Study Finds Tech-Savvy Students May Still Lack Cybersecurity Sense

Abbas Moallem

Abbas Moallem

By David Goll

Though HCI, or the study of human-computer interaction, is widely offered at dozens of American universities, its application in the rapidly growing field of cybersecurity is far less studied, understood or even recognized. Abbas Moallem, an adjunct professor in the Charles W. Davidson College of Engineering’s Department of Industrial and Systems Engineering, is on a mission to sound the alarms and raise the profile of the human component in cybersecurity through his undergraduate and graduate courses.

In the middle of the world’s high-tech hub, Moallem regularly surveys swaths of college students to help him research the issue of public awareness of online privacy, cybercrimes, cybersecurity and the importance of user knowledge of those issues. Silicon Valley tech companies hire more SJSU graduates than students from any other university so awareness of cybersecurity is especially pertinent to graduates.

Moallem said because there are no large-scale studies determining the level of HCI/cyber security awareness in the general public, his 180 students provide an excellent sample audience. About one-third exhibit a strong familiarity with the subject.

“It’s very hard to sample a large swath of adult consumers, so my students provide lots of information,” he said. “They’re a young, tech-savvy demographic group.”

The early results of his surveys found that despite their ease with using technology, students have a relatively low HCI/cybersecurity consciousness and don’t always practice “safe” online behavior.

“We must do more to educate students and the larger population about the importance of cybersecurity and its human element,” he said. “Most organizations, whether private companies, public agencies or universities, still approach cybersecurity from the technical side. And there are lots of technical solutions out there. Human factors is still not considered anywhere near as important as technical concerns and solutions. There’s a huge disparity in the amount of money most organizations spend on technical solutions over HCI solutions.”

Moallem recently edited a book, Human-Computer Interaction and Cybersecurity Handbook that provides insight into how understanding human factors could change how companies invest their resources in what is currently a $101 billion industry. Moallem’s book will be among the dozens of works recognized during the annual Author & Artist Awards, Nov. 2, from 6:30 to 8:30 p.m., in the Grand Reading Room on the eighth floor of the Dr. Martin Luther King, Jr. Library. The gathering is sponsored by the library, the SJSU Office of the Provost, the SJSU Office of Research and the Spartan Bookstore.

“Cybersecurity has become such a key issue and not only from a coding and technical point of view,” said Jacob Tsao, associate dean of the Extended Studies in the Charles W. Davidson College of Engineering. “The focus needs to be on the human role played in cybersecurity, but there is still so much more time and money spent on the technical level.”

 

Early Tenure and Promotion: David Schuster

David Schuster Photo Credit: Karl Nielsen Photography

David Schuster
Photo Credit: Karl Nielsen Photography

David Schuster

Early Tenure and Promotion to Associate Professor

Years at SJSU: 5

Department: Psychology

RSCA focus: How complex sociotechnical systems support or hinder people, with a particular focus on decision making among cybersecurity professionals

Associate Professor David Schuster received a National Science Foundation (NSF) Faculty Early Career Development Program Award in 2015 that is helping to fund his research on human cognition in cyber defense. In 2017, he received SJSU’s Early Career Investigator Award, and he has co-authored more than 30 papers in journals, edited books and conference proceedings. He manages the Virtual Environments, Cognition and Training Research Lab, in which he has mentored almost 50 students.

“Seeing students present their research is always a great moment,” he said.

Schuster is a co-investigator on an NSF-funded technology pathway program that led to a minor in computer programming for College of Social Science majors and is also co-advisor for the Human Systems Integration minor.

“There are so many opportunities for interesting, important and lucrative careers in my field but sometimes they are in unexpected places,” Schuster said, noting that students should “keep exploring the field and learning about the diverse research being conducted.”

Note: Congratulations to the 43 faculty members who received tenure and/or promotion for 2018-19. We have invited each faculty member to participate in a series of posts profiling their teaching, service, and research, scholarship and creativity activities. Those faculty who opted to participate will be featured throughout the fall semester on the Academic Spotlight blog and the digital sign in the Administration Building lobby.

