How did you get into Cybersecurity?

Laura: I got into the world of cybersecurity computer science education by a circuitous route; I actually have a law degree. I went to law school straight out of undergrad, and while I learned a lot about intellectual property and internet law there, cybersecurity law wasn't really a thing at the time. As I worked, I found myself more attracted to helping the world become a better place through policy rather than working with individual clients, so I came to UMBC to get my PhD in public policy. While I was there, I was a graduate assistant to somebody who was conducting the first nationwide survey of local government cybersecurity in the United States. I helped with that project; we ended up publishing more than 6 articles, conducting additional surveys, and authoring a book on Cybersecurity and local governments.

I finished writing the book and got my Master’s in cybersecurity during COVID, and have recently finished my dissertation on local government cybersecurity. While I was still a student, Jack Seuss, the CIO of UMBC, found out I had a legal background and brought me in to help with IT and privacy compliance, which is how I got to my present position. I’m the Associate Director of Digital Trust within the Cybersecurity Assurance and Digital Trust group of UMBC’s IT division. Basically, that means I’m responsible for assisting with cybersecurity, privacy, and AI governance at UMBC, as well as compliance with IT standards and other legal frameworks relevant to different data that we have there. I direct the Cybersecurity Clinic at UMBC as well, which assists public organizations in improving their cybersecurity. 

I’m also the assistant director of the Maryland Institute for Innovative Computing, which is responsible for assisting workforce development in terms of cybersecurity throughout the state. One of our primary efforts there is connecting all K-12 community colleges and 4-year public institutions in Maryland with the U.S. Cyber Range, which is based out of Virginia Tech. It's a virtual sandbox environment where CyberSec Ed can be conducted in a hands-on but safe way, giving practical experience in learning how to investigate and respond to different cybersecurity situations.

Bella: I'm Laura's grad assistant. I graduated from UMBC this past spring with a degree in Information Systems, and just started my Master's degree (also in Information Systems, with a Cybersecurity certificate I’m working on as well) this summer. I help Laura, mostly with the Cyber Range stuff, and am pretty new to everything still.

What are some successes and challenges that you've experienced?

Laura: I would say the challenges have been successes; I’ve found that any kind of block or barrier is temporary and has a way around it. A specific success has been implementing and helping build the privacy and AI policies that organizations at the university system of Maryland follow. The university system has people from all the different schools come together to talk about the intent of what the law says and how to best implement it together as a group, which has worked really well. 

A challenge is that there’s always so much to do and never enough time or attention to be able to give it. I’ve had to learn to be patient and flexible and to keep things in perspective; learning, improvement, and change take place over time. 

Bella: I’ve also seen time as a major constraint. Not everyone is on the same schedule, especially during the summer, and people are always working at different rates, which can be challenging. As for successes, finding my way into this subject at all was a positive. I had originally started out in environmental engineering, and got more into IS and CyberSec as my college career went on, so it was a process to get here.

What do you find compelling about your work?

Laura: IT and CyberSec are the foundation to modern digital life. The state of society wouldn't be what it is today without technology, and as it becomes more complex, there's more to protect. It's also a constantly evolving topic, which I find to be really interesting. I consider myself to be a lifelong learner, so it's fun to see things as they develop. I'm really drawn to the cybersecurity education part of it, making sure people have access to the resources they need from a young age to be able to learn this incredibly relevant field.

What are you currently working on or looking forward to?

Laura: I'm excited to continue to build on the workforce development efforts that we have going on at the Cyber Range, getting all of the schools that aren't yet members to join, building a community around that, helping to improve cybersecurity education in the workforce, and eventually helping organizations in the state through the Cybersecurity Clinic as well. This year, now that I've graduated, I’m excited to be in a position to be able to focus on cybersecurity and other more specific topics that I've been wanting to explore.

Bella's been working on a Cyber Range newsletter for us, which we’re hoping to release twice a year, once in fall, once in spring. We also want to continue to develop a relationship with the Virginia Cyber Range, which is a great neighboring resource for educators. At their yearly conference, they have a cybersecurity signing day, which highlights cybersecurity students- what college they're going to, what degree they're looking for- which is a way of acknowledging their efforts throughout the year, and also looks great on their resumes. We’re looking forward to building up a community for the Cyber Range and are hoping we can set up a Capture the Flag competition between Maryland and Virginia high schoolers.

Any advice or resources to share?

Laura: I think there's just lots of ways to help raise awareness of cybersecurity. The National Cryptologic Foundation, which is based here in Maryland, has a lot of wonderful resources for teachers. They have a workbook, plus a couple of video games that they've developed to help teach cybersecurity for middle to high school age group. 

Younger people relate really strongly to the digital world, so it’s easy to explain the risks that are involved to them and the impact it would have if all of a sudden it wasn’t there. My suggestions would be to make sure to relate it to their level and try to incorporate emerging technologies like AI as soon as possible in order to emphasize critical thinking, ethics, awareness, and responsibility in using them as tools.

Bella: Coming from a more recent student perspective, I’d say it’s never too late to get involved in something new. Just because you come into high school or college with an idea of what you're interested in doesn't mean that has to be the path you stay on the whole time. Both of our education and career paths have evolved to where we are now, so don’t be afraid to refocus!

What would you like to see more of?

Laura: A sense of community; having and fostering conversations. I thought the recent AI in Education Conference at UMBC was a really awesome first step in that direction. The more people are talking about how to use AI in education, the more awareness can be brought to how it works in different areas. For CyberSec specifically, I think creating more opportunities to learn the technologies themselves and to discuss them together are important for supporting educators.