CIOReview
Sign In

Subscribe to our Weekly Newsletter to get latest updates to your inbox
| |NOVEMBER 20249CIOReviewdata during its initial years. c) the Blacksburg Electronic Village (BEV). In 1991-1993, Virginia Tech, the Town of Blacksburg, VA and Bell Atlantic (now Verizon) formed a partnership to connect the town residents and businesses to the Internet. It was an experiment to see how the public could/would use the internet. The first e-commerce transaction arguably took place here in the BEV between a customer and a local grocery store. That experiment gave us a preview of how the internet could be used by the public. This experience gave us an idea of the importance of privacy and accurate information posted on the various listservs and bulletin boards of the time. d) System X Supercomputer (2004). A research team at Virginia Tech created System X, a supercomputer consisting of over 1100 Macintosh computers in a grid. System X was rated as the 3rd fastest supercomputer in the world that was built for a fraction of the cost of other supercomputers. e) the Virginia Cyber Range (2015-16). The Cyber Range is a platform that allows K-12, community college and higher ed institutions to create an environment for teachers to create cybersecurity exercises, labs, modules and full courses for free. Almost every K-12 school, community college and universities/colleges use the Cyber Range for cybersecurity courses.It was initiatives like these that contributed to my overall career growth. All of these perspectives helped me in the cybersecurity world.Current Challenges and Solutions In the late 90s and early 2000s, the biggest challenge was figuring out how to change the culture of the university to embed cybersecurity hygiene into everyday life. It's gotten better today but some of the root issues from 25 years ago are still present. Fortunately, the university's executive management understood the challenge and allowed us to continue with our work. Cybersecurity is becoming an integral part of the everyday business functions of the university.Dealing with security flaws in vendor software is another challenge for us. Email phishing is another recurring problem that is a great example of how offense affects defense which affects offense. The phishers adapt to new defenses like MFA. Staying Ahead of Emerging Cybersecurity ThreatsVirginia Tech is a member of VASCAN (www.vascan.org), a consortium of the public university, college and community colleges of Virginia. VASCAN meets on a regular basis and is an excellent source of threat intelligence. We're also members of the REN-ISAC (ren-isac.net) and the MS-ISAC which are great resources for discovering new threats and solutions. The Federal Government cybersecurity resources like CISA are another venue for threat intelligence. Vendor resources are yet another resource. EDUCAUSE (educause.edu) is an excellent resource for the EDU community and participating in their various working groups and projects has been a great asset for my staff.Impact of the Virginia Cyber Range on Cybersecurity EducationI think the Virginia Cyber Range and its twin, the US Cyber Range are the most influential services that allowed the explosion of cybersecurity education at all levels of education. In the K-12 arena, teachers interested in teaching cyber courses typically ran into barriers put up by their local IT staff. Local IT didn't want "hacking" systems disrupting their daily operations. When the Range(s) came online, teachers no longer had to create physical labs at their schools. All their students needed was a browser to access the lab environments. The course repository was filled by teachers from all levels who were funded to create the course materials and most importantly, make them available to anyone using the Range(s). At any given point, the Range may be hosting 20,000 virtual machines for students all over the state. Dave Raymond, the Cyber Range director, has been the driving force in the Range's success.Guiding Principles in Cybersecurity and Decision-MakingWell, realize that you will make mistakes in the cybersecurity world. Learn from your mistakes. I became a cybersecurity "expert" because I got hacked a lot in the 1990s. I suppose that was fortunate for me since it wasn't a "big deal" back then. I learned from my mistakes. However, the most important phase of incident response is the last step ­ follow-up. This is where you review which incident response worked well, and which ones didn't. Know when to say yes but more importantly, know when to say no. Ask questions and learn from your superiors and peers.Advice for Cybersecurity ProfessionalsSubmit a proposal for a presentation at a local, regional or national event. Talk about things you're doing at your job. Volunteer to be a working group member for some external project/event like Bsides or the Center for Internet Security projects. Check out free and low-cost training venues like SANS Summits (1­2-day technical conferences), BlackHillsInfoSec's pay-what-you-can and free training they provide. Learn 1 new thing every day whether it's a technical thing or a work-related process. Well, realize that you will make mistakes in the cybersecurity world. Learn from your mistakes. I became a cybersecurity "expert" because I got hacked a lot in the 1990s. I suppose that was fortunate for me since it wasn't a "big deal" back then. I learned from my mistakes
< Page 8 | Page 10 >