Unique Programs: Excellence in Information Assurance, University of Dallas
Landry is the Ellis Endowed Chair of Technology Management, Associate Professor and Director of the Center for Academic Excellence in Information Assurance at the University of Dallas. He joined the University of Dallas in the fall of 2006, following six years of teaching at the University of New Orleans. He has worked in network security and design in the private and public sector and earned his Ph.D. from Mississippi State University. Landry has published numerous journal articles on Information Technology in the ACM Journal of Educational Resources in Computing (JERIC), Communications of the ACM (CACM), Decision Sciences Journal of Innovative Education, International Journal of Services and Standards, Journal Business Ethics, Journal of Organizational Change Management and others.
TOM FIELD: Hi, this is Tom Field, Editorial Director with Information Security Media Group. We are talking about education and information assurance today, and with us is Dr. Brett Landry who is the Ellis Endowed Chair of Technology Management and Associate Professor and Director with the Center for Academic Excellence and Information Assurance at the University of Dallas. Brett thanks so much for joining me today.
DR. BRETT LANDRY: Thank you Tom. I always enjoy talking about our program here at the University of Dallas.
FIELD: Why don't you tell us a little bit about yourself and your information security program?
DR. LANDRY: I have been at the University of Dallas now for three years and joined UD because of its unique focus in information assurance education, as well as its unique program in graduate education in the College of Business, especially in our Graduate School of Management. One of the things that really differentiates our program with our MBA and Masters of Science in Information Assurance, Information Technology and Information Technology Service Management and a variety of other concentrations, is the concept of scholar practitioners. That is that every one of our professors has worked in the industry they teach in.
Prior to coming to the university I worked in information assurance in the private and public sectors; my colleagues in marketing, accounting and finance have also done similar. So we have a real interesting perspective on education at the graduate level that we really can say here is what really happens there and the majority of our colleagues still consult in those areas as well. Additionally, our Information Assurance Program is unique in that it maps fully to the Committee on National Security (CNS 4011 through 4016) and that is something that only seven other universities in the world share.
FIELD: You really are doing some unique things there. What are some other aspects of the program that you find particularly unique Brett?
DR. LANDRY: Something that we really like is that it is an on-ground, on-campus mix and match program. It is very easy for you to start off as an on-ground student or an online student and because of travel needs or job requirements, you might not be able to be in the Dallas area to take a course. So we have students who take their entire program online or have, because of work requirements, mixed and matched programs. It is very flexible in terms of you not being pigeonholed into one program or the other. That flexibility makes it very easy for students to complete their degrees, as well as the concept that it really is a program that is at a student's own pace. I have students that may finish their Master of Science in a year and half and some that do it in five years, it really depends on their schedule and what is going on with their working career.
FIELD: That is interesting. I wanted to ask you about your students. You talked about them being online and on-ground, who are your core students and what type of background do they bring to the program?
DR. LANDRY: All of our graduate students have a working background; they have worked in the industry before. Some of them are working to sharpen their skills in a particular industry and some of them may be managers that are looking to become more technical. Some of them are technicians that are looking to become more managerial. Sometimes we have students that are looking to do a complete job and career change.
I have a student that is coming into the program this fall and her background is in K-5 education, but sees the need for protecting children online and the concerns and issues there and is looking to do a wholesale career change. She is looking at information assurance in the education area and we have a number of courses to bring people up to speed if you are not in a business and technology background. We have foundation courses that allow students to ramp up and catch up with students that have been working in the field for a long time.
The majority of our students are in their mid-30's and have worked in the industry for a while. It is not a fifth year undergraduate program; it is something that people can really work with teams on and focus on. Here is a group of colleagues that you can go through your curriculum with.
FIELD: So these are people that for the most part are in jobs today, correct?
DR. LANDRY: That's correct.
FIELD: So it's not like you are placing them someplace when they leave, but what are they doing in their careers when they have gone through the program?
DR. LANDRY: It really depends. A number of our online students in the government sector are looking for advancement there. A lot of times it is for additional certification. Our program dovetails nicely with the CISSP from IC2 so the Certified Information Security Systems Professional is a good fit with that. A lot of our students are completing that which allows them to advance further in their careers.
I have seen students that are very technical that are moving into more managerial roles. It really becomes a gateway for them to advance their careers.
FIELD: I would bet too that you see some of these students coming back to the school to help teach.
DR. LANDRY: Yes we have. We have had a really active alumni program that has been involved in both coming back to help with projects, with adjuncts and full time professionals that have come back and teach with us. It is a unique group that has come back to work with us.
One of the things that helps is that our MBA Program students actually complete a real-life consulting project. Our MBA Capstone Project is in the final MBA semester and students have the opportunity to work with a real company either in the private or public sector, sometimes non-profit. We've done international Capstones and we've done local Capstones; it really depends on what the client need is at the time. We go in and meet with C-level executives on their business needs, completing a 12-week project on consulting. Here is a business need, it could be technical or managerial or it could be a business opportunity. Focus on what that customer needs who is going to be the client. That is a true consulting project.
