a Certification on Cybersecurity. And we have provisions for undergraduate and graduate students, if they want to do research, they can specialize in Cybersecurity. We do have courses on cybersecurity, cryptography, network security, data and application security.
So students will have a lot of opportunity to take different types of courses to meet their inquisitiveness, as well as the cybersecurity professionals that we want to produce for the government or the corporate. We have a project funded by the National Science Foundation. We call that project MASTER that stands for Missouri Advanced Security Teaching, Education and Research.
Steve Bowcut:
Got it. Okay. Oh, very good. Master. So, Missouri Advanced Security Training Education and Research.
Sajal Das:
That project gives us funding for the students. Graduate students and undergraduate students can specialize in Cybersecurity. The requirement is that they have to work for the government like DHS, FBI, National Security Agency or NSA? Or any company like Raytheon or Boeing that does a lot of security related work for the government. Or they can work for national labs.
Steve Bowcut:
Okay. So, to make sure I understand this, so it doesn’t sound like you actually have any…well, at least, undergraduate degrees that are specific Cybersecurity degrees. They would be computer science with emphasis in-
Sajal Das:
We do not have a specialized Cybersecurity degree per se, although it is in the work. And in a state school, it takes quite a while to go through all the checks and balances before any particular curriculum or degree program is offered.
Steve Bowcut:
Exactly. Okay.
Sajal Das:
So these questions are going on. It has to go through a higher learning commission in the state.
Steve Bowcut:
Okay.
Sajal Das:
Yes.
Excellent. So, let’s paint a picture here for our audience. If I were a student and I had the ability to attend Missouri S&T, what would that environment be like? Would there be clubs that I would be involved in? Would there be capstone projects or other projects that you’re aware of that I might likely be involved in? What would those be like?
Sajal Das:
Students will have a lot of opportunities at Missouri S&T. As the name suggests, Missouri S&T is a STEM-focused school. STEM, as you know, stands for Science, Technology, Engineering and Mathematics, right? It’s a public institute in the state of Missouri, but almost like private because we have about seven thousand, or 75 hundred students. There are a lot of interactions between students and faculty.. That’s one.
We have a special interest group in Cybersecurity, and that’s a club? We also have lots of design competitions. Students can design, for example, security solutions and app, right? They have to take two semesters of capstone projects.
Steve Bowcut:
Okay.
Sajal Das:
Students also compete for different cyber challenges, cybersecurity challenges and hackathons. A couple of years ago, three of our students got a 100 thousand dollars award in one of the hackathons [inaudible 00:12:56].
Steve Bowcut:
Really?
Sajal Das:
They got the top prize.
Steve Bowcut:
Awesome.
Sajal Das:
Undergraduate student getting a 100 thousand dollars. So our students are very talented in that. And so lots of opportunities. They can do cybersecurity projects in the classes. They can do research with the faculty in the labs. And be mentored by the faculty and graduate students, PhD and postdocs. They can join the cybersecurity special interest group club that we have, and they meet on a regular basis.
Okay. Thank you.
There’s been a…I’m not sure what the right word is here, but the industry, across the board, over the last several years, has been clamoring, and maybe that’s the right word, for more trained cybersecurity professionals. There just aren’t enough. And so I think it’s interesting to let our audience know what academia is doing, at least from your perspective. What are we doing in academia to address those needs? Are we changing the curriculum? Do you have industry boards and panels that give input as you’re designing the curriculum? How do you address the needs the industry is telling you that they have?
Sajal Das:
Right. It is a national need or global need. You can say that. Yeah. The cybersecurity option, we don’t have enough graduates to meet the needs. We do have an industry advisory board that meets every year in late spring. They go through our curriculum and suggest modifications. Our program, of course, is accredited by the ABET. They have certain requirements because security is one of the threads that they want. At least some courses will be there covering security aspects.
Our industry advisory board gives suggestions on the kind of courses that we offer. So we have certain courses which are focused on cybersecurity, but then we have certain other courses where security is embedded. For example, we have cloud computing and networking courses in which security is an important component. And some lectures on security will be covered in those courses.
Steve Bowcut:
Right.
Sajal Das:
I teach a course on cyber-physical systems and I cover a good amount of cybersecurity, or cyber-physical security there.
Steve Bowcut:
And that is so critically important. I know that, for many years…And I’ve been at this for enough decades now, that I remember when security was always looked at as kind of an afterthought or a [crosstalk 00:15:28].
Sajal Das:
That’s right.
Steve Bowcut:
Right? But, from what you’re telling me, at least at Missouri S&T, that’s not the case anymore.
Sajal Das:
That’s right. Security is by design, well integrated in various courses.
Steve Bowcut:
Exactly.
[Crosstalk 00:15:40].
Yep.
Sajal Das:
Right? Yeah, exactly. So network courses, we teach security there. Wireless networking courses, we teach security there, so that people know that security is an integral component of everything that we do in our life.
Steve Bowcut:
And that’s so important. Thank you for that, I appreciate it.
Sajal Das:
Let me also mention another thing that NSF is investing in, and some other agencies are also investing. See what we have is a special project called Scholarship for Service (SFS) funded by the NSF. Through that project, the students who are supported by the grant, are supposed to be cybersecurity experts and professionals. Upon graduation they have to work in the cybersecurity industry or government. And that is one way to…Basically the government is encouraging as much as possible to build a skilled workforce.
