Filling the infosec ranks

With a little help from Uncle Sam, Carnegie Mellon University is helping colleges and universities train the next generation of information security professionals.

The university last month held the first in what will be a series of sessions to assist other colleges and universities with creating their own information security academic programs. These capacity-building programs, primarily at the graduate level, are crucial to meeting the need for trained security professionals in the government and in the private sector.

"The more schools that can develop these [information security] programs, then the more students we can turn out with this kind of expertise," said Don McGillen, executive director of Carnegie Mellon's Center for Computer and Communications Security and a leader of the program.

Carnegie Mellon received a $400,000 grant through the National Science Foundation's Federal Cyber Service program to provide the training. Begun about two-and-a-half years ago, the NSF program provides grant money to schools for capacity-building programs. It also provides scholarships to students studying information assurance in exchange for two years of government service in the Cyber Corps.

In its capacity-building program, Carnegie Mellon brought together nine faculty members from Howard University, Morgan State University and the University of Texas at El Paso — all institutions with computer science programs. Next summer, program officials hope to bring back at least one participant from each school while expanding the program to other institutions, McGillen said.

Carnegie Mellon is a good institution to offer such a program, said Alan Paller, director of research at the SANS Institute, an information security education and research group. "No organization is better positioned to do what they're proposing to do."

The university gathered staff from its computer science, engineering and public policy schools, from its CERT Coordination Center and from other institutions designated as centers of excellence under the National Security Agency's Infosec Education and Training Program. "We went to the experts," McGillen said.

The four-week residency program started with how to teach information security and how the topic fits in with other academic subjects, such as public policy. The program then dealt with how to develop an information security curriculum.

It ended with an examination of current and future research opportunities for which Carnegie Mellon officials believe the government could get "the greatest bang for its buck," McGillen said. The four institutions are working together on proposals.

The availability of research money is primarily why professors migrate toward certain subject areas, and good professors with interesting funded research draw students, Paller said. And the best way to keep capacity-building programs going is by funding more research.

At Carnegie Mellon, the program directors sought feedback and ideas during the training session, and even ended up changing the schedule to incorporate new subjects that participants requested, McGillen said.

Feedback and collaboration will continue throughout the year, he added. Part of the NSF grant will be used to maintain a collaborative Web site where participants can ask questions, exchange ideas and start working on research proposals together.

"We want to establish continuing, long-term relationships," McGillen said.

After returning to Howard University last week, Wayne Patterson, a professor of computer science at the university's graduate school, adapted the information security course he teaches and plans to add a follow-up course.

"We have a very heavy emphasis on our graduate programs here," he said. "So what we have been interested in is really developing our capacity at the graduate level in computer security."

But capacity building is something that takes time. "We're definitely playing catch-up," McGillen said, "but better [that] we play catch-up than just throw up our hands."


At a glance

Information security capacity-building program

Lead institution: Carnegie Mellon University

Participating institutions:

* Howard University, Washington, D.C.

* Morgan State University, Baltimore, Md.

* University of Texas at El Paso


This four-week program, funded with a grant from the National Science Foundation as part of the Federal Cyber Service initiative, will help colleges and universities develop information security graduate programs. In the long run, having more programs will increase the number of Ph.D.-level information security researchers available to meet public- and private-sector security needs.


  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

  • Comment
    Pilot Class. The author and Barbie Flowers are first row third and second from right, respectively.

    How VA is disrupting tech delivery

    A former Digital Service specialist at the Department of Veterans Affairs explains efforts to transition government from a legacy "project" approach to a more user-centered "product" method.

  • Cloud
    cloud migration

    DHS cloud push comes with complications

    A pressing data center closure schedule and an ensuing scramble to move applications means that some Homeland Security components might need more than one hop to get to the cloud.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.