Pace Charters New Cyber Institute The Mission: Defense in Depth for Public, Private Partners

New York's Pace University recently announced its new Seidenberg Cyber Security Institute, which plans to leverage public-private partnerships - an ongoing challenge for educational institutions. How does the institute plan to help the private and public sectors meet their security needs?

"We ... want to serve as a collaborative hub and a resource for public and private partnerships so that we can determine what kinds of problems we should be working on," says Connie Knapp, co-director of the new institute.

Knapp cites a successful partnership with the Bank of New York Mellon. The institute offers a master's of science and software development with a specific track in developing secure software. "That track was developed in conjunction with folks at Bank of New York who said, 'We like your program but we wish it had this other piece in it,'" Knapp says in an interview with Information Security Media Group's Tom Field [transcript below].

Through that partnership, Knapp and the institute learned how to best develop public-private programs. "When you visit companies, you don't come in and say, 'I have a solution. What's your problem?'" she says. "You say, 'We think we can help you. Tell us what some of your problems are.'"

The institute is working through its alumni in developing programs with the public and private sector. Through a vast network of alumni, many of which are working with large financial institutions in New York City, the institute is prioritizing projects, "where we think both the partners and the faculty members involved can have the most impact," Knapp says.

In an exclusive interview about the new Seidenberg Cyber Security Institute, Knapp discusses:

  • The institute's objectives;
  • Why it decided now was the ideal time to open its doors to career-minded students;
  • Advice to those looking to start or re-start a career in information security.

Constance (Connie) A. Knapp is the Interim Dean and a Professor of Information Systems at Pace University's Seidenberg School of Computer Science and Information Systems. She has served as a faculty member since 1985. She earned a PhD in business from the City University of New York Graduate Center, an MBA from Fordham University and a BA in mathematics from the State University of New York at New Paltz.

Prior to joining Pace University, Connie worked for 15 years in various industries: in insurance as a programmer and a management scientist, in time-sharing as a corporate trainer, and in newspapers as a manager of financial information systems.

TOM FIELD: How about you tell us a little bit about yourself and your work please?

CONNIE KNAPP: I've been a professor at Pace for the last 26 years. I joined the university after working in industry, and when the current founding dean stepped down, I stepped in as acting dean and have been serving in that capacity for the last four years.

Institute's Objectives

FIELD: Pace has just announced this new Seidenberg Cyber Security Institute. Why now?

KNAPP: We are a National Center of Academic Excellence in Information Assurance, as awarded by the DOD (Department of Defense) and the Department of Homeland Security, and we have been working with faculty to really develop that as an area of expertise, and we feel that we're now ready to announce this center which will help us in our pursuit of excellence in both teaching and research. We feel that we're ready and that there's a huge need for this, given the current environment.

FIELD: Well let me ask you about that. Tell us a little about the institute's objectives out of the gate?

KNAPP: The biggest objective and the main reason we're doing this is there's a huge shortage of trained cybersecurity specialists. We're hearing this from members of our advisory board, from our alumni and from other folks in the New York City area. We want to increase the number of trained specialists. We also want to serve as a collaborative hub and a resource for public and private partners so that we can determine what kinds of problems we should be working on, and can we work on together. We want to emphasize continuing education for industry professionals, not only undergraduates and graduate students, but professionals through continuing education. Those are the areas where we're really trying to develop expertise and depth in research and teaching in academic and industry partnerships.

Types of Students

FIELD: A couple of follow-up questions come to mind, and the first is: who do you target as your students? Are you looking at undergraduates, graduates, people who are in the workforce now and want to be re-skilled?

KNAPP: That's a good question. We're actually doing this on multiple fronts. As a member of the group of schools that have been designated as a National Center of Excellence in Information Assurance Education, we're able to offer students scholarships to come study cybersecurity. The NSF [National Science Foundation] has also funded us through their scholarships-for-service program. We have two students who are in that program this year who are getting scholarships and a small stipend for books. That group of undergraduates is benefiting from these two partnerships and the funding that they provide. So we're looking at undergraduates.

Then at the other end of the spectrum, we're looking at folks who have been named as a chief information security management officer or wish to be named as a chief information security management officer. We've been working with the state of New York through the CIO's office, Dr. Melodie Mayberry-Stewart, to put together a certificate that will provide the training that those professionals need.

