Interview with David Lash, M.S. about the Bachelor of Science in Cybersecurity at Aurora University

About David Lash, M.S.: David Lash is an assistant professor of computer science at Aurora University. He teaches numerous computer science courses that include Introduction to Computing, Introduction to Programming, Object Oriented Programming, Programming Languages, Databases, Operating Systems, Data Structures, Software Engineering, Advance Software Engineering, Software Design, Software Test, Senior Capstone, Web Application Development, Advanced Web Application Development, and Mobile Application Development.

Professor Lash completed a bachelor’s in computer science at Southern Illinois University, a master’s in computer science at University of Waterloo, and doctoral work at the Illinois Institute of Technology. He worked in the high-tech industry for over 30 years with various companies as a developer, a lead developer, a systems programmer, a systems architect, a data warehouse architect, an IT engineer, an IT project manager, and a manager of technical staff.

Interview Questions

[] Could you please provide an overview of the Bachelor of Science in Cybersecurity at Aurora University, and how it is structured? What are the key learning outcomes students can expect from this program, and what kinds of roles does it prepare students for?

[Professor David Lash] The AU Cybersecurity program is designed to enable students to learn about and hone their technical skills, specifically with regards to information security threats. The program emphasizes cybersecurity management and governance. This program will enable students to establish, implement, and oversee a cybersecurity structure for an organization.

Cybersecurity can be defined as the ways in which organizations develop systems to create information and infrastructure security. One way to think about that is the technological infrastructure — for instance, if the organization offers primarily a cloud-based service, such as Amazon’s or Salesforce’s cloud-based services, that is one type of structure. Another type of structure is when the company maintains its assets on its own premises. Take, for instance, our own institution, Aurora University, where we maintain a lot of our own servers on the actual physical campus, and we outsource the software that runs on those servers. We teach students the different ways to develop information security systems for these different types of company structures. Students also look at the information security issues in areas such as hacking, mobile devices, ransomware, and AI and how they impact an organization.

Additionally, students learn how to develop and make recommendations to companies about what type of cybersecurity structures make the most sense given the capacity of that organization. For example, if you are a smaller company, building a cybersecurity structure on your own site might not make as much sense as outsourcing it, as you might lack the capacity in the form of in-house personnel and other resources. So a key part of what we teach students is how to assess the cybersecurity needs of an organization, and work within the parameters of the organization (its product/service/assets that need protection, its resources to maintain a security system, etc.) to develop tailored security systems and recommendations.

As mentioned earlier, another key aspect of cybersecurity that students are taught to consider is cybersecurity governance. In other words, what are the ways in which we manage the relationship between the cybersecurity technologies at our disposal and the key parties within an organization to whom these technologies are relevant? How do we optimize the relevance and usefulness of a cybersecurity system or service to the chief security officer or chief technology officer of a company? And just as importantly, how can a company develop a cybersecurity system that allows for effective communication between the technological and non-technological sides of a company?

It is crucial that cybersecurity systems and policies be just as well understood and implemented by IT and non-IT personnel within an organization, in ways that fit their roles. These and other types of questions are ones that our students our trained to ask themselves when developing comprehensive and effective security systems for diverse companies and organizations.

An important distinction that prospective students of either a cybersecurity degree or a computer science degree (or both) need to understand is that computer science is more theoretical and more general than the field of cybersecurity. A degree in computer science will give you a well-rounded overview of the different types of programming languages, networking, etc. Students of computer science programs also typically delve into mathematical theories and models as they relate to computer languages and algorithmic processes. In contrast, cybersecurity is a highly applied subset of the larger computer science field, and cybersecurity degrees generally deal less in theory and more in the practical skills, procedures, technologies, and strategies one should employ when protecting an organization from cyber attacks.

[] How is cybersecurity as a field evolving to meet contemporary needs and security threats? How does Aurora University’s Bachelor of Science in Cybersecurity train students to meet these contemporary and dynamic needs in the information security space? What kinds of careers does a bachelor’s degree in cybersecurity prepare students for?

[Professor David Lash] Cybersecurity graduates can be found in numerous roles, including informational security analysts, computer and information systems managers, data compliance officers, computer support specialists, information technology managers, public policy makers, software developers, and web developers. Our program is designed to encourage students to double major in cybersecurity and another field such as computer science, business, criminal justice, or public policy. This kind of interdisciplinary training is important in cybersecurity specifically because cybersecurity as a field bridges not only the technical but also the ethics, the business, and the policy sides of an organization’s development and success.

