Advancing Cybersecurity Education
By Harrison Berry
Welcome to the Cyberdome
Across the State of Idaho, unfilled cybersecurity jobs number in the thousands, and the gap grows every year. That’s why Boise State University’s Institute for Pervasive Cybersecurity has started to build the Gem State’s Cyberdome.
The Cyberdome program will create a collaborative, competency-based learning environment that will eventually include all Idaho’s public colleges and universities. The program also creates partnerships with major stakeholders like the Idaho National Laboratory and private industry. Its goal is to train students and offer them experience so they can fill open cybersecurity jobs. Through this process, the Cyberdome team will make Idaho more attractive to outside technology investment.
“The Cyberdome achieves three things:
- It enables students throughout Idaho to obtain higher-paying jobs as truly experienced cyberprofessionals with real-world experience on their resumes.
- It protects and defends our rural and remote communities against cyber adversaries.
- It helps Idaho’s employers fill a critical gap in attracting and retaining cyberprofessionals,” said Institute for Pervasive Cybersecurity Director Ed Vasko.
The program needs financial support. While the Cyberdome has received a Higher Education Research Grant from the Idaho State Board of Education that funds 28 students, Vasko said he would like to grow that number to 100 students and offer each a $7,500 stipend. He would also like to grow the Cyberdome’s personnel by eight or nine new staff members and mentors at a total cost of $750,000. Finally, the ongoing costs of its applied research facility come to $100,000.
Boise State, community, business and stakeholder support, Vasko said, are investments in meeting broad economic and security goals — not just in Boise, but across the state and around the world.
“The cyberdome staff and the Institute for Pervasive Cybersecurity’s leadership are fully committed to providing Boise State students the opportunity to obtain competency before entering their cyber careers,” he said. “Our platform achieves this, and also has a significant benefit to rural communities in Idaho and employers looking to fill the cyber gap we have here and around the nation.”
Boise State’s new programs match students with critical needs
Colonial Pipeline, Target, Adobe, Alteryx, Equifax: These are household names, not just because these companies provide important goods and services, but also because they were the victims of major cyber attacks that compromised sensitive customer information and even critical infrastructure. Boardrooms, CEOs and governments have taken notice.
“Now that working from home has become the norm, and given the massive increase in ransomware attacks that we are seeing, most companies realize how vulnerable they are in an environment where most of their business and employee interactions are conducted through online channels,” said Wolf Richter, a Berlin-based Chief Information Officer and Partner at McKinsey & Company, which studies and consults on technology and security, on an episode of its Inside the Strategy Room podcast.
The peril is as old as networked computers, but as the number of- and reliance on- networked devices has grown, so have the problems — and opportunities — of all things digital. Smash-and-grab raiders and state-sponsored cyber espionage teams have before them a vast and swelling prize, and the frequency, volume and sophistication of cyberattacks has put the world on high alert. Boise State is facing the threat and helping fill new cybersecurity jobs with a slate of new programs designed for all with the help of off-campus partners and donors.
Boise State built cyber-oriented programs for all
“It’s really interesting to see all the gaps and holes there are just in general. It’s terrifying,” said Boise State student Brooklyn Mesia. “There’s a lot of room for growth and improvement, but there’s a lot of progress that’s going to be made and I’m excited to be on the front end of that.”
Like a lot of Boise State students, Mesia worked her way through school, and when she graduated in 2021 with a bachelor’s degree in electrical engineering, she’d just taken a job as a security engineer at Simplot. Her academic journey hasn’t been a straight line, and it isn’t over. Now, she’s earning a certificate in cyber operations through Boise State that will make her a barrier against attack on the international corporation that employs her.
Cyber vulnerabilities span the divides between the public, private, nonprofit and personal sectors, and have the power to affect every aspect of modern life. “In building its curricula, Boise State recognized the need to enable students with an array of pathways. Students can obtain certificates like the one Mesia’s pursuing and extend their knowledge all the way to a Ph.D program if they’re interested in advanced research.
“This is the thing that I really appreciate about Boise State. It’s taking a very innovative, forward-leaning approach to tackling the challenges of the cybersecurity industry and the cybersecurity needs that we have as a nation,” said Ed Vasko, director of Boise State’s Institute for Pervasive Cybersecurity.
“That whole cyber curriculum really differentiates Boise State in how it approaches the adaptive model to provide the right kind of workforce, the right kind of research and the right kind of capabilities to help the community, to help Boise State, and help the nation.”
These programs coalesced in early 2021, when the Idaho State Board of Education unanimously approved the Cyber Operations and Resilience (CORe) programs for fall of this year. A collaboration between Boise State’s College of Engineering, Extended Studies and the new Institute for Pervasive Cybersecurity, CORe bundled the university’s cyber courses and made them available online.
