Cybersecurity Awareness Month: An Expert's Advocacy Guide
Denial-of-service (DoS) attacks increased more than 180 percent between 2018 and 2019, and more than 64 percent of companies worldwide have experienced some form of cyberattack. Hacking and data compromises affect businesses and individuals alike, disrupting commerce and everyday life equally. It is estimated that by 2025, cybercrime will cost the world over $10.5 trillion annually.
To help raise awareness of the seriousness of cybersecurity and the importance of being prepared, October is designated as Cybersecurity Awareness Month. Sponsored by the Cybersecurity And Infrastructure Security Agency (CISA) and the National Cyber Security Alliance (NCSA), this month, “encourages individuals and organizations to own their role in protecting their part of cyberspace, stressing personal accountability and the importance of taking proactive steps to enhance cybersecurity.”
Dr. Gregory Falco, assistant professor at Johns Hopkins University’s Institute for Assured Autonomy, notes that there are two sides to cybersecurity: “There is the idea of cybersecurity where people think about it as a policy problem. If someone says something to someone digitally, other people should not be able to capture that information. There’s a lot of privacy that is expected,” he shares. “On the other hand, you have the technical side of cybersecurity where people are thinking about how the bits and bytes are protected, how those can be interpreted, and how they can be manipulated.”
Unfortunately, one of the biggest problems in cybersecurity is that the impact of threats and attacks is not just limited to the intended target: “We have a lot of dual-use infrastructures, where you have commercial companies that I might use as a citizen every day, but it’s also being used by military organizations and defense contractors,” shares Dr. Falco. “As a result, those systems are likely cyber-attack targets by other countries. For example, ViaSat, a satellite internet provider, provides internet to thousands of Ukrainians, but they also have a lot of military contracts, so Russia was probably thinking about targeting with a cyber-attack. If they hit ViaSat for those reasons, all of the residential stuff also goes down.”
Keep reading to learn more about this important month, advice on how to get started in this field, and some top degree programs to jump-start a career.
Meet the Expert: Dr. Gregory Falco, PhD
Dr. Gregory Falco has been at the forefront of critical infrastructure and space system security in industry and academia for the past decade.
Dr. Falco is an assistant professor at Johns Hopkins University’s Institute for Assured Autonomy and the Civil and Systems Engineering Department. His research entitled “Cybersecurity Principles for Space Systems” was highly influential in establishing the recent “Executive Order: Space Policy Directive-5”—the nation’s first comprehensive policy directive for space system cybersecurity.
He has been listed in the Forbes “30 Under 30” for his inventions and contributions to critical infrastructure cybersecurity. He also is a Fulbright Scholar and the recipient of DARPA’s Young Faculty Award for work on building the “cloud” for space systems.
He serves as a member of the Department of Homeland Security’s Space Systems Critical Infrastructure Working Group and has been awarded contracts relating to space system security for AFRL, the US Space Force, NASA, and DARPA. He is also a research affiliate at MIT’s Computer Science and Artificial Intelligence Laboratory.
Dr. Falco completed his PhD at MIT’s Computer Science and Artificial Intelligence Laboratory, his master’s degree at Columbia University, and his bachelor’s degree at Cornell University.
The Importance of Cybersecurity Awareness Month
For the past 18 years, Cybersecurity Awareness Month has been observed during October. The theme for this month is “Do Your Part. #BeCyberSmart.” The goal is to “continue to raise awareness about the importance of cybersecurity across our Nation, ensuring that all Americans have the resources they need to be safer and more secure online.”
Dr. Falco sees this month as an excellent opportunity to help the general public better understand cybersecurity: “I think everyone knows the words ‘hacking’ and ‘cybersecurity.’ However, it’s not something you just need to have lots of fancy degrees to engage in,” he says. “It actually impacts everyone. Everyone needs to not only have an understanding of what safety means to them and their family, but also to a point where they are aware of it and how it can help our broader community.”
Cybersecurity should look like other forms of emergency planning: “Think of it like hurricane preparedness. You don’t know exactly what to do when a hurricane hits. But you know that if a hurricane is coming, then you should get ready or listen for someone to tell you to evacuate. In the same way that the knowledge about hurricanes exists and what we should generally do is what I think we should get to with cybersecurity,” says Dr. Falco. “There’s a thing called cybersecurity. Everyone should think about it. If someone tells you to do something specific, maybe you should follow their directions.”
Careers in Cybersecurity
According to Dr. Falco, there are many career options in cybersecurity: “There is a very wide range of disciplines that care about cybersecurity, so there are a lot of pathways to get into this field. Frankly, any job can touch on cybersecurity if you want it to. This makes it very easy for people to do career shifts into cybersecurity,” he says.