FIELD: Wow, that's good. Now as you know, the President has put a major focus on cyber security and you hear both the private and the public sectors talking a lot more about information assurance. How do you see information assurance education evolving in the coming years with all this emphasis on the topic?
DR. LANDRY: I think we are going to continue to see a heightened focus of it. Just this past weekend with the recent attacks coming from supposedly North Korea, we are going to see a continued global focus on this. What is unique for UD is that we are a traditional brick and mortar university. I think you are going to see a lot more schools pop up and say they are an information assurance school that doesn't have the credentials from the NSA, Homeland Security or other traditional academic accrediting bodies to really support them, so from our standpoint we are very much involved with the other Centers of Academic Excellence.
The NSA has over 85 schools now worldwide and we partner with those schools to work with their programs. Every school has a little different focus and that is important for students to look at when they are looking for an information assurance school that fits them.
The idea of organized cyber attacks from around the globe is a real possibility that happens every day. We see it with the credit card industry. We see it with banking. We see it with political targets as we did this past weekend and we see it with our children. We see something with our K-12 environment where they are actively attacked by online predators on a regular basis from around the world.
There is definitely a heightened need for that and it is something that I feel very proud of, the work that we are doing at UD and the other Centers of Academic Excellence. We are looking to protect our national assets, we are looking at protecting our children and when it comes down to it, that is a very important mission for us to do.
FIELD: Now you talked about the ties to both the private and public sectors and I understand certainly a university like yours doesn't exist as an island. What do you need from the private and public sectors to be help you grow effectively?
DR. LANDRY: The public sector is coming there with greater awareness. There needs to be a greater focus on what the real threat is. When I talk to parent groups and church groups it is amazing to see how many of them don't understand the real threats that exist online for their children with social networking sites. Something that is really needed is more education and awareness in those programs.
In terms of industry support, we are seeing it now with some of the software industries supporting universities in terms of academic grants; there is a lot more work to be done there. A lot of the production software, such as the forensic toolkits and other software packages, haven't been developed well to work in the academic environment. So it is hard to train and work with those tools. We have been working with a couple of companies this year on building our online forensic lab. It is a bit of a work because those patches aren't quite ready for academic lab environments. They are primarily designed for a single user in front of a single server.
But I think with a greater focus on the use of those in academic schools, with students' rights and things like that, those types of tools can be pushed further into the academic environment. One of the things that we are doing with our online forensic lab right now is having online students from around the world actually working on digital forensic investigations. The idea is that they are walking away with real, tangible toolsets that they can go and look at what really goes on in an investigation.
FIELD: It doesn't get any more real than that does it?
DR. LANDRY: No it doesn't. And we are using fictional data and fictional evidence, but there is so much out there that it is just amazing.
FIELD: Brett one last question for you. You certainly talk to a lot of people in their careers that are looking to broaden themselves in information assurance. If you were to give a piece of advice to someone that is looking to start a career in information assurance today, what advice would you give to them?
DR. LANDRY: The whole area of information technology and information assurance, even Information Technology Service Management, is such a broad umbrella that I would suggest for them to take some introductory courses, principles courses, foundations courses, things like that to find out what is their avenue. Even in the area of information assurance it is a broad arena so we have the whole science of cryptography, the whole area of forensics, the whole area of network management and e-commerce assurance. And certainly PCI has put a higher focus on network management, telecommunications management and risk continues to put a place there as we look at SOX and other legal compliance issues we have to face.
I would advise someone that there is no such thing as an information assurance expert; we have experts in these sub-areas, but we need them to really look at this as they take courses or look at programs to understand what things really interest them.
If they are really into the math behind it then cryptography is a wonderful science to be in. But if they are not a math person, going into a heavy crypto field is not going to be a good fit for them. Really look at the individual's domains in information assurance and certainly the IS2 common body of knowledge of CBK is a good place to look that breaks down information assurance into ten domains, or ten areas; they overlap somewhat but it does give some area there.
They are certainly welcome to come and look at the University of Dallas and contact us and we can talk to them about what is a good focus for our program. There are just a lot of good information assurance schools right now across the country.
I would tell someone if they are looking for a program either at the undergraduate or graduate level to make sure that it is certified by the NSA and Homeland Security, that they have met some level of the basic steps and that their program is accredited and valuable. That is something that we go through on a regular basis. We just finished our review this year and we are certified for another five years with our curriculum to match the national standards.
FIELD: Very good. Brett I appreciate your time and your insight today.
DR. LANDRY: Tom thank you for the opportunity.
FIELD: We've been talking with Brett Landry from the University of Dallas. For Information Security Media Group, I'm Tom Field. Thank you very much.