Very good, thank you. Alright, let’s see if we can leave some tangible resources for the audience.
So if you were to list some resources that a student might turn to. And these could be books, papers, lectures, websites, conferences to attend. What kind of resources would you recommend to a student who’s beginning their academic career in cybersecurity?
Sajal Das:
There are lots of different books nowadays, on data, application and network security, and cybersecurity in general. Every institution or course recommends different books. So one can take a look at the textbook that they offer.
There are lots of online materials nowadays. Very good sets of lectures, including YouTube lectures.
In terms of the conferences, for someone doing cybersecurity research, there are quite a few good conferences. One is called ACM CCS, Computer Communications Security.
Steve Bowcut:
Okay.
Sajal Das:
There’s a conference called WISE, Wireless Information Security and Engineering. There is a conference called CNS, Computer Network System Security. Another one is USENIX Security. These are very specialized security conferences, but any computer science conference that you open nowadays, there will be some sessions and topics on security.
Steve Bowcut:
Yeah, that’s a good point.
Sajal Das:
That’s really important. That’s right, exactly.
Then we also published a book in 2012 called Handbook of Cyber-Physical Security. It was published by Morgan Kaufmann, part of Elsevier now. Our book is used by different people for teaching. It’s a little bit more advanced than basic.
Steve Bowcut:
Okay.
Sajal Das:
There are lots of different books on basic and advanced topics. It depends on the student’s interest, whether they’re interested in data and application security, systems security, or network security, or crypto. Depending on that, they can choose the books. There are lots of different choices.
Steve Bowcut:
Okay, excellent. We’ll try and put some links in the show notes to some of the things that you’ve mentioned to help people find them quickly and easily. So thank you for that.
Sajal Das:
And there’s also a lot of other security privacy conferences like USENIX or NDSS. So, lots of different choices.
Excellent. Alright, so our last question here is kind of a fun question. We ask you to dust off your crystal ball and look into the future and help students who may be experiencing some anxiety about what direction they should take now so that they’re positioned well when they graduate.
So what do you think the future for cybersecurity is going to look like? And specifically, what should students be focused on now to make sure that they’re in a good position later?
Sajal Das:
So let me answer the first question. I think the area, that is the topic of cybersecurity, will continue to grow because more and more systems are becoming a cyber domain. If systems are very isolated in my room or office, then of course nobody can attack it. The fact that you put them on the networking, whether wireline or wireless network, makes them vulnerable. Anybody can infiltrate, right? That’s one.
Hence the cybersecurity area will grow and you can see that the corporate and governments are always looking for security solutions…It’s not only just the corporate and the software part, even the government databases are being hacked by the nation’s adversaries. So you can see that things are actually very severe in that sense. That means job opportunity wise, it should only grow. Because every system has to be very secure, and our daily life has to be secure. As you said, whether it’s healthcare, energy, mobility, or other things in daily life.
In terms of the preparation for the students, of course, they should take some fundamental courses in security, whether it is cybersecurity, network security, or cryptography. The more they take, the better background they will have. But more fundamentally, I always tell my students to build foundations.
Foundation is a computer science. That means I have very good skills in programming. I understand how to solve problems, and I can design algorithms, right? I know how to design a system. Software system, operating system, network system. Once I know that, then you know… as you said, security is not an add-on thing, nor aftermath thinking, right? It should be part of the whole design process that I’m making a communication from point A to point B on my network. Is it secure? You can ask that question. That means, it’s not just the routing of my information, but secure routing of the information, right?
So if we do that, that means I’m actually building my fundamental concept from ground zero that makes everything secure, reliable, dependable. Now, no matter what you do, there may still be an ingenious mind. People can still attack. Because we can only think, even though we do a lot of AI and machine learning algorithms, in terms of developing the security solutions.
But machine learning is about what I’ve seen in the past or what I can anticipate that might happen, right? But still, I may not have explored everything because somebody with a very genius mind in a very bad sense, a derogatory sense, can think about something to attack a system which we have never thought about.
Steve Bowcut:
Exactly, that’s-
Sajal Das:
Once we see it now, then we can prepare for the future. But the first time you see it, you are completely helpless.
Steve Bowcut:
Yeah. I think that’s very sound advice. So focus on the fundamentals, because we can’t, at this point, look down the road in five years and say what the latest threats and vulnerabilities are going to be, but if you have the fundamentals, you’ll be prepared to address those. So that’s awesome.
Sajal Das:
That’s right. Focusing on fundamentals means we are always marketable, right? For example people lose jobs when they’re very specialized in one area and they cannot change their topic. And if the field changes, then it’s very possible to lose the job, right?
Steve Bowcut:
Something like that AI or chat GPT comes along and you don’t have a job anymore if you don’t have the fundamentals to rely on.
Sajal Das:
That’s right. That’s right. That’s right. Exactly. Exactly.
Steve Bowcut:
Very good.
Sajal Das:
So I think that’s what we do at the university. Then of course, when the students go to internship, join jobs in the industry, then they learn all the other skills. How to apply those techniques and tools and know-hows in the real world.
Steve Bowcut:
Excellent. Dr. Das, thank you so much for your time today. This has been invaluable and I appreciate you spending some time with us. And a big thanks to our listeners as well for being with us. Please remember to subscribe and review if you find this podcast interesting. And join us next time for another episode of the Cybersecurity Guide Podcast.