Dr. Seth Hamman is the Director of the Center for the Advancement of Cybersecurity and an associate professor of cyber operations and computer science at Cedarville University in Cedarville, Ohio.
He joined the faculty at Cedarville in 2012. He brings real-world experience to the classroom from having worked in the tech industry, both as an employee of a startup dotcom and as a consultant.
Listen to the full episode
Key takeaways from the interview
- Background of Dr. Seth Hamman: He is the Director of the Center for the Advancement of Cybersecurity and an Associate Professor of Cyber Operations and Computer Science at Cedarville University. He joined Cedarville’s faculty in 2012, bringing real-world tech industry experience from his work at a startup dotcom and as a consultant.
- Early interest and journey in cybersecurity: Dr. Hamman’s interest in cybersecurity began with his job at a startup where he engaged in systems administration and securing servers. His fascination with cryptography during his master’s program and a class called “Cyber Attack” during his PhD at the Air Force’s Graduate School further solidified his interest in cybersecurity.
- Cybersecurity programs at Cedarville University: Cedarville University, located near Wright Patterson Air Force Base in Ohio, offers a Cyber Operations major, the first of its kind in Ohio. This program, designated as a Center of Academic Excellence in Cyber Operations by the NSA, is highly technical and rooted in computer science. It focuses on military and intelligence operations like finding and exploiting vulnerabilities.
- Career prospects for graduates: Most Cedarville graduates work for the Department of Defense, the intelligence community, or defense contractors, often in top-secret roles. The university’s curriculum, aligned with the NSA’s National Centers of Academic Excellence Program, prepares students for these types of careers.
Here is a full transcript of the episode
Steve Bowcut: Thank you for joining us today for the Cybersecurity Guide podcast. My name is Steve Bowcut. I’m a writer and an editor for Cybersecurity Guide and the podcast’s host. We appreciate your listening.
On today’s show, our guest is Seth Hamman. Seth is the director of the Center for the Advancement of Cybersecurity and an associate professor of cyber operations and computer science at Cedarville University. So our topic today is going to be the cybersecurity educational opportunities that a student might find at Cedarville University.
Before I welcome Dr. Hamman in, let me tell you a little bit about him. Dr. Hamman joined the faculty at Cedarville in 2012. He brings real-world experience to the classroom from having worked in the tech industry, both as an employee of a startup dot com and as a consultant.
During his first four years at Cedarville, he earned his PhD while studying cybersecurity at the Air Force’s Graduate School, the Air Force Institute of Technology, which is located at nearby Wright Patterson Air Force Base.
As a researcher, he is interested in helping to shape the young and growing discipline of cybersecurity education and in integrating the Christian faith and computer science. So welcome Dr. Hamman. Thank you for joining me today.
Seth Hamman: Thank you, Steve. It’s my pleasure.
All right, I’m looking forward to our conversation. I think this is going to be fun and interesting and hopefully useful for our audience. So let’s start by getting to know you a little better.
So I always like to ask this question because I get just a variety of answers from the guests that we have on the show, but how did you first become interested in cybersecurity? Does that go way back from your high school days or did it happen during your PhD program or where in that time?
I wouldn’t have called it cybersecurity, but back early in my career, one of my first jobs out of college, I worked for a startup and I did some systems administration work for them, and we were interested in cybersecurity. We were a target and we had to think about securing our servers, and I was learning a lot of this on the job, and I liked that part of my job. And I started learning about cryptography and other interesting things.
That continued when I got to graduate school for my master’s degree program. My favorite class was my cryptography class, and again, I wasn’t necessarily thinking really about cybersecurity like I think about it as like I do today, but cryptography is so important for cybersecurity. It’s the bedrock of cybersecurity. So that has been an interest of mine, specifically cryptography.
But in 2013, when I enrolled at the Air Force’s Graduate School, I took a class called Cyber Attack, and that was my first PhD class, and that really was my introduction to cybersecurity as I understand it today.
I loved my classwork as part of my PhD program, and then my PhD is in computer science, but my dissertation all centered around cybersecurity. It’s very important to the Air Force, and they had been doing it a long time there and learning about it, and that was one of the main emphases in their CS program.
And so when I was a student there, I really learned a lot. And then as I was a student there, but I was a teacher here at Cedarville, and I was starting our cyber program. So I’ve been in cyber ed now for about 10 years, and it’s been a joy ride.
