Dr. Selwyn Ellis, the Bosley Whitmore Endowed Professor and head of the Department of Computer Information Systems at Louisiana Tech University, engages in a profound conversation with hosts Craig Van Slyke and Thomas Stafford regarding the establishment and maintenance of cybersecurity research and education programs that adhere to national standards. The dialogue reveals the multifaceted nature of achieving designation as a Center of Academic Excellence in Cyber Defense by the National Security Agency and the Department of Homeland Security, thus highlighting the rigorous accreditation processes that validate the quality of education delivered. Dr. Ellis elaborates on the collaborative efforts required across various departments within the university, emphasizing the importance of a holistic approach to cybersecurity education that encompasses not only technical skills but also behavioral aspects essential for understanding the human factors influencing security practices.

The discussion further explores the curriculum offered by the Louisiana Tech Center for Information Assurance, which includes essential courses such as disaster recovery, risk analysis, and principles of information assurance. These programs are designed to prepare students comprehensively for careers in cybersecurity, equipping them with the knowledge and skills necessary to address the growing complexities of the cyber threat landscape. Dr. Ellis notes that graduates from these programs are well-positioned for employment across diverse sectors, underscoring the value of a rigorous academic foundation in enhancing their career prospects. The episode also touches upon the significance of research in cybersecurity, as Dr. Ellis and the hosts discuss the role of faculty in guiding students toward impactful research endeavors that contribute to the field's advancement.

As the conversation progresses, the implications of emerging technologies such as artificial intelligence (AI) on cybersecurity education come to the forefront. Dr. Ellis articulates the need for educational institutions to adapt their curricula to incorporate AI-driven methodologies, preparing students to navigate both the opportunities and challenges presented by these advancements. The dialogue culminates in a call to action for industry partners to engage with educational institutions, fostering collaboration that enriches the learning experience and ensures a robust pipeline of skilled cybersecurity professionals ready to meet the demands of an evolving landscape. This episode encapsulates the essence of proactive engagement between academia and industry, reinforcing the critical role that well-structured educational programs play in shaping the future of cybersecurity.

Takeaways:

• The Cyberways podcast aims to translate academic knowledge into practical applications for security professionals, addressing the crucial need for accessible cybersecurity education.
• Dr. Selwyn Ellis, our esteemed guest, has extensive experience in establishing cybersecurity research centers certified by the US Government, showcasing his expertise in this critical field.
• Louisiana Tech University uniquely holds dual certifications as a Center of Academic Excellence in Cyber Defense and Research, reflecting the institution's commitment to rigorous cybersecurity education and research.
• The importance of continuous certification and rigorous program reviews every five years ensures that our cybersecurity curriculum meets national standards set by the NSA and Homeland Security.
• Our graduates possess a competitive advantage in the job market due to their comprehensive training and knowledge in cybersecurity, making them attractive to employers in various industries.
• The evolving landscape of cybersecurity education is increasingly influenced by advancements in artificial intelligence, which presents both challenges and...

Most organizations use sanctions as a way of enforcing cybersecurity policies and encouraging sound security behaviors. But few organizations ever test whether these sanctions are effective. Often they aren't; in fact, when used improperly sanctions can backfire. In this episode of Cyber Ways, Tom and Craig talk about sanctions and their effectiveness with Dr. Mikko Siponen of the University of Alabama's Culverhouse College of Business. Dr. Siponen is among the world's leading scholars when it comes to understanding the effects of sanctions on cybersecurity behaviors. Listen and learn how your organization can use sanctions more effectively.

Dr. Mikko Siponen is Professor of Business Cybersecurity and Management at the University of Alabama's Culverhouse College of Business. He holds advanced degrees in Software Engineering, Information Systems, and Philosophy. A leading scholar in Information Systems, he ranks among the top 30 worldwide based on publications in premier journals. Professor Siponen is the only Finnish IS professor invited to join The Finnish Academy of Science and Letters. His expertise spans cybersecurity management, IS development, and philosophical aspects of IS. He has extensive experience as a visiting professor, consultant, and research leader internationally, with a particular focus on cybersecurity management.

