Fortifying the foundations of cybersecurity

Every day, we are bombarded with unrelenting headlines about cybersecurity attacks, from Facebook data breaches and infrastructure security challenges to ransomware groups shutting down national pipelines. As these attacks become increasingly sophisticated and harder to defend, we need a more comprehensive and integrated response that stacks advances in research and development alongside fundamental skills-building for the general public and regular technical upskilling for professionals, so they can stay abreast of the latest technologies and threats. 

The traditional educational path for cybersecurity professionals, while important, is not by itself enough to meet this grand challenge. The current global cybersecurity workforce sits at 65% below what it should be, according to figures from the annual (ISC)² Cybersecurity Workforce Study.  

At Arizona State University, supporting life-long learners has always been a key focus of our charter. ASU’s Global Security Initiative (GSI) has increased efforts to address complex and evolving challenges in cybersecurity, helping lifelong learners excel and explore their full potential. To that end, GSI has combined two units - the Center for Cybersecurity and Digital Forensics and the Cybersecurity Education Consortium (CEC) - into a single organization that will more holistically address cybersecurity challenges through research, education, and upskilling. 

ASU’s new Center for Cybersecurity and Trusted Foundations (CTF) aims to more holistically address the long-term cybersecurity challenges facing the nation by building up and fortifying the fundamental building blocks of security – technology, process and workforce. 

“We make a deliberate effort to bring our cutting-edge cybersecurity research into the classroom, and we find that the connection also goes the other way: research ideas can, and do, spring forth from education,” says Adam Doupé, associate professor in the School of Computing and Augmented Intelligence (SCAI), and director of CTF.

“The goal of the Center for Cybersecurity and Trusted Foundations is ultimately to keep users and their data safe, and this is accomplished through research, education, and entrepreneurship” Doupé notes. 

This merger brings CDF’s $30 million research portfolio, reputation as a national leader in competitive hacking, and cybersecurity workforce development collaborator, with the CEC’s relationships with Arizona school districts and successful track record of introducing middle and high schoolers to core cybersecurity concepts. In doing so, CTF now reflects the need to include complete security in systems, technologies and the workforce through research and development, while engaging with learners, from Kindergarten to private sector.

CTF’s primary activity areas align with the three enterprise “pillars” around which Arizona State University organizes its efforts (Knowledge, Academics and Learning). 

Advancing the three enterprises of ASU

The Center for Cybersecurity and Trusted Foundations will advance ASU’s three enterprises through:

• Research (Knowledge): The CTF is creating novel techniques to identify security vulnerabilities and invent new defensive technologies. This is achieved by defining new frontiers of cyber defense through research and development. One example of this research is the work conducted on addressing software vulnerabilities. 
• Higher education (Academic): In the university setting, the center promotes a ‘practice makes perfect’ mentality for ethical hacking in pwn.college. This curriculum is used in undergraduate courses CSE 466 and CSE 365. The center also supports a large research lab of undergraduate and graduate students, all working toward degrees in cybersecurity topics and pursuing research expertise in a variety of topics, from phishing attacks, to mobile security, to reverse engineering. 
• Lifelong learners (Learning): This spans the continuum of lifelong learners, from kindergarten all the way to the professional sector. Thanks to the portfolio of the CEC, learning efforts include a free cybersecurity curriculum for middle school, educational camps for students in K-12, and educational resources for Arizona students. The center also launched its first high-school research internship in summer 2021. CTF is a national leader in competitive hacking and uses Capture the Flag tournaments for hands-on skills building.
   

“A core component of GSI’s mission is to bring ASU’s unique strengths to bear on the world’s most complex security challenges. In CTF, we couple some of the most advanced cybersecurity research with some of the most novel, hands-on education approaches,” says Nadya Bliss, executive director of the Global Security Initiative.

Becoming a cybersecurity professional 

“Cybersecurity professionals are made, not born,” says Doupé. “Through curiosity of how computers work, they are driven to fully understand the complexity of these modern systems. These are the students who will go out and defend our networks, keeping our systems, data and, ultimately, our country safe.” 

Doupé’s journey into the cybersecurity industry began through reading articles about spoof emails, also known as “phishing,” which tricks users into thinking a message came from a person or entity they can trust. He went on to pursue an undergraduate degree in cybersecurity at the University of California Santa Barbara. “My eventual PhD thesis advisor, Giovanni Vigna, invited me to his weekly hacking meetings that prepared me for participating in Capture the Flag. From there, I was hooked.”

Through CTF, Doupé plans to inspire other curious students to pursue cybersecurity careers and provide pathways to success, while also ensuring today’s cybersecurity workforce has the tools and training needed to successfully defend against attacks.

Get involved

Are you interested in learning more about cybersecurity and how you can be involved in providing solutions? Here are a few ways you can connect:

• Develop cybersecurity skills through ASU’s pwn.college. 
• Find a cybersecurity expert.
• Learn more about how phishing attacks work. 
• Connect with Capture the Flag competitions through CTF Radio.