Mastering Information Security - New Graduate Program Debuts at ESUInterview with Prof. N. Paul Schembari, East Stroudsburg University
Download the transcript (PDF)
TOM FIELD: Hi, this is Tom Field, Editorial Director with Information Security Media Group. We are talking today about the Computer Science Department, Information Security Media Program at East Stroudsburg University and with us is N. Paul Schembari, professor in that department. Paul thanks so much for joining me today.
PAUL SCHEMBARI: Thanks for having me.
FIELD: Just to give our audience a bit of context, why don't you tell us a little bit about yourself, your role at ESU and your University's Computer and Information Security Program?
SCHEMBARI: Sure. I am a Professor of Computer Science and Computer Security here at ESU. I teach classes, freshman classes, and general introductory classes all the way up to grad classes. Most of the classes that I teach are in computer security and that has been my main focus area for the last five or six years; that is sort of my expertise right now, in the security field. I am also the Director of our Computer Security Program, which is an undergraduate program, and now our new Information Security Program, which is a Master's Program.
I have been at ESU for about 18 years. I am going to start my 19th year in September and like I said before, the research I am doing lately is in computer security areas. I usually follow the interest of my students so if I have a student, especially a grad student, who is interested in a particular area, then we will go off and head in that direction and I will learn something new and they'll learn something new.
We did that a few years ago and I remember when we had a project in hand geometry biometrics, where the shape of your hand can help identify you. We were working on that project and it was something that I had never done before. It was quite an interesting project.
Right now the research that I am doing is in cyber forensics, so what we are trying to do with those projects is in how we help the law enforcement find digital evidence. If you sit down at a computer, how do you find digital evidence? If you are looking through someone's thousands of e-mails, how do you find digital evidence there?
The University has been around for quite some time. We are part of the Pennsylvania State System of Higher Education. We are, with regard to computer security, what is called a National Center of Academic Excellence in Information Assurance Education. That is a program that is run by the National Security Agency and the Department of Homeland Security where they take a look at different colleges and universities and decide which one should get this endorsement. There are only about 100 of these in the country out of the 3,000 to 4,000 colleges and universities so we are really in a select group.
The other thing I can mention about ESU is that we were the first college or university to have a four-year Bachelor's Degree in Computer Security. That is sort of our claim to fame in this field; we had the first full Bachelor's program.
FIELD: You touched upon a lot of rich topics there from forensics to cyber security, computer security, I mean these are things that we hear about all through society today. What can you tell us about the need for such programs as yours and why they are so critical today?
SCHEMBARI: There are many factors that go into that. First of all I believe that everyone knows about it because of people just trying to protect their own Social Security numbers and their own private information. We all know that securing digital information is important. The interesting thing from a job point of view is that it is not as if companies really like to outsource computer security jobs. Computer security is really in-house or at least contracted with a U.S. company. So for people in the United States there are a lot of job opportunities in this field because it is not really something that is outsourced.
And now, even the federal government is becoming more involved in promoting computer security. President Obama gave a speech earlier in the summer and he talked about how our digital information, our digital infrastructure, will be considered a strategic national asset. Protecting that national asset, our digital infrastructure, is very important today.
There is a strong need in the private sector and the public sector for students educated in information security. Every large company will be looking for people with this expertise. Smaller companies will often hire a consulting firm of some sort to help with their security implementations.
I typically have many different private and public institutions calling me looking for graduates to hire, from pharmaceuticals to government, all over the place, looking for people with this expertise.
FIELD: Now you mentioned a few minutes ago a program you are debuting this fall. What can you tell us about this new program?
SCHEMBARI: It's a new Master's program and we call it our Master of Science and Information Security. It is a standard Master's program of 30 credits that you need to complete, along with writing a thesis, for the degree at the end. The interesting thing about it is the course will be fully online so we will have ten courses offered in five straight semesters.
What that means is you can really complete this in less than two years because we are counting the summer as a semester. All the courses are online in what they call the asynchronous fashion, meaning that you don't have to be online when the teacher is online. The teacher will record lessons and give assignments and you do that in your own time.
One thing I should mention is that all the courses are online but the thesis defense is something we are asking the students, when they are finished, to come to campus and defend.
Another interesting thing about the program is we took federal certifications for cyber security. These are out of what is called the Committee for National Security Systems, and we created courses based on those certifications. The students actually get those certifications as they are completing the courses.
FIELD: Now Paul I know that there are a lot of information security programs out there among universities. What makes your new program unique?
SCHEMBARI: Of course we are aware of other programs, but we tried to take the best components of each of those and add in our own expertise to that as well. So first of all the program is online, geared for working professionals. There are other programs out there that are like that but as I talk about some of the other components you will see putting that all together is really not something you can find somewhere else. We have an online program geared for working professionals, especially because of the two courses per semester, we think that is doable for someone who is working.
When mapping to all of the federal certifications that are available out of the Committee for National Security Systems, there are six certifications, we match all of them. The courses were directly created from those certifications, like I said before.
The focus of this program is mostly on the management of information security. That is really what we are focusing on, as well as practical applications of security; so it is not a theoretical program. There are many theoretical programs out there that are great of course, but our niche is really on practical applications.
We have a great faculty who are real teachers. We do teaching, we do research and with our faculty the students will be able to do faculty level research. They will be able to work with the faculty on some research projects. And the faculty work in theoretical areas -- we have faculty who work in cryptography. And then we have systems certification, which focuses on how you make sure that a system is working properly, something a bit more practical. There are many different research areas out of our faculty.
