When the average person hears the term “cybersecurity,” it conjures images — reasonably derived from recent movies and TV shows — of sweaty, foreign hackers in dark basements, typing furiously in their efforts to undermine national security.
That’s not too far from the truth in some cases, but as anyone who has ever been the target of a cyber-attack can attest, the conversation about data security is far more complicated.
“Half the problem is technological, but the other half is human,” said Dr. James Walden, who heads up the Center for Information Security
(CIS) housed within NKU’s College of Informatics Department of Computer Science.
Walden explains that, in providing cybersecurity resources to companies throughout the Greater Cincinnati region, CIS students routinely encounter a reliance on outdated methods — namely, installing firewalls and antivirus software — to keep information safe. But as cyber-attacks advance in sophistication at an alarming rate, Walden says those traditional methods are no longer effective, and haven’t been for more than a decade.
Director of NKU's Center for Information Security Dr. James Walden
“Those methods essentially buy you time,” said Walden. “A firewall will stop most low-level threats, but high-scale attackers can figure out how to get around those technologies very easily. Basically, anyone with an internet connection is susceptible to a cyber-attack.”
is one local company that understands the current cyber threat and is taking measures to combat it.
“We take a number of precautions to ensure the networks we manage are as secure as possible,” said C-Forward President Brent Cooper. “Software patching, anti-virus and anti-malware, password and passphrase policies, firewalls, monitoring, business continuity and response plans, disaster recovery tools, encryption, dual-authentication and ongoing training are just some of the tools and best practices we see as essential for any protection plan.”
While C-Forward isn’t actively involved in the award-winning cybersecurity efforts undertaken by NKU, Cooper said, “We have hired a number of NKU graduates and continue to be impressed with their knowledge and work ethic. We are grateful to have the College of Informatics here in Northern Kentucky. It truly is a gem for the region. With IT career opportunities on the rise, the value of the College of Informatics will continue to increase.”
Cybersecurity takes center stage as target NKY industry
In a Target Industry Analysis report that will be released next month, Northern Kentucky Tri-ED
identified cybersecurity as an area of continued focus for the region. That identification was made partly due to the urgency of the aforementioned threats, but also because Northern Kentucky as a region has shown aptitude for tackling the issue on a national scale, thanks in part to resources like those available through NKU.
In 2014, the Center for Information Security was named a National Center for Academic Excellence by the National Security Agency and U.S. Department of Homeland Security — a designation that Walden said the university could have received as early as 2004, but, as he explains, “We were busy those 10 years building curriculum and creating labs.”
As a result of the designation, the CIS articulated the following four missions going forward:
- Support NKU’s academic departments in the development of high-quality educational programs in cybersecurity;
- Offer high-value events and symposia to both educators and professionals;
- Facilitate research that contributes to the theory and practice of information security; and
- Perform cybersecurity outreach to both educational and professional organizations.
Pursuant to that second goal, since 2007, NKU’s College of Informatics has partnered with Chase College of Law to host annual cybersecurity symposia. The most recent, which took place at NKU this past October, tackled an array of security topics including governmental compliance, software security, mobile and computer forensics, the Internet of Things, legal issues in privacy and security and healthcare cybersecurity.
Corporate sponsors for the symposium included Nexum
, Frost Brown Todd Attorneys
, U.S. Bank
and Encore Technologies
Local company leads fight by engaging cyber-defense students
Jon Salisbury, co-founder of Newport-based technology firm Nexigen, said his company has directly benefitted from the work the CIS is doing to produce experts in cybersecurity and to connect area businesses and individuals with the resources they need to keep information safe.
Nexigen co-founder Jon Salisbury
If cybersecurity were measured by a yardstick, Salisbury explained, the region’s capabilities might have occupied one centimeter a decade ago, when Nexigen arrived on the scene.
“Nexigen offers a more broad-based approach that encompasses the whole yardstick, but those services were very expensive — too expensive for most organizations to scale. We’ve since made those tools accessible, and we’re able to do so cost-effectively,” Sailsbury said, thanks in part to agreements with NKU that leveraged the talents of “hungry kids” enrolled in the university’s cyber-defense programs.
In 2008, long before the cybersecurity conversation went mainstream, Nexigen designed a test to measure aptitude in students pursuing computer engineering careers. Salisbury and his colleagues were surprised when one 22-year-old test taker received a near-perfect score — a feat Salisbury said would be nearly impossible for anyone without extensive, in-depth understanding of cybersecurity.
Salisbury was further surprised to learn the test taker was part of a cyber-defense team at NKU. Nexigen hired that student and set out to learn if there were others like him. Since then, the company has partnered extensively with CIS, separately employing both of NKU’s cyber-defense coaches and helping NKU students train in real-world configuration settings for practical and immediate application to the modern cyber-defense challenge.
Nexigen can’t hire everyone who graduates from the CIS program, though. That’s why the company is investing in other companies within the region that have shown promise in their cyber-defense efforts. Meanwhile, Nexigen is working to raise awareness in the region for NKU’s extensive and valuable training opportunities, specifically targeting smart students who maybe don’t have access to traditional college-to-career channels.
“We’re engaging a lot of the region’s high school students who are interested in cyber defense and asking them, ‘What has your high school experience been like?’” Salisbury said. “Because our own experience wasn’t great in terms of tech, and we want to give kids entering college a lot more advantage that we had.”
Nexigen’s current client list includes roughly 1,000 companies in the region and beyond. The company provides a range of “one-stop-shop” services that includes everything from professional consultation and routine security checks to digital forensics, security monitoring and incident resolution.
“Nexigen is powered by student talent, and we in turn empower those students to apply their talents and create solutions,” said Salisbury.
Nexigen’s ongoing efforts in that regard include the TechDefenders
program, a tuition-free, 12-week, high-caliber curriculum designed to engage students at the high school level who are beginning their cyber-defense journey.