cybersecurity :: COLUMBIA UNIVERSITY

Archive for cybersecurity

A Faculty Perspective: Preparing to Study Cyber at SIPA

Posted by Columbia SIPA

· Wednesday, May 6th, 2020

Guest Post by Professor Jason Healey

Admissions note: Jason Healey is a Senior Research Scholar at SIPA specializing in cyber conflict, competition, and cooperation. He directs the Initiative on the Future of Cyber Risk and teaches two courses: Dynamics of Cyber Power and Conflict and Cybersecurity: Technology, Policy, and Law.

In my five years here, it’s been clear that SIPA’s Dean Merit Janow is committed to bringing all things cyber and digital to the school. We’ve developed a robust program of research, events, and coursework that have made SIPA a hub for the study of cybersecurity and technology policy and our students are not only the main recipients but our best partners.

I’m often asked how students can prepare to study cybersecurity policy at SIPA. In this post, I’ll provide some recommendations on resources students can use for self-study whether you want to get a head start before SIPA or help prepare yourself for one of the five main cyber career tracks for SIPA alumni.

Reading

There are different learning styles. For me, I prefer reading. Whenever I’ve re-directed my career (into cyber in 1998, working for the finance sector in 2001 and the White House in 2003, expanding into risk and business continuity in 2005, and so on) I’ve read as much as I can get my hands on starting with general topics then diving more deeply.

If you want to switch into a cyber career, or wondering if it’s for you, start your reading early. First, there’s the general cyber reading. Here, look at The Cuckoo’s Egg (Cliff Stoll), a very readable classic, and The Hacked World Order (Adam Segal) or The Darkening Web (Alexander Klimberg) on general cyber international relations. Both are good, but Adam Segal is adjunct faculty at SIPA and directs the Digital and Cyberspace Policy Program at the Council on Foreign Relations. David Sanger’s The Perfect Weapon is amazing, as is Kim Zetter’s Countdown to Zero Day and, more recently, Andy Greenberg’s Sandworm. Andy and Kim are some of the most-trusted journalists in the field, along with David Sanger and Ellen Nakashima.

Singer and Friedman’s Cybersecurity and Cyberwar is a bit out of date but very readable — as is my cyber military history, A Fierce Domain. There’s also a lot of academic works like Ben Buchanan’s The Cybersecurity Dilemma, which is excellent, but probably a better third or fourth book.

Second are reports from think tanks like the Atlantic Council, Center for a New American Security, Council on Foreign Relations, Center for Strategic and International Studies, New America, Carnegie Endowment for International Peace, and the East-West Institute. These organizations are also holding a lot of virtual events during the quarantine that are open to the general public.

Third, the Internet threat reports from major cybersecurity companies will give you a unique and up-to-date perspective. FireEye’s APT1 report made history, a private sector company calling out espionage – with in-depth analysis backed by evidence – by another country. CrowdStrike’s Global Threat Report is quite readable and there are now dozens of such reports focusing on adversary groups, that is, criminal hacking groups or state-backed espionage teams. The Verizon Data Breach Investigations Report and reports from Ponemon are on cybersecurity more generally and the costs of cyber crime.

Last, there is the more technical literature, especially tied to hacking skills and certifications. I started with Hacking Exposed, now on its seventh edition, but study guides for Security+ and Certified Ethical Hacker are also useful. Only dive into these if you care about such things and can deal with sometimes daunting technical material right out of the gate. They’re important but you might start with the other material first.

Social Media

Many of the most influential and interesting practitioners and scholars in the field are on Twitter, and this is a great way to follow the most recent developments. Start with the authors I’ve mentioned here. Follow me then follow those I retweet. As you read Sandworm (especially, as it is new) be sure to follow those mentioned as well as all the authors and journalists I’ve mentioned above.

Getting a Basic Technical Background

If you want a job in cybersecurity, then you must have some understand of what happens on the other side of your screen. If it still seems like magic, then your analyses won’t have enough foundation. Fortunately, even a modicum of basic computer science or programming can be enough for you dispel the fog of magic and learn key concepts and terms. The deeper you can go, the more job options open up for you.

Any of the basic computer science classes available on the various MOOC platforms (EdX, Coursera, Udemy, etc.) will be a great start. CS50x is a particularly popular option. And get as much Python as you can, not just for cyber but to help you at SIPA and any job afterwards. If you can handle the quant, consider pairing cyber classes with the concentration in Data Analytics and Quantitative Analysis.

