Exploring cybercrime, broadening perspectives with the Virginia Tech cybersecurity club
On January 26, 2023, Pamplin College of Business’ Integrated Security Education and Research Center (ISERC) hosted CyberVT, Virginia Tech’s Cybersecurity Club. The workshop, It takes a team: real-time response and resilience for cybersecurity, explored career options and provided a high-level tour of the cybersecurity resources available, including opportunities through the Commonwealth Cyber Initiative.
The workshop was carried out in collaboration with the Virginia Cyber Range, which boasts an extensive courseware repository for educators, a community of purpose around those resources, and a cloud-hosted arena for hands-on cybersecurity labs.
David Raymond, director of the Virginia and U.S. Cyber Range, welcomed the group by inviting them to think holistically. He asked them to consider how information technologies help businesses function, instead of diving headfirst into technical infrastructure.
“The first step in responding to a cybersecurity crisis isn’t catching criminals,” said Raymond. “Instead, cut off bank payments and call a lawyer!”
Raymond is also the faculty advisor for CyberVT, a Virginia Tech student organization focused on educating students, faculty members, and the wider Blacksburg public on cybersecurity. CyberVT provides a unique opportunity for students to collaborate and network with other aspiring security professionals.
Students joined the ISERC’s senior associate director, Arianna Schuler Scott, for an exercise in ransomware negotiation. Working in groups focusing on different perspectives (legal, security, marketing, customer service, and executive), CyberVT students worked together to respond to cyber criminals who were attempting to extort a ransom from their hospital.
Schuler Scott is also the associate director for outreach for the Commonwealth Cyber Initiative (CCI) in Southwest Virginia. CCI is a network of industry, higher education, and economic development partners across the Commonwealth of Virginia. Leading the Southwest Virginia node, Virginia Tech coordinates research, workforce development, and innovation at the intersection of cybersecurity, autonomous systems, and intelligence.
After much discussion, the group refused to pay the ransom! In the debrief that followed, Virginia Tech’s Information Technology Security Officer Randy Marchany, put classroom learning into real-world context. He discussed the importance of security as part of business practice. Marchany’s takeaway for students? Never waste a breach – there is always something to learn from a cyber incident. While the group decided not to pay up, it took (in-game) days to come to this conclusion. For a hospital, being held up for days would be a real problem for patients and staff.
Pamplin’s ISERC is part of Virginia Tech’s wider Integrated Security Pathways Program, which is dedicated to further understanding and fostering a world in which individuals, institutions, and nations are secured by technology and social systems that follow ethical principles and promote values of social justice.
Virginia Tech offers a wide range of cybersecurity programming and classes. Researchers are based in the Complex Networks and Security Research Lab, the Ted and Karyn Hume Center for National Security and Technology, the Information Technology Security Lab and Wireless @ Virginia Tech.
There are may options for undergraduates to incorporate cybersecurity as part of their degree at Virginia Tech. They may choose minors in cybersecurity from the College of Engineering or College of Science; they can follow the Integrated Security Minor Pathway hosted in the College of Liberal Arts and Human Sciences; they may choose to major in computer engineering (cyber operations or networks and cybersecurity); the CyberCorps Scholarship for Service; or cybersecurity management and analytics (BIT-Cyber).
Graduate students may choose to follow masters or postdoctoral routes into computer science or engineering, a masters in information systems or information technology, or complete a graduate certificate in cybersecurity engineering.
-Written by Arianna Schuler Scott