Shane Allen, an assistant professor of Information Systems and Technologies at Oklahoma State University, Oklahoma City.
Summary of the episode
Shane discussed his academic and professional journey, including his early experiences with cybersecurity at Electronic Data Systems. He described the student-centric approach at OSU-OKC, which offers an Associate of Applied Science in IT with a cybersecurity track and a Bachelor of Technology in IT with a cybersecurity concentration.
These programs provide a progressive learning pathway with a focus on hands-on, asynchronous online learning. Shane emphasized the importance of a well-rounded education combined with industry certifications to prepare students for diverse careers in the rapidly evolving cybersecurity field.
Listen to the episode
Read a full transcript of the episode
Steve Bowcut:
Thank you for joining us today for the Cybersecurity Guide Podcast. My name is Steve Bowcut. I am a writer and an editor for Cybersecurity Guide and the podcast’s host. We appreciate your listening.
Welcome to the Cybersecurity Guide podcast, the show that helps students and early career professionals explore pathways into one of today’s most in demand fields. Our guest today is Shane Allen.
Shane is an assistant professor of Information Systems and Technologies at Oklahoma State University, Oklahoma City. Shane brings decades of industry and academic experience to the classroom with a career that spans systems engineering at electronic data systems leadership and global software operations and teaching business communication and technology courses. At Stephen F. Austin State University.
Before joining OSU, at OSU, Shane has developed and taught courses in areas such as Linux Cryptography, Cyber Ethics and law and Information Project management. He also holds multiple comptia certifications and stays actively engaged in the professional development through training, conferences and industry writing.
In this episode, we’ll explore Shane’s professional journey and take a closer look at OSU Cybersecurity degree Pathways, including the associate of applied Science in it with a cybersecurity track and the bachelor of technology in it with a cybersecurity concentration.
These programs combine foundational it, advanced cybersecurity, hands-on lab and internships to prepare graduates for a wide range of careers in the cyber field. With that, welcome Shane. Thank you for joining me today.
Shane Allen:
Thank you. I really appreciate this opportunity to discuss with students that are interested in becoming cybersecurity professionals and also entry level students that are embarking on their career in cybersecurity. Cybersecurity is fascinating.
Steve Bowcut:
It is. And you’ve tagged our audience. Exactly. So thank you for that. So before we get into the topic too deep, let’s give our audience a little bit of a peek into your academic and professional journey.
So how did you get to where you are and what kind of first sparked your interest in cybersecurity? You always been interested in that or did it come later in your career?
Shane Allen:
Honestly, and this has been a great exercise going through this, I took a cryptography course during my undergraduate years BS computer science. Of course back then it was rudimentary desktop computers or networks were basically lands my entire career goes back to working for electronic data systems.
Everything feeds back into my original employment. EDS was owned by the late great Ross Perot and he was great, fantastic company to work for. Cybersecurity. We’re talking mainframes here, we’re talking SNA/SDLC, communication networks, IBM. And from the very first day cybersecurity was ingrained into us.
Even back then we were given what we call Zed IDs. You had a specific eight character, random ID and then a very unusual password. You had to memorize this, they gave you a piece of paper, you memorized it and your manager tore it up. And we were required to change passwords frequently. We had extensive network security, redundant backups.
I got to work on DRA (Disaster Recovery Area) planning and our physical security was beyond belief. We had security guards with Uzi submachine guns, but everything goes back to that. And I had great mentors. I worked with the second lady hired at the company and that others took me under their wings and I’ve gone forth.
Steve Bowcut:
That is so interesting. I think kind of the perception that a lot of people have is that in the early days of computing, cybersecurity or security of the data, the information security was not really very well developed or thought about much and everything else came later and kind of bolt on applications.
But it sounds like from what you’re telling me, even from the early days, people were concerned at least about the data that was on the computers and how to secure that. Is that correct?
Shane Allen:
Yes, very much so. From the physical security to the network security, we had entire security groups dedicated to nothing but security. I think it was the SAC group (Security Access and Control) and what they said went.
Steve Bowcut:
So much of that may have been applicable to your specific experience because it was a larger sophisticated, obviously I would guess, classified information that they were protecting as opposed to a general business of a chain of tire stores if they had a computer, probably didn’t have nearly that kind of security.
