On Friday, March 20, 2015, CyberOU, the student cybersecurity club at Oakland University, held its second annual Cyber Summit in Michigan. Here's why CyberOU is a student-run organization for others around the world to emulate.
CyberOU Team and Panelists at Oakland University Cyber Summit 2015
The evidence of something different, growing and special was all around to see. As I walked into the large hall on the second floor of the Oakland Center at 8 a.m., an hour before the morning event kickoff, I was greeted by a group of students with confidence, broad smiles and fire in their eyes.
The ballroom was more than twice the size of last year’s inaugural cybersummit at Oakland University, with approximately 200 people expected to attend. The food, registration table, program and AV were all set and ready to go – unlike plenty of other cyberevents.
“Impressive!” Was my first comment as I shook the hand of Trpko Blazevski, the co-founder of CyberOU in 2013. Trpko is now an Oakland University graduate student and one of two mentors for the student cyberclub. He is also a full-time employee working at FCA Group nearby.
“We’ve come a long way – but there's plenty still to do. We’re ready for more. Thanks for coming!” was Trpko’s response.
Over the next hour I met numerous energetic students, including the CyberOU leadership team that includes Arnaud Crowther, Amanda LaBelle, Eric Maul, Jamil Johnson, Beata Skonieczna, Wesley Austin, Zack Kobman, R.J. Fischer and others.
This Cyber Summit was only one of the many events sponsored by CyberOU, and the passion and excitement were not limited to the organizational leadership. The audience was full of students, and I was impressed that they stayed through lunch and listened intently and asked great questions during two 75-minute panel sessions.
Why Is CyberOU Special?
So why am I writing about another cybersummit at another university – with weekly events on cybersecurity seemingly popping up all over the country?
This group (and event) is run by the students for the students – to enable their cybersecurity careers. They also follow the motto: “We hack to learn, not learn to hack."
No doubt, many universities, governments, communities, economic development organizations, private-sector companies and professional organizations now hold online and offline seminars on the intersection of cybersecurity and society. The security market is hot, and everyone seems to be getting into the action. But what makes the Oakland University’s cybersecurity club, called CyberOU, stand out from the crowd?
Perhaps the most impressive endorsement was offered by Preston Brooks, who is the faculty adviser for CyberOU. He began his remarks by saying he became the faculty adviser last summer. “I love this group! It is a dream for faculty advisers. They are all self-starters, hard-working and passionate about security and what they do. Frankly I’ve never seen anything like it.”
The group’s mission and ongoing activities are described at this website:
"CyberOU is Oakland University’s premier technology and cyber security organization, founded Winter 2013. CyberOU has over 300 registered members through Oakland University and hosts a variety of events which are informative, demonstrative and exciting. Events range from demonstrating how to hack into WPA and WPE wireless access points, to having a leading security expert help us realize the effect if we lost the ability to control our autonomous robots, to bringing in Fortune 100 companies to help get our information technology and computer science students on the right track to a growing and successful lifelong career. CyberOU is dedicated to the growth of Oakland University, our supporting faculty, and more importantly, our loyal members. Our mission is to spread awareness of the importance and impacts of modern cyber security through practice and knowledge alongside spreading the importance of information technology in business, education and everyday life. All members must sign a WhiteHat agreement."
CyberOU is growing and changing as well. Last year at its first event, there were a series of individual speakers and topics covered over four hours. This year, only one 30-minute opening keynote was offered, followed by two long discussions with engaging panel discussions and audience participation.
Simply stated, the students wanted to get more involved and ask more questions. They also forcefully gave their own opinions on key questions.
The cyber summit panelists included:
• Rodney Davenport, CTO and acting CSO, State of Michigan
• Phil Bertolini, CIO/deputy county executive, Oakland County
• William J. “Joe” Adams, vice president of research and cyber security, Merit Network
• Titus Melnyk, senior manager of information security, identity and access management, FCA
• Louis Kunimatsu, supervisor, Ford IT, IT Security Services
• Dan Lohrmann – chief strategist and CSO, Security Mentor
• Theresa Rowe – panel moderator, CIO, Oakland University
What was discussed during the panels at the event?