February 2017 Newsletter: Researchers Target Human Factors in Cybersecurity

Left to right, Ian Cooke, Dr. Dave Schuster and Soham Shah pose for a photograph at San Jose State University, on Thursday, Feb. 2, 2017. Dr. Schuster has received a grant for cybersecurity research. (Photo: James Tensuan, '15 Journalism)

Left to right, Ian Cooke, Dr. Dave Schuster and Soham Shah pose for a photograph at San Jose State University, on Thursday, Feb. 2, 2017. Dr. Schuster has received a grant for cybersecurity research. (Photo: James Tensuan, ’15 Journalism)

By Barry Zepel

Anyone aware of last year’s reports about Russian hacking of the Democratic and Republican parties’ computer networks will be familiar with the term “cybersecurity.” As hackers attempt to invade network systems via the Internet – to either damage them or steal proprietary information – cybersecurity has become among the highest priorities for governments, corporations and many other types of organizations.

David Schuster, an SJSU faculty member since 2013, won a National Science Foundation Early Career Development Award grant of $516,000 over five years to conduct research on strengthening cybersecurity and computer network defense. The approach that Schuster and his team of SJSU students are taking in their research is very different than what most people might expect. Schuster is an assistant professor of psychology – not computer science or information technology.

“My field within psychology is called human factors psychology,” Schuster said. “Human factors psychologists study things like the design of a technological device – such as a smartphone – to determine the easiest way to make that device most intuitive for any person to operate with a minimum of frustration. Human factors psychologists study both the technology side and the human side.”

Schuster and his 14 assistants – seven graduate students and seven undergraduates – are focusing their research on the people hired to defend computer networks, not on the technology itself. Two of his graduate students are paid through research assistantships, while two undergraduates are compensated through scholarships; other students are volunteers. They all are dedicated to their research assignments in the Virtual Environments, Cognition and Training Research Laboratory managed by Schuster, located in the newly renovated Dudley Moorhead Hall.

“We aren’t studying the individual using their computer at home and wanting to remain safe on the Internet,” Schuster explained. “Rather, we want to get to know the cybersecurity professionals charged with protecting the computer network systems of organizations like corporations, governments, universities and school districts – organizations across all sectors.”

Schuster notes that no organization can protect its computer network by simply using or turning on some security software.

“There is at some level someone who is making decisions that determine the effectiveness of that organization’s line of defense against a cyber attack,” he said. “We are studying those people; learning who they are, what their role is within the organization, what decisions they make on an ongoing basis, and how those decisions impact the overall cybersecurity of their organization.”

Soham Shah, an undergraduate majoring in computer science, said he spends 10 to 12 hours per week working in Schuster’s lab. The research matches his intellectual passions.

“My interest has been to know more about cybersecurity,” Shah said. But beyond that, “I am learning how to think. Being part of the lab and doing the research is broadening my horizon and lending me a unique perspective.”

Ian Cooke, a second-year graduate student working on his master’s degree in research and experimental psychology, feels the tasks he takes on in Schuster’s lab are a perfect fit with his interests and goals.

“I live for this kind of stuff. I love research,” Cooke said. “I love working on projects that are actionable in some way (like) developing a tool to facilitate some socio-technological need to solve problems, as opposed to simply recognizing them. That’s what I am doing here.”

Schuster, as the grant’s principal investigator, gives credit to his students for “their work ethic, determination and contributions to the research.”

“We’re really one unified team at the moment, as we’re all working towards similar milestones,” Schuster explained. “I continue to be impressed by what the students are capable of, and how they rise to new challenges. With research, there’s one new unexpected challenge after another.”

Ultimately, Schuster’s goal is for their research findings to help determine ways for cyber security employees to make better decisions that more effectively protect their organizational computer networks.

SJSU Promotes Online Safety During Cyber Security Month

Dr. Srinivas Mukkamala, co-founder and CEO of RiskSense, gave a keynote speech on Oct. 5 about cybersecurity

Dr. Srinivas Mukkamala, co-founder and CEO of RiskSense, gave a keynote speech on Oct. 5 about cyber security.

San Jose State University has joined with the U.S. Department of Homeland Security and its partners across the country to highlight the importance of cyber security and online safety as part of National Cyber Security Awareness Month.

“The majority of Information Security incidents on campus are easily prevented,” said Mike Cook, SJSU’s information security officer (ISO). “Minor changes to your day to day habits can help keep your information safe.”

See tips in this month’s ITS Security Newsletter. DHS has created a site with tips as part of its public awareness campaign Stop. Think. Connect.