But that’s a fascinating look into history. So maybe you could identify, looking back with your experience, some of the pivotal moments or lessons that you learned. You’ve explained that because you’ve always had security top of mind. Is that probably what you would identify as a pivotal moment or was there something along the line that made you more concerned or think more about security?
Shane Allen:
That was the pivotal moment and you’ve got to understand, I was fresh out of college and from day one it was ingrained into us. And so every position I have had since then in my personal life and in my professional life, I always put safety security at the forefront on my personal network here running. I’m running five different security programs.
Steve Bowcut:
There we go. Protection in depth.
Shane Allen:
I have instantaneous backups to the cloud, but
Steve Bowcut:
Awesome.
Shane Allen:
I never want my PC to get hacked.
Steve Bowcut:
Yeah. Alright, so let’s turn our attention a little bit more towards the programs that are available for students at Oklahoma State University. So as I mentioned in the intro, there’s an AS in IT with the cybersecurity track and a BT in IT with a cybersecurity concentration.
Maybe you could explore that a little bit for our audience. Help us understand what’s the difference between those two. Obviously we understand the difference between an AA degree and a bachelor’s degree, but what’s different about those programs and then maybe how they work together if in fact they were designed one leads to another or there’s some integration there.
Shane Allen:
If I may just for a second here, let me talk about what OSU-OKC is.
Steve Bowcut:
Perfect.
Shane Allen:
We are part of the OSU Oklahoma State University system
And we are not a research campus. Our sole mission at the university is to take students and mold them into a transformative career and workforce education based on the demands of industry.
So we are entirely student centric in our offerings. You’re not getting a professor that’s also doing research. We know our material and our students are non-traditional students in many ways. We do have true freshmen, but a lot of our students are coming to college for the first time, later in their lives.
They’re going back to college because they need additional training or they want to switch careers and they’re balancing a family life, home life employment. And that’s what we are best at. So going back to your question here, our cybersecurity programs are online, totally online. We do offer some face-to-face courses but not cybersecurity related.
I also teach a Microsoft Office course, which is face-to-face and an advanced Excel that’s online. But the reason we concentrate on online curriculum is because of the needs of our student.
Steve Bowcut:
And let me interrupt there. So when you say online, are we talking about real time online or study at your pace kind of classes that I can do or a combination of both.
Shane Allen:
We are really asynchronous. Okay. Asynchronous. You learn at your pace. Assignments are opened up typically in my courses, the entire semester is opened up. But you have due dates on this because I could not do a lecture because we cater to a lot of military and ex-military people, tinker Air Force bases here, which is a very large installation. And I have had students in Hawaii, Europe, Africa, one in Australia even. So timing wise I couldn’t do
Steve Bowcut:
It. Sure, makes sense. All right. So I may have sidetracked you. I’m I may have sidetracked you. So let’s see if we can go back to more of the specifics of the two programs that we’re primarily concerned about today. Your AS in IT and the BS in IT.
Shane Allen:
Well, the AAS degree with a cybersecurity track forms the basis for admission into the Bachelor of technologies program. So as you begin your journey through our program, you are going to obtain an AAS degree because that is a prerequisite to getting into the bachelor’s of technology. The courses are pretty much the similar at the lower end and then you accelerate into only cybersecurity applications.
Steve Bowcut:
Interesting. So a student could conceivably start in the beginning, and I’m going to assume here that there’s this whole idea of progressive learning, a progressive learning pathway from the beginning to the end from what you’ve described so far. And we’ll get your input on that in a bit here. But so as a student, I could start with AS degree and I could work myself out.
And if in fact I need to stop after getting that degree, then I could just stop and maybe come back later or I could just continue right on and get my bachelor’s degree. I love that kind of a seamless progressive look and feel to the program. And it was designed specifically for that purpose, I presume?
Shane Allen:
Yes. Because remember, we are student centric. We go back to the needs of our students and the needs of industry. We’re, we are an outstanding university. I love being at Oklahoma City because of our structure that we are helping students obtain careers.
We will take a student, there are students in my office class in some instances that have virtually no knowledge of a computer. So we will take that student, not exclude ’em, we want the students to learn and succeed.
So that’s the progressive pathway and that’s not just the STEM program and our cybersecurity, it’s university wide. We are part of a polytech system that encompasses the entire OSU system with multiple campuses.
Steve Bowcut:
Interesting. Okay. And a thought that just occurred to me is in that kind of environment, are you finding that there is any significant number of students that just don’t have the discipline required to stay on track?