It’s been great ever since we’ve been riding this big wave and it’s more, amazing opportunities are coming down the road all the time and it’s been a great thing for me and I’ve really enjoyed it and it’s been a great thing for the university here.
Excellent. I’m sure then you’ve seen just so many changes over your career, both in our defensive capabilities, but also in the threats that we have to defend against. So thank you for that.
So let’s give the audience an understanding of what cybersecurity programs are offered at Cedarville. Are they specific degrees in cybersecurity or are they computer science with an emphasis in, or how does that work at Cedarville University?
In just a second about Cedarville, we’re located near Wright Patterson Air Force Base, which is the Dayton region of Ohio, and so we’re about 20 miles from there, but we’re in a very rural area of Ohio, kind of roughly between Cincinnati and Columbus.
Cedarville was founded in 1887, so we’ve been here for a long time. Today we have about 5,000 students, and we’re a Christian university, and so we have chapel here five days a week. Every student at Cedarville gets a Bible minor, so that is the biggest part of the Cedarville experience.
As it comes to cybersecurity, we started our cyber program within our computer science programs. We started adding some electives and we created a specialization called cyber operations. So that was kind of our first official program here, and that one was NSA designated as a Center of Academic Excellence in cyber operations, which we’re very proud of. It’s been a great thing for our university to have that relationship with the NSA.
And then later in 2020, we turned those electives, we added some more electives, and we started a major called cyber operations. It’s the first major of its kind in the state of Ohio. There are other cyber operations majors in the nation, but we’re the only one currently in the state that is at the undergraduate degree level, the bachelor of science degree in cyber operations.
So our program here is a very technical program. Its foundation is computer science. And the NSA, when they talk about cyber operations, they’re talking about military and intelligence operations. So the kind of things that you sometimes read about in the newspaper, but most times it doesn’t make the news. Things like finding vulnerabilities, exploiting vulnerabilities.
Then NSA uses language like operations related to collection, exploitation and response, and it starts with a deep understanding of how computers work, how technology works, how software works, and finding vulnerabilities in those things and writing exploits. So that’s, we’re in the highly technical end of the cybersecurity spectrum.
Excellent. When you said that, I thought there must be a tie then if cyber operations is kind of your focus and your background is with the military, with the Air Force specifically, I can see the connection there that that’s exactly what the military needs.
So would you say that your curriculum then is designed to prepare students to work in a military environment or that kind of thing?
Yeah, in fact, most of our students go and they work for the DOD, the Department of Defense, or the intelligence community, maybe not necessarily directly, although some of them do. More often, they go and work for a defense contractor and then that work ends up coming from that same source. So that’s pretty common for our students.
And those jobs are almost always a top-secret types of jobs. And so that’s generally our sweet spot and when we aligned our program, when we started our program, we really had, that NSA designation, we had our sights set on it. And so the classes that we developed and the NSA through the National Centers of Academic Excellence Program, they wrote the blueprint and we followed the blueprint. And that’s what we’ve continued to do.
And that was very deliberate, especially being near Wright Patterson Air Force Base, which is one of the largest and most complex air force bases in the world. It’s where flight was perfected by the Wright brothers back in the early 1900s. So there’s no coincidence that it’s a major Air Force base today. So this was kind of in our DNA and there’s just so many opportunities in this area and really, I mean all over, but especially in our area here in Ohio.
Very good. All right. Let’s try and, excuse me, let’s try and paint a picture, if you will, for a student who’s thinking about coming to school there and focusing in cybersecurity. What kinds of events, clubs, organizations, capstone projects, what might their academic career look like there?
We have a thriving student organization in cybersecurity. So we have the cyber center, which I’m the director. We have student fellows, which are paid positions that work with me trying to advance our cyber program and work with other students on the front lines there. We have a cyber team that competes in several different capture-the-flag competitions.
We do outreach events to the local community. We’ve done cyber patriot mentoring, so there’s a lot that students can get involved with. We have a Women in Cybersecurity chapter that’s doing really well. We have some very enthusiastic young women that are heading that student org, and we’re doing things like right now we’re planning a scavenger hunt that’s going to be cryptographically themed that we’ll do around our campus.
We have cyber merch, it’s what the students call it, but cyber gear that we wear. So we have a thriving undergraduate cybersecurity culture. Makes it a lot of fun.
It sounds like it would be a fun place to go to school. So you’ve already mentioned a few things that I think set you apart and make your program unique. Is there anything else that makes your cyber security program unique that our audience might need to know about?
