New Opportunities in Information Security - Interview with Gerald Masson, Director of Johns Hopkins University Information Security Institute
There are more opportunities than ever for skilled information security professionals.This is the belief of Gerald Masson, Director of Johns Hopkins University Information Security Institute, and in an exclusive interview he discusses:
Masson received his PhD from Northwestern University in 1971. He has developed and taught numerous graduate and undergraduate courses addressing various aspects of the field of computer networking and systems architecture. He has published over 150 technical papers, co-authored two books and is an inventor on six patents. His research addresses a range of issues dealing with the foundations and implementations of distributed systems regarding issues such as survivability, real-time performance monitoring techniques, and security mechanisms used for network access. His research has been widely cited as well as implemented and utilized for critical infrastructure government and commercial applications.
TOM FIELD: Hello, this is Tom Field, editorial director with Information Security Media Group. Today we are discussing information security education and with us is Dr. Gerald Masson, director of the Johns-Hopkins University Information Security Institute. Gerald, thanks so much for joining me today.
DR. GERALD MASSON: Sure.
FIELD: Just for context here, why don't you describe the Information Security program you have at the university?
MASSON: At the Johns-Hopkins University we have a research institute focused on information security and assurance technology and applications, as well as issues related to areas like policy, privacy, law and medical applications.
We are a research education center in the Johns-Hopkins Engineering School, called the Whiting School of Engineering, and we also offer a Master of Science Degree in security informatics. We have been an institute at Hopkins since 2002. We have graduated in the order of about 150 Master's Degrees. They have taken jobs in government, industry and academia. We focus on issues relating not only to foundational technologies, but also application domains.
FIELD: Now given the emphasis that is on information security today, especially from the new administration, who do you find your students generally to be and what are the areas of concentration that they are focusing on?
MASSON: The students we get in general come to our program with some type of information technology background. That could be an undergraduate degree in computer science or computer engineering; it could be just a minor that a student has taken at some point to get a foundation in areas like cryptography and network security. But they all have some background that is technology-based.
FIELD: Do you find that there are people who are making career moves to get into information security now?
MASSON: There is certainly an awakening on the part of students looking at the possibility of focusing on the information security field. In my opinion, we are currently in significant need of more individuals coming into the information security and assurance field, and I think right now almost every student that completes our degree requirement has a reasonable range of job opportunities available to them, but the supply is not meeting the demand at this time.
FIELD: That is interesting. What are the types of job prospects that someone has coming through the program, and where would you say you are placing students within the private and public sector?
MASSON: We probably place 40% or so of our students who get their Master's Degree in government-related positions. We will have the whole set of government agencies that have stakes in the information security area interested in meeting our students. So this brings us from the National Security Agency and the Department of Homeland Security to the Department of Treasury and the FDA. Any agency that has information that has value and has to be protected is interested in the kinds of students that we produce from our Master's Program.
Also, on the commercial side we have a broad range of companies interested in areas like software engineering, security analysis, security consulting; again, they are looking predominately at the application side.
One significant growth area is going to be healthcare. The Obama Administration has put information technology alongside of healthcare in terms of increased efficiency, but I think we are moving into an area where the role of privacy is going to play a significant part. This connection of healthcare to information security is still very much in its formative stages. Our Master's Program actually includes healthcare technology and healthcare informatics types of courses as part of the requirements.
The students that get our Master's Degree in the information security field will concurrently get a Master's Degree in healthcare related issues; that dual degree obviously requires a larger commitment. But I think it demonstrates that the field of information security technology is often defined by where you go with it, as well as how much you know from a foundational perspective. I think this is a great opportunity for people who have that technical background and have the exposure to areas like network security and database security. They can take it into this healthcare domain. I think it is in a major growth phase right now and the opportunities are significant.
FIELD: That is a great point and I think you are really onto something there. We see the same sort of convergence with information security in healthcare. Now given the requirements you have from the private and public sectors to provide for these security professionals, what do you need in turn from government, from business and from healthcare organizations to make sure that you are attuned with their very specific needs?
MASSON: I think what has to be done at this point is there has to be more opportunities for funding, for students or even practitioners in the field that want to go on and expose themselves to the information security field. By funding I mean opportunities for tuition, sometimes opportunities for stipends as well. There is definitely an investment that needs to be made to bring into the field individuals with both the technical and the policy, privacy law perspectives. There are now opportunities from the federal agencies referred to as scholarship for service.
FIELD: Right.
MASSON: This is an arrangement where the government will pay for the tuition for a student to go into the information security field and in return for that tuition, will accept a service obligation for a period of time that is related to how long it took the individual to get the degree. The Department of Defense has done this as well.
I think a broadening of this perspective is needed and I think that the investment is such that there will be companies that get involved in this same type of relationship with someone, completing their degree and upon the completion of all of the requirements, they would accept a job position for a period of time in return for the tuition funding that they received.
I think that would broaden the interest of a wider range of students and I think you would attract very strong students. This would potentially have immediate impact in the field regarding the issues that have to be developed.
FIELD: One last question for you Dr. Masson. You have people that are coming in, whether they are starting a career or maybe changing careers. What advice would you give to students who are coming into the information security profession?
MASSON: To get broad exposure. By that I mean there are certainly opportunities in the information security field in which you can focus on a narrow domain, but information security and assurance is becoming a systemic part of our infrastructure and I think the more breadth you have on the technology side, on the policy/privacy side and application areas such as healthcare, the more impact you will have in this field.
It is an interesting field to work in because essentially information is not secure. The issues that you have to deal with in this field are not just technology issues but much broader issues. The problems that are created are not just with technology, but also deal with very skilled adversaries. So the more you can expose yourself to the breadth and range of issues that this information security technology and applications field needs to address, the more you are going to be able to distinguish yourself among the wide range of interesting opportunities that are now developing.
FIELD: Very good. It is a great time to get into information security.
MASSON: Oh, definitely. I believe that and we are starting to see more of this, but I think we still need to expose the field in a broad way. And again, as I said before, the applications are fundamentally very interesting.
FIELD: Very good. Dr. Masson, I appreciate your time and your insight today.
MASSON: Thanks.
FIELD: We have been talking with Dr. Gerald Masson, director of Johns-Hopkins University's Information Security Institute. For Information Security Media Group, I'm Tom Field. Thank you very much.