by Angela Hopp, Guest Writer
As new technologies and equally inventive violators emerge at warp speed, information assurance insiders agree hiring the right kind of talent is the key to ensuring personal, business and national security.
Paul Williams, chief technology officer for Gray Hat Research Corp. in Houston, said he looks for “the heroes of tomorrow” when hiring for his company and its clients, because true information assurance requires getting ahead of the curve and seeing the big picture.
“What the industry is looking for is the geniuses – this middle layer where expertise is so lacking,” he said. “At the high end, enterprise security really is rocket science. . . They need people who will ask: ‘How do we cost-effectively change the paradigm of this company so that we can do more with this money?’ We’re talking about using what you have today to mitigate the greatest risk.”
Meanwhile, last month the Partnership for Public Service, a Washington-based advocacy group focused on government service, issued a report detailing serious problems within the professional community charged with protecting the government’s networks.
Its authors made several recommendations to the Obama administration, emphasizing that securing national interests requires building “a vibrant, highly trained and dedicated federal cyber-security work force.”
Anne M. Rogers, director of information safeguards for Waste Management in Houston, lauds the approach taken at the University of Houston, which was named last month a national center of academic excellence in information assurance education by the National Security Agency and Department of Homeland Security at the 13th Colloquium for Information Systems Security Education in Seattle.
“One reason we have cyber security problems is that people have focused mainly on software features and functions without considering security. That led to a lot of buggy software – things built with inherent vulnerabilities. These systems may do wonderful things, but, if data leaks out or hackers easily get in and out of them, we lose,” she said. “So, it’s really important to build and assess for integrity, security and adequate control. The UH program brings this focus.”
Ninety-six institutions across the U.S. have been designated centers of academic excellence, and the state of Texas now has eight of them. UH’s designation is the first for the Houston area, and it means a lot to UH College of Technology instructional associate professor Edward Crowley, who headed up the rigorous application process.
“At UH, the quest for academic excellence in information security began in 2002. Since then, the curriculum has continued to evolve and improve thanks, in part, to input from the National Security Agency, as well as the FBI, Secret Service and the Houston Police Department’s computer forensics group,” Crowley said.
Nationwide, the training standards embedded in certification courses are a part of the Information Assurance Courseware Evaluation Program established by the Committee on National Security Systems.
UH’s technology project management information systems security graduate degree program serves both UH students and non-degree-seekers who want information-assurance training. Five to 10 students complete the program each year.
Michael Gibson, who heads the information and logistics technology department, said he expects the new designation to increase demand for the curriculum, and he emphasized that the need for behind-the-scenes and battle-ready information security experts should not be underestimated: “You can do more damage with a computer than you can with bullets. Think about all of the systems that run our traffic, our power grid, our energy-distribution channels.”
Crowley underscores this message, pointing to recent events such as Lockheed Martin’s loss of F-35 fighter project data, Virginia’s loss of personal health information, cyber attacks in Estonia and Georgia as well as the growing risk of identity theft.
Many of those enrolled in the UH graduate program already are information technology professionals who aim to climb the corporate ladder or join the government work force at more advanced grades. Others, like alumnus Chad Van Zandt, move straight into the program after finishing undergraduate work.
After getting his bachelor’s degree in information systems in 2004, Van Zandt enrolled in the technology project management graduate program and soon after began working as an intern at Gray Hat Research Corp. Upon graduation in 2006 with his information assurance certification, he was promoted to executive director of educational services and consulting for the company in California.
“To say the valuable knowledge and experience gained from this program has played a vital role in my career development would be an understatement,” he said.
While career advancement is possible without the certification, Gibson said, those who do obtain it are more likely to enter into the work force at a higher rung and rise more quickly.
“If you look across the global regulatory world, there’s less and less tolerance for inappropriate information handling,” explained Rogers, whose company has hired two graduates of the UH program. “As everything goes electronic, they’re hiring the best people to go to battle.”
Each institution designated as a center of excellence in information assurance education must recertify its courses and submit an application for renewal as a center of excellence every five years. Students who attend designated institutions are eligible for scholarships and grants through the Department of Defense Information Assurance Scholarship Program and the Federal Cyber Service Scholarship for Service Program.
Angela Hopp is a professional writer, editor, and designer who has previously worked at midsize and major metropolitan newspapers and university communication offices