There were several themes and topics of discussions covered by panelists. Theresa Rowe went from autonomous vehicles to cloud computing to BYOD to Michigan’s environment for technology to wider tech challenges to the need for resiliency. It was clear that security and privacy have a major role in every aspect of innovation and enabling new technology in business.
Here were some of my favorite quotes from the panel discussions:
Rod Davenport: “There is always too much data for some – and not enough data for others.”
Joe Adams (on the role of the human factor in cyberdefense): “The tech industry keeps making things foolproof. But God keeps creating more resourceful fools to defeat our plans.”
Phil Bertolini: “We have a 23 percent vacancy rate in IT positions (in county government), down from 29 percent. We adjusted our salaries, improved telework and added better office space with more light. But fundamentally, millennials are looking for professional roles that allow them to be innovative, care about what they do (apply passion) and make a difference in the world.”
Titus Melnyk: “Data classification is an area where IT can help, but the business side must fundamentally make the decisions.”
Louis Kunimatsu: “It is a very exciting time to be in the automobile industry right now. We are remaking the way people travel. One of the biggest challenges is that the privacy laws keep changing around the globe. In Europe and Russia, new laws are forcing us to adapt – with many countries now saying that citizen data must be stored in their country.”
Theresa Rowe (asking a question on diversity to an all-male panel that she moderated): “What more can we do to change perceptions of technology and cybersecurity leadership for women?” (It was noted that the percentage of women in the audience was higher than normal for such events – with over 33 percent women.)
Here were some of my favorite questions from the students in the audience along with a few of the answers provided:
Will security and privacy be dead in 2025? Answer: (A clear common panelist viewpoint) No way! We will always have bad guys. Threats will evolve but not go away.
Won’t convenience always trump security? Answer: Perhaps – but we must find that balance to allow management and end users to see the risk/reward of their decisions and actions. Offer alternatives, we must show the impact and cost of poor security.
What about the human side of security? Any tips? Answer: Tell stories to be effective. Our people are the greatest strength and greatest weakness at same time. We must train better, offer solutions that work, make training interactive, engaging, even fun.
How do we get executive buy-in for cyber? Answer: More top boards are becoming engaged and supporting change. We need to change culture at grassroots and top management. Security pros must build trust. Security pros need to constantly grow and evolve with technology innovation. Do lunch with partners. We all must learn to sell ourselves and our ideas.
Any career advice for security pros? (Every company and government on the panel made emphatic pleas to come join them. It was fun to watch.) Answer: Find a mentor. Think about your career as a marathon and not a sprint. Constantly grow in skills, be a life-long learner. It’s not all about pay – look for job fit, opportunities to have a variety of experiences, work-life balance. Do what you are passionate about. Government offers great range of options – perhaps for a brief time. (Not a public or private decision, perhaps both will work at different times.)
I was very impressed with the discussion and dialog at this security event. It was much more of a two-way conversation. The longer panel engagement and the frequent student questions addressed to industry experts offered a fresh model worth considering. The next generation of cyberleaders is emerging with passion, great (often new) questions and new ways to get everyone involved.
I was also fascinated with how many employers were in the room looking for cybertalent. I spoke with five or six companies that have had great success with Oakland University students, and they were back to recruit more. There was almost a mini match-making event going on during the breaks, and you could tell that students were being assertive and going up to those recruiting at various points. It was fun to watch.
In a few weeks, the entire cyberevent will be available for free viewing on the CyberOU website (or a link to YouTube). I encourage readers to check out the interactive discussion.
I’ll close this blog with this quote from Abraham Lincoln: “The philosophy of the school room in one generation will be the philosophy of government in the next.”
Note: All picture credits to the CyberOU Student Club at Oakland University, Michigan