Within the cybersecurity fields, a certificate is a routine credential to demonstrate you have special knowledge or skills. The Security+ certificate by CompTIA is one of the most achievable for most SIPA students. Usually, you can study as much as you want for free and only have to pay to take the certification test, usually a few hundred dollars. The higher-end certifications, such as those from SANS, are often highly specialized and more expensive (often paid for by companies to train their staff).

This brief list of recommendations will get you off to a great start in studying cybersecurity policy, and you’ll be well prepared for cyber-related classes at SIPA. More importantly, you’ll be on your way to an exciting career in a field which has difficult and interesting challenges and is well paid and chronically understaffed. I look forward to your joining cybersecurity as a colleague!

Categories : Academics

Tags : classes, cyber, cybersecurity, faculty, jobs, MIA, MPA

From SIPA Student to Cyber Professional—CJ Dixon’s Cyber 9/12 Journey

Posted by Stuart Caudill

· Tuesday, January 28th, 2020

In November 2019, SIPA hosted the fourth annual Atlantic Council Cyber 9/12 Strategy Challenge in New York City. Planned and run by SIPA’s Digital and Cyber Group, this year’s event featured 31 teams from 18 different schools including Tufts, Harvard, Georgetown, NYU, West Point, and the University of Pennsylvania. Each team was tasked with developing policy recommendations to respond to a rapidly developing cyber incident at both the local and federal level. The teams were judged by experts including former Homeland Security Advisor Tom Bossert, former Deputy National Security Advisor and Deputy Director of the CIA Avril Haines, and senior executives from numerous private sector entities.

CJ Dixon (MIA ’19), a member of the winning team in 2018, returned to judge this year’s competition in his new role as a senior advisor at NYC Cyber Command. CJ took several cybersecurity courses at SIPA, competed in both the NYC and DC Cyber 9/12 competitions, and served as a Google Public Policy Fellow following graduation. CJ’s journey is a great example of how SIPA’s Tech & Policy Initiative provides students with the academic and professional preparation to pursue cybersecurity and technology policy careers.

Categories : Academics, Columbia University, Meet Seeples, SIPA, Student Life

Tags : alumni, Alumni News, Career Services, cybersecurity, ISP, jobs, MIA, student life

Studying Cybersecurity at SIPA: A Course Guide

Posted by Stuart Caudill

· Monday, November 18th, 2019

Photo: SIPA students and recent graduates traveled to Washington, D.C., to meet with senior industry professionals and SIPA alumni working in the field of cybersecurity and threat intelligence.

Threats emanating from cyberspace impact governments, the private sector, non-profits, and individuals. The borderless nature of (most of) the internet as well as the fact that the private sector owns much of the infrastructure creates difficult policy challenges that governments and companies continue to confront. Thankfully, SIPA is helping train students to tackle these challenges through innovative coursework that allows students to explore the technical, legal, and policy aspects of cybersecurity.

As a current student, I’ve taken several courses focused on this area, and I’ve found SIPA to be a great place to study cybersecurity policy. While I concentrate in International Security Policy, there are courses applicable to students in all concentrations. An International Finance and Economic Policy student might explore cyber risk to financial stability, for example, while an International Security Policy student may be more interested in cyber conflict. As you apply to SIPA and prepare your personal statement, use this guide to assist in your research and allow you to explore the potential paths you can take in this exciting field.

Basic Technical Background (a great place to start!)

Computing in Context – This course teaches the Python programming language through a series of lectures and labs taught by a computer science professor. Then, a SIPA professor explores how these skills can be applied to solving public policy problems. This is an extremely popular class at SIPA that provides a very marketable skill set. While I haven’t personally taken the course, I’ve spoken to several fellow students who found the course challenging but highly practical.

Programming for Entrepreneurs – This hands-on short course, which requires no technical background, takes place over an intensive four days and covers the fundamentals of computer science, data structures, web development with HTML/CSS, as well as some basic SQL. While I had some basic web development experience from my undergraduate studies, this course still provided me with valuable skills and was a great first course to gain some additional technical background prior to taking other courses on this list.

