Young alumni talk cybersecurity at Farmer School panel discussion
A panel of recent graduates examined the current and future states of cybersecurity.
Young alumni talk cybersecurity at Farmer School panel discussion
A trio of recent Miami University graduates came to the Farmer School of Business on Wednesday to take part in the 2024 ISA Department Cybersecurity Panel -- Kyle Kofsky, Cassie Whitley, and Timmy Boush.
“I specialize in credit card security, something that I didn't know existed until a couple years ago, but it's something that everywhere you go, any physical place you go, anywhere you shop online, it's really covering security in that sense, from when you swipe your card to when you put it online,” Kofsky '20, senior associate PCI assessor at Schellman, said. “The number of places your credit card goes when you swipe it, when you put it in somewhere, is astonishing. It's a lot of work, and it keeps me in work.”
“I have a brother who's a year older than me, and so when he was 11 and I was 10, he was building computers. He also got into hacking Minecraft servers, and so because of that, being a little sister, I wanted to help him out, join him doing it,” Whitley '23, IS rotational program analyst at US Bank, said. “So that actually got me into cybersecurity, and I realized that that's what I want to do. It's so exciting and ever-changing.”
“I got into cyber at an early age, where I enjoyed working with computers. Ifelt that that was an avenue that I thought was going to be around for a long time, and I wanted to do something that I thought I could help a lot of people in,” Bouch '23, IT assurance technical associate at Crowe, said. “And as I'm sure many of you do, I wanted to make a lot of money and have some job security. So I thought cybersecurity is probably a good way to go.”
Joseph Nwankpa, an associate professor of information systems and analytics and the FSB Director of Cybersecurity Initiatives, guided the panel through a series of topics around "The Rising Global Cybersecurity Threats in the Digital Age of Business.”
- On the digital transformation impact on cybersecurity
“You have a phone, you have a smartwatch, you have a laptop. And if you think about that from an enterprise perspective, each of those devices is a potential vulnerability. Any point of access you have into an environment becomes a point of ingress or vulnerability. I would say that is the most impactful part of digital transformation,” Kofsky said.
“I always say the biggest threat is the employees. So ensuring that there's a very strong foundation of understanding ensures that the company is better protected,” Whitley said. “I ran the phishing campaigns at an internship that I had. I would design these emails to fool our employees. You'd be amazed how many people fell for it. Just an email saying, ‘Oh, you want a free shirt? Click this link,’ and so many people would fall for it. Ensure that your employees understand the importance of taking their online presence seriously.”
“One of the things I've talked to my bosses about, and we're trying to figure out how to manage the risk on is that currently, hackers are collecting large amounts of data that they can't brute force crack into yet, in the expectations that sometime in the future, they will have a quantum computer and be able to look through historical data that probably won't change much,” Boush said. “If they get access to encrypted healthcare information, for example, we're saying ‘That's okay right now. We're saying it's encrypted. It'll take them 10 billion years or whatever to really get through it.’ But in the future, that might not be the case.”
- Encouraging employees to stay vigilant of cyber threats
“I think the best route is kind of positive reinforcement. if you watch your training videos and take the quizzes, you get points, and after you get so many points, you can get items. So it gives people the willpower to actually complete these trainings. And also, if they don't complete their trainings, people get called out for it, and no one likes to get called out,” Whitley said.
“I think people either do or don't take cybersecurity seriously,” Kofsky said. “I’ve seen at the companies I work with, threatening people's jobs or their money, unfortunately, is the easiest way to get them to understand just how important them being a piece of the puzzle is across the organization, and not just their organization, but their partner organizations.”
“Cyber seems like it's very current, been around for a long time for the people in this room that focus on it. But for lot of people, it's not a priority. My hope is that over time, people will be more and more educated and there will be more direct consequences from something bad happening,” Bouch said.
- The role of artificial intelligence in cybersecurity
“Something I see all the time at my customers is they'll use different software suites to analyze logs. Every single thing that happens anywhere in the environment get sent somewhere. No one can analyze 150,000 different events in a given day,” Kofsky said. “What AI can do is look at hundreds of thousands of items, determine if one is relevant or not, then pass it to somebody who is trained to look at that and make a final call on if it is worth investigating or not.”
“I was told of a story the other day of how an executive at a bank was deep faked, and because of it, an employee wound up handing over millions of dollars,” Whitley said. “Don't just take things at face value. We can't do that anymore.”
- Bigger threat? Hacking or social engineering?
“I would say social engineering is hands down the more prevalent threat, because anyone can do it. Anyone can call you and say you're this person, or to loop back to an AI and deep fake a voice,” Kofsky said. “If someone's able or willing to hand over their personal information at the drop of a hat because they think their grandson's calling them. AI is not going to stop that.”
“We have 20 years of the human intelligence basically on the internet, and AI is just a way of reading it in a way that gives you what you want. Every time a big company gets hacked, you can learn information about how that happened, what avenue was used, etc.,” Bouch said. “There isn't as much information available for hacks that haven't happened yet. An AI that's exploiting vulnerabilities is exploiting things that have already been exploited. But getting an AI to think past that and say, ‘Let's come up with things that humans haven't come up with that could get hacked,’ I'm not sure.
- The role of soft skills in getting a job in a technical field
“One thing that Miami taught me, that I feel like is often overlooked, is soft skills. Without having a strong structure in soft skills, I don't think I would have landed my current position, because you go through all these interviews, and at least for my case, I didn't get to show what I know exactly in cybersecurity. I had an assessment, but it was really just talking to these recruiters and interviewers. So Miami definitely helped me sharpen these soft skills,” Whitley said.
“The soft skills really matter. Our interview was talking about our ambitions, what we think about the cyber space in general, how family oriented we are, so that we know I would fit into the culture and things like that,” Bouch said. “Of course, whatever you're applying for, you have to have some level of knowledge on that topic. But also, whoever hires you is expecting that they're going to have to train you.”