SJSU’s continues to be a primary educator of future cyber security professionals and is strongly involved in research around the industry. The university has been designated by the U.S. Department of Homeland Security and National Security Agency as a National Center of Academic Excellence in Information Assurance/Cybersecurity Education through 2019 and is home to the Silicon Valley Big Data and Cybersecurity Center.

Dr. Lee Chang joined the center as its executive director in July and has been cultivating an environment of multi-disciplinary collaboration with faculty across the university in three critical areas:  program development, teaching, and research.  Lee will take the lead in defining a vision and direction for the Center to become a national and international leader in cybersecurity and big data.

“Many of us at CIES have worked with Lee and appreciate his “can do” attitude and entrepreneurial spirit,” said Ruth Huard, dean of CIES, when she announced his appointment.

Innovation and Collaboration Keynote

At SJSU’s Innovation and Collaboration Expo, Dr. Srinivas Mukkamala, co-founder and CEO of RiskSense, gave a keynote speech on Oct. 5 about cyber security. His keynote shared insight into the ways response to cyber security of changed as technology evolved as well as thoughts on where the future of the industry is heading.

San Jose State University hosts the 2016 Innovation and Collaboration Technology Expo at the Diaz Compean Student Union Ballroom in San Jose, CA. on Wednesday, Oct. 5. (Photo: Christina Olivas)

San Jose State University hosts the 2016 Innovation and Collaboration Technology Expo at the Diaz Compean Student Union Ballroom in San Jose, CA. on Wednesday, Oct. 5. (Photo: Christina Olivas)

Mukkamala has been published in more than 120 peer-reviewed publications in the area of information assurance, malware analytics, digital forensics, data mining and bioinformatics. He holds a bachelor in computer science and engineering from the University of Madras, India, as well as a master’s and doctorate in computer science from New Mexico Tech. He was one of the lead researchers involved in Computational Analysis of Cyber Terrorism against the US (CACTUS) at New Mexico Tech, New Mexico State University and the Naval Postgraduate School. The team was awarded a $5 million grant to develop a multi-agent system that would be able to conduct real-time analysis and monitoring of selected foreign language websites.

“I learned a lot as a student,” he said. “I wouldn’t have gotten the same exposure at any other university. We looked at a lot of data – 90 percent of it was parsing the data.”

In 2002, researchers showed how hackers could use a printer to break into a network, something that had not been considered a possibility in the past. As the “internet of things” expands with more everyday items such as cell phones, medical devices, cars and more connected to the world, he said network vulnerabilities continue to increase.

“It only takes one entry point,” he said.

Mukkamala holds the patent on “Intelligent Agents for Distributed Intrusion Detection System and Method of Practicing.” RiskSense provides a test of web applications for its customers that assigns a score of their vulnerability to cyber attacks using data analysis.

“Our team is comprised of industry-leading cyber security experts, experienced application security engineers, and dedicated penetration testers who use their deep understanding of malware tactics, techniques, and the advanced threats to stop exploitation by hackers,” according to the RiskSense website.

Join “The Circle” reading discussions

Flier of "The Circle" discussions and events.

Flier of “The Circle” discussions and events.

Incoming freshmen and new tenure-track faculty members at SJSU received a copy of this year’s Campus Reading Program book selection, Dave Eggers’ “The Circle.” The fiction book follows a recent college graduate who gets a coveted job at the biggest high-tech firm, but finds the boundaries between her work and personal life blurred as her company develops new technologies. Participation in group discussions and events are open to the entire campus community.

While book discussion sessions have been under way since August, the first event is scheduled for Monday, Sept. 28, when Prof. Dave Schuster will host a discussion on “Cyber Security and SJSU: Possible Futures,” from 1:30-3 p.m. in Dr. Martin Luther King, Jr. Library 225. Prof. Schuster will lead a dialogue on the latest advances in countering international hacking, how SJSU’s Silicon Valley Big Data and Cybersecurity Center is contributing, and what the future of cybersecurity might look.

Upcoming book discussions are scheduled on:

  • Sept. 16, 12-1pm
  • Sept. 24, 3-4pm
  • Oct. 1, 1-2pm
  • Oct. 7, 3-4pm
  • Oct. 14, 12-1pm
  • Oct. 26, 11am-12pm
  • Nov. 5, 12-1pm
  • Nov. 18, 1-2pm
  • Dec. 1, 2-3pm