The range of those courses means there’s a certificate or degree for just about everyone. The certificate programs focus on cyber operations and physical systems security, giving students a professional boost. Undergraduate and postgraduate programs prepare for careers in information and network security, graduating students with the know-how to detect and respond to most cyber attacks; protect themselves and their employers; and fill specialized roles in information, infrastructure and systems management.
Master of Science in Cyber Operations and Resilience Online Degree Program
The Graduate Cyber Operations and Resilience (gCORe) program at Boise State University offers more than a just theory-based degree; it’s centered in real-world application and prepares you to be an industry-ready professional, capable of creating and protecting resilient systems and networks.
Meet Student Brieann Jones
After serving in the U.S. Marine Corps and relocating to Emmett, Idaho, Brieann Jones felt ready to jump back into school and pursue cyber.
“Boise State was willing to work with me on getting as many of my transfer credits accepted. I enrolled in the Bachelor of Applied Science program, which allowed me to get a CORe certificate. It all worked out perfectly,” Jones said.
Off-campus partnerships and faculty position Boise State as a leader
The market awaiting these graduates is substantial. Some level of cyber education applies to any occupation involving a computer or networked equipment. An estimated 1,500 cybersecurity positions go unfilled in Idaho annually, and 314,000 are unfilled in the U.S. According to the U.S. Bureau of Labor Statistics, the number of those jobs will grow 31% through the end of the decade. Worldwide, the number of unfilled jobs in cybersecurity number in the millions. Boise State Electrical and Computer Engineering Prof. Sin Ming Loo, who helped design the university’s engineering cyber-physical curricula and CORe, said even those numbers may downplay the real value of training in that area.
“The Department of Labor shows that there’s a huge demand for a cyber-literate workforce, but that’s not what I want to talk about,” he said. “What I want to talk about is that any company these days is in some way a tech company. If you don’t have some knowledge level within your rank and file employees to address cyber issues, you are potentially putting your data and your customers’ data at risk.”
Loo is a professor at Boise State with a joint appointment at the Idaho National Laboratory, which has partnered with the university to build statewide cyber-educational programs and infrastructure. That has included on-site and remote learning facilities, direct input into Boise State’s programs and curricula, a $25,000 economic development grant to the Institute for Pervasive Cybersecurity, internships and more.
INL combines two of the major themes of cybersecurity in Idaho: On the one hand, it’s a high-tech research facility for the U.S. Department of Energy. On the other, it’s located in the heart of rural Idaho, where many critical cybersecurity needs go unmet. It has established the Cybercore Integration Center, which partners with public agencies, industry and educational institutions like Boise State to bring experts together, assess infrastructure, detect threats and solve complex cybersecurity problems. One of the biggest challenges in these efforts has been building that security as computer technologies are layered on top of older machines, from tractors to turbines.
“As soon as you take those things that existed in the physical world and you make them available digitally, you’ve really changed things in ways you couldn’t quite understand or appreciate,” said Cybercore Program Manager Eleanor Taylor. “Right now you’re looking at equipment that was designed 30 years ago, before the internet, or an internet of things existed, and that makes us vulnerable.”
Ramping up remote work and remote learning options, however, will help solve those problems. Workers in the cybersecurity jobs of the future will be able to receive their training and education through Boise State’s online programs; and after completing their degrees or certifications, punch the proverbial clock in a town far from where they live. And Boise State’s multidisciplinary approach builds skill sets to match the demands of those jobs.
“You need to be a self-learner, excited to learn a new technology and tool set. That curiosity: How do things work and how do they break?” said Chief Technical Officer for the National & Homeland Security Directorate at Idaho National Laboratory Wayne Austad. “We find on our high-impact teams that they all think about how things work and how things break differently. In some cases, we’ll be evolving from multidisciplinary teams to interdisciplinary professions.”
The problems of cybersecurity are as varied as the industries affected by it, but broadly, those problems come in one of two flavors: operational, which concerns mechanical or infrastructural things; and information, which relates to data and privacy. As people, the government and the private sector increasingly recognize where they fit into the continuum of the cybersecurity threat, they’ve tailored their responses.
Idaho National Lab awards $25k to Institute for Pervasive Cybersecurity
Idaho National Lab awarded an economic development grant of $25,000 to Boise State University’s Institute for Pervasive Cybersecurity. The institute has identified a growing need for cybersecurity and cyber systems staff in rural and remote communities across Idaho.
What if technology isn’t your business?
For years, Sandy Dunn has been at the forefront of protecting electronic data and privacy. By night, she’s an instructor in cybersecurity at Boise State, but by day, she’s the chief information security officer for Blue Cross of Idaho, one of the state’s largest health insurance companies. Before that, she worked in several roles related to information security at Hewlett Packard. Her jobs in technology and health insurance have had something in common — to manage her employer’s cybersecurity interests while still allowing them to build machines or deliver health insurance. In other areas, those jobs were notably different.
