Interview with Chase Cotton, Ph.D. about the Online Master of Science in Cybersecurity at the University of Delaware

About Chase Cotton, Ph.D.: Chase Cotton is the Director of the University of Delaware’s Master of Science in Cybersecurity and undergraduate minor in the same field. As Director, Dr. Cotton helped develop the structure of the MS in Cybersecurity, and designed numerous courses for the program. Moreover, he is the Director of Delaware’s Center for Intelligent CyberSecurity (CICS), and teaches courses within the Department of Electrical and Computer Engineering as a Professor. Dr. Cotton has conducted historic research in networking architecture and protocols, which has morphed into studies at the intersection of cybersecurity and machine learning, and he currently leads a large security research group of 10 plus Ph.D. students.

Dr. Cotton earned his BS ME degree from The University of Texas at Austin in 1975 and his Ph.D. in Electrical Engineering from the University of Delaware in 1984. After starting as an industrial Internet researcher, he spent most of his career building and running Internet providers in various roles (chief engineer, consultant, product manager). He returned to the University of Delaware in 2008 to work on National Security issues, which subsequently led to the development of UD’s Cybersecurity degree programs.

Interview Questions

[] Could you please provide an overview of the University of Delaware’s Online Master of Science in Cybersecurity, and how it is structured? May we have more information about the different concentration options in Secure Software, Secure Systems, Security Analytics, and Security Management? What are the key learning outcomes that students can expect from this program?

[Dr. Cotton] The University of Delaware’s Online Master of Science in Cybersecurity was formed from most of our newly created cybersecurity classes. For the online format, these classes were refactored into concentrated 7-week courses, which are the industry norm for online graduate education. Unlike our campus MS program, the online program is a largely fixed set of 10 courses that actually provides a stronger cybersecurity-specific education than the typical campus cybersecurity profile, thus providing the best of all the concentrations found in the campus program. Recently, due to the ongoing medical emergency of COVID-19, most of the campus classes have additionally been available online, and this has added some flexibility to the selection of courses for the online degree. This option may or may not be available in the future.

[] How is cybersecurity as a field evolving to meet contemporary needs and security threats? How does the University of Delaware’s online Master of Science in Cybersecurity train students to meet these contemporary and dynamic needs in the information security space? On a related note, how does cybersecurity intersect with fields such as computer science, business, information systems, public policy, engineering, and public health?

[Dr. Cotton] We consider the UD Cybersecurity program “third-generation cybersecurity education” because of the intense focus on adding substantial hands-on training to the traditional theory taught in the classroom. We adopted this educational philosophy through exposure and partnership with one of the world’s leading cybersecurity training organizations.

Cybersecurity literally changes daily. For example, 10 years ago, a program might not have taught anything about “social engineering.” Today, that knowledge is critical, because those attacking us now focus as much as a third of their attacks against us as humans, trying to make us make a mistake, which is often less difficult than actually technically exploiting a computer or network.

Just recently, an almost unknown software “supply chain” attack known as SolarWinds, will forever change how we should train software and security professionals about how they create and manage, and, more importantly, how they choose, test, and use software products in their enterprises.

In several of our classes, students spend time each week reviewing and discussing current cybersecurity events in the media and industry to reinforce how dynamically the threats are evolving. So, one might ask, “Why study Cybersecurity?” Increasingly, cybersecurity threats impact almost everything we do, whether at home or, more importantly, in the work we do in our professions (e.g., computer science, business, information systems, public policy, engineering, science, public health, etc.)

As an engineer, scientist, or even in business, almost everything you are likely to work on in your future career will need to incorporate security considerations – whether a computer system, a network, an information system, or some other product or service. As such, we think an understanding of security should be a component of a technology education going forward.

[] The National Security Agency and Department of Homeland Security designated the University of Delaware a National Center of Academic Excellence in Cyber Defense Education. May we have more information about this accolade, and what it means for students who graduate from the M.S. in Cybersecurity from the University of Delaware?

[Dr. Cotton] When it became clear that cybersecurity attacks were going to increasingly impact almost everything we do as individuals and enterprises, the US National Security Agency and Department of Homeland Security created a program to encourage high-quality cybersecurity (i.e., computer and network security) education to help increase the availability of these critical security professionals in the workforce. A given educational program is measured using a comprehensive set of evolving cybersecurity “knowledge areas.” Providing coverage for these varied topics is part of the qualifications for becoming designated as a National Center of Academic Excellence in Cyber Defense Education (CAE-CD). And employers hiring students graduating from a program holding this designation can be assured that the prospective employee has the knowledge and skills to be effective in cybersecurity roles.

