Education - Page 7 - Cyber Crime Fighting

- Page 7
Cyber Crime Fighting
Cybersecurity students are in big demand to secure nation’s networks

By Nancy Menefee Jackson, Contributing Writer

Complex networks move and store trillions of bits of information, from health records to credit card numbers to retirement accounts. Customers acquire everything from a fishing license to a mortgage online, and utilities and infrastructure also depend on computers.

Area colleges must meet the demand for cybersecurity professionals, who not only safeguard systems, but also collect evidence for the prosecution of cyber-criminals.

Stevenson University

Stevenson University’s bachelor’s in computer information systems has three tracks, one of which is a computer forensics track, and the university also offers an online master’s degree in cyber forensics. The undergraduate track includes seven courses specific to forensics and cyber-crime investigation.

Students learn how to access a system, smartphone, hard drive or tablet “and uncover evidence that a crime has been committed,” says Alan Carswell, Ph.D., department chair and Geckle Professor, information systems, at Stevenson’s Brown School of Business and Leadership.

Students recover data that’s been deleted, and they maintain the chain of custody and the strict procedures necessary in order for the information to be presented as evidence.

“One of the things we offer is hands-on – you get to put your hands on the hardware and look at laptops and tablets and use the tools used by professionals in the field,” Carswell says.

The master’s program culminates in a mock intrusion and response capstone, providing students with real-life experience as forensic specialists. Not only are Stevenson graduates in demand in government agencies, but they’re also highly sought after by private industry. Exelon, in particular, has hired Stevenson graduates.

Shelby Walter, a cyber defense forensics analyst for Exelon, earned her bachelor’s in computer information systems with the computer forensics track from Stevenson. While there, she took advantage of Stevenson’s B.S. to M.S. program.

“You can take up to six graduate courses in your undergrad at no additional cost and two of the classes count as credit toward your graduate and undergraduate. I took six classes before I graduated last May and I finish my master’s this July,” she says. “I started with Exelon in the spring of my junior year as a Student Employee. August of that same year I was converted to a contractor from a student employee so I could stay on and worked through my senior year. Then when I graduated in May last year I was
converted to a full-time employee. Their focus on getting their students a career at the end has always been my favorite part about Stevenson. From the moment you get on campus they are preparing you and making sure you know how to write a resume and give you tools to find internships. They have a focus on the end-goal of going to college: getting a career.”


The University of Maryland University College offers both bachelor’s and master’s degrees in cybersecurity management and policy.

Valorie King, Ph.D., program chair and associate professor, notes that businesses are managed for stockholders and governments are managed for citizens. Risk management is done at the organizational level – “We place risk in the context of an organization” – and compliance asks if strategies to manage risk are effective. Policy dictates how we
will be governed and who gets to make the rules.

“Students look at the underpinnings of how businesses run,” she says. “Finance, accounting, customer relations, human relations – we bake it into the courses. There is this underlying thread that we pull – which is risk. Cybersecurity is not just about the internet and it’s not just about firewalls. They study operational processes.”

To do that, the program creates fictional companies and then adds legal and regulatory concepts. Students must implement access controls, identify governments and evaluate best-incategory processes.

“We talk about how cybersecurity supports the function of the organization,” King says. “We are preparing students with workplace-relevant courses and assignments.” She also adds that “not all solutions are software or policy – they can be materials. You change the materials used to build the cases or the energy supply.”

One course, cyber security in government organizations includes state, county and municipal levels. “There’s a tremendous amount of personal information held at that level,” King says, adding those levels also have workforce shortages. In other courses, students focus on remediation, merging operations when companies merge and international security policies. A course in criminal justice prepares students for digital forensics – how evidence is collected and the chain of custody.

Students are older, working adults or militaryconnected, and the program is designed for those who already have some hands-on IT experience. “If they have no IT
experience, the first thing you need to do is get a Network + certification and get a Security + certification,” King says.  “Employers screen for bachelor’s degrees and
specific certifications.”

The program does not require calculus; students take college algebra and statistics.

“Other programs have very heavy math requirements,” King says. “We are preparing students for specific fields under the GS-2210 career ladder. We are making this accessible to students.”


UMBC’s three programs – master’s in professional studies: cybersecurity; graduate certificate in professional studies: cybersecurity strategy and policy; and graduate certificate in professional studies: cybersecurity operations – are offered at the Catonsville campus and at the Universities at Shady Grove in Rockville.

The master’s at UMBC is 30 credits and 10 courses, while the certificate programs are 12 credits. The program isn’t aimed just at those with technical computer skills, such as computer science or networking, but also at managers tasked with overseeing cybersecurity. Most of the students in the program are attending part time while working.

Richard Forno, Ph.D., director of the graduate cybersecurity program and assistant director of the UMBC Center for Cybersecurity, notes that students “may not be the hard-core geek, but they’re leading teams of geeks. They can be cyber-crime investigators, law enforcement or systems administrators. I have Army folks assigned to cyber command. I had one student with an English degree – NSA took a very serious interest in her because she could write.

“When UMBC was forming the program, we brought in folks from industry, and the top things they wanted weren’t technology. Can they write? Can they work as a team? These interpersonal

Cyber security, continued on page 11

Jobs aplenty

Stevenson’s Carswell notes that cybersecurity encompasses three areas. The first is to protect the system, which includes anti-virus and backup systems. The second is detection – monitoring a system to  determine if a breach occurs, and the third is forensics, gathering and preserving evidence.

“Cybersecurity is a top-notch field in the state of Maryland,” he says.

According to the UMBC website, the cybersecurity job market continues to grow rapidly, particularly in the greater Washington, D.C. area. Cybersecurity job postings have grown 74 percent from 2007-2013 – two times faster than all IT jobs.

UMUC’s website notes that Maryland’s cybersecurity network includes 12 major military installations; 400 federal, academic and private research centers; and 50 federal
agencies. The state has more than 19,000 cybersecurity job openings. •