I worry sometimes when I think about online education, I love the convenience aspect of it, but I think there’s a certain learning style that they need more support staying on track. Have you seen that? And if you have, is there anything that you offer to help people stay on track?
Shane Allen:
We have fantastic support services for our students. We offer tutoring. We offer additional training and support. We also have a system called Dropout Detective that we extensively use. It’s an early warning system to an entire department on campus that if I am noticing that a student is not performing, then I contact them and they reach out to the system to get them motivated and provide any training that they need to succeed.
Now one further point with this, you mentioned online versus traditional courses. Myself and our department have experimented with offering face-to-face courses. Even though our cybersecurity program is online. I am offering an office course this semester, but we are not getting the demand for it. This semester I offered two courses, two sections and information technology support, which is a wonderful course, but I think there was two people that signed up for the face-to-face course and I have 30 online students.
Steve Bowcut:
Okay, well it seems you’re meeting the needs of your students, right? Because what they want.
Shane Allen:
That’s what they want and that is our purpose. Yeah. Alright. I can’t force a person that is working 40 hours a week or a mother that is raising children or a father that is raising children because I can’t force them to come to campus when they’re not able to. These are the students we serve.
Steve Bowcut:
Yeah. The other aspect of that type of a learning environment that people like to examine kind of closely is this idea of how do we provide hands-on learning? So there’s a good argument and I couldn’t tell you how good the argument is, but there’s a good argument that students will learn better and retain the information more if they have some hands-on experience, they’re able to actually touch some stuff.
And in this case of cybersecurity, it’s probably just software and access to, I don’t know, some sandboxes or something. But how do you address hands-on learning for students in this learning environment?
Shane Allen:
I would like to say all of our learning for the most part is hands-on. Even though it’s online, the department makes use of various software solutions from McGraw Hill, U Certify, CompTIA, which provides them with the take Linux for example, very difficult language.
I struggle with Linux because I was an assembly language programmer on an IBM mainframe. Two different, I’ve got a different brain set there. But you go into Linux, we use the USE certified program, which is fantastic. You read through the material and then there are actual Linux, they’ve got a virtual server set up and you go in there to lab assignments and complete them. And these are the exact things you need to get the CompTIA Linux plus certification.
Steve Bowcut:
Okay, perfect. And obviously I guess to our audience is going to be that you can get a lot of hands-on, you can almost replicate what your working environment would be just sitting in front of a computer because your working environment is going to be sitting in front of a computer.
If you were wanting to get an AS and AA degree in Automechanics, that might be a different argument. You need to turn a few wrenches and be somewhere to actually do that. But in cybersecurity,
Shane Allen:
Maybe not. The way technology and AI are expanding, I mean let’s face it, things have changed and they’re rapidly changing.
Steve Bowcut:
Yeah, that’s true. You and I are both from a generation that did things a little differently than students do today. So that’s
Shane Allen:
Absolutely, but I have adapted, I adapt to situations.
Steve Bowcut:
Well that’s good. I’m sure that’s necessary.
Shane Allen:
I embrace technology, don’t fight it.
Steve Bowcut:
Yeah, exactly. Alright, so another thing that I wanted to get into a little bit is the need for in these degrees, particularly the bachelor’s degree, there’s some general education courses in English, math, political science, general education courses that are required.
So some people would make the argument, look, I want to go to work, just teach me what I need to do to my, don’t make me take some math or English classes. I don’t see how that applies. So how do you address that and what are your thoughts about that?
Shane Allen:
I thought long and hard about this question. And knowledge is important in any field. You’ve got to span. And in cybersecurity, A) one of the most important things is being able to speak and to write business writing. Short, clear, concise and non verbose. No spelling errors, no grammar errors. You’re going to be writing blogs, you’re going to be writing write-ups on problem resolutions and threats.
Even history and political science are important because in cybersecurity you get into various areas like that. You need a very broad based education because cybersecurity, let’s think about what cybersecurity is. Oh, I want a degree in cybersecurity.
Which branch of cybersecurity do you want a concentration on penetration testing? Do you want to concentrate on cryptography, go to work for the National Security Agency, do you want to be a Linux person? There’s different paths to all of this.
Steve Bowcut:
That is such a great answer. I love that because there is an ongoing debate and often on this show we’ll have this debate about the balance between professional certifications, which obviously you’re fond of. You hold many of them, right? I’m sure that you encourage your students to get professional certifications and a more well-rounded education.
