The Human Variable in Cybersecurity: Armor or Weakness?
Cybersecurity involves complex ecosystems with many different types of vulnerabilities, but human beings can be the armor against cybersecurity or a major vulnerability.
How did you become interested in Cybersecurity?
I was first interested in cybersecurity in hopes of finding ways to prevent breaches that affect the most vulnerable people. Cybersecurity is tied to so many areas — social justice, psychology, mathematics, data science — ultimately, I want to help people, especially those who might be struggling financially. A breach that has a negative financial impact on a customer already struggling financially can have devastating consequences.
Can you tell us about your research and its potential applications?
My main area of research focuses on the human factor. Cybersecurity involves complex ecosystems with many different types of vulnerabilities, but human beings can be the armor against cybersecurity or a major vulnerability. One employee can unknowingly click on a phishing email that can lead to disaster for a company, including loss of private data and financial consequences. I'm currently conducting several case studies with different STEM industries. My research seeks to identify, understand and prevent human factors that relate to technical computer and information security vulnerabilities.
It seems like we hear about security breaches weekly now — has this always been the case, or is it just getting more coverage?
The number of security breaches is growing and we learn of new vulnerabilities every day.
You’ve mentioned the dangers of opening a suspicious email. What else can we do in and out of the workplace to prevent security breaches?
There needs to be more control of mobile devices in the workplace and the prevention of employee access to potentially dangerous sites, whether it be social media, personal email or other forums.
What advice do you have for students interested in the field?
It is definitely an incredible time to learn more about cybersecurity! There is so much to discuss.
Attacks are possible only because we deploy systems with flaws present. This is serious business for organizations such as the National Security Agency (NSA) in regards to national security. I’ve teamed up with Professor and Director Nanette Veilleux, Assistant Professor Amber Stubbs and Simmons Technology to apply to become an NSA Center for Academic Excellence in Cybersecurity and Research Lablet. The research effort was launched by the NSA in March 2018 to deepen the scientific understanding of trusted security systems. The NSA awarded contracts to six “Lablets” — small, multi-disciplinary labs at U.S. research institutions — to do foundational security and privacy research and develop the privacy breakthroughs needed to safeguard cyberspace.
If our application is approved in January, I will direct the Simmons Center for Academic Excellence in Cybersecurity (Simmons CAE-C), along with the NSA research lablet. Both the CAE-C and research lablet will serve as a forum for Simmons faculty research in formal methods and cybersecurity, as well as open new student opportunities to participate in research in this area, along with scholarships and internship opportunities in cybersecurity.
This is a fascinating area for students interested in protecting society at large. Perseverance is the most critical element of success in this area, for all of us. Please contact me to learn more. I love talking with students about cybersecurity.