Basics of Cybersecurity – This course equips students with the basic technical knowledge needed to succeed in other cybersecurity courses at SIPA. Students learn the basics of how computers and the internet work, networking concepts, and network defense and security. When I took this course, it was taught by an active-duty U.S. Army cyber officer, and it was fascinating to learn these concepts directly from an experienced practitioner.

Cyber Risks and Vulnerabilities – This course complements the Basics of Cybersecurity course by focusing on the risks and vulnerabilities of various devices and protocols. The course includes demonstrations of common hacking techniques or tools to illustrate how these vulnerabilities are exploited and the potential impact. You should aim to take this course after taking Basics of Cybersecurity.

General Problems in Cyber Policy and Cyber Conflict

Cybersecurity: Technology, Policy, and Law – This innovative seminar course brings together professors and students from SIPA, the Computer Science department, and the Law School to explore cybersecurity issues from the lenses of all three disciplines. The course culminates in an interdisciplinary research project. Students interested in any aspect of cybersecurity or the impact of technology on policy and law will benefit greatly from this course. Tip: if you’re interested in this course, demonstrate your interest in cybersecurity by taking other related courses and joining the student Digital and Cyber Group. The course always has a wait list and this will differentiate you.

Dynamics of Cyber Conflict – This course focuses on the national security aspects of cybersecurity, specifically how cyber conflict has developed and how it differs from other types of conflict. Through an interactive exercise, students will learn how to formulate practical policy recommendations to respond to a cyber incident. Taught by Professor Jason Healey, the editor of the first history of cyber conflict, this course is always popular and comes highly recommended.

Skills-Based Courses

Introduction to Cyber Threat Intelligence – This course introduces students to the skills required to work as a cyber threat intelligence analyst in government or in the private sector. While not required, students will benefit from having some prior technical knowledge, either from another SIPA course or from work experience. Taught by Professor JD Work, who has extensive government and private sector experience, the course has numerous hands-on intelligence analysis exercises that provide valuable experience (and are fun!).

Cybersecurity and Business Risk – This course examines cybersecurity from the perspective of the private sector. It explores the risks of conducting business connected to the Internet and how businesses understand and manage these risks. This course is especially beneficial to International Finance and Economic Policy students interested in cybersecurity. Taught by Professor Neal Pollard, the CISO of UBS, the course will help prepare you for cyber risk related roles in a wide variety of industries.

SIPA is a leader in training the next generation of leaders in cybersecurity policy. I encourage you to explore these courses as you craft your personal statement. A personal statement that clearly demonstrates how SIPA will advance your career goals is a great way to stand out in the application process, and cybersecurity courses from SIPA are a great way to stand out in your future job hunt.

Categories : Academics, Admissions, Application Tips, SIPA

Tags : Application, application tips, courses, cyber policy, cybersecurity, personal statement, SIPA Digital and Cyber Group

Technology and Policy at SIPA

Posted by Columbia SIPA

· Wednesday, October 29th, 2014

You normally don’t correlate cyberspace with policy but contrary to belief, it is closely tied together. I was reminded in a meeting today about all the great work SIPA is doing and the now many courses on the impact of technology on policy and cyber security issues.

SIPA was granted a $1 Million grant from the Carnegie Corporation of New York to help link academics to policymakers. SIPA will expand its role as a key global hub for research and consultation on policy. Drawing on Carnegie support, SIPA will promote multi-disciplinary research in the growing area of cyber policy and internet governance, drawing together faculty from across the University and engaging them with senior practitioners in both the public and private sectors around the world.

“Because cyber security has become such a highly visible problem for governments, companies, and individuals, the development of cyber policy and governance is a high priority,” said Dean Merit E. Janow.

“As the hub of global policy studies at Columbia, SIPA is well-positioned to draw upon leading thinkers at Columbia University and around the world and bring scholars and practitioners together across disciplines to generate fresh ideas and policy recommendations,” said Dean Janow.

Among other initial activities, the grant will be used to support two of SIPA’s newest scholars—Herb Lin, a senior fellow in cybersecurity, and Andrew McLaughlin, a senior fellow in technology and public policy.

Categories : News, SIPA

Tags : Andrew McLaughlin, Carnegie Corporation of New York, cyber policy, cybersecurity, Herb Lin

"The most global public policy school, where an international community of students and faculty address world challenges."

—Merit E. Janow, Dean, SIPA, Professor of Practice, International and Economic Law and International Affairs