The 2021 CyberMaryland Conference presented by the Federal Business Council (FBC) promoted the theme, “Building the Cyber Generation.” During the two-day conference agenda, University of Maryland Global Campus speakers built on this theme with the intent of ensuring today’s cyber-safety and educating tomorrow’s cybersecurity professionals.
Featuring thought leaders from Maryland’s cybersecurity sector as well as nationally recognized speakers and panelists on cyber and technology innovations, the online event covered the most up-to-date information in all facets of the cyber ecosystem. UMGC faculty members, including several from the School of Cybersecurity and Information Technology, presented on a wide range of topics. Notably they discussed current and future cyber legislation, promoting women in cybersecurity, the emerging field of cyber accounting, and the potential of stackable credentialing.
Additionally, the UMGC student cyber competition team scored a big win by placing first in the four-year university category at the conference’s national capture-the-flag (CTF) competition. This signature event, hosted by UMGC, assembled top national cyber talent competing in an online-virtual competition. The UMGC team, including Tim Nordvedt, Paul Chilcote, Louis Rush and Ben Simcox, scored 91 points to take first place, followed by runner up University of Central Florida with 87 points, and Towson University taking third place with 56 points.
Keeping pace with national and local threats through legislation
On day one of the conference, Greg Von Lehman, special assistant for cybersecurity at UMGC, moderated a panel on recent cybersecurity legislation in Maryland and at the federal level. Von Lehman noted that the number of cybersecurity bills proposed in Congress has climbed steadily in recent years as have bills in state legislatures.
“We will be seeing a greater impact of the government’s role in the nation’s cybersecurity,” said Von Lehman. “From 2016 to 2020, we saw that COVID-19 impacted the number of cybersecurity bills that passed, and we should see more passed in 2022.”
Panelists, including Michael Garcia, senior policy advisor at ThirdWay, and Markus Rauschecker, cybersecurity program director at the University of Maryland Center for Health & Homeland Security (CHHS), explored the victories for cybersecurity in the last Congress, the range of cybersecurity issues that state legislatures are seeking to address, and the cybersecurity bills that are currently moving through the Maryland General Assembly.
Garcia added that the 116th Congress has increased the amount of cyber legislation, which is also gaining bipartisan support. “Although going after adversaries is not a key priority thus far, there has been a lot of pressure on members of congress to act after the SolarWinds attacks,” he said.
Von Lehman offered a summary of legislation, stating that most bills introduced and passed on the national level focused on three primary areas—election security, criminality and consumer protection. For election security, 14 best practice bills were introduced out of 35 total and four were passed. Criminality bills focused on increasing penalties, identifying new crimes, and increasing investigative capacity for cybercrimes. Most consumer protection bills introduced focused on security requirements, such as data protection and personal information. In this area, 33 bills were introduced and three passed.
Von Lehman added that legislation in Maryland reflects what is happening on the national stage. “There are 18 cyber-related bills in the current Maryland session focusing on criminal law, consumer protection, preparedness, governance, education and workforce development, and voting security,” he said.
Supporting women in cyber education
A day-one afternoon keynote panel on women in cyber education featured Loyce Pailen, senior director for the Center for Security Studies at UMGC and focused on how public and private organizations can work together to bring more cybersecurity education and employment opportunities to women in their local communities and nationwide.
While cybersecurity jobs are at an all‐time high, she said the gender gap in the field remains wide. The panel discussed ways to build awareness and interest in cyber careers among women of all ages. Pailen stressed the importance of role models. “Girls need to see people like them in the jobs they aspire to attain,” she said. “Rather than introducing girls to cyber, we should be asking them what it is they want to solve in life,” she added.
Also on the panel was 14-year-old Bianca Lewis, otherwise known as “BiaSciLab,” founder of Girls Who Hack, which teaches girls hacking skills so that they can change the future. Asked what educators can do to get girls engaged in cybersecurity, Lewis said, “Kids love anything hands on, so I think that if we want my generation to get into STEAM, we need to teach them hands on projects.”
Panelist Jennifer Wood, head of communications and government affairs at Luta Security, offered a messaging perspective for promoting women in cyber. “We need to change the messages that women are hearing,” she said. “Girls need to see all these women featured as cyber experts and understand that they can have that role as well.” Wood also said that local companies are lagging in terms of engagement. “They need to do a better job engaging in local events and getting involved in the schools to make sure there are increased opportunities in K-12 and beyond.”
Meeting the need for cybersecurity training in the accounting field
As guardians of crucial assets—while not typically thought of as cybersecurity professionals—accountants now play a critical role in cybersecurity and digital forensics. A UMGC panel of four faculty members discussed the impetus to develop a master-level CyberAccounting program, including the expanded role of lawyers and CPAs in cybersecurity.
Accounting firms are treasure troves of information. To hackers, they are targets. And although CPAs are not cyber experts, they do need to know when to engage cyber professionals. They need to understand the risk landscape, how to detect intrusions into assets, how to promote cyber resilience, and how to foster conversations among stakeholders.
Key to cyber accounting, according to Bruce DeGrazia, professor of Cybersecurity Management and Policy, is an understanding of Blockchain. “Leaders in accounting need to understand Blockchain, not because it is the basis for crypto currencies, but because it can be used to protect documents and transactions,” he said. “Blockchain in financial institutions allows us to protect documents and confidentiality.”
DeGrazia also made the case that the CPA skillset is a natural fit for cyber audits. “CPAs are expert in audits and are able to identify cyber risks and assess the severity of each one,” he said. “They are good at auditing security policies and privacy controls, they can perform penetration testing on the social engineering side of cybersecurity, and they can integrate cyber risks into the audit plan.”
Positioning learners for academic and career success with microcredentials
Douglas Harrison, vice president and dean of the UMGC School of Cybersecurity and Information Technology, moderated a session on stackable microcredentials and how providing professionals with right-sized industry-aligned credentials that can be assembled (stacked) toward traditional degrees are increasingly valued in the workplace.
“Students can assemble a series of credentials–certificates, licenses, badges, or apprenticeships–that recognize achievements and abilities,” said Harrison. “This increases their currency in our knowledge economy, creating more direct pathways to better jobs and higher wages.”
Why stackable? The high cost of education and immediate relevancy are two driving factors to incremental learning. “There is a theory that supports learning in smaller bites,” said Harrison. There is also a motivational aspect. Harrison noted that adults also sense value upon completion if learning is done incrementally and in smaller amounts. Moreover, by stacking education into small units of learning, students are afforded the flexibility of coming in and out of learning. Ed Bach, vice president, Strategic Partnerships at UMGC, discussed the business case for stackables from an employer perspective. “Corporations are looking for knowledge now,” he said. “Stackables help us produce focused, well-educated employees for employers, while encouraging life-long learning.