Become a Penetration Tester
If ethical hacking sounds interesting, then a career as a penetration tester might be a good fit. “A penetration tester or threat hunter is someone who’s actually like trying to discover the vulnerabilities in a system and breaking things,” says Dr. Falco.
They may also simulate cyber-attacks to determine which, if any, would be effective against a company or client. When vulnerabilities are discovered, professionals in this career must carefully document them and submit them in a final report. After the vulnerabilities have been corrected, penetration testers will sometimes verify the improvements with additional testing.
Become a Risk Manager
Risk managers are responsible for determining security risks for their companies. “Risk management, generally speaking, is looking for vulnerabilities that an organization faces. They identify issues that need proactive responses. Their job is to think about who will hit them and what they will do about it,” says Dr. Falco.
Cybersecurity risk managers can work in any company, from non-profits to government agencies, private corporations, universities, and healthcare facilities. Some risk managers may be hired by risk management firms that contract with smaller businesses but don’t need a full-time staff member.
Become a Cybersecurity Lawyer
Cybersecurity careers are not limited to traditional programmer or hacker jobs: “You can choose a career path on the legal and policy side. In this role, you’re trying to think about new regulations and frameworks for how people should think about cybersecurity or how different countries should engage on this topic,” says Dr. Falco.
With a degree in cybersecurity law, attorneys can work directly with their own clients, provide in-house counsel, work in compliance departments, or help draft new policies or laws in this field.
Online Cybersecurity Training Programs to Consider
Here are three online options for those wanting to work in cybersecurity.
Aspiring cybersecurity professionals can earn their bachelor’s degree online at Western Governors University. This bachelor’s of science in cybersecurity and information assurance prepares graduates to work for top organizations or government agencies in cybersecurity.
This program also features 14 third-party certifications that students can learn to help boost their resumes and demonstrate competency in specialized areas of this field. This is a competency-based program, so students complete courses by demonstrating mastery rather than having to wait until the end of a semester. Tuition is a flat rate per six months, so any courses completed during that time are one low cost.
- Location: Millcreek, UT
- Duration: 21 months
- Accreditation: Northwest Commission on Colleges and Universities (NWCCU)
- Tuition: $4245 per six-month term
Southern New Hampshire University offers an online master’s of science in cybersecurity. Through this program, students will develop the skills to implement effective security controls, reduce the negative impacts of data breaches, and understand cyber threats. With a combination of theory and practice, students will be prepared for high-growth employment in this industry.
Students can complete a general track or a specialized track with a concentration in IT management. In total, students must complete 36 credits to earn this degree in classes such as Incident detection and response, investigation and digital forensics, foundation and information insurance, and human factors in security.
- Location: Manchester, NH
- Duration: 15 months
- Accreditation: New England Commission of Higher Education (NECHE)
- Tuition: $627 per credit
Lawyers who have already earned a JD can complete the online master’s of law (LLM) in cyber law and data privacy at Drexel University Kline School of Law. This second degree prepares attorneys for legal practice in cybersecurity, information privacy, and confidential information.
Graduates of this program work in legal firms, corporations, compliance departments, or government agencies. This degree offers part-time and full-time options, allowing students to work their studies around their careers or family. Students are required to complete 32 credits to earn this degree. A thesis in scholarly legal writing is optional.
- Location: Philadelphia, PA
- Duration: Two years
- Accreditation: American Bar Association (ABA)
- Tuition: $880 per credit
Advice and Resources for Starting a Career in Cybersecurity
According to Dr. Falco, cybersecurity has a relatively low barrier to entry: “It’s very accessible to take classes on YouTube. I learned how to hack into things using the education platform Udemy. For about $10, I learned how to make a lot of the attacks that I use against critical infrastructure systems. It’s incredibly accessible from a technical standpoint, ” he shares.
If the policy and regulatory side is more appealing, Dr. Falco suggests starting with the basics: “Just read the news and learn what’s happening regarding cybersecurity. Get interested in international events and start to understand the very complex dynamics of how cyberattacks affect everybody and the global community at large,” he says.
Here are some resources for those looking to start a career in cybersecurity:
- Cybersecurity & Infrastructure Security Agency
- Information Marketplace for Policy and Analysis of Cyber-risk & Trust (IMPACT)
- Association of Information Security Professionals (AISP)
- Black Cybersecurity Association
- Center for Internet Security (CIS)
- Cybercrime Support Network (CSN)
- International Consortium of Minority Cybersecurity Professionals (ICMCP)
- National Cybersecurity Alliance (NCSA)