Unique Programs: Information Assurance at Capella University
In discussing Capella's unique programs, Dr. Steven Brown touches upon:
Dr. Brown is an experienced professional with more than 25 years of technical and business experience. His work - both domestically and internationally - has been in telecommunications, data networks, strategic communications, electronic commerce, business management, and security. He has authored several publications and presented at conferences around the world.
Dr. Brown is currently serving as a Capella core faculty member teaching graduate courses in information assurance and security. He is responsible for ensuring that the information security and networking curricula meet the demands of today's marketplace and adhere to rigorous academic standards.
Capella University is an accredited, fully online university that has built its reputation by providing quality education for working adults. More than 80 percent of Capella students are currently enrolled in master's or doctoral degree programs in business, information technology, education, human services, psychology, public administration, public health, and public safety. Capella also offers bachelor's degree programs in business, information technology, public administration, and public safety.
TOM FIELD: Hi, this is Tom Field, Editorial Director with Information Security Media Group. We are talking today about unique information assurance education programs, and we are talking with Dr. Steven Brown who is with the core faculty with Information Assurance and Security with Capella University. Steve thanks so much for joining me today.
DR. STEVEN BROWN: Tom thank you for having me, I appreciate it.
FIELD: Why don't we start out by having you just tell us a little bit about yourself and the program that you are participating in at Capella?
DR. BROWN: Okay. Well, my name is Steven Brown and I have been with Capella for probably six years now. I have a mixed well I guess varied degree work relationship. I have been in the information security area for about 25 years I guess. I started on Wall Street back in the early 80's, probably 1981 or 1982. We were putting in networks and all of these different types of technology for Wall Street banking, insurance companies, government facilities, and all those different types of things. We were doing security even before it was called security. So my work experience has just been you know 30-35, 20-25 years of IA. My degrees are more in business. The reason I approached that was I wanted to see both ends. I wanted to see how the business side is and we had the security side. So I am a firm believer that we need security, but I am a firm believer that security has to add value from a business sense, otherwise people just don't use it. My current position with Capella is that I am in charge of the information security development for the Master's and the Ph.D. programs. I do all the curriculum development, you know I try to look at what is coming out in the coming years and I try to focus the curriculum so that workers in the coming years will be able to I like to say hit the ground running.
So when they do graduate they will certainly understand what is out there, how it is happening and what are some of the ways that they can turn around and defend against cyber attacks. And then at the Ph.D. level I go a little bit more because I want them to understand literature and research and not only respond to them but I want them to be more proactive and I want them to basically expand their horizons so that they move away from the bits and bytes on the wire to understand literature based theories about cyber, and not maybe just cyber, but what is happening and how can we apply theories that are coming out to help and prevent these attacks in the future.
FIELD: And what are some of the things that you are doing within your program Steve that you would call unique?
DR. BROWN: The interesting thing about the uniqueness of our program is one is that it kind of goes up a chain. And what I mean is we have the undergraduate, we have the Master's, we have the Ph.D. and we have certifications and we have the NSA certification, Capella Center of Excellence, we have an ISA Community portal that we created and we keep pushing it. I would imagine that one of the unique things about the program that it just keeps expanding and expanding and expanding so if you were at the undergraduate level right, you would get hands on and you would have chances to go to certifications and you would learn about security theory. When you get to Master's you continue that right, and in each one of these programs we want to push no research theory, we want everyone to understand some scholarly attributes. And when you get to Ph.D., we want to do that more.
So basically what we are doing is we are trying to encompass I think breadth of information assurance, security, you know, knowledge, we want knowledge, we want to be able to apply that but we also want our learners to be able to contribute to the field. So a lot of our learners are workers in the field of IA and we want them to apply that when they get out.
The one thing about the uniqueness I guess of our program is I am a very, let's say an open individual, so if somebody wanted to call me that doesn't even come to Capella and wanted to ask me about Capella's IA program, I have like an open door policy and I would be more than glad to talk tot hem. One reason I like, even though my schedule is talking to people is that they tell me what is happening in their life in their field, what they see.
So I am constantly reviewing and updating the curriculum based upon a lot of what I read but also a lot of what they tell me. Because you know since I am working Capella, they are kind of the front line so they are telling me what they are seeing, what is coming out, what they need, so we have an IA portal and all Centers of Excellence have an IA portal and what happened was I was speaking to a learner one time and they said that they liked the portal and the liked looking at it but what they wanted to do was to share their contributions in the field, what they are doing.
So I asked Capella that when we turn around and we made another revision of the portal that we wanted to make it more learner focused, a community, so these learners could actually come up with projects, tapers, presentations. I wanted to add that to the portal. I wanted to showcase them and that is basically what it is is that other than the breadth of information assurance I am constantly reviewing and updating the curriculum and I am just pushing myself and pushing other people to keep it updated.