Sanctions and Cybersecurity Policies:

• Effectiveness of Sanctions:
• Sanctions can work even without prior direct experience.
• Firsthand sanction experiences may enhance effectiveness.
• Can backfire if perceived as unjust, leading to resentment.
• Employees' Awareness and Knowledge:
• Typically lack detailed knowledge of cybersecurity policies.
• Inadequate training contributes to confusion and non-compliance.
• Policies often conflict with practical organizational needs (e.g., link clicking).

Training and Effectiveness:

• Deficiencies in Training:
• Often generic and check-the-box nature, hence ineffective.
• Rarely measured for effectiveness by providers.
• Recommendations for Improvement:
• Demand effectiveness metrics from training providers.
• Training should reduce cybersecurity risks significantly.

Practical Implications and Recommendations:

• Sanctions as a Deterrent:
• Active Sanctions:
• Monitored closely but can backfire if perceived as unjust.
• Passive Sanctions:
• Applied only when necessary, safer from backlash.
• Communication and Awareness:
• Clear, effective communication of cybersecurity policies and sanctions is crucial.
• Must bridge the gap between policy and practical enforcement.
• Balancing Fairness and Consistency:
• Consistency across departments is vital to ensure fairness.
• Fair sanctions are essential to prevent demotivation and resentment.
• Sanction Implementation Tips:
• Consider firm culture and employee perspectives.
• Pilot test sanctions; gather employee feedback.
• Obtain management support and recognize the impact of unions.

Understanding Employee Behavior:

• Psychological Impact:
• Sanctions can have long-term negative effects on employee perception.
• Need for research on the psychological impact, especially for rule-breakers.

Current Research:

• Dr. Mikko Siponen working on:
• Understanding and prevention of cybercrime through offender-victim communication.

Industry Trends:

• Increasing sophistication of threat actors, potentially enhanced by AI.

Takeaways for...

In this thought-provoking episode of Cyber Ways, Tom and Craig discuss the intriguing topic of cybersecurity and religion with guests Dr. Karen Renaud and Dr. Marc Dupuis. Karen and Marc share insights from their research exploring the intersection of cybersecurity and world religions, offering a fresh perspective on enhancing cybersecurity practices.

Key Points Covered:

- The innovative research by Karen and Marc on leveraging positive values from world religions to influence cybersecurity behavior.

- The discussion on the drawbacks of fear-based cybersecurity practices and the importance of fostering a positive culture within organizations.

- Insights into the role of community, belonging, and sacred values in both religious communities and cybersecurity environments.

- The parallels drawn between religious principles and cybersecurity practices, emphasizing adaptability, forgiveness, and the sense of belonging.

- The significance of incorporating nonnegotiable values and building a culture that supports cybersecurity from top to bottom within organizations.

As Karen and Marc shed light on the impact of incorporating religious values into cybersecurity, they advocate for a different perspective on how a sense of community, forgiveness, and grace can transform cybersecurity practices. Join Tom, Craig, Karen, and Marc as they explore the potential for positive change in cybersecurity culture by drawing upon timeless principles from world religions.

Don't miss out on this enlightening episode of Cyber Ways and discover the transformative power of integrating religious values into cybersecurity practices. Tune in to gain a new perspective on building trust, community, and resilience in the ever-evolving landscape of cybersecurity.

Subscribe now to Cyber Ways for more insightful discussions on innovative approaches to information security and stay ahead in the realm of cybersecurity. Go to https://cyber-ways-podcast.captivate.fm to subscribe.

Guest bios

Karen Renaud is a Scottish computing Scientist at the University of Strathclyde in Glasgow, working on all aspects of Human-Centered Security and Privacy. She is particularly interested in deploying behavioural science techniques to improve security behaviours, and in encouraging end-user privacy-preserving behaviours. She collaborates with academics in 5 continents and incorporates findings and techniques from multiple disciplines in her research.

Marc J. Dupuis, Ph.D., is an Associate Professor within the Computing and Software Systems Division at the University of Washington Bothell where he also serves as the Graduate Program Coordinator. Dr. Dupuis earned a Ph.D. in Information Science at the University of Washington with an emphasis on cybersecurity. His research focuses on human factors related to cybersecurity, especially how psychological traits affect cybersecurity behaviors.