Last
week I completed my Master’s Degree in Cybersecurity from University of
Maryland University College (UMUC). UMUC’s
curriculum was well-rounded in that it covered the gamut of IT
disciplines. Of course there were the
requisite technology-themed classes, but UMUC also emphasized the non-technical
aspects of cybersecurity by highlighting some of the human elements of this area. In particular, one course covered topics ranging
from ethics and regulations
to the psychology of the hacker culture.
The emphasis dealt with the motivations behind cybercrimes with an
assessment of various techniques to prevent intrusions and attacks. I have long held the
belief that this single area represents the greatest threat to networks. There are too many points of entry into an IT
system that can be breached through an employee’s accidental or unintentional
actions. From phishing attacks to social
engineering, cyberattackers have long recognized that individuals represent the
weakest link when it comes to digital security.
Accordingly, education and awareness training are emphasized to mitigate
this weakness.
I
thought UMUC’s curriculum also did an outstanding job in presenting
cybersecurity as a holistic discipline.
No single technical safeguard or organizational policy can fully protect
a network. Instead, public and private
agencies alike must adopt a defense-in-depth strategy which incorporates a
variety of countermeasures. Some of the
researched defenses included encryption, virtual private networks, access controls, personnel and
physical security practices, firewall architectures and secure systems
development. The standard theme for a modern cybersecurity strategy is based on
the realization that because humans facilitate a significant number of digital
penetrations, organizations should seek to automate as much of their safeguards
as possible. A course was devoted to
this methodology and presented an in-depth
study of the theory and practice of intrusion detection and prevention in
cyberspace. Covered topics included network
security, monitoring, auditing, intrusion detection and prevention and ethical
penetration testing. Because no defense should be considered impenetrable, another
class covered the
theory and practice of computer forensics from the identification and
collection of digital media to the presentation of evidence for prosecution
purposes. The degree wrapped up with a
comprehensive team simulation. Along
with four other professionals, I was assigned an element of America’s critical
infrastructure (telecommunications) and presented with various cyber-related
incidents (DDoS, hackers, malware, etc.). The exercise was a useful application
in that it required the successful balance between cybersecurity and financial
related components.
Overall
I am very pleased with what I have been able to take away from the experience. First and foremost are the associations. For all of my degrees and non-degree
training, I enjoy interacting with a variety of professionals. Every class presented me with the opportunity
to interact with colleagues currently employed in the cybersecurity arena. This provided a great deal of insight into
cybersecurity techniques currently being employed as well gave me a preview of the
professional opportunities that exist for this discipline. As the world becomes increasingly networked
and dependent on IT systems for daily operations, I believe the need for cybersecurity
will only increase.
I
posted a collection of some of the research I conducted throughout my degree. I wanted a place to share my thoughts on
information technology, cybersecurity, business, and training.
