The desire for teaching and mentoring students is what attracted me to academia. It is the thought of interacting with young and eager students that is foremost in my mind as I walk to work every morning. It is they who motivate me.
I have been teaching for close to thirty years, and over these years I have learned a few lessons about being a teacher:
- You must care. The moment I am not able to smile and feel compassion for the student who approaches me for help, I will quit.
- Learning requires active and hands-on engagement, especially in an engineering school.
- Learning goes beyond the classroom. A great amount of learning can take place in informal settings.
- Engineering programs can benefit tremendously by developing interdisciplinary elements in their curriculum.
- Technology can be a great boon for learning.
HANDS-ON LEARNING
My approach to education is firmly rooted in the belief that theory and practice need to complement each other to deliver a well-rounded education. Hence, when I started the cyber security program in 1999, a colleague and I established an Information Systems and Internet Security Lab (ISIS, renamed OSIRIS) and developed a sequence of undergraduate courses in computer and network security. We were second in the nation to offer security courses at the undergraduate level at the time and perhaps the first with a dedicated lab for undergraduates. OSIRIS has been running for more than a decade and the lab and courses it supports have been immensely successful. It has become a focal point for cyber-security-related activity at NYU Tandon. In addition to its function as a space where cyber security research is conducted, OSIRIS is a meeting place for students who are interested in security. Daily, the lab is where technical topics are discussed, points of view are argued, and knowledge is spread among the students.
As the number of students taking security courses began increasing, we had the need to provide remote access capability to the experimental environment of OSIRIS. Hence, with NSF Capacity Building funds obtained in 2005, a few students and I built a remotely accessible and configurable virtualized cyber security laboratory called VITAL, as a centrally shared laboratory facility for a consortium of universities in New York City. This lab was made available to schools that needed to enhance their IA education by means of a laboratory-based hands-on component, but were not able to afford one. The consortium consisted of the four minority institutions: CUNY City Tech, CUNY John Jay College, CUNY Brooklyn College and Borough of Manhattan Community College, along with Adelphi University. VITAL can now host over one thousand virtual hosts and hundreds of network components like routers and switches. NYU Tandon now uses VITAL for the laboratory components of all its IA courses.
Realizing that the hosting model will not scale, in 2008 we received NSF CCLI Phase 2 funds to collaborate with SUNY Stonybrook and develop a simple and flexible software platform based on VITAL that can be distributed to institutions all over the country so that they can set up their own virtual labs. In 2011, all the source code for the VITAL environment was released and NYU Tandon created a public website for all deployment material. Lab materials (ISOs, VM images) and lessons were made available for download along with the installation materials and documentation. Over the years VITAL was used by thousands of students and from different universities. Of course, in the era of cloud computing, many schools have created virtual environments today, but VITAL was an early example and a trailblazer.
INFORMAL LEARNING
In 2004 I organized a cyber security competition, CSAW, along with my students. The intention was to bring awareness about cyber security on campus and attract more students to the cyber security lab and the exciting projects that were going on there. The event was very successful and I started running and expanding it every year. We are now at a point where more than 10,000 participants from all over the world competed in CSAW 2016. This included students from five hundred high schools in the US for the High School Forensics (HSF) challenge and hundreds of universities from across the world from more than fifty different countries for the Capture the Flag (CTF) challenge. CSAW is sponsored by leading corporations and many papers have been written on the value of cyber security competitions and CSAW. CSAW has been run in multiple continents simultaneously and has been a phenomenal success and brought great visibility to NYU’s cyber security program.
INTERDISCIPLINARY ENGINEERING EDUCATION
Engineers charged with building information systems often work primarily with technical specifications and their success is often measured by purely technical metrics. This approach, though adequate for certain problems, fails to address broader issues which involve trust and personal and social acceptance. To build a successful technology-enabled society, the cyber security paradigm must address broader issues of trust, policy, economics, usability and effectiveness.
Hence, in 2009, I started work on creating an interdisciplinary environment incorporating a cadre of technologists and scientists who model integration of technical, legal, financial and psychological aspects to develop secure, reliable and practical solutions to complex problems. The new security education paradigm that I envisioned would expose masters and doctoral students to integrated interdisciplinary research, mentorship, and education while working with experts in disciplines needed to provide a broader, interdisciplinary context for information security.
