What happens when an international bank with customers around the globe has a data breach? Who decides next steps and how to prevent future breaches?
The School of Information Science at the University of South Carolina recently developed a course that helps students learn how organizations answer questions like these.
Information Security and Intelligence (ISCI 340) teaches students about firewalls and data forensics, but it also delves into deeper issues related to the human component of cybersecurity.
“When you say cyber, most people think of someone sitting at a keyboard hacking away at a server somewhere. That is part of it, but there is also the human side to it,” says Jeff Salter, the instructor for the course. “If the employees in an organization don’t help protect data, no amount of technology can keep it safe.”
The genesis of the cybersecurity course was a conversation between Jodi Salter, a program manager at the Walker Institute, and Lt. Gen. Dennis Crall, who was at the time Director for Command, Control, Communications, and Computers/Cyber and Chief Information Officer, Joint Staff J6, about the need for employees who can explain the scope and effects of cyberattacks to individuals with limited technical knowledge. The iSchool agreed to design a course to address this need.
The cybersecurity course helps students develop skills that would allow them to be a bridge between network engineers and the staff working in other branches of an organization.
One of the most enthusiastic student evangelists for cybersecurity education at USC is junior Nic Steidl. He is a cadet in the Army ROTC program and serves in the South Carolina National Guard's 125th Cyber Protection Battalion — the only cyber unit in South Carolina.
Steidl helped establish the Gamecock Battalion Cyber Club, which provides opportunities for students to network and participate in hands-on activities related to cybersecurity. For example, the club traveled to the Naval Information Warfare Center-Atlantic to participate in a virtual capture-the-flag event.
He sees the club as a steppingstone for students who wish to learn more about the cyber realm and pursue cybersecurity jobs. Specifically for the military he mentions how difficult it is to obtain a job within the cyber domain. “It is probably the most competitive job to get in the Army, because there are a very limited number of slots to fill. So not a lot of people are able to branch cyber,” said Steidl. “Hopefully with the foundation of this club more people from the university, can learn about the cyber/IT domain, and get a better understanding of the internships, scholarships and jobs that are available to them.”
The Information Security and Intelligence course is relevant to students who are looking to work in cybersecurity in the business world, as well. Cybersecurity touches every aspect of modern life, and the course has a broad scope that allows students to see where they might fit into the industry.
The impact of the course was so strong that it changed the career trajectory of senior information science major Alexandra Deveraux. “I specifically came across cybersecurity while in the class, and that’s what got me more interested in that type of work. That class gave me the opportunity to do hands-on work in cybersecurity to see if that’s something I would like to do,” Deveraux says. The class also lead to a part-time job with the Teneo Group. After graduation, she hopes to stay with the company and move into a full-time position.
Junior Aidan Silverman took Information Security and Intelligence the first semester it was offered, and it was part of what prompted him to change majors to information science. Being in the program is beneficial to him because of the numerous networking experiences available to students. Attending the SC Decoded conference last September was an impactful day for Silverman because it led him to his first internship.
“That’s the great thing about iSchool. Dr. Gavigan sends out an email about conferences, and anyone enrolled in the program can participate,” Silverman says. “I met the governor. It was just a huge opportunity!”
The course evolved between the first and second semesters in which it was offered. Originally, students took the course, then they received a waiver to complete the Check Point Certified Security Administrator exam. In the second version of the class, the certification exam, which is monitored by an external proctor, became the final exam for the course. This will allow students to finish the class with the certification in hand, making them more attractive to prospective employers.
In fall 2023, the course will become a permanent listing in the university catalog under ISCI 340: Cyber Security and Information Science. Students from any major can enroll.