We're really looking at two areas, mid- to high-level professionals who really need to ramp up their knowledge to be able to apply security techniques, and at the other end we're looking at undergraduate students who really want to both major in this and know that they'll have an opportunity for work when they leave school.

Public-Private Partnerships

FIELD: Now you talked about the critical factor, the partnership with the public and private sectors. How do you expect the institute's going to work with these sectors to be able to meet your needs as well as theirs?

KNAPP: We've been doing some outreach. We've had a number of preliminary, exploratory meetings that help us qualify that enough. We've been meeting with people both in government and in industry to determine: do they have problems that they think academics can help them solve, and how might we work together? We're going to hold a small, but we hope well-attended, formal launch of the institute in either late February or early March where we'll bring in a keynote speaker to talk more about the kinds of things we can offer, and we also hope at that point to be able to discuss a partnership that's in the works right now as kind of a trial partnership to see if we might do this. But we're working through our alumni. We have a vast network of alumni who are working in many of the big financial institutions here in New York City, and we're working with some members of the school's advisory board to try to prioritize those projects where we think both the partners and the faculty members involved can have the most impact.

FIELD: Now just a quick follow-up to that, because I know talking with people in academia that this is just such a prototypical challenge - the public and private partnership. What do you expect you can do differently to be able to make that work where other universities have had such difficulty?

KNAPP: That's a great question and we're going to build on some of our current working partnerships. For example, we have an excellent partnership with Bank of New York Mellon where we offer the master's of science and software development with a specific track in developing secure software, and that track was developed in conjunction with folks at Bank of New York who said, "We like your program but we wish it had this other piece in it."

We've learned a lot from that partnership. We've learned that when you visit companies, you don't come in and say, "I have a solution. What's your problem?" You say, "We think we can help you. Tell us what some of your problems are. We have experience in working in these types of problems." We hope to leverage some of those long-standing relationships where we work with either students there or hiring managers there, and we believe that our track record and experience will allow us to be very successful.

Unique Challenges

FIELD: What do you expect will be some of your unique challenges as a start-up cybersecurity institute? That's sort of a position that Pace University is not used to being in.

KNAPP: Right. I think our biggest challenge is reaching the community and motivating people to work with us, to help them understand that by outlining what their security challenges and their risks are, they're not in any way more vulnerable. In fact, we can make them more secure. We want to really talk about what we can offer, what we have done and what we want to do in the future.

I think the biggest challenge is going to be getting the word out. I think the next challenge will be the fundraising. We've been doing some behind-the-scenes kind of fundraising because we'd like to be able to provide both stipends for the folks who are working on this project and also opportunities for people to attend conferences and share what they've learned. I think that the two big challenges are the marketing challenge and then a second challenge will be a little fundraising.

FIELD: What are the ways that you're working to get the word out there about the institute?

KNAPP: We sent out a press release. We're also developing a brochure that will highlight the expertise of a couple key faculty members and focus not just on their research but on the kinds of problems they have solved, and that brochure we hope will get in the hands of as many companies - at least downtown - as we can. Once we get two or three really solid partnerships and successful partnerships under our belt, I think the thing will explode.

Advice for Job Seekers

FIELD: Now you've got an advantage because, as you say, Pace is a Center of Academic Excellence, so you have a good understanding of the challenges in the career. What advice would you give to somebody today that's looking to start a career in cybersecurity or maybe re-start their career?

KNAPP: That's a great question because it's an area that's wide open. We know that the NSA alone is going to hire more than 1,600 people this year, and everyone with whom we speak talks about a need for these kinds of professionals. So, students, if you're an undergraduate student now, this is a great time to think about changing your major. If you can't change your major, or you're not interested in changing your major, there are many places that would offer a minor in security.

People need to get all of the knowledge that they possibly can. They should think about ways in which they can, if [they're] already working, get involved in a project. Look to some of the outside vendors like the SANS Institute. [It] provides some training in this area. I think the most important thing is to really keep your antenna open for how you can take the skills you already have and leverage them to figure out what your strengths are. [For] someone who's really devoted to that kind of detailed work that you need to do, I jokingly say if you have the mind of a detective that's a great way to begin working in cybersecurity. But the real issue is making sure that you develop the kind of expertise. If you're working already, go to the chief technology officer or the cybersecurity officer in your company and ask what they're looking for.

Around the Network