To begin this process, I led the establishment of The Center for Interdisciplinary Studies in Security and Privacy (CRISSP; now the Center for Cyber Security, of CCS). The center brought together complementary expertise, faculty innovation and student enthusiasm from different schools at NYU to enhance the state of knowledge and practical application of security and privacy. This center included faculty from NYU Tandon (engineering), NYU Steinhardt (ethics, philosophy and education), NYU School of Law, NYU Wagner (public policy) and NYU Stern (business and economics).
I also began forming teams and looking for funds to support interdisciplinary research and education. In 2010, I was the PI of a 3 million dollar NSF IGERT award (INSPIRE) to fund two-year traineeships for approximately twenty-four interdisciplinary PhD students. In 2010 I was the PI for the renewal of our existing NSF Scholarship for Service (SFS) award (ASPIRE) to now include interdisciplinary training in cyber security to BS and MS students and place them in the federal workforce. I have been the PI for the SFS program since 2002 and I created ASPIRE to expand it to include students from other schools.
In summary, the work done by my colleagues and myself at NYU has led to the establishment of an interdisciplinary education program in cyber security. In the past two to three years, it is being increasingly accepted that cyber security is inherently a multidisciplinary subject and our program at NYU is again a trailblazer and a national role model.
STRIVING FOR DIVERSITY
Although CSAW is currently the largest student-run cyber security competition in the nation, I noticed in 2011 that 95% of the finalists were male. I applied for NSF funding for a summer bootcamp session for high school teachers with a focus on women teachers, with the requirement of forming and mentoring women teams for CSAW’s High School Forensics. This resulted in a significant increase in women participants in CSAW preliminary rounds. However, in 2012, despite the additional guidance and support that were made available to students, 90% of the finalists were male.
To provide additional support to women, I obtained funds from the NSA and in the summer of 2013, girls from local high schools were invited to participate in a two-week cyber security camp where they would gain the skills necessary to succeed in a competition such as CSAW. After the camp, the girls reported a greater likelihood of pursuing cyber security as a career path. Nevertheless, while all the girls were committed to making it to the finals of the 2013 CSAW HSF, only two girls succeeded. I continued to receive funding for the camps in 2014 (two camps) and 2015 (three camps), but the statistics have remained roughly the same. In 2014 we had two women finalists out of 34 and in 2015 we had five.
Although these numbers are consistent with security-industry-wide percentages, I started looking at ways to rectify this imbalance because I believe that not only is women’s participation good from a critically important diversity perspective, but it is the only way to truly meet the need for more qualified cyber security professionals. My conclusion was that this problem must be addressed early in women’s education to capture their attention and interest. Hence, I collaborated with an expert in adolescent and girls’ development at the Columbia University School of Social Work and have written a few papers about understanding of the problem (See below). I have proposed a deeper study and intervention plan to NSF this fall which got funded recently. The study will expose high school girls to cyber security and simultaneously counter stereotypical threats related to women in the field of computer science. This innovative STEM intervention will include a teacher training program and a school-based curriculum in the form of after-school clubs for adolescent girls and will be designed to inspire young women to pursue post-secondary studies in a STEM-related field, with the added benefit of preparing them for employment in an area of critical national need.
I have also run a summer symposium for women in cyber security with IBM, Goldman Sachs and Facebook as sponsors.
After becoming the Computer Science department head at NYU Tandon in 2013, I also came to see the same lack of diversity in Computer Science department enrollments. The problem, as I understood, is nationwide.
Hence, I began several initiatives in the department to address diversity issues. We recently joined the National Center for Women & Information Technology (NCWIT) specifically to recruit women so that we can take advantage of the programs and resources NCWIT can offer and can share our experiences with other universities. We started a Women in Computer Science club in the department. We hired three new women faculty. We send women student groups to conferences and workshops. NYU Tandon has become known for its leadership in bringing more women to cyber security and I hope in the next five years we will be known as leaders in the broader field of computer science as well.
Finally, in 2016, I created the NYU Tandon Bridge program. This low-cost online program is especially for non-computer-science students who are interested in a possible career change. Many of the students in the program are working professionals with degrees in other fields. The program offers intensive introductory courses (offered online for the greatest flexibility) for fifteen weeks and, once completed in good standing, students are invited to enroll in a Tandon master’s computer science degree. The students, thus, come from a large variety of backgrounds and bring their own unique experiences to the computer science pool. We ran a pilot of the bridge in Summer 2016 and admitted 7 bridge students to the MS CS program in Tandon. Three started in Fall 2016 itself and have done very well.