There’s this, how do we find the right way as we pick our way through that path? And so I really love your answer because you’re right, certifications kind of show some benchmarks. Yep, I’ve learned this, I’ve learned that. So here’s some recognition that I’ve achieved these certain benchmarks, but they’re not a reflection of your entire education.
And a lot of what you’re going to have to do, as you said, is writing reports and reporting to superiors and giving presentations. So that’s a really great answer, thank you.
Shane Allen:
Yes. And thinking back to both my graduate and undergraduate years, I had to take true math calculus and I also had to take business calculus and I have had no need to use calculus since then.
Same goes with trigonometry. But what it does, it reshapes your mind with the way you think about things. And now I understand why you cannot divide by zero.
Steve Bowcut:
Yeah, exactly.
Shane Allen:
You’re not going to get that without some knowledge of this. There are so many students that are opposed to mathematics and mathematics forms the basis, and I don’t mean to scare your listeners, but if you’re getting into cryptography, that is nothing but that is mathematics.
Steve Bowcut:
Exactly. Yeah. Alright, and that brings me to my next question that I wanted to explore with you. So in your degree programs you cover things like cryptography, cloud security, cyber ethics and laws.
So from your experience and from your perspective, which of those areas would you say is in the highest demand with employers right now? Do you see one that stands out or do you?
Shane Allen:
Yes.
Steve Bowcut:
Okay. Go ahead.
Shane Allen:
Secure networking.
Steve Bowcut:
Okay, good.
Shane Allen:
There are many entry level positions at this time. That’s going to change. And it’s changing right now. And it’s changing because AI, and it’s not just a buzzword. We are adapting our courses rapidly to embrace AI, use it. We’re not teaching you how to program it or anything else but using it because it’s going to automate many positions. But networking is a separate entity.
And this is a question I asked my technical support class is networking software, hardware or something totally different. Network stands on its own. If you don’t have a secure network firewall, DMZs, you’re going to get hacked.
Steve Bowcut:
Yeah, interesting. So just to round out that conversation about AI, and it may not come up later, I don’t know. So I think it’s important for our audience to understand that there are entry level jobs that I think everyone agrees will go away.
Like working in an operations center, monitoring logs and looking for anomalies, doing typical SOC analyst work. AI can do that pretty efficiently I think. But once the threats have been identified, then it takes somebody probably with more human expertise than artificial intelligence has, at least at this point. Is that your perception? Is that kind of what you’re seeing?
Shane Allen:
Yes. In fact, I was within the last week or so, I guess it was a week ago, I was at a cybersecurity conference here and that was the exact topic, how far do you want to trust AI with your soc? Does everyone know what a SOC is?
Steve Bowcut:
Hopefully, Security Operation Center in case they don’t.
Shane Allen:
Yeah, thank you. We have so many acronyms that I always try to SOC security operation center. It’s the center where everything is monitored. Now AI is already doing a lot of monitoring there for anomalies against benchmarks. But do you want to give AI the authority to cut the internet connection to shut down the system? Is it that bad of a problem? No, not yet.
I want a human in there that quickly analyzes the AI data and says there is no need to shut down worldwide access. That is a horrific decision to make. But AI is going to do a lot of entry level. I’m doing a private pro bono Excel training camp next week and I’ve shifted it. You can go into, I use copilot. I’m not plugging Microsoft, I just prefer copilot because that’s what we teach our students. But I’m going to show them that with copilot, I can upload an Excel workbook, say analyze it, and then fine tune the answers without ever entering an Excel command.
Steve Bowcut:
Right. Yeah, that’s awesome.
Shane Allen:
My first experience with AI was I took a job description for employment uploaded that uploaded my VITA and said I need a cover letter. Three seconds later I had a perfect cover letter.
Steve Bowcut:
Yeah, very good. Okay. Alright, so moving on. One of the things that I noticed, and I don’t know how unique this is, you can tell us, but one of the requirements for the prerequisite classes that you have to have a C or better for prerequisite courses. Is that the case?
And if so, how do you feel that standard helps to ensure that the students are really getting the education that they need?
Shane Allen:
I briefly researched this and that is pretty much the university standard, except when you get into perhaps the close to Ivy League or Ivy League level schools, remembering back now in the MBA program, you had to maintain a B, you had two Cs and you were out of the program.
Steve Bowcut:
Oh really? Okay.