I referred to this a bit earlier, but IT systems cannot exist in a vacuum. Most security threats within an organization have not so much to do with IT infrastructure, as companies such as Microsoft and Google have actually gotten very good at protecting their systems. Rather, most cybersecurity breaches are actually the result of human error. Phishing emails, bad passwords, scam calls, and farming attacks seek out vulnerabilities and target humans rather than technological systems.

Therefore, an important aspect of cybersecurity is the need to bridge the information gap between the IT team and the business, ethics, and policy people. Those conversations need to happen so that everyone is on the same page about what the rules and procedures are to protect employees, customers, and company assets alike from data security threats. The cybersecurity graduate from AU will be able to sit between the technological and the non-technological sides of a company and skillfully translate key cybersecurity insights and their implications for a company’s security infrastructure and daily practices.

We believe that students who double major with cybersecurity will have a strong foundation for a successful career post-AU. For instance, the cybersecurity and computer science double major is advantageous for people who not only want to direct the development of cybersecurity infrastructure within an organization, but also dive into the actual coding of said infrastructure. Our cybersecurity degree was very intentionally designed to not prepare people to be software coders or infrastructure makers; they know enough about the computer science to have the key conversations with IT teams and leadership, and to inform, guide, and manage the development of security systems and governance structures, but they are not coding those systems and structures themselves. Students who want to be on both sides of the cybersecurity equation, the guidance and management side as well as the actual coding side, benefit from double majoring in computer science.

On the other hand, a student who is more math averse yet is interested in working at the intersection of policy and cybersecurity, whether that is in the policy of government or the policy of NGOs, could double major in cybersecurity and public policy to give themselves an edge in the job market. For example, our cybersecurity students who want to work in government or for vendors who work with the government are ideally trained to lead the development of systems that will ensure the security of those government and government-affiliated entities.

You may have heard of the recent ransomware attacks on local governments. The cybersecurity and public policy degree graduate might be the person who works in the information office of a local government to help address and prevent these kinds of threats. Or they might help develop laws. We have had students who are interested in going on to law school to study cyber law, which is essentially the fusion of law and its application in the digital world, and in this case double majoring in these two areas at AU would help prepare them for this particular goal.

Students who major in both business and cybersecurity are well positioned to lead and advise upon business development initiatives while also taking information security threats into account, and to manage the protection of a business’s key assets. Organizations that want to move into the digital space to expand their brand or connect with more customers face all kinds of threats to their security as a result. College graduates with training in both business principles and cybersecurity procedures can help these organizations succeed while staying safe.

The cybersecurity and criminal justice double major prepares students to identify and pursue what we like to call the “bad guys” online, such as hackers, organized crime, drug cartels, and other criminal enterprises as they exist online. So as you can see, cybersecurity is integral to a great many organizations and systems on the corporate, government, small business, and consumer sides. It can be a powerful addition to any student’s academic training, in the areas described earlier as well as others.

[] Aurora University’s Bachelor of Science in Cybersecurity can be completed both on campus and online. May we have more information about the online technologies this program uses to facilitate interactive discussions between students and faculty?

[Professor David Lash] The online program uses Moodle and Zoom. Within both platforms students have virtual spaces to discuss and collaborate. Part of students’ training in cybersecurity is learning how to work in a remote environment, and so we encourage and require students to engage in cybersecurity projects and to coordinate with each other independently online to get these projects done. I would say it’s a critical outcome of our cybersecurity program because the cybersecurity professional is in a position where they are working across many distributed work teams (in cases where a company is hiring a cybersecurity consultant, this is all the more true), so being able to skillfully collaborate in a virtual work environment is a common requirement for these roles.

Professors host office hours, which can be on campus or via Zoom. Students can meet during the professor’s office hours or by special appointment. Classes are overwhelmingly asynchronous, with the occasional synchronous session that is also pre-recorded for students who are unable to attend the synchronous session’s original time. Currently online students must complete their program online and in-person students must complete their program in person.

[] Students of Aurora University’s Bachelor of Science in Cybersecurity must complete an internship. May we have more information about the internship requirement? Do students receive support as they search for internship sites and supervisors?

