Dr. Anton Dahbura is the executive director of the Johns Hopkins University Information Security Institute, co-director of the Johns Hopkins Institute of Assured Autonomy, and an associate research scientist in computer science. His research focuses on security, fault-tolerant computing, distributed systems, and testing. He earned his BSEE, MSEE, and PhD in electrical engineering and computer science from Johns Hopkins University.
In previous roles, Dr. Dahbura has served as a researcher at AT&T Bell Laboratories, an invited lecturer in the Department of Computer Science at Princeton University, and a research director at Motorola Cambridge Research Center in Cambridge, Massachusetts. He has also held numerous leadership positions at Johns Hopkins University. In 2004, Dr. Dahbura received the Johns Hopkins Heritage Award for his service to the university.
“Everyone needs more fundamental cybersecurity awareness,” Dr. Dahbura says. “This isn’t an issue that’s going away.”
Modern cybercrimes and cyberattacks occur at the personal, organizational, and nation-state levels. The precise cost of those attacks is difficult to measure: while statistics do exist, they’re unlikely to paint the full picture, as victims may not wish to publicize the fact that they’ve paid hefty sums to ransomware attacks in the past.
What is certain is that the number of attacks is going up, and so is the cost. In the last few years, cybercriminals have targeted not only individuals and businesses but also some of the nation’s most critical infrastructure. The nature of those attacks can range from highly technical to brazenly simple: even a straightforward phishing attempt, if successful, can have enormous consequences.
“The human factor is often the weakest point in a network’s security,” Dr. Dahbura says.
One way Cybersecurity Awareness Month seeks to bolster our nation’s cyber defenses is by improving the public’s cybersecurity literacy. Five simple steps can be taken to defend against cybercrime and cyberattacks:
Much like how regularly washing one’s hands and taking simple hygienic precautions helped slow the spread of a pandemic, these steps towards cyber hygiene, at scale, can make a sizable difference.
For the general public, those five steps may be all they need regarding cybersecurity. But for the ideal cybersecurity professional, the learning never stops. It starts with a strong foundation in computer science, beginning at the undergraduate level, where one learns what can and can’t be done with networked devices and systems.
“It’s really important to have a solid computer science background,” Dr. Dahbura says. “You need to understand programming languages, operating systems, and networks. You have to understand how computers work, inside and out.”
In addition to the core curriculum and its electives, Dr. Dahbura also recommends taking some mezzanine courses: upper-division and graduate-level courses in security-related topics. Students who are truly committed to becoming top cybersecurity professionals should also seek out extracurricular events, like security-focused hackathons and capture-the-flag cyber-competitions. And, to stay up-to-date, they should also be attending cybersecurity conferences and reading cyber-related news regularly.
“Cybersecurity is a fast-moving field,” Dr. Dahbura says. “You need the foundation, but you also need other things that are building your knowledge on a day-to-day, week-to-week basis. You have to learn about new attacks, new defenses, new everything. This is a field that requires that.”
It’s possible to start working in cybersecurity with just a bachelor’s degree, but it’s becoming increasingly popular to complete a master’s degree as well. These allow a cybersecurity professional to become a cybersecurity expert, and many who graduate from these programs go on to become leaders in the field.
Several scholarships exist for cybersecurity students at the undergraduate, master’s, and doctoral levels. Perhaps most notable is the CyberCorps Scholarship for Service (SFS) program. Awarded through the National Science Foundation (NSF), it pays full tuition and a generous stipend for room and board. In return, all that’s required is for the scholarship recipient to work on cybersecurity for the US government for a length of time equal to the length of their scholarship.
“It’s an amazing scholarship,” Dr. Dahbura says. “If used in our master’s program, its value is close to $200,000. And then after graduation, you go to a well-paid job, where you’re doing interesting work. It’s really underpublicized.”
As technology advances, the size, scale, and complexity of potential cyberattacks will, too. Phishing scams, which can already be difficult for the average person to detect, may become nearly indistinguishable from real emails once powered by AI, and AI-assisted cybercrime could also be cheaper and quicker to produce and proliferate. Even though cybersecurity professionals are increasingly using AI for cyberdefense, the average consumer will likely continue to face increasingly sophisticated threats.
As more and more sensitive data is stored online, people will need to rethink their relationship with cybersecurity. Dr. Dahbura notes that the Supreme Court’s reversal of Roe v. Wade, and the resultant anti-abortion laws in several states, have created moral, ethical, and legal concerns in the cybersphere. Someone searching on Google for information about reproductive services, or sending direct messages on social media about those services, may find themselves in legal jeopardy when their expectations of privacy are reversed.
“In our master’s program, we teach the technical aspects, but we also teach things like the legal, moral, and ethical aspects of security,” Dr. Dahbura says. “And it’s great to have people on the regulatory side with technical knowledge of what’s going on. Regardless of whether you’re a regulatory person, a policy person, or an engineer, I’d argue you need to have the full picture in order to be effective.”
In May 2021, President Biden signed Executive Order 14028, which focused on improving the nation’s cybersecurity, and this was followed in January of 2022 by a National Security Memorandum to improve the cybersecurity of the Department of Defense and intelligence community systems. These are hardly the first moves by a presidential administration to bolster the nation’s cybersecurity abilities, and they won’t be the last. Dr. Dahbura foresees cybersecurity undergoing a similar revolution to what IT experienced in the late 90s and early 2000s, to the point where every institution and business will have a dedicated cybersecurity specialist or department on staff.
“Cybersecurity is a field that’s absolutely exploding,” Dr. Dahbura says. “For the foreseeable future, there will be a strong need, a growing need, for cybersecurity specialists. What we’ve seen so far is just the beginning.”
To learn more about the state of cybersecurity today, and how you can get involved, check out some of the resources below:
By reading a select number of engineering blogs, university students can gain access to the thoughts of some of the best engineers in the world, and get on the path to becoming one themselves.
Diversity and inclusivity aren’t purely idealistic goals. A growing body of research shows that greater diversity, particularly within executive teams, is closely correlated with greater profitability. Today’s businesses are highly incentivized to identify a diverse pool of top talent, but they’ve still struggled to achieve it. Recent advances in AI could help.
The ability of a computer to learn and problem solve (i.e., machine learning) is what makes AI different from any other major technological advances we’ve seen in the last century. More than simply assisting people with tasks, AI allows the technology to take the reins and improve processes without any help from humans.
Unlike fungible items, which are interchangeable and can be exchanged like-for-like, non-fungible tokens (NFTs) are verifiably unique. Broadly speaking, NFTs take what amounts to a cryptographic signature, ascribe it to a particular digital asset, and then log it on a blockchain’s distributed ledger.
First proposed by computer scientist Nick Szabo in the 1990s and later pioneered by the Ethereum blockchain in 2010, smart contracts are programs that execute themselves when certain predetermined conditions are met.