Ulku Clark is a professor of information systems and the Director of the Center for Cyber Defense Education at University of North Carolina Wilmington. Her research interests span information communications technologies, telecom policy, information security, IT productivity, healthcare IT, quality management and innovative education. She holds an MS in information technology and management and a Ph.D. in management science with management information systems concentration from The University of Texas at Dallas. Her publications appeared in various academic journals, such as JMIS, IEEE TEM, and IMDS. Full faculty bio
How did you first become interested in cybersecurity?
When I went to work for UNC Wilmington, the University was developing a Master of Science in Information Systems (MSIS) program. We thought it would be essential to cover cybersecurity in this program, so we offered a course called Information Security Management. In preparation for teaching this course, I received cybersecurity training and attended some cybersecurity conferences. I found cybersecurity to be very interesting.
I had been teaching networking classes, so it was an easy transition to include teaching cybersecurity courses as well.
In your current role, do you have the ability to work on independent research or other discretionary activities? If so, what areas are you interested in?
So after my initial cybersecurity training and conferences, the first thing we started with was a Cyber Defense Club. We started the club because we had some interested students, but we didn’t have enough courses. So we created an environment where we could facilitate their learning more about cybersecurity while participating in competitions. The second year after we established a club, we won second place in a regional tournament.
As the students asked for more cybersecurity classes, the university responded, adding relevant courses here and there.
With the Master of Science Computer Science Information Systems program, we started a hybrid degree. It was a cross between computer science from arts and sciences and information systems from the business school. This way, the students could get both backgrounds. Now we offer three interdisciplinary degrees (CS and IS): MSCSIS, BS IT, and BS cybersecurity
Cybersecurity is the newest addition. Cybersecurity doesn’t necessarily belong to either computer science or business; it’s a natural hybrid environment. We have several people that value the collaboration between computer science and information systems. A few years ago we launched the cybersecurity minor. With the growing demand from students, faculty and community, we are now adding the BS cybersecurity.
Currently, we hold NSA and DHS Center of Academic Excellence in Cyber Defense Education (CAE-CDE) designation for our IT major with a cybersecurity minor. Our plan is to get the CAE-CDE designation for our BS in cybersecurity soon.
With our CAE-CDE designation, we got exposed to many new and trending ideas in academics and research. One of the ideas we are in the process of implementing is an apprenticeship program at UNCW. We recently received a DoD CySP capacity building grant for building the program. On the information system side, our department has three disciplines: information systems, business analytics and supply chain. Supply chain cybersecurity is increasingly becoming more and more important. I am currently working on a few projects with colleagues that are supply chain experts on supply chain cybersecurity issues.
What courses are you currently teaching, Dr. Clark?
Currently, I am teaching networking courses, but I also teach some security operations center (SOC) courses.
How do the expectations of incoming students align with the realities of working in cybersecurity?
Often there is a misconception about what the day-to-day work of cybersecurity looks like. New students can sometimes enter the program focused on the exciting aspects of cybersecurity work without understanding that some of the work will be less than exciting at times. In the end, though, they seem to enjoy it.
Our program’s strength is coming not just from the technical aspects of the program. We are also focusing on the soft side, or managerial side, of security as well. In the cybersecurity major that we are proposing at the moment, we have two tracks—one track for practitioners and one for operations. The operations track covers hard science, including programming and coding. The practitioner track is more about configurations, defense strategies, risk management, and security policies. Students can take courses from either track. We believe this will help us produce graduates that are well-rounded with knowledge in every area of cybersecurity.
If you were to build a cybersecurity reading list, what would be your top picks? That could be books, papers, lectures, what do you recommend?
The most informative publications students should be reading are the NIST Framework publications.
I like to recommend that students take advantage of low-cost or free training programs that are available. We have our cyber defense students go through the National Cyber League training and activities. These contests give students a realistic view of some of the challenges they will eventually face in the workplace.
With Covid19 environment, almost all of the cybersecurity conferences have gone online. Most of the institutions are offering free access to their talks and activities. We announce the availability of these to our students, but most of these events can be found easily on sites like EventBrite. I highly recommend students to take advantage of these opportunities.
So the last question that I’d like to ask is, what do you see coming down the road five years or ten years from now? How do you see things in cybersecurity or with your programs developing?
As it relates to our school, at the moment, we are developing an intelligent systems program that will have an AI component. This AI component will undoubtedly spill into cybersecurity because AI is used in cybersecurity, not only by defenders but also by attackers.
We offer some AI courses as electives, but I think that these courses will be a permanent part of our degree program within the next five years or so.
The best thing students can do to prepare for the future is to keep an open mind and be hungry for learning more. Stay engaged in learning even outside of school. Read cybersecurity magazines and books. Learn about new trends.
Given the current skills gap, whatever students can do to learn more about the industry will give them an advantage over other people in the workforce.
Thank you for your insights, Dr. Clark. It was a pleasure to talk with you.