FIELD: Now do I understand also that you are one of the few of the NSA accredited schools to be 100 percent online?
DR. BROWN: Correct, correct. I cannot give you the exact number; I visited every single Center of Excellence. I kind of do it on a yearly basis and I think there were four or five that were an NSA Center of Excellence and 100 percent online.
FIELD: That is amazing and that really meets the needs of your students. I was going to ask you about that. Give us a sense of who your core students are and what type of background they bring to the programs.
DR. BROWN: It is interesting, I think I would have to say when I started with Capella; it might have been 88 to 90 percent of working adults. Now what is very interesting and the one reason why I always try, I really enjoy this and I tell me learners this too, is that when you are in school, say in a local geographical area, man, many times you get people from that area and if that area is say IT, a lot of IT people, it let's say you go to the university and it is the area of hospitality, you know, a lot of hotels in that area you might get [indiscernible]. The thing about online that is just very interesting is we get people from all over the world and all over the states. It is very interesting.
So we have a mix. I mean we have got the normal people who work in the FBI, SBI, police officers, we have people in the Army going DOD, but then we have got a whole other world out there. Our learners are here in leisure, they are in marketing, they are in IT, they are in hospitality, they are in insurance, they are in--some learners are actually in like certification standards, certification bodies and standards bodies that come there, some are just manufacturing. Those are our core students.
They bring this and it is amazing because you know you see this and we have a lot of discussion boards and a lot of online universities take advantage of discussion boards that individuals see each other how they work and what they are I guess used to, or accustomed to, what they see so they are seeing a lot of different things versus a local geographic area where everybody works in say state government.
They see a lot of things so that is a lot of the things that they bring to the program and it is really amazing. I mentioned that when I first started, like I would say 88 to 90 percent was working adults, well now it is starting to get to be maybe 85 percent working adults and we are still getting a ton of working adults, but now we are also just getting learners who just want to go to school online.
DR. BROWN: So that's--I'm sorry, so it doesn't have to be juts working adults it is just adults who just say I want to take go online.
FIELD: So it is not so much that you are placing students in jobs when the graduate, they are in jobs. What are they doing with the skills that they have acquired once they have been through the program then?
DR. BROWN: Well, I'll give you an example. I was at a conference, this was about three years ago, I was at a conference and we had the undergraduate and we had the Master's and one of the reasons I like to go to conferences like InfoSec or say those types of conferences is because they are people who are working. So we set up a both and I am just out there and I talk to them and they tell me what they are looking for.
Well three ago I was at actually it was a conference in Orlando and I would have to say 30 to 35 percent of the people who stopped by said that they have a Master's Degree, they are working in some field, but they really wanted to go for a Ph.D. program because it was interesting that they wanted to number one, move up in their career field. They wanted to go for the, I guess, the bigger jobs, but they also said that with a Ph.D. they can turn around and I guess they would have more of an emphasis to apply their skills.
So it was really interesting. They believe that the Ph.D. would one, help them go up in their organization and two more [indiscernible] their field. I see a lot of that, that they want to take the skills they get, they are working in their job and not all are working in the IA area, many are but not all, but what they wanted to do is they want to expand their horizons in whatever field they are in to now include IA and begin to help their organization with security.
FIELD: So then you see that key mix of information security with the business focus that you talked about, they are putting it into practice.
DR. BROWN: Absolutely. We also get emails from learners with what they are doing. We have got learners from the Department of Homeland Security that one of our learners is now the head of training for the Department of Homeland Security Action and Security. We have one who is graduate stage with the FBI and he is in the training area.
We have one who is actually he works for one of the major hotel chains, either Hyatt or I forget which one, but happened was she was just a regular manager and wanted to go for an information security degree and he said that a couple of years ago, once he finished and he got back to work he saw so many vulnerabilities but like from a people focus, what people aren't doing correctly and it's not that people aren't purposely not doing it, it is just that they just didn't know because security is more than the wire. Security is buildings, open doors, access panels, so he is using his skill for this hotel chain that he is working at to increase the physical part of security. So it is interesting where they are going.
We also have a lot of teachers in the Ph.D. program who have their Master's, they are adjunct or their Master's, community colleges or something, and they want to go for their Ph.D. and they want to work in the IA field.
FIELD: Now you talked a little bit about how information security education has evolved in the time you have been in it, from your perspective now how do you see it evolving as we go forward?
DR. BROWN: That is really interesting. Sometimes security is--I'll give you an example. You know we go to amazon.com and we will buy something, we will give them our credit card number, we will call a company on the phone and we will give them our credit card number. We have faith that our credit card information is safe okay.
So number one I imagine securityï¿½security kind of closed door, you know, we are only supposed to let the people who are supposed to come in come in. But it also has to kind of be hidden because security is really like a closed door and it doesn't open up we are not going to get any work done. So security kind of has to play like the back role but always be there.