The main one is that designation from the NSA that we have. We’re one of only 20 or so schools in the nation that are cyber operations designated, and we’re the only Christian college. So we’re in a very small group of schools that have targeted kind of this part of the cybersecurity spectrum.
And when you think about cybersecurity education, it’s actually, it’s a spectrum from technical to non-technical and everything in between. I would say most people when they think about cybersecurity degree programs, they think about more information technology cybersecurity, which has a technical and non-technical component. They’re interested in business and risk management and things like firewalls and all of those things.
So I would put that kind of in the middle of the spectrum. We’re on the, I guess if you’d call the far left, the more technical end, we’re way over there. So we’re definitely unique. There’s job opportunities and educational opportunities all over that spectrum, but our niche is really in the cyber operations lane, which is the more highly technical computer science-based cybersecurity program.
And I know that industry across that spectrum is clamoring for more trained cybersecurity professionals. So I’d be interested to hear what, if anything, you do in developing the curriculum there to meet that need.
Do you solicit input from industry or from the military or the DOD and does that go into your development of your curriculum for the students?
Yes, it does. I think our main blueprint comes from the NSA through their National Centers of Academic Excellence program, which has multiple criteria including knowledge units criteria with several sub-criteria. So we take our main direction from them, but we have several industry partners in the area.
We have an advisory board. We certainly have a lot of alums that go off and work we keep in touch with, and we have continuing partnerships with industry as well through things like senior design, capstone projects, internships.
We have a grant that we do through Lockheed Martin where we do cyber work here on our campus. So we’re constantly being informed about real-world cybersecurity challenges and how we can best prepare our students. And again, in our lane, that means that they’re highly technical, they understand low-level programming, computer networking protocols, reverse engineering. These are the things that are important for our niche of the cybersecurity spectrum.
Interesting. How about internships or other practical cybersecurity experience that students might get in involved in? Are you connected in some ways to those kinds of opportunities?
Yes, we are. We’re fortunate. We’ve had a grant that’s been renewed multiple times with Lockheed Martin where we do research, which just gives our students opportunities to do cutting edge research, and they really enjoy that, and we learn a lot through that.
Our students do not have to do an internship as part of their time here, but almost all of them do. We encourage them to, and we help them find internships and there’s lots of opportunities. The big thing that we do for all of our students is our capstone project their senior year.
These are just several, and there’s more projects that teams work all year on. They have a research element. They usually have some kind of reverse engineering element, and they typically have a sponsor, a client who invests their time and they do this for free. They help us, they don’t charge us, and they volunteer their time to contribute to our program. And so that means a lot to us when we have industry partners that are taking their time out to work with our students.
So technology generally, but cybersecurity probably more specifically and more than other technologies is changing all of the time.
So I’d be interested to know if there’s anything else you can share with us about how you keep your curriculum up to date with the latest trends and threats when new vulnerabilities or new trends or threats are discovered, how can you incorporate or do you incorporate that into what the students are learning so when they’re graduated, they have just the freshest, most current skills and abilities?
I would agree that is a challenge, and we do try to keep up to date with the news and current events in cybersecurity and make sure our students are understanding what’s going on. A big part of our program is foundational. We are an education institution, so we’re really trying to shape how students think and approach cybersecurity.
A lot of those things actually don’t change, so we make sure that that’s really our primary emphasis. But as faculty, we do things like take sans courses, trying to make sure that we’re up-to-date with the latest technology and the techniques that are being used, and then we incorporate them back into our classrooms.
One of the nice things about teaching cyber, well, it’s a pro and a con, we typically don’t have textbooks that we can rely on. So our courses are almost by nature, they’re living and they change because we’re updating them all the time. We can’t just go back to the well of the textbook that we’ve been using the last 10 years and continue using it.
For a lot of our courses, we don’t really have a stable textbook. We might incorporate a textbook here and there, but it ends up being more driven on as we are creating and evolving the course every year as we go.
Yeah, that’s true. I’ve often found myself feeling bad for the authors of textbooks, and not just textbooks, but other books in our field of cybersecurity because things change so quickly. Well, it’s a great book, but it was published five years ago and there’s a lot of outdated information in there, so.
All right. So if you were to make some recommendations, some of resources that students could look to learn more about cybersecurity and if it’s the right field for them and that kind of thing, what would your reading list look like?