“People understood the risk [at Hewlett Packard],” she said, “and I think the big difference is trying to take an extremely complex topic and bring it into a business where the core business may not be technology.” — Sandy Dunn, chief information security officer for Blue Cross of Idaho
The culture around cybersecurity at a given company can be as important as the particular challenges of protecting that company, its people and its products, she said. One of Blue Cross’ top priorities is guarding patient data, the manipulation, ransoming or loss of which would have enormous implications for thousands of people. The stakes might not be the same at other companies, however, and may require different cybersecurity solutions.
“How do we make sure we’re putting our time and resources into the things that mean the most to our organizations?” Dunn said.
That’s a difficult question for large and small employers alike. With more than 25,000 employees, the State of Idaho tops the scale by a wide margin, and the scope of its cybersecurity operations is gigantic. Every year, the state asks its employees to complete cybersecurity training. In a process that takes a few hours, they watch a handful of videos about identifying scams best practices for keeping information secure, followed by short comprehension quizzes.
Then comes the test. A few days or weeks after the training, state cybersecurity experts send a suspicious email to those who’d undertaken the training, and examine the open and click rates to improve the next year’s course. The goal is to turn one of the largest groups of workers in the West from a chain link fence into a brick wall against cyberattacks.
“People need to understand what the threats are in the environment so they don’t fall for scams that they shouldn’t,” said State of Idaho Chief Information Security Officer Keith Tresh, who is also an adjunct instructor in cybersecurity at Boise State. “This challenge is not unique. It’s not new. But the biggest thing is getting some people to really understand there’s a threat out there.”
Institute for pervasive cybersecurity
Boise State University’s Institute for Pervasive Cybersecurity welcomes and facilitates strategic partnerships with industry, higher education, business and government to improve cybersecurity for Idaho and the nation. The Institute also works to commercialize ground-breaking research and tools, and educate graduates to become forward-thinkers of the 21st century.
CORe programs emphasize experience, creativity, emerging jobs in cyber
Boise State alumnus Eric Stevens, ’04, electrical engineering, said he didn’t think he had the background to study for his master’s in CORe. He was looking for a change in his career that would allow him to give back to his community while still using his engineering skills, but he worried he didn’t have enough experience or know-how.
Twenty years of “working in silicon” — engineering parlance for computer chips — first at IBM and then at Micron Technology, Inc., had put him adjacent to the coding side of electronic security, but as he explored CORe, he realized there’s an open tent flap for people approaching from the physical side of tech.
“It turns out cybersecurity does need electrical engineers,” Stevens said. “It needs people looking at processes, flow. Yes, we need good scripts and programs, but we also need to know what we’re monitoring. … People need to know that everybody has something that they could contribute. That’s actually the whole of what CORe is all about.”
Part of what attracted Stevens to cybersecurity was the intersection of his personal interests, habits of mind, and cyber as an emerging industry where, working with the right company and a little creativity, he could have more control over his career and responsibilities. As people live more in front of their screens, as more devices hook up to a network, those on the front lines have begun to see cybersecurity as less of a threat and more like challenges and possibilities.
“I spent 15 years getting very little sleep at night because of cybersecurity issues, but what keeps me up now is that I’m so excited,” said INL’s Wayne Austad. “I can’t get enough done during the day keeping up with opportunities with interns and university professors and innovators.”
In building Boise State’s new programs, Ed Vasko and Sin Ming Loo asked two questions: How can they meet Broncos where they are, and what are the demands of Idaho’s biggest players in cybersecurity? The answer can be summed up in a word, and that’s “experience.” Each student comes into these programs from somewhere, and brings their own passions and life direction to their studies. By partnering with companies and government organizations to design curricula, and offer student internships and employment, Boise State is combining people power with skill development and experience to address one of the most significant demands of our age.
“We need to step into the 21st century and recognize that we’re part of a larger community, and we need to produce an adaptive and innovative workforce to meet the needs, to protect the critical data and infrastructure of our 21st-century lives,” Vasko said.
You Make it Possible
Students and faculty are working together to address some of the most challenging questions facing society today.
Your gift supports research projects, student scholarships, campus facilities, academic programs, faculty and more at Boise State to seek today’s answers to tomorrow’s questions.
Make a gift by filling out the form below.
Want to see more stories like this?
Subscribe and get our latest issue of Advancing Boise State from Vice President for University Advancement Matthew Ewing delivered to your inbox each month. In each issue, you will hear about individuals — like you — making a difference, the impact of giving, and stories of interest to alumni, donors, and fans of Boise State.