Douglas Jacobson, University professor of electrical and computer engineering and director of the Iowa State Information Assurance Center, was recently recognized with a 2011 Security 7 Award from the Information Security magazine for his work with information security education.
Each year, the magazine honors seven professionals who have done work in the realm of information security. Nominees are required to submit evidence of their contributions to the field along with letters of reference. The winners, who were named in the October issue, also wrote a personal essay providing their perspective on an area of interest within the discipline.
Jacobson’s essay “Computer security education shouldn’t be limited to tech pros,” discusses his motivations for educating the general public about information security, just one activity he facilitates as director of the Information Assurance Center. “We really pride ourselves on a balance of research, education, and outreach,” he said. “We have to inspire people to take ownership of protecting themselves, and that means they truly need to understand information security.”
In frequent presentations to high schools, community colleges, and the general public, Jacobson covers the gamut of computer security. “I talk about everything from technical details to how to keep your kids safe online,” he said. “We also host a few classes because we want to reach the non-security people and make them more security aware. I answer questions like ‘What should I be worried about?’ and ‘How can I better protect myself?’”
The long-term goal for security education comes down to literacy, which Jacobson defines as giving the public the underlying knowledge necessary to make good decisions. Much of the education available to the general public about information security comes in the form of checklists and warnings without the context necessary for a person to truly be secure.
“Literacy isn’t telling people to use strong passwords. It’s telling them what a password is used for, why and how it works,” he said. “And sometimes the biggest threat is not good versus bad, but simply: Are you keeping your password secret?”
Jacobson is particularly concerned about giving college students the tools to stay secure. Iowa State offers a 100-level introductory course in information security, Cpr E 131, that covers basic computer security, including passwords, email and attachments, social networking, web browsers, online shopping, and several other day-to-day use concerns. The course continues to be a success—last semester, more students were turned away than were able to take the half-semester class, and the university is considering adding more sections. He is particularly excited about the course textbook, which will soon be in circulation. The book covers the curriculum of the course and can be distributed to other universities, community colleges, high schools—basically anyone with an interest in information security.
Students on campus wanting to get more involved in information security may join the Information Assurance Student Group, a club Jacobson advises. Along with what Jacobson calls “spreading the gospel of security,” the club spends the lion’s share of its time planning and hosting the IT-Olympics and cyber defense competition at the Iowa State, community college, and national levels under the umbrella of IT Adventures. Students plan and set up the entire event, which is a mock battle between two teams, dubbed blue and red. The blue teams, made up of students, build a computer network and a defense system to protect it; over the course of the competition, the red team, which is composed of information security professionals and a few members of the club, attack the blue teams’ networks. During the competitions, members of the Information Assurance Student Group who aren’t on the red team provide support for the blue teams, particularly during the community college level competition.
“At the most recent cyber defense competition, I showed up Saturday morning, made pancakes, and wasn’t needed again until it was time to hand out awards,” Doug said. He adds that the event represents the kind of real-world leadership experience that’s often difficult for students to find but is invaluable when searching for a job or internship, as information security is a growing field in need of specialists.
Beyond these opportunities for undergraduates, graduate students with a background in computer science or computer engineering can pursue a master’s degree in information assurance or professionals in the field can receive a graduate certificate.
“It’s a fun field that’s constantly changing and has no borders,” Jacobson said. “Every day there’s a new something out there that makes information security fun to teach and makes it fun to be in.”