Could be books and papers and lectures, but it could also be YouTube channels or conferences or that kind of thing. But what kind of resources can you offer students?
Well, this might be an example where less is more. I could pick and give you maybe 10 different titles that I think are interesting and important, but instead, let me just give you one. There’s a book called the Code Book by Simon Singh, and I think it’s a great introduction to cryptography, and it does include a chapter on computer cryptography, modern-day cryptography, things like RSA, but it goes back and it starts cryptography over the millennia.
And it’s just interesting. He’s a great writer. He writes on a lot of mathematical topics, but I would suggest it because again, cryptography is the bedrock of cybersecurity. It’s interesting, it’s fun, and we’re just all intrigued by it. It’s in our movies, it’s in the books we read. So this book, the code book is full of real-life stories. It’s very easy to read and it’s well written.
So if there was one book that I would, it falls somewhere in the cybersecurity spectrum, I would say that. I do have a TED Talk that I gave in the summer of 2019, that’s a 10-minute watch that I would encourage you to check out. It’s on the Guardian of the Cyber Galaxy.
And so it’s a unique TED Talk in that it’s, the topic of it is cybersecurity education and TED Talks run the gamut. There are all kinds of things discussed, but when I was asked to give a TED Talk, that’s what I chose because that’s what I’m interested in.
And so I point out some of the interesting aspects of cyberspace and what’s important about cybersecurity education. So that might help listeners orient themselves to the discipline if they check out that TEDx Talk.
Perfect. We will put links to both the book and your TED talk in the show notes so that students can find those easily. Thank you for that. I appreciate it.
One more question and then we’ll let you go. And this one is kind of a fun question because I know there’s not a real good answer here probably, but we’ll ask you to dust off your crystal ball and look into the future and give whatever advice you can to students who are maybe experiencing some anxiety right now about trying to pick the right major and the right, take the right classes and learn the right things so that they’re positioned the best that they can be in the future.
So what do you think cybersecurity is going to look like in five years or 10 years?
Yeah, that is a hard one. I mean, when you just go back 10 years, 20 years, and you see how much has changed and you’re thinking, my goodness, what’s the next 10 years going to look like? And then ChatGPT having just come out, and Bill Gates called that one of two revolutions in technology that he’s seen in his lifetime. The other one he pointed to was decades ago, he said the first time he saw a graphical user interface, he knew that computing would be forever changed.
And he said the same thing, when I understood what ChatGPT was capable of. So there’s so much we don’t know about the direction things are going in or how AI technology will change cybersecurity. I think the big thing, and really my pet project in cyber ed, is adversarial thinking. And that’s something that I’m fascinated by that I emphasize in my classes. And I have developed curriculum specifically to teach on game theory and how we can use game theory and teach game theory in our classes.
And when students learn game theory, it helps them position themselves to understand their situation from their adversary’s perspective. And because at its essence, cybersecurity is an adversarial conflict, if there aren’t cyber adversaries, there is no cybersecurity. So that’s something that’s not going to change. And the more that we can think about that and that human element, which is at the center of cyber, the better we’ll be.
And so that’s something that we can invest time in and understanding of, what are our adversaries, what are their technological capabilities, what are their creative perspectives? And then how do they use strategic reasoning? And so-
That’s fascinating because even their motivations would, you’d need to know what motivates them. Are they after money? Are they just after causing chaos, or is it a particular cause or is it a nation state? That’s fascinating.
Right, yeah. And I think that’s what makes cybersecurity interesting to me. It’s a fascinating discipline. Obviously, it’s also extraordinarily important. It’s important to our national security, and there’s so many opportunities.
So I can’t encourage the listener enough to get involved, to not fall into a stereotype of what they think cybersecurity is. And maybe they think, well, I don’t belong. They probably, there’s a role for them to play. There’s a lot of roles in the cyber spectrum and a lot of skill sets are needed.
It’s not just kind of the hacker in the hoodie in the dark basement somewhere, although those are important, but there’s a lot of different places and skillsets that will bring a lot of value into this very interesting field and very important field.
Okay. Thank you so much, and thank you for your time today, Dr. Hamman. I appreciate it. This has been a fun and interesting conversation, so I appreciate you giving us some time.
I agree, Steve, thanks for having me on, and thanks for all you’re doing to promote Ccber ed.
You bet. And a big thanks to our listeners for being with us today. Please remember to subscribe and review if you find this podcast interesting. And join us next time for another episode of The Cybersecurity Guide Podcast.