Vineet Mehta on Closing the Gap in the Cybersecurity Talent Pool

TOPICS:  cybersecurity   future directions   ieee secdev 
Vineet Mehta
September 14, 2016

The inaugural IEEE Cybersecurity Development conference (IEEE SecDev) will be held in Boston in early November. SecDev aims to bring together researchers and practioners to focus on how to “build security in” to real-world systems. To encourage student involvement in the evolution of this exciting and ever-more critical area, SecDev is making student travel grants available. Here, Vineet Mehta, Student Travel Grant Chair and principal computer scientist and group leader at MITRE, discusses why students should attend this and similar cybersecurity conferences.

Question: IEEE SecDev is a new conference, just debuting this year. What are you hoping to achieve in its first year?

Mehta: Cybersecurity has been evolving at a very fast pace, and much of that growth has to do with the increasing number and sophistication of attacks on systems at industrial complexes, educational and government institutions, as well as on personal devices. We need to develop techniques to secure systems, and, at the same time, we need to get the latest techniques into the hands of those who are managing operational systems at organizations, or engineering new systems that ultimately find their way to consumers.

As technology advances lead to the development of new types of systems—for example, the Internet of Things—cybersecurity threat will evolve to target these systems, such as the devices in our homes and wearable medical devices, where there hasn’t been much concern about security. We want to ensure that the designers and developers of these systems are aware of the need for security and how they might implement it. The IEEE SecDev conference aims to connect professionals from the research and operational communities so that the latest ideas and security technologies can be adapted into emerging systems.

Question: As the SecDev Student Travel Chair as well as someone who’s been involved in recruiting, mentoring, and educating students for many years, why do you think this conference is a good choice for students to attend?

Mehta: IEEE SecDev offers students a unique opportunity to be part of the dialogue between practitioners and researchers, and to understand the challenges and the problems we face in the actual implementation of security as well as in the design of secure systems. With an understanding of these problems and issues, students can ultimately grow into being innovators and contributors who will help solve those problems.

Students will have the opportunity to meet experienced researchers and get ideas about what research areas they might pursue or possible internships or collaboration opportunities. Students looking to continue their education on a more advanced level (say, from bachelor’s to master’s or PhD) will have the opportunity to meet potential advisors. There will be a number of people from industrial research centers, so students will also be able to interact with potential mentors or employers. The conference will provide students with an excellent opportunity to grow their professional network.

Question: Can you talk a bit about the student travel grants?

Mehta: We’ve received funding from the National Science Foundation to support student travel grants. The grants cover registration, lodging, and travel, and are open to US-based students who are actively pursuing degree programs and have financial need. We especially encourage women and underrepresented groups that often don’t have the opportunity to attend conferences due to lack of research or other funds at their institutions. We’re reaching out to traditionally underrepresented institutions in particular.

Question: How can students apply for the travel grants?

Mehta: There’s a webpage on the IEEE SecDev website that outlines the application process. Essentially, we ask that students write a page stating how attending the conference will benefit them. We also ask that they demonstrate financial need.

Question: How do you see SecDev evolving over the next five years, and how can students be part of this evolution?

Mehta: As technology and systems evolve, we’ll see more engagement from partners in the operational community presenting their problems, observations, and analyses. Both the research and operational communities will derive benefits from an increasingly open dialogue on security issues—that’s not always easy for operators to share—and new approaches that can help address these issues.

We hope the students who attend will continue to participate in the conference and will serve as mentors to other students once they’re established in a research, engineering or operational role. We also hope that the encouragement of women and minorities—especially from nontraditional institutions—will raise awareness about cybersecurity at those institutions, and perhaps lead to stronger educational or academic programs and more internship and employment opportunities in the cybersecurity area from nontraditional or minority groups.

Question: In another interview, Terry Benzel mentioned the need to get students involved in these conferences early, bring them back as participants, then as program chairs and committee members, and eventually help them get into institutions where they can become mentors themselves—continuing the lifecycle. Is this a new trend for conferences or have they always focused so strongly on students ?

Mehta: Students have always been an important focus for conferences. Cybersecurity, however, where things are changing and evolving so quickly, has become a very important area in a very short period of time. Moreover, designing secure systems and understanding the threats and attacks facing them require a great deal of sophistication and technical understanding. To make an impact in protecting systems, we need well-trained professionals, and there’s a rather severe gap in the talent pool. To help close this gap, cybersecurity conferences are encouraging students to move into this path, and at the same time are trying to make sure that they get the best training possible.

Question: Do you have any advice for students on how they might prepare in order to get the best possible experience at the conference?

Mehta: Cybersecurity has many subareas. If you are an experienced student, I suggest you focus on a particular area (for example, trusted computing or privacy) and be aware of the research in that area. You might also check the program committee members’ research interests and activities so you’re prepared to have useful conversations with experienced researchers at the conference.

For students in the early stages of their academic careers, curiosity is probably the best attribute to bring. Be open to new ideas and try not to be shy about approaching other participants, whether they’re students or established professionals. Talk to them about cybersecurity technology and where the field is going, and look for ways you might contribute.

IEEE Cybersecurity Development Conference (IEEE SecDev) will be held 3-4 November 2016, at the Hyatt Regency Cambridge, in Cambridge, Massachusetts. Applications for student travel grants are due by 16 September 2016, visit http://secdev.ieee.org/travel/student-travel-grants/ for application information.

IEEE SecDev is distinguished by its focus on how to build security in versus the common emphasis on security flaws and weaknesses, will bring together both academia and industry to encourage and disseminate ideas for secure system development. Track #IEEESecDev on Twitter for event updates.