Dr. Richard Forno is a Senior Lecturer at the University of Maryland, Baltimore County (UMBC) Department of Computer Science and Electrical Engineering, where he directs the UMBC Graduate Cybersecurity Program, serves as the Assistant Director of UMBC’s Center for Cybersecurity, and is a Junior Affiliate Scholar at the Stanford Law School’s Center for Internet and Society.
His twenty-year career spans the government, military, and private sector, including helping build a formal cybersecurity program for the US House of Representatives, serving as the first Chief Security Officer for Network Solutions (then, the global center of the internet DNS system), and co-founding the CyberMaryland conference.
Forno was also one of the early researchers on the subject of “information warfare” and he remains a longtime commentator on the influence of Internet technology upon society.
PhD, Internet Studies
Graduated: 2010
Career: Cybersecurity, education
Q. Despite significant global investment in cybersecurity, the frequency of cyberattacks seems to be on the rise. Why?
A. The problem is, almost twenty years on from the ‘dot-com’ period, despite repeated warnings and recommendations about how to use and safeguard technology, people and society continue to rush into embracing the convenience, fun, fashion and cost-saving of new technologies (ie, social media, mobile, cloud) before really considering the possible security, privacy, or operational consequences that can result down the road.
When you think about it, people are the cause of, and can be the solution to, nearly all of our cybersecurity problems, but unfortunately while the human brain is the most complicated computer in the world, it’s also the one most easily compromised.
That said, do we really need to network our toasters, refrigerators, toilets, toothbrushes, and showerheads?
Q. How do you prepare students to deal with such an unpredictable, ever-evolving landscape as cybersecurity?
A. To deal with cybersecurity, just as with many of the other so-called STEM fields, you need to take a broad view of the world and go beyond just your specific discipline. Moreover, to be a good cybersecurity professional, you need to be technically minded, but you also need to see beyond just the technical realm, work well with others, communicate effectively in the professional environment, and put your technical skills to use in a way that’s agile, adaptable, and can foster a long-term career versus just a series of narrowly-focused technical “jobs.”
Contrary to popular belief, not every cybersecurity role requires knowledge of coding, programming, or engineering, but even if you’re writing IT policy, doing compliance work, or managing a team of IT professionals, you still need some familiarity with the technologies involved.
So, knowing about technology is important, but my view after 20 years in the cybersecurity industry and now as an educator is that knowing about people is just as, if not more, important.
My advice to people looking to enter cybersecurity or IT is this: expand your awareness beyond just the technical side. Context is key when examining security concerns, and it’s the people who define context.
Q. A university in Perth seems an unlikely choice for someone who has received all their previous qualifications on the east coast of the US. Why Curtin?
A. I wanted a doctoral program that mixed my prior academic work and interest in the humanities (security policy, specifically) with my more geeky and self-taught career in cybersecurity.
Most universities at the time wanted me to be either a computer science student or a public policy student, but the Curtin program allowed me to split the difference and attack the issue I wanted to explore more efficiently via the digital humanities approach in the Internet Studies program.
Not to mention, I appreciated the more individual research-oriented approach to the doctoral program versus spending several years taking required classes first. I had an excellent supervisor, too!
Q. If you could pass on one piece of advice to those considering a career in cybersecurity, what would it be?
A. Expand your awareness beyond the simple bits and bytes – context is key when examining security concerns, and it’s people that define context.
