Protecting data – whether personal or intellectual property – is not an easy task in the Digital Age. The increased sophistication of cybercrime and state-sponsored hacking, and rise of ransomware and other malicious software, all contribute to a risky cybersecurity ecosystem for organizations of all stripes. But creating a workforce ready to take these challenges on requires a multi-stakeholder approach – from policymakers to computer scientists to management.
This reality is reflected in one of the country's newest cybersecurity master's programs, at Brown University.
“The most important thing for the next generation of professionals is to have a variety of different skills and disciplines,” said Brown University Academic Director for Law and Policy Tim Edgar, a former director of privacy and civil liberties for the National Security Staff at the White House. He, along with a core of experts in a variety of disciplines, has been working on the new master’s program at Brown, aimed at teaching professionals a bevy of new skills for the cybersecurity era.
Specifically, Brown’s Executive Master in Cybersecurity is “designed to cultivate high-demand, cross-industry executives with the unique and critical ability to devise and execute integrated, comprehensive cybersecurity strategies for nations and industries across the globe,” according to the program description.
“We’ve had lots of discussions over the years about cybersecurity,” Edgar explained in a phone interview. “One thing is that we need to talk across disciplines.” Edgar sees privacy and security as two sides of the same coin, so developing professionals to have skills in both is paramount to the cybersecurity profession.
The Brown program is not exclusive to any one type of professional; rather, it’s designed to bring together students from different backgrounds – privacy, law, finance, computer science, you name it – to help learn from multiple fields and each other. Edgar said they expect to get folks from tech, legal and management backgrounds initially.
“Lawyers tend to think about data collection in terms of torts and laws around personally identifiable information,” Edgar said. But PII might mean much different things to a computer scientist or systems administrator. This program would help to establish a common language that can be used by policy and tech professionals.
For those interested, the priority application deadline is April 18, and the inaugural program gets underway this October.
The Brown program seeks students that have an established background in a profession. So, for example, a mid-level privacy officer would be an example of a solid prospective student. The key to Brown’s program, according to Edgar, is that students would not have to leave their jobs. Much of the 16-month program takes place online, from the comforts of the student’s home, and in between normal working hours.
“This is an innovative way of teaching,” Edgar said. “It’s a blended model that has the best of both worlds. It bridges the gap between traditional campus-based learning and online learning.” He explained that campus-based learning basically would require students to leave their jobs, whereas an online course doesn’t allow the diverse set of students to learn from one another.
So, an incoming student would start at Brown’s campus in Rhode Island for a week. The cohort – which could number around 35 students – would meet, integrate, and get to know one another. “You can learn so much from fellow students,” Edgar said. “That really mirrors they way people work in the real world – it’s fine to work from home, but you always need face time.”
After that first week, students meet three different times for one-week sessions at Brown. There’s one exception, though. One of the on-site sessions will take place at a venue in Silicon Valley. Suther said the venue for the inaugural year has yet to be determined, but he predicted that it would rotate from year to year.
The classes themselves will reach across disciplines as well. Courses include applied cryptography and data privacy; human factors in computer security and privacy; management in IT systems and cybersecurity risks; and effective leadership, among others.
For someone with a computer science background, one of the crypto courses might be more accessible than for a lawyer, let’s say, but on the flip side, there will be classes on global policy, which would feature a focus on things like the General Data Protection Regulation and other issues that those with a tech background may be less familiar with. Suther also said there will be classes on cyber conflict law and cybersecurity policy as well as issues on Internet freedom. “There will be a variety of ways of showing how law and policy relate to the cybersecurity field,” Edgar explained.
Students will also focus on a “critical challenge project.” Instead of completing a master’s thesis, or a big paper, students will take part in a project of their making. “It could be anything. Like a big, complex cybersecurity problem and how it can be solved,” said Edgar, for example. Students will have a mentor from industry or government. The student would then view the critical challenge through multiple lenses, including that of the chief security officer, hacker, customer, employee, security auditor, and more. She then develops a comprehensive plan to solve the challenge.
Edgar hopes that, ultimately, these projects will emerge as solutions in the real world. “I fully expect that we’ll be able to point to a real world initiative and say, ‘hey, that started here.’”
If you want to comment on this post, you need to login.