Please tell us a bit about yourself, your background, and your journey of becoming a CISO at PECE Development Group
I am a Lecturer and the Graduate Program Director for the Information Technology & Web Science (ITWS) program at Rensselaer Polytechnic Institute (RPI), the oldest technological research university in the United States, located in Troy, NY.
I am the academic advisor for all of our cybersecurity students, undergraduate and graduate. I am also the Director of the Rensselaer Cybersecurity Collaboratory, the security-focused research lab at RPI. I am also a developer for the OpenBSD project, a proactively secure Unix-like operating system.
My journey with PECE extends back to my days as a Ph.D. student, also at RPI. Part of my research work was to serve in a technological support role for a research project spearheaded by two professors – the Platform for Experimental Collaborative Ethnography, or PECE.
PECE is a web application that allows innovative pedagogy and research sharing among social science and humanities researchers. These professors were in need of someone who could manage their server systems initially. I took up that role and as time went on, I grew into the person who would give advice on security matters, perform risk analysis, audit our source code, aid in securely installing the software, and all other security issues.
PECE has grown into an international project that serves academic researchers, professors, and students all over the world, and I am still the person at the security helm making sure that everything runs smoothly and that everyone’s data stays safe.
Tell us more bout the ITWS program at RPI, what are your vision and goals?
The ITWS program at RPI was ranked the #1 program of its kind in the US by College Factual a few years back. We are extremely proud of our successes in providing our students with world-class education.
Our ITWS students learn a variety of skills, including cybersecurity, web development, data science and analytics, cloud computing and cloud security, and entrepreneurial skills. For our students who choose to specialize in cybersecurity, we have an active CTF team that has placed in the top 99th percentile of national tournaments such as the National Cyber League.
Our cybersecurity students are visible participants, experts, and emerging leaders on campus. For example, our students are developing cybersecurity awareness training activities for the campus community.
My research lab is also an opportunity for cybersecurity students to engage in cutting-edge research as early as their Sophomore year.
Our vision remains focused on the development of our next generation. We are extremely proud of our students and it has been a joy to watch them step into the real world and immediately begin making a difference. Our future goals include working and partnering with companies large and small to get them invested in the future leaders we are developing in the ITWS program.
How do you measure success today? What are your core metrics?
Have you ever watched a new cybersecurity student’s eyes light up when they see their first buffer overflow exploit succeed? Seen the excitement on their faces when they explain concepts like risk management to another student? Heard them exclaim in joy when they had a successful internship interview? Watch them enjoy becoming their future selves? This is how we measure success. And our successes are your successes–these will be your organization’s future cybersecurity employees and leaders.
Our academics and research are our core metrics. But it is our students who realize them. There is nothing more rewarding than a former student who returns years later to tell us of their successes and how their start here in the ITWS program helped them reach those heights. We know we are putting your organization in good hands with our graduates.
What are your thoughts about the future of 3rd party risk management?
There are many trends on the future of third-party risk management that I think would be fruitful for companies to make sure they are on top of. But the one I want to point out here is the integration of cybersecurity and ESG (Environmental, Social, Governance).
Our students–your future leaders–are extremely aware of the need for all of us to be more conscientious of the broad-reaching effects of our organizations’ actions. They will talk to you about them. And they have thoughts and opinions worth listening to.
I think many of our students in this generation, who lived through the Covid-19 era as children and college students, will be particularly apt to very quickly develop new ideas about this integration that will help propel their organizations to the forefront of third-party risk management.
What advice would you give to your students at RPI who wish to start their career in cybersecurity?
While not all of cybersecurity is like what we see in the movies, all of it is fun and all of it has its place in the broader strategy of organizations. There really is something for everyone in this field, and no matter what avenue you choose to pursue, you will become a leader in that area. Be open to exploring this field and know that there are people here at RPI who believe in you and will help foster your growth. And there are many organizations like Centraleyes out there who are also rooting for you and are excited to see you join the global cybersecurity community and grow with us.