[Professor David Lash] At AU, students complete a required internship to enable them to acquire relevant work experience and to apply the course concepts they learn about to real-world projects and problems. Through this internship, students also complete an applied project based on the business’s need. We have a dedicated internship coordinator who can help students locate suitable internships, and who is also widely available to meet students to help them hone their resume and their interview skills.

We see the internship as not just an academic requirement but also an opportunity for all-around professional development, and therefore our internship coordinator hosts career development workshops that complement students’ internship work. In addition, students must also participate in weekly discussions designed to have them reflect on their work experience and gain insight into their career goals, interests, their majors, and the corporate environment.

[] For their final graduation requirement, students must complete a capstone in cybersecurity. Could you elaborate on what the capstone entails, and the process students undergo to complete and present their culminating experience?

[Professor David Lash] The senior capstone project in cybersecurity is intended to require students to apply their learnings from their classes to a practical problem in industry. They may design a cybersecurity program for a specific company or create a threat assessment for a real-life network or company. The project will vary depending upon student interest. We encourage students to research and come up with a list of organizations that they might want to work with, such as a nonprofit that does not have the budget to hire a cybersecurity consultant but which needs a security plan that fits their infrastructure.

Students can bring their own work experience into their capstone project. In other words, if they are working they can apply their capstone to their current employer’s cybersecurity needs. Students are also welcome to partner up with a friend to tackle the capstone together and identify a cybersecurity need at an organization they are passionate about. All of our faculty members who are teaching in the online program are also practitioners, so we have excellent networks that our students can tap into.

A project for an organization might require a student to learn the organization’s security requirements, assess their security risk, analyze alternatives, and develop and implement an information security plan. Students’ faculty mentors provide frameworks for the capstone project to ensure that students demonstrate knowledge and skill in key areas of cybersecurity infrastructure, risk assessment, etc. As students work on their capstone project, their faculty mentor oversees the quality of the work they are doing and also provides guidance and feedback to help students.

[] What role does faculty mentorship play in Aurora University’s Bachelor of Science in Cybersecurity program? Independent of faculty instruction and support, what career development resources and academic services are available to students of this program? How can students make the most of these mentorship opportunities and support systems while in the program?

[Professor David Lash] As active cybersecurity practitioners, our faculty members have a very lively and engaged perspective on the cybersecurity landscape, which all of our students benefit from. Not only do students learn the established course content for each class, but they also have the opportunity to discuss the latest, real-world cybersecurity challenges that faculty members have encountered in their own work.

Although our cybersecurity program is relatively new, within AU we have an active alumni network. For example, within computer science, each year we host seminars with our alumni to discuss the job market, the interview process, how they found their job, and their goals. In other seminars, alumni hold mock interviews with students and review their resumes. In addition, all in-person students will take a junior mentoring class that involves multiple meetings with a professor, reviewing resumes and portfolios, preparing for interviews, and discussing career goals.

[] For students who are interested in Aurora University’s Bachelor of Science in Cybersecurity program, what advice do you have for submitting a competitive application?

[Professor David Lash] The ideal AU cybersecurity candidate will have a strong interest in information security and how it applies to organizations and businesses. Students will need to apply critical thinking and analytical skills throughout the program as they learn how to analyze threats, conduct vulnerability tests and risk assessments, and utilize state-of-the-art cybersecurity tools. Students do not need prior programming skills as some programming and system administration classes are required as part of the program.

[] What makes Aurora University’s Bachelor of Science in Cybersecurity program unique? From faculty expertise and mentorship opportunities to the quality of the curriculum, what are some standout aspects of the program that you would like prospective students to know about?

[Professor David Lash] Industry leaders and employers both advise and are part of our faculty to make sure our cybersecurity program is covering emerging areas that are relevant to students’ career growth. This program’s prioritization of clinical faculty – that is, faculty who are current and advanced cybersecurity professionals on the front lines of the industry – means that students truly get exemplary training in cybersecurity best practices.

The AU cybersecurity program is designed to enable students to double major in areas such as computer science, business, public health, political science and public policy, psychology, or criminal justice. Graduates with double majors who combine these deeper areas of focus with the interdisciplinary cybersecurity degree emphasizing management, policy, governance, and ethics will have a competitive edge in the marketplace upon graduation.

Thank you, Professor David Lash, for your excellent insight into Aurora University’s Bachelor of Science in Cybersecurity program!