[] The University of Delaware is known for driving innovation through its Cybersecurity Initiative and partnerships with organizations such as the U.S. Army, J.P. Morgan Chase, Bank of America, GE, and IBM, among others. How do both campus and online students benefit from the Cybersecurity Initiative and from these partnerships?

[Dr. Cotton] The University of Delaware sits in one of the largest regional areas of cybersecurity activity, stretching between New York, Washington, DC, and Northern Virginia. When the University of Delaware began to plan to create a cybersecurity program, it reached out to potential employers and stakeholders, including the financial services (i.e., banking) industry based in northern Delaware, the military research and development community at the US Army’s C5ISR (command, control, computers, communications, cyber-defense (C5), intelligence, surveillance, and reconnaissance (ISR)) organization at the Aberdeen Proving Grounds in northern Maryland, as well as Fortune 500 corporations in the region. in those advisory meetings, they reinforced the need for modern, practical education leading to employees that “can actually do things in cybersecurity (at a keyboard), not just understand the words and draw pictures on a whiteboard.” Thus the resulting hands-on focused “third-generation cybersecurity education programs here at the University of Delaware.”

Continued interaction with these original advisors keeps all the cyber programs meaningful and up-to-date. These interactions are continually reinforced by various custom versions of the cyber courses taught as graduate certificate programs to both the Army and the financial services industry.

[] What online technologies does this program use to facilitate interactions between course faculty and students? Are classes primarily asynchronous, synchronous, or a combination of both?

[Dr. Cotton] The online classes can be completed entirely asynchronously. But due to the ever present hands-on focus, it is critical for the student to be able to get one-on-one help when they have technical or understanding issues completing an assignment. The faculty instructors and class teaching assistants (typically cybersecurity Ph.D. students) make extensive use of Zoom video sessions with individual or multiple students. The ability for the student to share their computer screen with the faculty member or TA is particularly effective in pinpointing whatever problem they may be having.

Several of the classes also hold a weekly synchronous help session for groups of students. These sessions are usually recorded so that students in diverse time zones (Europe, Asia), or on travel or vacation can also see these extra materials. And, as mentioned earlier, some classes’ ongoing exploration of current cybersecurity topics (attacks, defenses, etc.) are held in online class Canvas discussion groups, which foster student-to-student interaction and help develop bonds between students in the same class or program cohort.

[] For their final graduation requirement, students can choose between a thesis and a non-thesis option. May we have more information about the thesis requirement, and the steps students take to complete it? For the non-thesis requirement, are students required to take a comprehensive examination in addition to their additional coursework?

[Dr. Cotton] Most online students choose a non-thesis program allowing for a rapid completion of the ten three-hour credit courses over a two-year period. But even an online student could complete a thesis-option MS degree should they identify a viable thesis topic and a faculty advisor willing to advise them in their research. When doing a thesis, two of the student’s class requirements are replaced with 6 hours of “thesis” classes where they work to complete their research and write a thesis describing that work.

Several online students have completed a shorter thesis known as a “practicum,” in which they write a slightly smaller report that explores something in cybersecurity that they may be doing as part of their day job in some part of the cybersecurity field. In this case, the student completes nine courses and the 3-hour practicum.

Often, on-campus non-thesis cyber MS students approach a professor and ask if they could complete some kind of (non-credit) practical project to increase their value to prospective employers. This option is also available for online students though they will need to find an advisor and a project that both they and the advisor agree on pursuing.

[] What role does faculty mentorship play in the University of Delaware’s Online Master of Science in Cybersecurity? Independent of faculty instruction and support, what career development resources and academic services are available to students of this program? How can students make the most of these mentorship opportunities and support systems while in the program?

[Dr. Cotton] To foster stronger student-faculty and student-student relationships in an asynchronous online class environment, most classes let the students introduce themselves in the Canvas learning management systems to their classmates, the professor, and the TAs.