FIELD: It sounds like if a business could have a security information system made to order this one would fit it. What types of classes are you going to be offering Paul?
SCHEMBARI: Like I said, there are two courses each semester, starting fall of 2009. The classes start on August 31st. We have classes this fall and then spring, summer and the following fall and spring; so that is the five semesters in a row. You do two courses each semester. All the courses are online and you go through a cohort model so you are with a group of students, we are hoping for about 15 students or so, taking two courses each semester with them, working your way through the program.
This fall semester we have the first two courses in the program called Information Systems and Information Security. That is to give an overview of the discipline. Students who have started off with the knowledge of technology will be brought into the security field this way.
The second course that is being offered this coming semester is called Legal Impacts of Computer Security Solutions. That course deals with the legal ramifications in information security, which is really a big aspect. It is a multidisciplinary science so you have law involved as well as other things. For that particular class we learn about the ethics and laws that are involved in information security.
FIELD: Now you talked about this program being tailored to working professionals and it makes me wonder, what type of student do you expect to attract to this program and what is going to be required of them to get into it?
SCHEMBARI: It is technical professionals that we are really looking for, people who have technical expertise that want to grow. They want to stretch their knowledge into cyber security.
We are requiring a Bachelor's Degree in Information Technology, Information Systems or Computer Science; some sort of computing related Bachelor's degree or equivalent courses if a student has equivalent courses they would be able to get in.
Once they are in the program, what will be required of them is they will be doing lots of hands-on work, reading and research in the field. That is what a Master's program is all about.
FIELD: Now on the flipside, what do you foresee as being the career options for students who complete the program?
SCHEMBARI: That goes back to the need I talked about before. The fact is that every large organization needs one if not more than one person that is knowledgeable and educated in computer security and information security. That is really the end goal.
The other thing that I mentioned before about not outsourcing is really big. Positions are staying inside the United States and that is where the security positions or firms are.
I mentioned government before, but there is also a need in healthcare and finance. Those two have lots of compliance issues through federal laws where there are security requirements. I mentioned the legal class before. There are lots of legal reasons for the need for security besides just the value of protecting data.
FIELD: Now Paul, a couple of times in our conversation you have mentioned research and that leads me to wonder, what types of research opportunities and scholarships are available to professionals that enroll in your program?
SCHEMBARI: Our research opportunities are with our faculty. Our faculty is very active. We have students working with them all the time.
Right now for example, we are working under the umbrella of what we call our Cyber Crime and Computer Forensic Institute. That is a partnership between my school, East Stroudsburg University, and Drexel University and Ryder University. The three of us have gotten together and formed this partnership where we have faculty and students working on research projects in cyber forensics. We have had approximately 50 students over the last few years doing research in security, in applied security. On the scholarship side, the type of scholarship we are involved with is another federally funded program, the Information Assurance Scholarship Program out of the Department of Defense. Because this is our first Master's program, we have undergraduate students who have been placed in that scholarship program. And our students are highly sought after. There are years where they are giving out 50 scholarships across the country and we have had five. This past year we had four, for example. I am going to say we have had about ten to fifteen scholarships awarded.
In general, ESU is a state school and because of that we are a good value with regard to tuition dollars. It is not a high cost and it is pretty easy to afford ESU's tuition. You get a good education for a good value.
FIELD: You used the word partnerships there and I want to pick up on that. I know that universities such as yours rely a lot on public and private sector partnerships. What types of partnerships do you maintain with businesses and government agencies that really will help you to lead to the success of this new Master's program?
SCHEMBARI: The government partnerships are often through grant programs or the scholarship program that I mentioned before, so we have partnerships with the National Security Agency, the Department of Homeland Security, the National Institute of Justice which is part of the Department of Justice, the Department of Education and we have even worked with the EPA in the past. Lots of Pennsylvania state agencies as well, so there are a lot of government partnerships.
As mentioned before, we are also part of the National Center for Academic Excellence and Information Assurance Education program. We are one of those national centers which are run by the NSA and the Department of Homeland Security.
We also have many corporate partners, financials, pharmaceuticals, healthcare and private companies in the defense sector. Lots of those companies work with us, especially with regard to hiring our students or interning our undergraduate students.
FIELD: Paul, one last question for you and in many ways it is the most important one. How can interested prospective students enroll in this program?
SCHEMBARI: We have a short timeline. The classes start on August 31st, so any professional that is interested should really try to apply right away. We will have a very quick turnaround, one to two weeks, on their applications so they should get a decision right away.
The easiest place to contact us is our Web site, which is hosted by the college. The address is www.esu.edu/infosec. I can also give you some phone numbers if anyone has any questions, academic questions especially. My phone number is (570) 422-3661. For graduate admissions you want to contact our Coordinator of Graduate Admissions, Kevin Quintero, at (570) 422-3890. Kevin is the person for the administrative questions and I can handle the academic questions.
FIELD: Very good. Paul this has been insightful and I wish you luck with this new program and I look forward to talking with you maybe a year from now to find out how it has gone.
SCHEMBARI: Great. Thanks a lot.
FIELD: We've been talking with Professor Paul Schembari of East Stroudsburg University. For Information Security media Group, I'm Tom Field. Thank you very much.