Shane Allen:
Yes. So
Steve Bowcut:
This is a little more lenient then than in
Shane Allen:
Some institutions. The C was all that was required for my BS in computer science, I had a 3.0. But let’s face it, once you get your first position, GPA and grades make virtually no difference. And remember, the students we are catering to our students may be striving for a C, they do not have time to get into and make a, B, A C is perfectly acceptable at most universities.
Steve Bowcut:
And I can understand that if you’re working a full-time job and maybe trying to raise a family and you’re just squeezing in this education when you can find a free minute, I think that that’s perfectly acceptable. I agree.
Shane Allen:
See, I don’t see a C as a bad grade. It’s the median. And if you’re at the median, then typically everything’s fine.
Steve Bowcut:
Right? Yeah. Okay.
Shane Allen:
And that still means you’re getting a good solid, broad education. It’s no reflection on the program or you, yeah.
Steve Bowcut:
So earlier you had mentioned kind of in passing you had mentioned partnerships with organizations, outside organizations. So I want to explore that a little bit. So maybe from a couple of angles.
So one of the things obviously that’s going to be important to you, I would presume, is teaching your students what they need to know so they can go to work, but you have to know what it is they need to know.
So how do you do that? And if you can work into that internships as well. Do you work with these same organizations or a different set of organizations to place students in internships?
Shane Allen:
Yes. We have an advisory council for our department. It covers our entire department and that is made up of industry titans here in the area. I’m not going to mention any names because of confidentiality, anything like that. Plus I don’t want other universities poaching.
Steve Bowcut:
There you go.
Shane Allen:
Because we all poach. If I learned that some university is using this company, then I’m going to go pit ’em up. But we have a number of very large companies and very small companies in our folder that provide internship opportunities. We also have employers that contact us saying, Hey, I have an internship open.
Recently, a large local company gave free tickets to the local minor league baseball game for students that were interested in cybersecurity and information technology, they had rented a room at the stadium, provided food and non-alcoholic beverages, gave them sales pitches, let them watch the game and tried to get interns because interns are a pathway to employment.
You make a great impression and see, I go beyond just learning. I want my students know to how to dress, proper dress. I told them, if you’re going to this, you don’t need a suit and tie, but I expect you to be in either nice jeans or slacks and a typical polo shirt or something. Make a great first impression.
Yeah, very good. And I know that is so important to, there’s more than just knowing the skills. There’s also the interpersonal skills that students need to have to be successful in their job search once they graduate. So that’s great. Alright, so we’re about out of time.
So we’re going to wrap up here with a forward looking question. We’re going to ask you if you could, what advice you would give to students, either true freshmen or early career professionals that are trying to change careers or something and they think they’re interested in cybersecurity. So that’s really our core audience.
What advice would you give them about finding the best path for them to get a cybersecurity education?
This is an easy answer, believe it or not. Good. As I indicated, I just came back from a cybersecurity conference locally. The cost was 60. Yeah, $60. I’m attending another one in two weeks that is $45. Go to a cybersecurity conference.
They will have a number of different sessions there on different topics, about 50 minutes in length. Take the time, you may have to take off work or whatever, but go to that and see if that interests you. Cybersecurity is intensive and I’m going to warn you it is not learn it and forget it. This is a degree where you constantly have to learn, go to classes, learn new things, obtain certifications, because it is rapidly changing, instantly.
Steve Bowcut:
You know what? That is really sound advice. I’ve certainly found that to be true. Just because you got a good education, you have to look at it from a perspective. There’s going to be a continuing education throughout your career. Things are changing so quickly.
Shane Allen:
That’s with any career today.
Steve Bowcut:
Yeah, that’s really true.
Shane Allen:
Be it nursing or engineering or anything, you have got to learn.
Steve Bowcut:
Yeah. Alright, well, Shane, thank you so much. This has been great. This brings us to the end of today’s episode of the Cybersecurity Guide podcast. I’d like to thank Shane for being with us and sharing his professional journey and providing such a clear view of the cybersecurity degree programs or pathways at Oklahoma State University.
And always thank you for listening. And if you’re enjoying the show, please subscribe and rate it, review it, and do those things that helps others find the show, makes it easy for them to find the show and learn the things that would help them in their career pathway as well.
So with that, again, thank you Shane. Appreciate it. Thanks to the audience and we’ll see you next time on the Cybersecurity Guide Podcast.