Security Measures in Education: What’s Lacking? – Dr. Erdal Ozkaya

Security Measures in Education: What’s Lacking?

This post was initially featured on Black Hat’s official website, you can find it , via this link

In the current issue, Dr. Erdal Ozkaya (Chief Information Security Officer at MAVeCap) shares his journey as an educator in security. We are here on this blog to delve deeper into his insights on security measures in education – and the knowledge he has acquired during his 25 years in the field. 

Known as a prominent security expert globally, Ozkaya oversees security at MAVeCap – a venture capital firm specializing in nurturing innovative ideas, including unique security solutions. Holding a PhD in information technology and playing key roles in various security organizations (such as Binalyze and ThreatMon to the Global CISO Forum), Ozkaya brings a wealth of expertise to the table. 

Here is his perspective.

In General, how do you view security measures in education currently? Are there deficiencies that require attention to empower future talent in the sector? 

“Certainly! The present scenario can be summarized as follows: 

• Rising Awareness: fortunately, the significance of security measures in educational environments is no longer a specialized concern. Schools, colleges, and authorities are taking it more seriously.
• Varying Resources: regrettably, financing and availability of expertise are highly inconsistent. While some institutions boast strong programs, others grapple with the fundamentals due to limited budgets and challenges in attracting security professionals.
• Reactive Emphasis: numerous institutions only give priority to security measures post a breach. This approach needs a shift towards proactively enhancing security protocols and educating individuals.

“Moreover, there exist several gaps that demand immediate attention:

• Beyond the IT Unit: security shouldn’t solely be the concern of the IT team. We need to integrate basic security awareness into the educational curriculum across all disciplines, from educators using robust passwords to students being mindful of online threats.
• Early Talent Development: the spark for careers in security should be ignited in high school and even middle school. This necessitates the use of interactive learning, practical workshops, and highlighting diverse role models in the domain.
• Inclusivity and Accessibility: security must transcend the stereotype of being a realm for lone-wolf hackers. It’s imperative to create initiatives that inspire women, minorities, and individuals from nontraditional backgrounds to consider security as a viable career path.
• Teacher Training: educators are at the forefront. Educating them about security requires proper training and resources. Enhancing the skills of existing teachers is equally vital as attracting new security professionals.
• Collaborations: educational institutions cannot address this issue singly. Collaborating with security firms, local tech communities, and governmental programs can furnish resources, mentorship, and real-world exposure for students.” 

What Steps Can be Taken to Address the Gaps?

“We can bridge these gaps by: 

• Advocacy: there is a need for stronger voices advocating for funding in security education and alterations in policies.
• Innovative Curriculum: developing engaging and age-appropriate methods to teach security concepts is crucial.
• Celebrating Achievements: spotlighting students excelling in security, particularly those from underrepresented groups, to establish visible role models.
• Accessible Resources: providing free or low-cost tools, online training platforms, and mentorship programs can democratize access to security knowledge.” 

If you could revisit the start of your career and share one thing you wish you had known back then, what would it be? 

“If I could offer a piece of advice to my younger self, who was more anxious about security, it would be this: pay as much attention to the human aspect as to the technical one.

“Early in my career, I was fixated on mastering tools, vulnerabilities, and the latest attack methodologies. While these are crucial, I had not fully grasped the extent to which security relies on human behavior.

“This encompasses understanding the psychology behind threats: comprehending how attackers manipulate people, why employees make risky decisions, and how behavior can be altered. This aspect is as vital as any firewall.

“Communication is paramount; the ability to elucidate complex threats to non-technical parties, garner support for security projects, and efficiently train individuals would have made my task much simpler (and our systems much safer!).

“Security isn’t about being the most intelligent individual in the room. It’s about fostering a collective sense of accountability – from the lowest level employee to the CEO.

“Certainly, technical skills form the foundation. However, given what I know now, I would have invested time sooner in understanding psychology, communication, and how to create a security-conscious culture. This could have saved me from a few late-night incident response sessions!”

Lastly, why do events such as Black Hat MEA hold significance for you? 

“Events like Black Hat MEA are immensely beneficial for me as a security professional owing to several key reasons. 

“All Black Hat events globally feature notable speakers and researchers who are leading the charge in the security field. The presentations and research revealed at the event offer a glimpse into the latest threats, attack strategies, and emerging defense protocols. This equips me to stay ahead in a continuously evolving environment.

“These events create a platform to interact with a global community of security practitioners, ranging from fellow experts to Chief Information Security Officers (CISOs) and security influencers. These interactions spark innovation, foster collaboration, and provide valuable insights into the challenges encountered by various sectors.

“Attendees can participate in workshops and briefings that help refine existing skills and explore new areas of interest in security. It offers focused learning opportunities, often in a practical setting, which may not be easily accessible in daily work routines.

“Stepping away from the usual work environment and immersing oneself in the broader security landscape renews enthusiasm and drive. Observing the passion, innovation, and hurdles faced by others helps gain perspective on one’s own work.

“Black Hat MEA, specifically, enables me to understand the unique security threats and considerations in the Middle East and Africa region. This knowledge is crucial as cyber threats become borderless. Engaging with professionals from diverse backgrounds and cultures broadens the understanding of security challenges and approaches on a global scale.

“In conclusion, attending events like Black Hat MEA enhances my proficiency as a security professional and allows me to better serve my organization and the wider community.”

Credit to Dr. Erdal Ozkaya. If you wish to learn more from leading security experts worldwide, join us in Riyadh for Black Hat MEA 2024. 

More articles on Security can be found here

Search

security section series – series section security -future of security – outlook on security in education – What are the security concerns in education? -Is online security a danger to students? =