As far as security is coming, evolving in the coming years, it is going to merge and it has to merge. It just can't be the bits and bytes on a wire. It can't be the firewalls and intrusion detection systems. It has to be the networks, the protocols on the network, what are they doing. You know there was some research, a professor I think it was last year said that we really need to do away with firewalls since they are more of a hindrance, but we need to develop a protocol that has security built in. So I don't see us getting rid of firewalls, but I do understand his logic that the protocols, the network protocols that we use has to get smarter. Other than that it has to become a people focus. You know we have to move more to cyber psychology.
Why are these attacks happening and how do people think to create these attacks and then it is amazing how these attacks evolve right. So if an attacker or cyber terrorist can think about 'I can do this,' we need to be able to think, can this happen? So I also see security information education evolving into curriculums that include psychology, education, and human behavioral studies. I see it becoming more of a people focus included in kind of like an entire curriculum and moving away just from like the black box bits and bytes. But at the same time it really needs to be kind of like hidden out of the way. We trust security and security will be there.
FIELD: That makes sense. Now I know you can't do this in a vacuum and you need help from the private sector, the public sector, but what are the types of assistance you need from business and government for you to be able to grow your programs effectively to respond to these needs?
DR. BROWN: I honestly feel that we could always use collaboration and research. So for example, I said before you know I enjoy talking to learners, even if they are not coming from Capella and they are thinking about it and they want to talk about the IA field, companies helping us out, what are you doing in your company? You know I mean a lot of the time a lot of companies still have a problem in detailing some of their problems in security you know.
So the collaboration with these companies, collaboration with research, also collaboration with schools and what I mean is the community college level, the K-12 level, you know. And it doesn't have to cost a lot of money.
You know I know we always talk about grants and trying to get grants and people say that it costs of lot of money, but lines of communication open, what are doing right, what are you doing wrong? You know, how can we help you?
It is very interesting for a company to come to us and say listen Capella this is our company and we have ten geographically different places, we have 2,000 people, you know. We have hired security consultants who know the networks, the protocols, but what are we missing? Can you look at it and can you help us? So you see what I mean? It is that interaction, collaboration, research, people, that would help us grow.
FIELD: Steve one last question for you, you have talked a lot about the individuals you speak with whether they are going to come to Capella or not, so I am sure you answer this question on a regular basis. What advice do you give to somebody that is looking to start a career in information security today?
DR. BROWN: You know it is interesting I do get a lot of calls on that and I do get a lot of people and sometimes the people are really upset that you know, they can't get into the information security field. And then I tell them or I ask them would a company rather hire somebody did IT 20 years ago or who did IT in the last five years?
It is constantly changing so it is not like you have to know 30 years of experience. Maybe I have had some unique gifts or skills because I have been doing it so long, but I am still in it so tell people that it doesn't matter where you are at, don't think about the past, just start from where you are at.
So for example, I said if you are in a call desk right, one of the millions of call desk operators we have, learn everything that you can about the PC that you have, the system that you are working on. You know if you have a call system you must have a phone system and phone systems have security dials, you must log into the system with passwords and usernames, you probably have a pass to get into the building. Start small, start exactly where you are at and learn all the security about that.
Say you are in a hotel and you may say well I'm not really on the network and I don't have time to research network protocols, TCIP, certification and I go well that's fine, but you know hotels, what about building security? What about personnel security? What about passes? What about updating security? What about people who leave or quit, what if you have visitors? Where do you keep people who should meet in the hotel?
So it doesn't matter area you are in, what specialization you are in, what field of work you are in, just start. Start from wherever you are at and learn as much as you can about the security part of your job and there isn't any business, any job, and any industry that security doesn't touch. So that's why I tell them anything you do, security will touch. If you are not working, what about your home network? What about your viruses, your firewalls? If you are using new network protocols like DSL and you are talking over the phone, are there problems there? So wherever you are at just start and then continue form there and never stop studying.
There is always that question is a degree better than a certification, is a certification better than the degree and I tell them they are two different things. Certifications, educations, writings, publications, donating time like I am trying to do at our local elementary school, writing books, writing papers, a lot of it is very interesting. A lot of my learners I gave them the option that if they wanted to try and publish some of their projects that they have done in work I would try and help them and work with them to get some of their stuff published. So I tell them don't think of it as certification or degree, think of it as both. Just keep pushing yourself and it won't take long at all, within six months you will really, really improve your security skills if you so desire.
FIELD: Steve that is well said. I really appreciate your time and your insight today, thank you.
DR. BROWN: Oh you are welcome Tom anytime. Thank you for very much for having me.
FIELD: We have been talking to Steve Brown with Capella University. For Information Security Media Group, I'm Tom Field. Thank you very much.