Creating a Science of Security

Training Professionals to Take a Proactive Approach

By , October 17, 2013.
Frederick Chang
Frederick Chang

Frederick Chang, the new head of the cybersecurity program at Southern Methodist University, says the time has come to create a "science of security."

See Also: How Cybercriminals Use Phone Scams To Take Over Accounts and Commit Fraud

"The field of cybersecurity today is very reactive and after the fact," Chang says in an interview with Information Security Media Group (transcript below). "Something bad has to happen, and then actions are taken. The field needs to get to a point where it can become proactive, where we can get ahead of the problem. In science, we talk about prediction, models and repeatability. The idea of taking the longer-term approach and creating a foundational science and engineering of cybersecurity is a key part of our mission."

Chang, the former director of research at the National Security Agency, also stresses the need to take an interdisciplinary approach.

"When it comes to cybersecurity, it's easy to think that it's only about computers, computer science, protocols and firewalls," he notes. "But we now know that there are issues that really go beyond just the technology. Certainly all those technical pieces are critically important; [there's] no question about that. But we also know that there are a host of issues surrounding users, policies and processes, issues that go beyond just simply a technical approach. One of our key objectives is to take this interdisciplinary approach at SMU."

Training InfoSec Pros

In his new role, Chang also hopes to help train more information security professionals. "As many folks know, there just aren't enough trained professionals in the field, and we're going to do our very best to help make a difference to close the skills gap."

The university has been recognized by the National Security Agency and Department of Homeland Security as a Center of Academic Excellence in Information Assurance Education. The school also participates in the Department of Defense's Information Assurance Scholarship Program.

In an interview about his mission at SMU, Chang discusses:

  • The cybersecurity program's key objectives;
  • How SMU will address the information security skills gap;
  • Career advice for people now entering the security profession.

Chang is the Bobby B. Lyle Endowed Centennial Distinguished Chair in Cyber Security and a professor in the Department of Computer Science and Engineering in SMU's Lyle School of Engineering. He also is a senior fellow in the John Goodwin Tower Center for Political Studies in SMU's Dedman College of Humanities and Sciences. Chang is the former director of research at the National Security Agency. In the private sector, he was most recently the president and chief operating officer of 21CT, Inc., an advanced intelligence analytics solutions company. Earlier, he was with SBC Communications where he held a variety of executive positions. He began his professional career at Bell Laboratories.

TOM FIELD: Tell us a little bit about yourself and your unique background please?

FREDERICK CHANG: In terms of unique background, I'm not a traditional academic. I spent most of my career in the private sector. I spent several years in academia and have also spent time in government. Regarding my government service, most people will find it of interest to know that I'm the former director of research at the National Security Agency.

SMU's Cybersecurity Priorities

FIELD: You've got a new role at SMU - the Bobby B. Lyle Endowed Centennial Distinguished Chair in Cyber Security at the SMU Lyle School of Engineering. ... Tell us a little bit about this new mission you have at SMU.

CHANG: I would break it up into three parts. The first is really the idea of helping to create a science of security. The field of cybersecurity today is very reactive and after the fact. Something bad has to happen and then actions are taken. The field needs to get to a point where it can become proactive, where we can get ahead of the problem. In science, we talk about prediction, models and repeatability. The idea of taking the longer-term approach and creating a foundational science and engineering of cybersecurity is a key part of our mission.

Follow Jeffrey Roman on Twitter: @gen_sec

  • Print
  • Tweet Like LinkedIn share
Get permission to license our content for reuse in a myriad of ways.
ARTICLE Sony CEO Slams 'Vicious' Cyberattack

Sony CEO Kazuo Hirai praises employees' actions in the wake of the "vicious" attack against Sony...

Latest Tweets and Mentions

ARTICLE Sony CEO Slams 'Vicious' Cyberattack

Sony CEO Kazuo Hirai praises employees' actions in the wake of the "vicious" attack against Sony...

The ISMG Network