This goes a long way to helping students meet others either already in the security profession, or like themselves, looking to work in the industry. It also allows the faculty member to better cater to the needs of particular students who may need extra assistance, or those advanced students who can be pointed toward even more advanced topics to further enhance their present knowledge of the field. The faculty also regularly advise the students of job and training opportunities as part of weekly class interactions.

For online students, just like any other UD student or alumni, the University of Delaware’s Career Center provides a comprehensive resource to help accelerate a student’s career goals. The center holds multiple (currently virtual) career fairs and meet-ups each year in which students can connect with employers seeking employees at the University of Delaware. The center also provides resume and cover letter advice, access to a jobs and internships database called Handshake, and both live and online chat.

[] For students interested in the University of Delaware’s Online Master of Science in Cybersecurity, what advice do you have for submitting a competitive application? How diverse is each student cohort? Does this program have a strong military student population and if so how does this program serve their needs particularly well?

[Dr. Cotton] For students’ personal statements, it is very helpful to understand a student’s motivation for seeking to undertake this program. A clear articulation of this gives us insight into the student’s ability to succeed in the program. Letters of recommendation from professors, supervisors, and associates are all welcome as they help us assess your motivation and the trajectory you are charting for your current and future career.

An understanding of the increasing importance of cybersecurity today and in the future is a good start. The ability to learn new things and having a good curiosity are vital aspects of a good cybersecurity professional. And finally, the desire to stay on top of an ever-changing field is also essential. Applicants should demonstrate these qualities in their personal statement, CV/resume, and in the content of their letters of recommendation.

Applicants are often mid-career professionals in the computer, software, IT, engineering, or security fields looking to expand their knowledge of cybersecurity for their current job, or some desired position. Others have recently completed their bachelor’s degree, have started work, and want to further their technical education in an area that is likely to have future benefits. Some students are adding cybersecurity knowledge to be specialists in fields such a Law Enforcement (e.g., digital forensics), other engineering or scientific fields, and even medicine (e.g., given the demands of HIPAA and the evolution of online medical records).

A potential student needs to be comfortable working with computers and should have some experience in a high-level computer programming language either as part of their prior education or work experience (or they should be willing to sharpen their skills and knowledge in these areas as they complete the program).

At times we do have a strong military or civilian military employee student presence. Often those students are attending classes while on TDY (temporary duty) in far-away locations (e.g., the Middle East). Other variants of the cybersecurity MS program have been taught to about 50 students as graduate certificate programs for large military facilities (e.g., the US Army at the Aberdeen Proving Grounds in northern Maryland). At least two cybersecurity students, one an online MS student, have gone on to pursue or complete a Ph.D. degree doing cybersecurity research here at the University of Delaware.

[] What makes the University of Delaware’s Online Master of Science in Cybersecurity program unique, and a particularly strong graduate degree option for students? From faculty expertise and mentorship opportunities to the quality of the curriculum, what are some standout aspects of the program that you would like prospective students to know about?

[Dr. Cotton] We strongly believe the University of Delaware’s Online Master of Science in Cybersecurity is one of the country’s strongest online programs in computer and network security. The hands-on aspects of the classes in this program are an important part of that strength. The focus on current and relevant topics such as system hardening, secure software, and reverse engineering, and the dedicated, involved faculty also make this program outstanding. Lastly, the in-depth coverage of cybersecurity subjects prepares the student for careers in security, software security, security analytics, security management, or the applications of this knowledge in their non-security design, development, or engineering roles.

[] The University of Delaware also offers an Online Master of Science in Electrical and Computer Engineering, which heavily emphasizes cybersecurity. May we have more information about this program and how electrical and computer engineers can use a cybersecurity lens to enhance their construction and management of information systems?

[Dr. Cotton] Increasingly, cybersecurity threats impact almost everything we do, whether at home or, more importantly, in the work we do in our professions. Those students expecting to continue to practice as engineers in electrical or computer engineering will be more prepared to create safe products and services if they have been adequately introduced to the key aspects of cybersecurity. The Online Master of Science in Electrical and Computer Engineering also makes sense for students wishing to reinforce or gain job skills in the areas of Electrical and Computer Engineering through the non-cybersecurity classes that are part of this degree program.

Thank you, Dr. Chase Cotton, for your excellent insight into the field of cybersecurity, its importance, and how the University of Delaware’s Master of Science in Cybersecurity helps meet today’s industry needs in the space!