Media contact: Yvonne Taunton
Colonial’s position, like many others in the hot cybersecurity job market, went unfilled, resulting in a catastrophic shutdown, global headlines and long lines at pumps across the eastern United States.
The stakes are not always this high; but according to the 2021 State of the CIO survey from the publication CIO, cybersecurity jobs are the most challenging IT jobs to fill right now, surpassing AI/machine learning and data science/analytics. The U.S. Bureau of Labor Statistics projects that jobs in the information security analyst category will grow 31 percent (adding more than 40,000 jobs) by 2029, much faster than the average. The pay is attractive as well; the median salary in 2020 was $103,590 per year.
‘Very popular area with ever-increasing demand’
All of this is not news to Nitesh Saxena, Ph.D., professor in the Department of Computer Science and co-director of the Master of Science in Cyber-Security program at the University of Alabama at Birmingham, a joint program of the computer science department and the Department of Criminal Justice.
“This is a very popular area with ever-increasing demand and a shortage of skilled applicants,” Saxena said. “Most of our students go straight into jobs in industry with private companies and government organizations.”
Ransomware “is clearly an important threat,” Saxena said. “But our program actually focuses on much broader issues. Our goal is for our students to have holistic experience in cyberattack prevention, detection, forensics and recovery. We graduate lifelong learners who can adapt to address the new challenges that will always appear in this ever-changing area.”
Despite the soaring media coverage, ransomware is one of the lower entries on the FBI’s 2020 Internet Crime Report. Business Email Compromise, the leading category, totaled $1.8 billion in reported losses in 2020. (Ransomware totaled just over $29 million, although the FBI notes that this number does not include estimate of lost business, time, wages, files or equipment.) More than 30 separate categories of attack are detailed in the Internet Crime Report, from confidence fraud and identity theft to credit card fraud, extortion and corporate data breaches. Overall, internet crime complaints rose 70 percent in 2020 over 2019, with reported losses exceeding $4.2 billion.
Unique focus on cybercrime investigations
Graduates of UAB’s master’s program are trained to make an impact on these staggering figures. One key differentiating factor of UAB’s program “is that it is run jointly with the criminal justice department,” Saxena said. “It has a typical Cyber Defense track, but also a Cyber Crime Investigations track, which is unique across the entire nation and worldwide.”
The Cyber Crime Investigations track enables students to move beyond simply responding to an attack and into determining where it came from and who was behind it, says Jeffery Walker, Ph.D., professor and chair of the Department of Criminal Justice and co-director of the Cyber-Security master’s program. “This can aid in stopping the attackers before they strike again.” Students in the program also have the opportunity to work in the Computer Forensic Research lab at UAB, Walker said: “Here they work directly on large-scale cybersecurity projects for financial institutions, corporations and the federal government. This gives them an added advantage when they graduate because they have real-world experience.”
Students in the program also have the opportunity to work in the Computer Forensic Research lab at UAB: “Here they work directly on large-scale cybersecurity projects for financial institutions, corporations and the federal government. This gives them an added advantage when they graduate because they have real-world experience.”
The Cyber Crime Investigations track was particularly appealing to current student Lindsey Sandlin, who has an undergraduate degree in criminal justice with a minor in cyber criminology. “The master’s program at UAB is ideal for a student like me who wants a combination of both specialties,” she said. Sandlin has taken a special interest in digital forensics courses that have trained her in everything from investigating email spam to learning how to examine encrypted phones.
Sandlin also was attracted by UAB’s designation as a site for the National Science Foundation Cybercorps Scholarship for Service program, which offers stipends of $34,000 per year, covers expenses including education-related fees, professional development and books, and even includes a health insurance reimbursement allowance. In return, students complete an internship with a federal, state, local or tribal government organization in a position related to cybersecurity and work in such an organization after graduation for a period equal to the length of their scholarship.
“The NSF pays scholarships for bright students to pursue degrees in cybersecurity, and these students then work for the government in cybersecurity fields,” Saxena said. “It is a win-win for both students and the government.”
‘Working to improve national security’
Sandlin has already received a job offer and will be moving to Washington, D.C., after graduation in August 2021. “I plan on continuing employment within the government working in digital forensics for the long term,” she said.
Payton Walker, who earned his master’s degree at UAB in 2019, is now pursuing a doctoral degree with Saxena as his mentor. “When I started reading about the cybersecurity field, I immediately became interested,” Walker said. “The idea of working to improve national security was very appealing.”
Walker researched UAB’s master’s program and thought it was a good fit. He also was intrigued by the studies going on in Saxena’s SPIES (Security and Privacy in Emerging computing and networking Systems) research group. “They were working on some very interesting projects that sparked my curiosity about conducting research,” including an analysis of how smartphone motion sensors can be used to eavesdrop on private conversations, Walker said. “I was able to shadow and work under the lead student on this project, Abhishek Anand, and later expanded on this research area for my Ph.D. work.”
Walker, like Sandlin, has earned an NSF CyberCorps scholarship. “I chose to pursue a Ph.D. mainly for additional training for the workforce,” he said. “I would like to work for a federal agency or federally funded research center as a research scientist.” Walker’s one-year work commitment is deferred while he is finishing his doctorate, “but afterward I will be expected to work for a federal agency or other institute that is federally funded,” he said. But this is exactly what he wanted, Walker explains. “I am most interested in working for the federal government and conducting research to aid national security,” he said. “Ideally, I would like to work for a federal agency like the Department of Energy in one of their cybersecurity research laboratories and participate in the cutting-edge research that they do.”
Walker already has considerable experience in groundbreaking cybersecurity investigations — and is a co-author on four publications so far — thanks to his work with the SPIES lab. “My research focuses on side-channel speech attacks in the vibration domain as well as speech attacks against modern voice-controllable Internet of Things systems,” such as smart speakers from companies such as Google and Amazon, he said.
“Our students get the chance to contribute to research that is pushing the boundaries of cybersecurity, and they present their work at major conferences and meetings,” Saxena said. “This is invaluable experience, no matter where they choose to work, whether in industry or in government.”